• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.183-193
• /
• 2017

Digital accredited certificates issued under the Digital Signature Act provide essential functionalities for online service, so certificates are used for various services such as online banking, e-government. However, certificates can be stolen by hackers and users need to install separate software to use certificates. Recently FIDO, which aims to solve the problems of password-based authentication and the lack of interoperability between authentication methods, is used for biometric authentication and TrustZone, hardware-based secure environment, is used for safe smartphone usage. In this paper, the new service method is suggested which uses FIDO-based biometric authentication and stores certificates in TrustZone. This method can not only improve security and convenience but also be easily applied to the service because it uses built-in functionalities of new smartphones such as biometric sensors and TrustZone. It is expected that people can use certificates in a safe and convenient way with this method.

• Journal of Intelligence and Information Systems
• /
• v.19 no.3
• /
• pp.45-55
• /
• 2013

Thereby using smartphone and mobile device be more popular the more people utilize mobile device in many area such as education, news, financial. In January, 2007 Apple release i-phone it touch off rapid increasing in user of smartphone and it create new market and these broaden its utilization area. Smartphone use WiFi or 3G mobile radio communication network and it has a feature that can access to internet whenever and anywhere. Also using smartphone application people can search arrival time of public transportation in real time and application is used in mobile banking and stock trading. Computer's function is replaced by smartphone so it involves important user's information such as financial and personal pictures, videos. Present smartphone security systems are not only too simple but the unlocking methods are spreading out covertly. I-phone is secured by using combination of number and character but USA's IT magazine Engadget reveal that it is easily unlocked by using combination with some part of number pad and buttons Android operation system is using pattern system and it is known as using 9 point dot so user can utilize various variable but according to Jonathan smith professor of University of Pennsylvania Android security system is easily unlocked by tracing fingerprint which remains on the smartphone screen. So both of Android and I-phone OS are vulnerable at security threat. Compared with problem of password and pattern finger recognition has advantage in security and possibility of loss. The reason why current using finger recognition smart phone, and device are not so popular is that there are many problem: not providing reasonable price, breaching human rights. In addition, finger recognition sensor is not providing reasonable price to customers but through continuous development of the smartphone and device, it will be more miniaturized and its price will fall. So once utilization of finger recognition is actively used in smartphone and if its utilization area broaden to financial transaction. Utilization of biometrics in smart device will be debated briskly. So in this thesis we will propose fingerprint numbering system which is combined fingerprint and password to fortify existing fingerprint recognition. Consisted by 4 number of password has this kind of problem so we will replace existing 4number password and pattern system and consolidate with fingerprint recognition and password reinforce security. In original fingerprint recognition system there is only 10 numbers of cases but if numbering to fingerprint we can consist of a password as a new method. Using proposed method user enter fingerprint as invested number to the finger. So attacker will have difficulty to collect all kind of fingerprint to forge and infer user's password. After fingerprint numbering, system can use the method of recognization of entering several fingerprint at the same time or enter fingerprint in regular sequence. In this thesis we adapt entering fingerprint in regular sequence and if in this system allow duplication when entering fingerprint. In case of allowing duplication a number of possible combinations is $\sum_{I=1}^{10}\;{_{10}P_i}$ and its total cases of number is 9,864,100. So by this method user retain security the other hand attacker will have a number of difficulties to conjecture and it is needed to obtain user's fingerprint thus this system will enhance user's security. This system is method not accept only one fingerprint but accept multiple finger in regular sequence. In this thesis we introduce the method in the environment of smartphone by using multiple numbered fingerprint enter to authorize user. Present smartphone authorization using pattern and password and fingerprint are exposed to high risk so if proposed system overcome delay time when user enter their finger to recognition device and relate to other biometric method it will have more concrete security. The problem should be solved after this research is reducing fingerprint's numbering time and hardware development should be preceded. If in the future using fingerprint public certification becomes popular. The fingerprint recognition in the smartphone will become important security issue so this thesis will utilize to fortify fingerprint recognition research.

• The KIPS Transactions:PartB
• /
• v.15B no.4
• /
• pp.275-284
• /
• 2008

With increases in recent security requirements, biometric technology such as fingerprints, faces and iris recognitions have been widely used in many applications including door access control, personal authentication for computers, internet banking, automatic teller machines and border-crossing controls. Finger vein recognition uses the unique patterns of finger veins in order to identify individuals at a high level of accuracy. This paper proposes new device and methods for touchless finger vein recognition. This research presents the following five advantages compared to previous works. First, by using a minimal guiding structure for the finger tip, side and the back of finger, we were able to obtain touchless finger vein images without causing much inconvenience to user. Second, by using a hot mirror, which was slanted at the angle of 45 degrees in front of the camera, we were able to reduce the depth of the capturing device. Consequently, it would be possible to use the device in many applications having size limitations such as mobile phones. Third, we used the holistic texture information of the finger veins based on a LBP (Local Binary Pattern) without needing to extract accurate finger vein regions. By using this method, we were able to reduce the effect of non-uniform illumination including shaded and highly saturated areas. Fourth, we enhanced recognition performance by excluding non-finger vein regions. Fifth, when matching the extracted finger vein code with the enrolled one, by using the bit-shift in both the horizontal and vertical directions, we could reduce the authentic variations caused by the translation and rotation of finger. Experimental results showed that the EER (Equal Error Rate) was 0.07423% and the total processing time was 91.4ms.

• Journal of Service Research and Studies
• /
• v.7 no.4
• /
• pp.51-68
• /
• 2017

Financial technology (FinTech) is an emerging financial service sector include innovations in financial literacy and investment, retail banking, education, and crypto-currencies like bitcoin. One of the crucial branch of financial technology-third-party payment (TPP) is undergoing rapid growth, with online/mobile systems replacing offline financial systems. System quality and user attitudes are key perceptions driving third-party payment usage, the importance of these perceptions, however, may be different with countries as users' thinking varies from country to country. Thus, the purpose of this study is to elaborate how factors differ from China to Korea by drawing on the unified theory of acceptance and use of technology (UTAUT2). Additionally, this study also aims to propose a multi-attribute evaluation of the third-party online payment system based on analytic hierarchy process (AHP), fuzzy sets and technique for order performance by similarity to ideal solution (TOPSIS), to examine the relative importance of the perceptions influencing new technology adoption intention. The results showed that the price value has the most significant influence on Chinese perceptions, while the perceived credibility has the most significant effect on Korean perceptions. Sub-criteria also performs different results to Chinese and Korean third-party online payment system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1159-1174
• /
• 2014

As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.75-81
• /
• 2003

User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

• Journal of Distribution Science
• /
• v.8 no.4
• /
• pp.17-23
• /
• 2010

The Banking industry is expanding rapidly. To keep the competitive advantages, participating companies concentrate their resource to provide the distinguishable services by increasing the service quality. This study is to find that how three kinds of service quality(process, output, and service environment) affect on the customer satisfaction. In this paper, WPCSI (Weighted Potential Customer Satisfaction Index) was developed using Kano model and PCSI. Kano's model of service quality classification was used to improve customer satisfaction, customer satisfaction index was calculated. Customer satisfaction index was calculated using the existing potential for improving customer satisfaction index (PCSI Index) to complement the limitations of the weighted potential improve customer satisfaction index (WPCSI) were used. Analysis using PCSI improve the quality of service levels may be useful in assessing. However, this figure is a marginal degree of importance on customers and quality characteristics have been overlooked but has its problems. A service provided to customers with some important differences depending on the interpretation of the scope for improvement is to be classified. In other words, the level of customer satisfaction and the satisfaction of the current difference between the comparison factor for the company to provide information about the priority of the improvement was not significant. Companies are also considered important that the customer does not consider the uniform quality of service provided can be fallible. In this study, the weighted potential to improve it improve customer satisfaction index (WPCSI) proposed a new customer satisfaction index. This is for customers to recognize the importance of quality characteristics by weighting factors, to identify practical and improved priority to provide more useful information than has been. Weighted potentially improve customer satisfaction index (WPCSI) presented in this study by the customers aware of the importance of considering the quality factor is an exponent. The results, 'Employees' working ability', 'provided the desired service level', 'staff to handle this task quickly enough' to the customer of the factors had significant effects on satisfaction are met. On the other hand 'aggressiveness on the product description of employees', 'service environment as a whole, beautiful enough to' meet and shows no significant difference between satisfaction. But 'aggressiveness on the product description of employees' and reverse (逆) were attributable to the quality. Small dogs and overly aggressive products that encourage the customer dissatisfaction that can result in widening should be careful because the quality factor can be said. As a result, WPCSI is more effect to find critical factors which can affect customer satisfaction than PCSI. After that, we discuss effects and advantages of customer satisfaction using WPCSI. This study, along with these positive aspects, the limitations are implied. First, this study directly to the bank so that I could visit any other way for customers, utilizing the Internet or mobile to take advantage of the respondents were excluded from the analysis. Second, in survey questionnaires can help improve understanding of the measures will be taken. In addition to the survey targeted mainly focused on Seoul, according to a sample, so sampling can cause problems is the viscosity revealed intends.

• Journal of Venture Innovation
• /
• v.4 no.2
• /
• pp.77-95
• /
• 2021

In the midst of the progress of the 4th industrial revolution, the Corona19 Pandemic was forming giant double wave. Companies riding this wave can win, but companies that do not will fall into the wave and struggle. In connection with the 4th industrial revolution, various technologies are emerging and commercialized. At this point, consumers, especially digital natives, who have been with digital since birth, tried to find out what factors affect the intention to use these technologies and which factors have the most important influence. For this purpose, data were collected through a survey on factors affecting the intention to use FinTech technology and AR technology for 150 digital natives in their 20s. Based on this, statistical analysis was conducted and the following results were obtained. As a result of the overall analysis regardless of the type of technology, it was found that performance expectancy, effort expectancy, social influence, and habits have a positive (+) effect on digital natives' intention to use the 4th industrial technology. On the other hand, a significant influence relationship between the facilitating conditions, hedonic motivation and intention to use the 4th industrial technology was not tested. It was found that the influence was greatly influenced by social influence and habits. In the case of FinTech and AR, which were further subdivided into this study, different aspects were revealed as a result of separate analysis. In the case of FinTech technology that emphasizes utilitarian value, performance expectancy, effort expectancy, social influence, and habits had a positive (+) effect on intention to use. It was found that the influence was greatly influenced by habits and social influence. In the case of AR, which emphasizes the hedonic value, all the variables adopted in this study had a positive (+) effect on the intention to use the technology. It was found that hedonic motivation and social influence had a great influence. Combining the results of the analysis, social influence was found to be an important influence variable regardless of the type of 4th industrial technology. FinTech technologies such as mobile banking, where services are becoming more common, are habits, and in the case of AR, which has not yet been universalized and is provided mainly for entertainment, hedonic motivation was found to be an important factor. This study was able to present academic and practical implications based on the above confirmation of factors affecting digital natives' acceptance and use of the 4th industry technology.