DOI QR코드

DOI QR Code

User attribute verification method using user mobile dynamic information

  • Kim, Seok-Hun (Dept. of. Electronic Commerce, PaiChai University)
  • Received : 2018.12.07
  • Accepted : 2019.01.28
  • Published : 2019.01.31

Abstract

Various supplementary authentication methods are used to supplement user authentication and authorization provided by existing password verification online1. In recent years, authentication and authorization methods using user attribute information have been studied and utilized in various services. User attribute information can be divided into static information and dynamic information. The existing methods focus on research to identify users using dynamic information or to generate challenge questions for user reauthentication. Static information such as a user's home address, school, company, etc. is associated with dynamic information such as location information. We propose a method to verify user attribute information by using the association between two attribute information. For this purpose, the static information of the user is verified by using the user's location record which is dynamic information. The experiment of this paper collects the dynamic information of the actual user and extracts the static information to verify the user attributes. And we implemented the user attribute information authentication system using the proposal verification method and evaluated the utility based on applicability, convenience, and security.

CPTSCQ_2019_v24n1_145_f0001.png 이미지

Fig. 1. User’s location record using Google Map

CPTSCQ_2019_v24n1_145_f0002.png 이미지

Fig. 2. Screenshot of the user logging into the location-gathering application

CPTSCQ_2019_v24n1_145_f0003.png 이미지

Fig. 3. Location Permission Setting Screen

CPTSCQ_2019_v24n1_145_f0004.png 이미지

Fig. 4. Example of location information collect

CPTSCQ_2019_v24n1_145_f0005.png 이미지

Fig. 5. Location data in collected JSON format

Table 1. Verification attribute information by LoIP

CPTSCQ_2019_v24n1_145_t0001.png 이미지

Acknowledgement

Supported by : Pai Chai University

References

  1. H.Y. Youm, K. H. Kim, and S. H. Kim, "Guideline on Identity Proofing Management", TTA Journal, Vol. 167, pp.78-82, 2016
  2. K. H. Kim, D. H. Yoo, S. H. Kim, B. J. Yoon, and H. Y. Youm, Gap Analysis of ISO/IEC 29115 and ISO/IEC 29003 for Electronic Financial Services Environment in Korea, Review of Korean Society for Internet Information, Vol. 16, pp.65-69. 2015
  3. Y.J. Shin, S. H. Shin, J. Lee, and W. Han, "A Study on Improvement of Identification Means in R.O.K.", Journal of Korean Association forRegional Information Society, Vol.18, No. 4, pp.59-88, 2015.
  4. E. M. Underwood, J. E. Sullivan, and R. McGeehan, "Social age verification engine", U.S. Patent 8 671 453, Mar. 11, 2014.
  5. L. Li, X. Zhao, and G. Xue, "Searching in the dark: A framework for authenticating unknown users in online social networks", in Proc. Glob. Commun. Conf. (GLOBECOM), Anaheim, CA, USA, pp. 714-719. 2012
  6. James Clause, Wanchun Li, and Alessandro Orso. Dytan: A Generic Dynamic Taint Analysis Framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA '07, pages 196-206, New York, NY, USA, 2007. ACM.
  7. Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium, NDSS '11, San Diego, CA, February 2011.
  8. Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Clier, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. Information Flow Control for Standard OS Abstractions. In Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, pages 321{334, New York, NY, USA, 2007.
  9. Lok Kwong Yan and Heng Yin. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In Proceedings of the 21st USENIX Conference on Security Symposium, Security '12, pages 29{29, Berkeley, CA, USA, 2012.
  10. Rolland, C., Prakash, C., "Bridging the Gap Between Organisational Needs and ERP Functionality", RE Journal 5(3):180-193, Springer, 2000.