DOI QR코드

DOI QR Code

A Framework of User Authentication for Financial Transaction based Multi-Biometrics in Mobile Environments

모바일 환경에서 다중 바이오인식 기반의 금융 거래를 위한 사용자 인증 프레임워크

  • 한승진 (경인여자대학교 e-비즈니스과)
  • Received : 2014.11.15
  • Accepted : 2014.12.01
  • Published : 2015.01.31

Abstract

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. Therefore, the existing single modality with single biometrics is critical when it expose. However in this paper, we use a multi-modality and multi-biometrics to authenticate between users and TTP or between users and financial institutions. Thereby, we propose a more reliable method and compared this paper with existed methods about security and performance in this paper.

바이오인식 기술은 기존의 PIN이나 패스워드와 달리 분실하거나 도용될 가능성이 적기 때문에 새로운 인증 수단으로 대체되고 있다. 그러나 바이오인식 정보는 PIN이나 패스워드 혹은 개인정보와 달리 노출되어 도용이 된다면 수정할 방법이 없다. 따라서, 기존의 단일 모달리티에 단일 바이오인식 정보처럼 노출이 되면 치명적인 방법이 아닌 다중 모달리티와 다중 바이오인식 정보를 사용하여 사용자와 TTP 혹은 금융기관 간 인증하도록 함으로써 본 논문은 보다 신뢰성있는 방법을 제안하고 기존의 방법과 보안 및 성능을 비교한다.

Keywords

References

  1. Woonho Jung, "A Trends of Mobile payments and alternative authentication certificate," http://www.t-town.co.kr:8080/images/Event/2014tech/5_tmonet_mobilepay.pdf, LG CNS, 14th, May, 2014.
  2. Seungjin Han, A Financial Security using Mobile Biometrics Application and Technology, Technical Report, KISA, March, 2014.
  3. Seungjin Han, "A Framework for Biometric Security based on OTP in Mobile Devices," Journal of The Korea Society of Computer and Information, Vol. 17, No. 4, pp. 121-127, Apr. 2012. https://doi.org/10.9708/jksci.2012.17.4.121
  4. M. Gordon and S. Sankaeanaeayanan, "Biometric Security Mechanism in Mobile Payments", Proc., of the 5th National Conference; INDIACom-2011, Computing For Nation Development, March 10-11, 2011.
  5. Bao, X, Wang, J. and Hu, J, "Method of Individual Identification based on Electroencephalogram Analysis", Proc., of 2009 International Conference on New Trends in Information and Service Science, pp. 390-393, Beijing, P.R.China, June 9-July 2, 2009.
  6. Nakanishi, I, Baba, S and Miyamoto, C, "EEG Based Biometric Authentication Using New Spectral Features", Proc., of 2009 International Symposium on Intelligent Signal Processing and Communication Systems, pp. 651-654, Kanazawa, Ishikawa, Japan, December 7-9, 2009.
  7. http://www.huffingtonpost.com/2011/10/19/face-unlock-ice-cream-sandwich_n_1020207.html
  8. Daugman, J, "How Iris Recognition Works", IEEE Transactions on Circuits and Systems for Video Technology, vol. 14, no. 1, pp. 21-30, Jan., 2004. https://doi.org/10.1109/TCSVT.2003.818350
  9. ITU-T, "A Guideline to Technical and Operational Countermeasures for Telebiometric Applications using Mobile Devices," Comm. 3rd Draft Recommendation ITU-T X.1087(X.tam)
  10. Namho, Kim, A Study on the Mobile OTP Key Creation Method using Biometrics Information, Doctoral dissertation, Computer science and Statistics of Chonnam Univ., Feb., 2013.
  11. Lin You, et. al., "Signature Systems on Smart Card with Keys Generated by Fingerprint," pp. 675-679, ICACT2006, Feb. 20-22, 2006.
  12. Chin-Ling Chen, Jinn-Ke Jan, and Chih-Feng Chien, "Using Mobile Device to Design A Secure Transaction," 2010 International Conference on Complex, Intelligent and Software Intensive Systems, IEEE, Krakow, 15-18 Feb. 2010.
  13. Josyula R. Rao, Pankaj Rohatgi, Helmut Scherzer and Stephane Tinguely, "Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards", Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002.
  14. W. Diffie and M. Hellman, "New Directions on Cryptography," IEEE Transactions on Information Theory, IT-22(6): pp. 644-654, Nov., 1976.
  15. Y. Zheng, D. K. He, X. H. Tang and, H. X. Wang, "AKA and Authtentication Scheme for 4G Mobile Networks Based on Trusted Mobile Platform", ICICS 2005, pp. 976-980, 2005.
  16. 3GPP TS 24.002, Release 4. GSM-UMTS public land mobile network access reference configuration, June, 2003.
  17. Jian Wang, Nan Jiang, "Secure Authentication and Authorization Scheme for Mobile Devices," Proceedings of ICCTA2009, 2009.