A Study on the Models of Internal system users Authentication considering Multi Factors

다중요소 기반의 내부 사용자 인증모델에 관한 연구

Lee, Jae-yun;Shim, Ho-sung;Han, Kyeong-Seok;Choi, Yong-Lak;Kim, Jong-bae

  • Received : 2015.06.16
  • Accepted : 2015.07.23
  • Published : 2015.08.20


Financial information systems play such a pivotal role in the financial institution services that are provided for a large customers on the basis of various information including the personal information. As for the personal information collected during the transactions in the financial information systems, huge efforts and investment have been made to protect previously them from being inappropriately misused or illegally used if they could be released. Unfortunately, the frequent accidents on the leakage of sensitive personal information have occurred recently not only by external service users but even by internal system users. Therefore, the aim of this study is to suggest a model of advanced two-channel authentication for internal users in order to increase the stability of financial information systems with enhanced security.


User Authentication;Information Leakage;Financial Information System;Justification


  1. Jae-yong Kim, A Study on Hone Network user Authentication by using A Certificate based on OTP, 2009.
  2. Seung-gu Yun, Enhanced techniques of internet banking security system using OTP, 2010.
  3. Yong-Jae Lee, Study on user authentication and e-banking system using a dual channel, 2011.
  4. Cheol-woo Jeong, Empirical studies on the user terminal authentication system for fraud prevention certificate, 2012.
  5. NIS, Industrial confidentiality Center, 2015.
  6. Je-gook Kim, An Empirical Study on Early Warning Model of Industrial Technology leakage in the Public Energy Sector, 2013.
  7. KFTC, Payment and information technology, current status and future prospects of authentication methods, pp. 31-69, 2011.
  8. Jae-sik Lee, Secure Internet Banking service model design and certification scheme, 2013.
  9. Prime minister's Directive, Information system access rights management provisions of the Administrative agency, 2013.
  10. FSC, Electronic banking supervisory regulations, 2013.
  11. FSC, Relapse prevention comprehensive measures of leakage of personal information of the financial sector, 2014.
  12. Bank of Korea, the payment system in Korea, 2009, 2014.
  13. KFTC, Payment and information technology, electronic banking security measures and OTP Usage, 2006.
  14. KFTC, Payment and information technology, safety analysis of Internet banking authentication means pp. 119-139, 2007.
  15. KFTC, Payment and Information Technology, 2012.
  16. KFTC, Certification means your major sectoral studies of electronic financial transactions, 2012.
  17. Eun-Jeong Choi, Chan-Oe Kim, Joo-Seok Song, Password-Based Authentication Protocol for Remote Access using Public Key Cryptography, Kiise, Vol. 30 No. 1, pp. 75-80, 2003.
  18. Sung-Woon Lee, Hyun-Sung Kim, Kee-Young Yoo. A Password - based Efficient Key Exchange Protocol. Kiise, Vol. 31 No. 4, pp. 347-352, 2004.
  19. Jonathan Penn, What To Look In Consumer Strong Authentication Solutions, Forester, 2005.
  20. FIPS 113. Computer Data Authentication. May, 19 1985.
  21. Phoenix Technologies, CS HAN. Trust connector. 2006.
  22. Forouzan. Cryptography and Network Security. McGraw-Hill, 2007.
  23. K. Renaud, M. Al-Fairuz, Multi-channel, Multi level Authentication for More Secure ebanking. 2010.7