• ETRI Journal
• /
• v.39 no.1
• /
• pp.135-144
• /
• 2017

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self-proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self-creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user-based mobile payments with a paperless receipt.

• Journal of Digital Contents Society
• /
• v.14 no.1
• /
• pp.81-88
• /
• 2013

The increase of the smartphone users has popularized the mobile payment and the mobile credit card users are rapidly getting increased. The mobile credit cards that currently used provide its users with the service through downloading mobile credit card information into USIM. The mobile credit card saved in USIM has the minimized information for the security and is based on PKI. However certificate-based payment system has a complicated procedure and costs a lot of money to manage the certificates and CRL(Certificate Revocation List). Furthermore, It can be a obstacle to develop local e-commerce in Korea because it is hard for foreigners to use them. We propose the secure and efficient mobile credit card payment protocol based on certificateless signcryption which solve the problem of certificate use.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.931-939
• /
• 2014

The Web or Mobile channel of previous Web access authentication system for a payment only provides the authentication of remote users, and does not provide the authentication between a user and a bank/financial institution. Therefore, this paper proposes the Transaction Certificate Mode(TCM) for a payment which can preserve the mutual authentication between a user and a bank/financial institution for Web-based payment systems. The proposed system has designed for wireless network instead of Secure Electronic Transaction (SET) designed for wired electronic transaction. In addition, this system with TCM is able to support an account-based transaction for wireless networks instead of a disadvantage of SET such as a card-based transaction for wired networks. Therefore, customers can check their balances without logging on their bank's web site again due to mutual authentication between a customer and his bank/financial institution.

• Journal of KIISE:Information Networking
• /
• v.31 no.4
• /
• pp.405-413
• /
• 2004

Design an efficient and secure electronic payment system is important for M-Commerce. In this paper, we propose an efficient Micro-Payment Protocol that allows multiple transactions using ID-based public key cryptosystem. Current PayWord system requires to generate certificate of the vendor for each transaction. In this paper, we use a session key instead of certificate key generated by Weil Pairing which use an Elliptic Curve Cryptosystem over finite field $F_q$ for transactions Therefore, it is more secure in Known key attacks as well as Man-in-the-middle attacks.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.51-62
• /
• 2019

Recently, as the number of Smart Phone users increase, the simple payment system has been able to make payments using only card information such as a registered password without extra authorized certificate authentication or input of card information. In this paper, it will examine and analyze simple payment system provided by IT companies and financial institutions and the simple payment system that operates global online payment system by case view of operational direction. Then with this examination, it will study ways to improve the problems with terms of convenience and stability in terms of users. In this paper, it will analyze the inconvenient problem in using the QR code system that recently introduced and will propose solutions. Also, it will propose suggestions to solve inconvenience that caused by system that supports NFC simple payment terminal in Korea is not universalize by analyze case study on the overseas simple payment system. It will also propose opinions on the matters that customer having responsible for event of a small financial accident related to loss or theft when using the simple payment system. Then it will suggest expected requirements to prepare new security technical countermeasures and solve the conditions of meeting expectation satisfaction of users.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.199-206
• /
• 2003

one of the representative micropayment protocols. The original PayWord system is designed for a user who generates paywords by performing hash chain operation for payment to an only designated vendor. In other words, a user has to create new hash chain values in order to establish commercial transactions with different vendors on the Internet. Therefore, we suggest an efficient scheme that is able to deal with business to different vendors by using only one hash chain operation to supplement this drawback. In this proposed system, a broker creates a new series of hash chain values along with a certificate for the user's certificate request. This certificate is signed by a broker to give authority enabling a user to generate hash chain values. hew hash chain values generated by a broker provide means to a user to do business with multiple vendors.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.189-199
• /
• 2005

Now it is increasing the necessity for micropayment system according to activation for trade on internet. Because of the reason, it is requesting safety for personal information as well as for payment cost. But current micropayment systems cannot support anonymity or have heavy overheads in payment process. This paper suggests a micropayment system to keep anonymity of users and also to keep payment cost safe. The proposed system is to use blind signature anonymous ID which is combined nonce with an encryption of personal information. It also keeps payment cost of users by reconfirmation payment cost and product from certification and increases the computational efficiency by using secret key and session key instead of public key.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.58
• /
• pp.179-213
• /
• 2013

While a performance type guarantee is required as a security for non-performance risk by a seller, a payment guarantee is used as a security for non-payment risk by a buyer(or a borrower in a loan agreement). A payment guarantee is a type of independent bank guarantee, bank guarantee, bond, demand guarantee, or standby letter of credit. A guarantor accepts a credit risk of a principal which is normally a buyer in a contract for sale of goods. A payment guarantee is independent of the underlying relationship between the applicant and the beneficiary. The guarantor is only empowered to examine the beneficiary's demand and determine the payment on its face to the terms of the guarantee. A payment guarantee is thus different from a suretyship. The principle of independence carries a significant advantages for a guarantor as well as for a beneficiary. While a documentary credit requires B/L, commercial invoice, packing list, inspection certificate, etc., a typical payment guarantee does not require any evidence for a seller's performance of the underlying contract other than written demand. In this respect payment guarnatee can be a more secured facility than a documentary credit. A payment guarantee normally comes into force from the issuing date and shall remain in effect until all sums guaranteed shall be paid in full by a buyer(or a borrower) or by a guarantor. Although a guarantor shall pay a demand made in accordance with the terms and conditions of the payment guarantee, a payment demand may be denied when it is determined to be abusive or unfair.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.73-82
• /
• 2015

Thanks to popularization of smart phone, mobile payment market is growing rapidly. As the obligatory use of digital certificate is abolished, easy-to-use payment that can settle with only password is being launched one after another. But its spreading speed is not fast highly. Because of concern about personal information leakage and security, unchangeability of payment habit, insufficiency of consumer protection, inadequacy of payment infrastructure and all sorts of regulations, easy-to-use payment is not activated. Recently global IT companys are entering mobile payment market competitively. It is because the sense of crisis that their survival can be dangerous from now on if they get left behind Fintech innovation and the mentality that they try to take the leadership of mobile payment market process. In this situation, the thorough preparation and a lot of effort are required to promote our autonomous easy-to-use payment growth without dependance on foreign country's. In this paper, the problems of local mobile easy-to-use payment are addressed in depth and the activation measures such as flexible and discriminative security, construction of customer protection system, law system maintenance, service differentiation are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.753-773
• /
• 2019

CV(Connected Vehicle) technology provides safety-related services and user convenience-related services to vehicle. Safety-related services can cause privacy problem by continuously transmitting vehicle information to nearby vehicles or base stations. Therefore, safety-related services should provide vehicle anonymity for privacy protection. However, if convenience-related services such as payment services fail to provide vehicle anonymity, driver information related to safety-related services may also be leaked. In this paper, we design a payment protocol based on ECQV(Elliptic Curve Qu-Vanstone) impicit certificate and group signature that provides BU-anonymity and traceability. The proposed payment protocol makes it impossible to track vehicles from payment transactions history by separating roles of payment system components. Moreover, we define the security requirements that the vehicle payment protocol must satisfy and show that the protocol satisfies the requirements.