• Review of KIISC
• /
• v.24 no.3
• /
• pp.27-35
• /
• 2014

사용자 식별 번호(personal identification number: PIN)는 은행 계좌, 신용카드, 스마트폰, 도어락 등 다양한 응용에서 널리 활용되는 사용자 인증 수단이나, 전통적으로 사용되어 온 PIN 입력 방식은 PIN을 입력하는 과정을 어깨 너머로 지켜본 공격자가 이를 기억하여 그대로 입력에 사용하는 엿보기 공격 등 안전성에 많은 문제점을 가지고 있다. 본 고에서는 이러한 문제점을 해결하기 위한 그동안의 연구 결과들을 살펴보고, 향후 안전한 PIN 입력 방식의 연구에서 고려되어야 할 요소들을 도출한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.334-336
• /
• 2004

국내 전자상거래 제품과의 호환성과 확장성을 위하여 국내 전자서명 표준인 KCDSA(Korean Certificate-based Digital Signature Algorithm) 메커니즘을 PKCS(Public Key Cryptographic Standard) #11 암호 API(Application Programming Interface)에 기능을 추가한다. PKCS #11에서 정의한 키 관리(Hey Management) 함수의 입력 파라미터에 암호화할 키를 바로 입력하면 변조된 키를 전달할 수 있으므로, 본 논문에서는 안전한 키보호(Key Protection) 함수를 새로 정의하여 암호화할 키 대신 사용자 PIN(Personal Identification Number: 패스워드) 입력하여 사용자의 KCDSA 개인키와 공개키를 보다 더 안전하게 보관하고자 한다.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.111-115
• /
• 2023

Knowledge Based Authentication is the most well-known technique for user authentication in a computer security framework. Most frameworks utilize a straightforward PIN (Personal Identification Number) or psssword as an data authenticator. Since password based authenticators typically will be software based, they are inclined to different attacks and weaknesses, from both human and software.Some of the attacks are talked about in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.145-185
• /
• 2007

A resident registration number is used to confirm and prove his/her identity in a government/non-governmental agency. It is a essential requirement to become the registered member on internet website in Korea. It is serious problem that the resident registration number and name are outflowed in internet and misused by others. So the MIC(Ministry of Information and Communication) in Korea plans and operates the identification system using I-PIN that integrate 5 alternative methods of resident registration number. In this paper, we analyze the problem about the method of 5 I-PIN services and show the security analysis on the implementation vulnerabilities of I-PIN services. we also analyze 17 websites that provides identification system using I-PIN. Finally, we analyze the overall problem of I-PIN service and propose the countermeasure about the problem.

• Journal of Korea Multimedia Society
• /
• v.8 no.6
• /
• pp.761-767
• /
• 2005

The personal identification procedure through the fingerprints is divided as the classification process by the type of the fingerprints and the matching process to confirm oneself. Many existing researches for the classification and the matching of the fingerprint depend on the number of the minutiae of the fingerprints and the flow patterns by their direction information. In this paper, we focus on extracting the singular points by using the flow patterns of the direction information from identification. The extracted singular points are utilized as a standard point for the matching process by connecting with the extracted information from the singular point embodied. The orthogonal coordinates which is generated by the axises of the standard point can increase the accuracy of the fingerprints matching because of minimizing the effects on the location changes of the fingerprint images.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.6 no.1
• /
• pp.48-54
• /
• 2011

As personal or compact devices with image acquisition functionality are becoming easily available for common users, the voluminous images that need to be managed by image related services or systems demand efficient and effective methods in the perspective of image identification. The objective of image identification is to associate an image with a unique identifier. Moreover, whenever an image identifier needs to be regenerated, the newly generated identifier should be consistent. In this paper, we propose three image identifier generation methods utilizing image features: linear component, luminance area, and combination of both features. The linear component based method exploits the information of distribution of partial lines over an image, while the luminance area based method utilizes the partition of an image into a number of small areas according to the same luminance degree. The third method is proposed in order to take advantage of both former methods. In this paper, we also demonstrate the experimental evaluations for uniqueness and similarity analysis that have shown favorable results.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.681-689
• /
• 2015

Personal information includes information about a living human individual. It is the information identifiable through name, resident registration number, and image, etc. Personal information which is collected by institutions can be wrongfully used, because it contains confidential information of an information object. In order to prevent this, a method is used to remove personal identification elements before distributing and sharing the data. However, even when the identifier such as the name and the resident registration number is removed or changed, personal information can be exposed in the case of a linking attack. This paper proposes a new anonymization technique to enhance data utility. To achieve this, attributes that are utilized in service tend to anonymize at a low level. In addition, the anonymization technique of the proposal can provide two or more anonymized data tables from one original data table without concern about a linking attack. We also verify our proposal by using the cooperative game theory.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2109-2114
• /
• 2017

Personal Identification Number (PIN) is the most common user-authentication method for the access control of private and commercial applications. The users need to enter PIN information to the applications whenever the users get access to the private services. However, the process imposes a burden on the users and is vulnerable to the potential shoulder-surfing attacks. In order to resolve both problems, we present a continuous authentication method for both smartphone and smartwatch, namely, synchronized authentication. First we analyze the previous smartwatch based authentication and point-out some shortcomings. In the proposed method, we verify the validity of user by analyzing the combined acceleration data of both smartphone and smartwatch. If the monitored sensor data shows the high correlations between them, the user is successfully authenticated. For the authentication test, we used the Samsung Galaxy Note5 and Sony Smartwatch2.

• Journal of the Society of Naval Architects of Korea
• /
• v.46 no.6
• /
• pp.631-640
• /
• 2009

The highest priority of the cruise trip is the safety and comfort of its passengers. Though the cruise lines take every appropriate measure to ensure that their Passengers are safe and experience enjoyable vacations it is hard to fulfill all passenger's personnel requirement with limited number of crews. Generally, each passenger is issued an identification card which contains their digital photo and personal identification information on a magnetic strip that he or she must present when entering or leaving the ship. This technology allows the ship to know which Passengers and crew members are on board and which are not. However, this system has some limitations of functions and usage. To support each passenger as his or her personal liking, additional number of crews or some kind of new system is needed. In this paper, the crew support system based on sensor network using wireless and wired communication technologies was studied. To design the system, PLC(Power Line Communication) system and ZigBee based passenger location recognition, classification system has studied experimentally. By using this system, crews can serve passengers more closely and personally with less effort.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.