• Journal of the Korea Computer Industry Society
• /
• v.7 no.3
• /
• pp.199-204
• /
• 2006

M-commerce protocols have usually been developed using informal design and verification techniques. However, many security protocols thought to be secure was found to be vulnerable later. With the rise of smart card's usage, mobile e-commerce services with CEPS which is one of e-commerce transaction standards has been increased. In this paper, we describe a methodology to analyze the security of e-commece protocols and identify the security vulnerability of the CEPS based good purchase and e-money load protocols using formal verification technique. Finally, we discuss a countermeasure against the vulnerability in the purchase transaction protocol.

• The Journal of Industrial Distribution & Business
• /
• v.9 no.6
• /
• pp.77-85
• /
• 2018

Purpose - The purpose of this study is to subdivide trade transaction-centered structure in a logistics/distribution industry system to apply blockchain, to establish and resolve with which types of technology, and to provide policy direction of government institution and technology to apply blockchain in this kind of industry. Research design, data, and methodology - This study was conducted with previous researches centered on cases applied in various industry sectors on the basis of blockchain technology. Results - General fields of blockchain application include digital contents distribution, IoT platform, e-Commerce, real-estate transaction, decentralized app. development(storage), certification service, smart contract, P2P network infrastructure, publication/storage of public documents, smart voting, money exchange, payment/settlement, banking security platform, actual asset storage, stock transaction and crowd funding. Blockchain is being applied in various fields home and abroad and its application cases can be explained in the banking industry, public sector, e-Commerce, medical industry, distribution and supply chain management, copyright protection. As examined in the blockchain application cases, it is expected to establish blockchain that can secure safety through distributed ledger in trade transaction because blockchain is established and applied in various sectors of industries home and abroad. Parties concerned of trade transaction can secure visibility even in interrupted specific section when they provide it as a base for distributed ledger application in trade and establish trade transaction model by applying blockchain. In case of interrupted specific section by using distributed ledger, blockchain model of trade transaction needs to be formed to make it possible for parties concerned involved in trade transaction to secure visibility and real-time tracking. Additionally, management should be possible from the time of contract until payment, freight transfer to buyers through land, air and maritime transportation. Conclusions - In order to boost blockchain-based logistics/distribution industry, the government, institutionally, needs to back up adding legal plan of shipping, logistics and distribution, reviewing standardization of electronic switching system and coming up with blockchain-based industrial road maps. In addition, the government, technologically, has to support R&D for integration with other high technology, standardization of distribution industry's blockchain technology and manpower training to expand technology development.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1992.11a
• /
• pp.257-266
• /
• 1992

지금까지는 데이터의 무결성 보장을 위해 데이터베이스의 개념적 설계단계에서 트랜잭션 모델링은 데이터의 무결성 성질만을 언급하였고 보안 성질은 표현하지 못하였다. 또한, 데이터 모델에서 데이터의 동적 성질을 모델링하는 트랜잭션은 데이터의 무결성을 완전히 보장하기 어려웠다. 응용영역의 효과적인 분석과 설계를 위해서는 데이터 모델링에서 객체, 속성, 관련성 등과 같은 정적 성질 반만 아니라 데이터의 무결성과 보안성을 보장하는 동적 성질의 모텔링이 필요하다. 본 논문은 데이터의 무결성과 보안성 정보를 표현하는 보안 객체 관련성 Secure Object-Relationship Model: SOREM)에서 보안성이 첨가되어 자동으로 생성되는 기본 연산을 바탕으로 응용 트랜잭션을 모델링 하는 방법을 제시한다. 또한, 보안 트랜잭션 모델링 과정을 정확하고 용이하게 수행하기 위한 보안 트랜잭션 정의언어(Secure Transaction Definition Language : STDL)를 사용하여 보안 트랜잭션 모델링 자동화 도구를 X 윈도우 환경에서 설계 및 구현하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.3
• /
• pp.1350-1355
• /
• 2011

It is very important issues to protect many system resources using authorized client authentication in distributed client server systems. So it is not enough to prevent unauthorized opponents from attacking our systems that client authentication is performed using only the client's identifier and password. In this paper, we propose a secure authentication database modeling with two authentication keys such as a client authentication key and a server authentication key. The proposed authentication model can be used making high quality of computer security using two authentication keys during transaction processing. The two authentication keys are created by client and server, and are used in every request transaction without user's extra input. Using the proposed authentication keys, we can detect intrusion during authorized client's transaction processing because we can know intrusion immediately through comparing stored authentication keys in client server systems when hackers attack our network or computer systems.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.29-36
• /
• 2013

To accommodate the rapid growth of e-commerce transactions, non-face-to-face transactions, businesses use a wide variety of payment methods. However, many of these payment mediums are not secure as shown by increases in fraudulent transactions. In this paper, we analyze a particular e-commerce transaction medium, the Safety Transaction Service (STS). This system protects consumers through a wide variety of safeguards: safety settlement systems (escrow), consumer damage compensation insurance, payment guarantee, and secure bank settlement. In contrast to the safeguards, we identify the limitations and concerns with the STS and potential legal and political improvements. The plethora of payment methods limits the consumers ability to distinguish between the secured and unsecured transaction services. Regulation and consumer based verification of transaction services are essential to root out dangerously fraudulent systems. We propose the development of specific standards to these systems, in particular the need for consumer confirmation and clear settlement documentation. Only through the active promotion of scrutiny and improvement to STS will consumers be protected in e-commerce.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.4
• /
• pp.65-71
• /
• 2019

IAs smart device penetration rate is more than 90%, mobile transaction ratio using smart device is increasing. Smart contracts are used in various areas of real life including smart trading. By applying smart contracts to the platform for smart transactions through block-chain technology, the threat of hacking or forgery can be reduced. However, various threats to devices in smart transactions can pose a threat to the use of block chain Etherium, an important element in privilege and personal information management. Smart contract used in block chain Ethereum includes important information or transaction details of users. Therefore, in case of an attack of privilege elevation, it is very likely to exploit transaction details or forge or tamper with personal information inquiry. In this paper, we propose a detection and countermeasure method for privilege escalation attack, which is especially important for block chain for secure smart transaction using block chain Ethereum. When comparing the results of this study with the results of similar applications and researches, we showed about 12~13% improvement in performance and suggested the future countermeasures through packet analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.15-28
• /
• 1999

In Multilevel Secure Database Management System(MLS/DBMS), we assume that system has a security clearance level for each user and a classification level for each data item in system and the objective of these systems is to protect secure information from unauthorized user. Many algorithms which have been researched have focus on removing covert channel by modifying conventional lock-based algorithm or timestamp-based algorithm. but there is high-level starvation problem that high level transaction is aborted by low level transaction repeatedly. In order to solve this problem, we propose an algorithm to reduce high-level starvation using dynamic adjustment of serialization order, which is basically using orange lock. Because our algorithm is based on a single version unlike conventional secure algorithms which are performed on multiversion, it can get high degree of concurrency control. we also show that it guarantees the serializability of concurrent execution, and satisfies secure properties of MLS/DBMS.

• Journal of Arbitration Studies
• /
• v.14 no.1
• /
• pp.3-28
• /
• 2004

The implementation of electronic transaction raises some new legal and institutional problem so it is necessary for us to prepare alternatives. As the development of electronic transaction is difficult without smooth settlement of dispute the pursue of smooth settlement of dispute is very important menu. while the most common method relating to the settlement of dispute is litigation. them relating to the litigation, the subject of governing law so jurisdiction and the subject of governing laws should be resolved above all. Further more in addition, the old act prior act was regarded as insufficient in that it lacked rules on international governing law to adjudicate, or international adjudicatory governing law, where as the expectation of the public was that the private international law should function as the basic law of the legal relational encompassing rules on governing law given the increase of It international disputes. for the move the private international law has also attracted more attention from the korean. Therefore, governing law to application concerned about electronic transaction should be prepared and the environment to keep electronic transaction secure and stable be guaranteed. And we should make plans to protect companies and consumers and should make efforts to expand electronic transaction infrastructure .

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.6
• /
• pp.492-500
• /
• 2013

The One-Time Password(OTP) Generator is used as a multi-factor authentication method to ensure secure transaction during e-Financial transaction in the bank and securities company. The OTP based e-Financial Transaction Verification Protocol ensures secure e-financial transaction through confirming the user's identity using OTP authentication information and counters not only Man-in-the-Browser(MITB) attacks but also memory hacking attacks. However, it is possible to generate correct OTPs due to potential of stealing sensitive information of the OTP generator through intelligent phishing, pharming, social engineering attacks. Therefore, it needs another scheme to prevent from above threats, and this paper proposes advanced scheme using Physical Unclonable Functions(PUFs) to solve these problems. First, it is impossible to generate the same OTP values because of the hysically unclonable features of PUFs. In addition, it is impossible to clone OTP generator with hardware techniques. Consequently, the proposed protocol provides stronger and more robust authentication protocol than existing one by adding PUFs in the OTP generator.