• Title/Summary/Keyword: electronic signature system

Search Result 138, Processing Time 0.026 seconds

A Study of PKI-Based E-commerce Security System Design under Java Code Environment (Java Code를 중심으로한 PKI기반 전자상거래 보안시스템 설계)

  • Bang, Kee-Chun;Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.13 no.1
    • /
    • pp.51-57
    • /
    • 2013
  • RSA is the most widely used public key algorithms. Payment via the SSL communications, and user authentication using RSA secure shopping mall that can protect the user's valuable information in the process of building. SSL-based electronic signature technology and encryption protocols for this technology are electronic documents are delivered to the other party through a separate encryption process, the information sender to enter information on a web browser (user) and the recipient (the Web server of the site Manager), except you will not be able to decrypt the contents. Therefore, the information is encrypted during the transfer of electronic documents even if hackers trying to Sniffing because its contents can never understand. Of internet shopping mall in the user authentication 'and' Communications' SSL secure shopping mall built with the goal of the methodology are presented.

Designing an Efficient and Secure Credit Card-based Payment System with Web Services Based on the ANSI X9.59-2006

  • Cheong, Chi Po;Fong, Simon;Lei, Pouwan;Chatwin, Chris;Young, Rupert
    • Journal of Information Processing Systems
    • /
    • v.8 no.3
    • /
    • pp.495-520
    • /
    • 2012
  • A secure Electronic Payment System (EPS) is essential for the booming online shopping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between the seller and buyer over the Internet. SET, CyberCash, Paypal, and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence, they only prevent "Man in the Middle" fraud but do not protect the sensitive cardholder information such as the credit card number from being passed onto the merchant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes. However, factors such as ease of use for the cardholder and the implementation costs for each party are frequently overlooked. In this paper, we propose a Web service based new payment system, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the limitations of X9.59 by adding a merchant authentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.

Efficient certificate management system design and implementation on the use of medical solutions (의료솔루션 사용과 관련된 효율적인 인증서 관리 시스템 설계 및 구현)

  • Lee, Hyo Seung;Oh, Jae Chul
    • Smart Media Journal
    • /
    • v.5 no.1
    • /
    • pp.114-121
    • /
    • 2016
  • Currently, different medical institutions have been carrying out the e-healthcare system project. The system includes electronic medical record and prescription delivery system, and, the Medical Treatment law permits electronic signature for medical record management, which reduced the relevant costs and enabled sharing medical record. And medical solution using online certificates is expanding its application. In that light, the role of certificates became more important than ever. However, in contrast to active effort made to manage personal certificates, certificates related to medical solutions and other types of work are not being managed properly. Most work-related certificates are saved in office computers, which makes them vulnerable to various security threats. Although certificate servers can be used as a solution to this problem, hospitals must build the server separately and, therefore, small and medium-size hospitals can be reluctant to bear the burden. This study proposed a way to design and implement an effective and secure certificate management system by save the certificate file as a BLOB, using existing resources without needing to build a separate certificate server, at minimized costs.

A Study of Secure Massaging System Using XML based on Internet Environment (인터넷 환경 하에서의 XML 기반의 안전한 메시징 시스템 연구)

  • Ahn, Kyeong-Rim;Chung, Jin-Wook
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2002.11c
    • /
    • pp.2211-2214
    • /
    • 2002
  • 사업 영역 확대와 네트워크 발달로 인해 전자상거래(Electronic Commerce)는 점차 국제적 환경으로 확대되고 있으며, 장소나 시간에 구애받지 알고 정보를 전송할 수 있게 되었다. 거래되는 업무가 증가됨에 따라 거래내용, 결제 내용(계좌번호, 카드번호 등), 비밀번호 등 교환되는 정보의 종류도 다양해져 보안의 중요성이 대두되었다. 이에 데이터 사용 효율과 응용 가능성을 높이기 위해 차세대 인터넷 표준으로 대두되고 있는 XML을 메시지 처리 단위로 정의하고, XML 기반의 인터넷 메시징 시스템인 IMSX (Internet Messaging System based on XML)을 설계하였으며, 보안 위협으로부터 대응하기 위해 암호화(Encryption)와 전자서명(Digital Signature) 등의 메시지 레벨의 응용 보안을 적용하였다. 또한 문서 송신, 문서 수신, 검색, 문서 변환, 템플릿(Template) 제공, 보안 서비스 등을 선정하여 구현하였다.

  • PDF

The Design and Implementation of Secure XML Messaging System (안전한 XML 메시징 시스템 설계 및 구현)

  • 이영교;안경림
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.9
    • /
    • pp.1233-1238
    • /
    • 2001
  • Security is very important at EC(Electronic Commerce) Environments. The reason is that exchanged data(that is user private information(accounts, card-no, password), transaction items, etc) is various and is very sensitive. In this paper, we propose the Secure-XML Messaging System(S-XMS) which is implemented to support Message Level Security, Encryption and Digital Signature. And we implement Message Confidentiality Service, User Authentication & Message Integrity Service and Non-Repudiation Service among the various Security Services.

  • PDF

Electronic Cash Schemes for EFT Using Smart Card (스마트카드를 이용한 새로운 전자현금 방식)

  • Youm, Heung-Youl;Lee, Seok-Lae;Rhee Man-Young
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.5 no.1
    • /
    • pp.37-50
    • /
    • 1995
  • The smart card with the cryptography and VLSI technologies makes it possible to implement the electronic cash easily. A number of electronic each schemes have been proposed by many cryptographic researchers. In this paper, we propose a practical electronic cash system, using blind digital signature scheme. Schnorr's authentication scheme based on the discrete logarithm problem, and the hierarchical cash tree based on two one-way hash functions for dividable payment. Thisf electronic cash scheme has such properties as privacy of the payment, off-line payment, non-reuseability of cash, transferability of cash to another customer, and dividable payment of cash. This electronic cash protocol is well suited for implementing in smart card.

Design and Implementation of On-line Standards Development System on the World Wide Web (WWW상에서의 온라인 정보통신표준 개발 시스템 설계 및 구현)

  • 구경철;김형준;박기식;송기평;조인준;정회경
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.2 no.4
    • /
    • pp.559-573
    • /
    • 1998
  • Recently Standards Developments Organizations (SDO$\_S$) in the field of Information and Communication recognize that "More new and more complex standards should be developed in shorter time". To cope with this challenge they try to construct Standards Information Cooperation Network (SICN) or Electronic Document Handling (EDH) systems for efficient standards development process. This paper presents the design and implementation of an Extranet based Web system dedicated to effective on-line standards making environments. The system, which is called SICN (Standards Information Cooperation Network), is a workflow-based network application created with a view to fostering faster standards development with functionalities such as an electronic signature mechanism, electronic voting, comment gathering and dynamic links for ready retrieval of standards information stored in a database. This paper also describes the concept of a VSDO (Virtual Standards Development Organization) that supports all the features needed by the relevant standards making bodies to carry out their activities in dynamic on-line environments.ironments.

  • PDF

An Efficient Method Defeating Blackmailing Using Blind XTR-DSA Scheme (블라인드 XTR-DSA 스킴을 이용해 블랙메일링을 막는 효율적인 방법)

  • 박혜영;한동국;이동훈;이상진;임종인
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.6
    • /
    • pp.125-135
    • /
    • 2002
  • The electronic payment system based on blind signature is susceptible to the blackmailing attack as opposed to keep the lifestyle of users private. In this paper. we suggest an efficient electronic cash system using a blind XTR-DSA scheme, which improves the method of defeating blackmailing in online electronic cash systems of [6,9]. In case of blackmailing, to issue the marked coins we use the blind XTR-DSA scheme at withdrawal. In [6,9], to cheat the blackmailer who takes the marked coins the decryption key of a user had to be transferred to the Bank. But in our proposed method the delivery of the decryption key is not required. Also, in the most serious attack of blackmailing. kidnapping, we can defeat blackmailing with a relatively high probability of 13/18 compared with 1/2 in [9] and 2/3 in [6]. If an optimal extension field of XTR suggested in [7] is used, then we can implement our system more efficiently.

A Study on u-paperless and secure credit card delivery system development

  • Song, Yeongsim;Jang, Jinwook;jeong, Jongsik;Ahn, Taejoon;Joh, Joowan
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.4
    • /
    • pp.83-90
    • /
    • 2017
  • In the past, when the credit card was delivered to the customer, the postal agreement and receipt were signed by customer. The repossessed documents were sent back to the card company through the reorganization process. The card company checks the error by scanning and keeps it in the document storage room. This process is inefficient in cost and personnel due to delivery time, document print out, document sorting, image scanning, inspection work, and storage. Also, the risk of personal data spill is very high in the process of providing personal information. The proposed system is a service that receives a postal agreement and a receipt to a recipient when signing a credit card, signing the mobile image instead of paper, and automatically sending it to the card company server. We have designed a system that can protect the cost of paper documents, complicated work procedures, delivery times and personal information. In this study, we developed 'u-paperless' and secure credit card delivery system applying electronic document and security system.

Necessity for Establishing International Certification Authority System for Global Electronic Commerce (인증 관련 주요 국제기구 및 국가인증제도 현황 분석)

  • Lee, Ho-Gun;Park, Seung-Lak;Yoon, Young-Han
    • International Commerce and Information Review
    • /
    • v.1 no.2
    • /
    • pp.123-143
    • /
    • 1999
  • 전자상거래는 비대면(非對面) 거래로 모든 제반과정이 진행되기 때문에 상대에 대한 신뢰성의 문제가 크며, 거래 당사자와 거래 내역에 대한 입증을 해줄 인증기관이 필요하게 된다. 현재 미국의 베리사인 등 사설인증업체가 국내전자상거래 업체의 인증업무를 담당하고 있는 실정이다. 또한, 인중은 필연적으로 관련 기술의 표준화가 수반되는데 이에 대한 국내기술이 미흡하므로 국제동향을 고려한 국내인증기술의 개발이 시급하다. 특히, 글로벌 전자상거래에서는 인증기관에 대한 문제가 더욱 절실한데 문제는 어떠한 형태로 어떤 기관이 주축이 되어 인중체계를 구축하는가 하는 것이다. 현재, 인증체계는 네트워크 방식, 계층구조, 혼합형의 세가지가 논의되고 있으며, 각각의 장단점이 존재하므로 이에 대한 심도있는 논의가 필요하다. 이러한 체계는 국가별로 상이할 수 있지만, 문제는 글로벌 전자상거래를 활성화하기 위해서는 보다 일관된 형태의 인증체계 구축이 필요하다는 점이다. 현재까지 이와 관련한 심도있는 논의는 미흡한 실정이며, 미국 EU 등 일부국가와 UNCITRAL, OECD, ICC 등 관련 기구에서 다양한 의견을 제시하고 있는 상태이다. 이러한 문제는 단시일 내에 해결되기는 어려울 것으로 보인다. 다만, 단기적으로는 관련국가들간의 상호인증을 통한 해결이 가능할 것으로 판단되며, 이러한 상호 인증이 전세계적으로 확산되어감에 따라 글로벌 전자상거래를 위한 인증체계가 심도있게 논의될 것으로 판단된다. 이와 관련하여 상호 인증과 관련한 국내관련 법제의 보완이 필요하며, 실제로 인증을 담당할 관련 당사자들의 자구노력이 매우 시급한 시정이라 하겠다.

  • PDF