• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11c
• /
• pp.2351-2354
• /
• 2002

전자상거래의 인구는 매년 급속히 증가하고 있으며, 또한 전자상거래의 대다수 쇼핑몰 사이트가 패스워드를 기반으로 사용자를 인증하고 있다. 그런데 사용자는 이런 패스워드 기반 사이트를 방문하면서 보안과 안전을 고려하지 않고 패스워드를 만들어서 사용하고 있다. 이러한 패스워드는 사용자의 프라이버시의 침해와 개인정보가 노출이 되는 문제를 안고 있다. 이러한 문제점을 관리적 측면에서 패스워드를 해독하여 해독하기 쉬운 일반적이고 평이한 패스워드를 사용자는 mail를 통해 알려서 패스워드의 위험성을 주지시키도록 한다. 사용자의 패스워드를 알기 위해서는 암호해독 기법이 필요 하는데 이 해독기법을 빠르고 정확하게 하기 위해서 분산화 된 동적 작업배분방법을 이용한 병렬처리 패스워드 해독 기법을 제안하여 구현하였다. 본 연구에서는 이러한 암호해독을 하여 진자상거래에서 사용자가 사용한 패스워드를 안전하게 관리할 수 있도록 하고, 사용자의 프라이버시를 효과적으로 보호 할 수 있는 모델을 제안한다.

• Convergence Security Journal
• /
• v.14 no.5
• /
• pp.31-36
• /
• 2014

As security management center of financial area, financial ISAC monitors financial corporations and provides security services. Financial ISAC minimizes damage by responding quickly to external attack such as hacking, virus but it is poor at handling internal attack. For the efficient management and stable operation of information source, also to respond jointly to online hacking, the necessity of information sharing system increases day by day in and outside country. This paper proposes financial ISAC that can prevent a secondary damage of leakage information as well as providing security services. The proposed financial ISAC provides new password to financial corporation in which the same ID and password as leakage information are used and in case of financial information leakage it warns customers against phishing etc.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.5 no.4
• /
• pp.45-53
• /
• 2015

In this paper, an approach of temporal certification system that can be easily added on current character-based certification system is newly introduced. This technique enhances the security of the password certification process by exploiting temporal information for each character's stroke timing, and using them as another feature of certification information, on top of character comparison process. There are three different temporal conditions: maximum, minimum and no-option. The maximum condition along with a time number (usually 0.2 second or less) means that the next key input should be punched within the time limit, while the minimum condition means the next key stroke should be typed after the time lapse specified. With no-option condition chosen, user can punch the password without any timing constraints. Prototype was developed and tested with four number password case. In comparison with 104 cases, this new approach increases the cases more than 10 digits, enhancing the security of the certification process. One big advantage of this new approach is that user can update his/her password only with different timing constraints, still keeping the same characters, that will enhance the security system management efficiency in a very simple way. Figures and pictures along with process flow are included for the validity of the idea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.731-742
• /
• 2017

For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.12
• /
• pp.3597-3605
• /
• 1999

We introduce a new satellite Conditional Access System(CAS) that a subscriber could watch a pay-TV knowing only his or her identity and password, without using a smart card. For this new system, two password-based protocols are presented which not only share a session key and authenticate each other but also download an authorization key. This system has some merits: First, compared with current systems, it reduces the amount of computations by eliminating the AK-encryption module in SMS(Subscriber Management System) and simplifying the receiver's CW-decryption process. Second, since this system does not need an expensive Card Adaptive Device(CAD), it can reduce costs. finally it provides descrambler independence allowing it to be used through any TV set-top box that includes a descrambler, unlike the current system that a descrambler is linked with a smart card.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.155-166
• /
• 2005

Currently, almost of all the Internet users have as many IDs as the number of sites they have subscribed for, The users should memorize and input every independent ID and password whenever they want to login to the system. Although ID management system is used to solve this problem, 10 and password management will become more complicated in the forthcoming ubiquitous computing environments because so many computers will be interconnected on various kinds of wired and wireless networks, Furthermore, it is not enough to use the existing single Circle of Trust (COT) ID management system for the forthcoming computing environments. To solve this problem, the paper proposes ID federation models in multiple COT domain and implements an ID federation system that can be scaled to mobile computing environment as well as wired computing environment. The proposed ID federation models has been verified to operate with no problem between the systems in different trust domains by doing the ID scaability test.

• Journal of Internet Computing and Services
• /
• v.13 no.3
• /
• pp.31-47
• /
• 2012

The mobile Virtual Private Network (MVPN) of Internet Engineering Task Force (IETF) is not designed to support NEwork MObility (NEMO) and is not suitable for real-time applications. Therefore, an architecture and protocol which supports VPN in NEMO are needed. In this paper, we proposed the cost-reduced secure mobility management scheme (CR-SeMMS) which is designed for real-time applications in conjunction with VPN and also which is based on the session initiation protocol (SIP). Our scheme is to support MVPN in NEMO, so that the session is well maintained while the entire network is moved. Further, in order to reduce the authentication delay time which considers as a delaying factor in hands-off operations, the signaling time which occurs to maintain the session is shortened through proposing the hands-off scheme adopting an authentication method based on HMAC based One Time Password (HOTP). Finally, our simulation results show the improvement of the average hands-off performance time between our proposed scheme and the existing schemes.

• Journal of the Institute of Convergence Signal Processing
• /
• v.21 no.4
• /
• pp.202-208
• /
• 2020

Recently, the importance of non-face-to-face has been emphasized due to COVID-19, and the use of sharing spaces is also expanding. The use of uncontact check-in technology for access control of sharing spaces reduces waiting time and optimizes workers' efficiency, resulting in operational cost savings. In this paper, we propose a sharing space access management system based on a mobile key and RCU (Room Control Unit), access to the facility using a mobile key, and monitor the facility using an RCU. Proposal system is for shared accommodation, rental field (residence, sale-selling hotel), shared office, etc. when there is a one-time visitor on a specific day and time, the corresponding password is delivered to the mobile platform to expose and key the existing password. It is supported by a field-adaptive system that can reduce discomfort such as delivery. In order to test the operation of the proposed integrated system, tests were conducted according to scenarios to understand the overall status of the user's reservation, check-in, and check-out, and a 100% success rate was derived for each item by setting performance indicators to prove test reliability.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.150-153
• /
• 2007

본 논문에서는 라이브 시스템으로부터 패스워드를 획득하는 방법에 대해서 논하며, 이를 바탕으로 컴퓨터 관련범죄 발생 시 초기대응 과정 중에 사용할 수 있는 페이지파일 수집기를 구현하였다. 페이지파일 수집기를 이용하여 실 사용자들의 페이지파일을 수집하고 분석방법을 제시하였다. 또한 페이지파일로부터 어느 정도의 패스워드가 검출되는 가를 확인하였다. 이는 포렌식 수사에는 큰 도움을 줄 수 있지만, 포렌식 수사도구가 해킹을 위한 도구로 사용되었을 때에는 심각한 개인정보 유출을 야기할 수도 있다.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.