• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.19-25
• /
• 2004

This research develops an algorithm using image synthesis for a server to authenticate users and implements it. The server creates cards with random dots for users and distribute them to users. The server also manages information of the cards distributed to users. When there is an authentication request from a user, the server creates a server card based on information of the user' s card in real time and send it to the user. Different server card is generated for each authentication. Thus, the server card plays a role of one-time password challenge. The user overlaps his/her card with the server card and read an image(eg. a number with four digits) made up from them and inputs the image to the system. This is the authentication process. Keeping security level high, this paper proposes a technique to generate the image clearly and implements it.

• Journal of Advanced Navigation Technology
• /
• v.17 no.3
• /
• pp.314-325
• /
• 2013

Smartwork is future-oriented work-environment to bring swift business transaction and convenient for users. In domestic and foreign various countries, It's already prompting introduction of smartwork. Users process work to access frequently from the outside in smartwork that's a similar client/server environment to existing Cloud Computing environment. Necessary of user authentication is increasing to be solvable to security vulnerability because there is possibility that malware flows in and leaks company's confidential information by unauthorized users especially in smartwork environment. Therefore we propose User Authentication scheme based face recognition is applicable to smartwork environment to analyze established User Authentication scheme. environment.

• Journal of Internet Computing and Services
• /
• v.10 no.6
• /
• pp.229-239
• /
• 2009

To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.9
• /
• pp.89-96
• /
• 2021

In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al's authentication scheme, the Al-Saggaf et al's one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al's authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.83-91
• /
• 2012

Authentication schemes preserving user anonymity have first been proposed by Das et al, and most of user anonymity schemes provide user anonymity against outside attacks in the communication channel. In this paper, according to the increasing of personal information exposure incidents by server attack, we propose a new authentication scheme that provides user anonymity against server as well as one against outside attacks in the communication channel. Furthermore, the proposed authentication scheme provides traceability that remote server should be able to trace the malicious user and it also solves the problem of increasing computational load of remote server by solving weakness of wrong password input by mistake.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2002.11a
• /
• pp.588-591
• /
• 2002

P2P(Peer-to-Peer) can compose free network and take away center server function or problem about authentication is risen between each User because is opening network that can participate between each User weakening. We desire to authenticate request about service to user who is admited between each user to limit connection. Wish to admit Kerberos authentication mechanism to mechanism that can do information sharing safety in P2P environment to solve this in this treatise and design authentication mechanism.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.109-116
• /
• 2010

Due to the increasing interest and demands of user privacy, remote user authentication schemes using smart card has been researched in active. Recently, a lot of suggestion have been made in order to provide user's anonymity and trace a malicious user. In 2008, Kim et al. proposed a traceable anonymity authentication scheme. In 2009, Choi et al. pointed out that Kim's protocol was insecure against outsider attacker and proposed an improved scheme. But Kim's and Choi's schemes fail to provide the user's anonymity or compute some values in the protocol. In this paper, we analyse those problems and suggest two improved schemes to resolve those problems.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.5
• /
• pp.986-992
• /
• 2003

In this paper we challenge the user Authentication using Kerberos V5 authentication protocol in WPKI environment. this paper is the security structure that defined in a WAP forum and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a p개blem on the design that uses wireless public key-based structur and transmission hierarchical security back of a WAP forum, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Therefore, We offer authentication way solution that connected X.509 V3 with using WIM for complement an authentication protocol Kerberos V5 and its disadvantages.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.156-159
• /
• 2002

For the effective use of information in the information society, information should be protected and outflow of information by illegal users should be prevented. This study sets up user authentication policy, user authentication regulations and procedures for information protection and builds information protection key distribution center and encryption user Authentication system which can protect information from illegal users.

• Journal of the Semiconductor & Display Technology
• /
• v.19 no.2
• /
• pp.96-99
• /
• 2020

According to brilliant development of smart devices, many related services are being devised. And, almost every service is designed to provide user-centric services based on personal information. In this situation, to prevent unintentional leakage of personal information is essential. Conventionally, ID and Password system is used for the user authentication. This is a convenient method, but it has a vulnerability that can cause problems due to information leakage. To overcome these problem, many methods related to face recognition is being researched. Through this paper, we investigated the trend of user authentication through biometrics and a representative model for face recognition techniques. One is DeepFace of FaceBook and another is FaceNet of Google. Each model is based on the concept of Deep Learning and Distance Metric Learning, respectively. And also, they are based on Convolutional Neural Network (CNN) model. In the future, further research is needed on the equipment configuration requirements for practical applications and ways to provide actual personalized services.