• ETRI Journal
• /
• v.39 no.1
• /
• pp.135-144
• /
• 2017

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self-proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self-creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user-based mobile payments with a paperless receipt.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.931-939
• /
• 2014

The Web or Mobile channel of previous Web access authentication system for a payment only provides the authentication of remote users, and does not provide the authentication between a user and a bank/financial institution. Therefore, this paper proposes the Transaction Certificate Mode(TCM) for a payment which can preserve the mutual authentication between a user and a bank/financial institution for Web-based payment systems. The proposed system has designed for wireless network instead of Secure Electronic Transaction (SET) designed for wired electronic transaction. In addition, this system with TCM is able to support an account-based transaction for wireless networks instead of a disadvantage of SET such as a card-based transaction for wired networks. Therefore, customers can check their balances without logging on their bank's web site again due to mutual authentication between a customer and his bank/financial institution.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.301-308
• /
• 2005

According to banking online transaction grows very rapidly, guarantee validity about business transaction has more meaning. To offer guarantee validity about banking online transaction efficiently, certificate status verification system is required that can an ieai-time offer identity certification, data integrity, guarantee confidentiality, non-repudiation. Existing real-time certificate status verification system is structural concentration problem generated that one node handling all transactions. And every time status verification is requested, network overload and communication bottleneck are occurred because ail useless informations are transmitted. it does not fit to banking transaction which make much account of real response time because of these problem. To improve problem by unnecessary information and structural concentration when existing real-time certificate status protocol requested , this paper handle status verification that break up inspection server by domain. This paper propose the method of real~time certificate status verification that solves network overload and communication bottleneck by requesting certification using really necessary Reduction information to certification status verification. And we confirm speed of certificate status verification $15\%$ faster than existing OCSP(Online Certificate Status Protocol) method by test.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.81-88
• /
• 2007

In on-line transaction, the transparency is the key factor for the taxation and customer's rights. Using the cash register concept of the off-line transaction, we studied on-line transaction register model for the e-commerce transparency. Although on-line transaction register may be used under the related e-commerce laws, in this paper, we only considered the mechanism of the register. The register issues the digital receipt, and then the receipt can be verified the validation by the models developed in this paper.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.618-620
• /
• 2010

We are using a certificate, OTP(One Time Password), Security Card etc. for safety on E-commerce. However, These are not perfectly protect Confidentiality, integrity, user authentication, and nonrepudiation. In this paper, we are proposed authentication scheme by certificate and OTP.

• Proceedings of the Korea Contents Association Conference
• /
• 2005.11a
• /
• pp.175-180
• /
• 2005

To data service is offered successfully including electronic commercial transaction in radio Internet, security problem should be solved. Security protocole for radio internet does certification and key exchange by leitmotif and designed because suppose WPKI(WAP Public Key Infrastructure) mainly and use certificate. Wish to discuss efficient certificate verification of PKI that consider radio surrounding hereupon.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.550-552
• /
• 2002

인증서기반의 인터넷뱅킹과 온라인증권거래에서, 금융거래 서비스 제공자는 많은 사용자의 인증서상태 검증이 요구된다. 금융거래 서비스는 사용자 인증서상태를 실시간의 검증이 보장되어야 한다. 인증서 상태 검증을 위해 기존의 CRL(Certificate Revocation List), Delta CRL, Freshest CRL과 실시간 인증서상태 검증을 위하여 OCSP(Online Certificate Status Protocol)의 표준이 제안된 바 있다. 실시간성과 검증속도는 상호 대비되기 때문에 응용프로그램의 특성을 고려하여 인증서상태 검증방법을 채택한다. 본 논문에서는 CRL의 갱신되기 이전의 폐지에 대하여 실시간으로 전송하는 시스템을 설계한다. 제안하는 인증서폐지 전송서버는 서명자의 검증자 리스트를 관리하여 금융거래 사용자가 CA에 폐지를 요청하면 사용자가 이용하는 금융거래 서비스 제공자들에게 실시간으로 폐지를 고지한다. 본 논문은 CRL 생성이후 갱신까지의 인증서 폐지정보를 검증자에게 전송하여 인증서의 실시간 상태정보를 유지하면서 OCSP보다는 검증속도를 향상시켜 금융거래 환경에서 향상된 효율성을 제공한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.63-74
• /
• 2011

Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.139-149
• /
• 2023

CBDC has characteristics similar to e-payments in which all records are kept by logs, so it is difficult to satisfy the anonymity level of cash. Therefore, in this study, the CBDC model that encrypts all transaction contents using the Diffie-Hellman key sharing algorithm was presented to enhance anonymity. The proposed model provides unlinkability anduntraceability. In addition, a CBDC certificate that uses pseudonym is used. Through this certificate, illegal transactions that require tracking can be tracked later by authorized institutions.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.