Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Models of Internal system users Authentication considering Multi Factors

다중요소 기반의 내부 사용자 인증모델에 관한 연구

  • Lee, Jae-yun (IT Policy and Management Dept. Graduate School of Software, Soongsil University) ;
  • Shim, Ho-sung (IT Policy and Management Dept. Graduate School of Software, Soongsil University) ;
  • Han, Kyeong-Seok (IT Policy and Management Dept. Graduate School of Software, Soongsil University) ;
  • Choi, Yong-Lak (Graduate School of Software, Soongsil University) ;
  • Kim, Jong-bae (Graduate School of Software, Soongsil University)
  • Received : 2015.06.16
  • Accepted : 2015.07.23
  • Published : 2015.08.20
Download PDF
⟨ Previous Next ⟩

Abstract

Financial information systems play such a pivotal role in the financial institution services that are provided for a large customers on the basis of various information including the personal information. As for the personal information collected during the transactions in the financial information systems, huge efforts and investment have been made to protect previously them from being inappropriately misused or illegally used if they could be released. Unfortunately, the frequent accidents on the leakage of sensitive personal information have occurred recently not only by external service users but even by internal system users. Therefore, the aim of this study is to suggest a model of advanced two-channel authentication for internal users in order to increase the stability of financial information systems with enhanced security.

금융정보시스템은 다수의 거래고객과 다양한 정보를 기반으로 서비스를 제공하는 특징이 있다. 금융관련 고객 정보는 유출시 불법적인 목적으로 사용될 수 있어, 이를 사전에 방지하고자 많은 투자와 노력을 기울인다. 고객 정보 유출은 외부 서비스 이용자에 의한 유출은 물론 내부 정보시스템 사용자에 의해서도 빈번히 발생하고 있다. 이에 본 연구에서는 2채널을 이용한 강화된 내부 사용자 인증모델을 제시하여 금융정보시스템의 안정적 운영을 도모하고자 한다.

Keywords

References

  1. Jae-yong Kim, A Study on Hone Network user Authentication by using A Certificate based on OTP, 2009.
  2. Seung-gu Yun, Enhanced techniques of internet banking security system using OTP, 2010.
  3. Yong-Jae Lee, Study on user authentication and e-banking system using a dual channel, 2011.
  4. Cheol-woo Jeong, Empirical studies on the user terminal authentication system for fraud prevention certificate, 2012.
  5. NIS, Industrial confidentiality Center, 2015.
  6. Prime minister's Directive, Information system access rights management provisions of the Administrative agency, 2013.
  7. FSC, Electronic banking supervisory regulations, 2013.
  8. FSC, Relapse prevention comprehensive measures of leakage of personal information of the financial sector, 2014.
  9. Bank of Korea, the payment system in Korea, 2009, 2014.
  10. KFTC, Payment and information technology, electronic banking security measures and OTP Usage, 2006.
  11. KFTC, Payment and information technology, safety analysis of Internet banking authentication means pp. 119-139, 2007.
  12. KFTC, Payment and Information Technology, 2012.
  13. KFTC, Certification means your major sectoral studies of electronic financial transactions, 2012.
  14. Eun-Jeong Choi, Chan-Oe Kim, Joo-Seok Song, Password-Based Authentication Protocol for Remote Access using Public Key Cryptography, Kiise, Vol. 30 No. 1, pp. 75-80, 2003.
  15. Sung-Woon Lee, Hyun-Sung Kim, Kee-Young Yoo. A Password - based Efficient Key Exchange Protocol. Kiise, Vol. 31 No. 4, pp. 347-352, 2004.
  16. Jonathan Penn, What To Look In Consumer Strong Authentication Solutions, Forester, 2005.
  17. FIPS 113. Computer Data Authentication. May, 19 1985.
  18. Phoenix Technologies, CS HAN. Trust connector. 2006.
  19. Forouzan. Cryptography and Network Security. McGraw-Hill, 2007.
  20. K. Renaud, M. Al-Fairuz, Multi-channel, Multi level Authentication for More Secure ebanking. 2010.7
  21. KFTC, Payment and information technology, current status and future prospects of authentication methods, pp. 31-69, 2011.
  22. Jae-sik Lee, Secure Internet Banking service model design and certification scheme, 2013.
  23. Je-gook Kim, An Empirical Study on Early Warning Model of Industrial Technology leakage in the Public Energy Sector, 2013.

Cited by

  1. 스마트폰을 이용한 사용자 인증 메커니즘 vol.21, pp.2, 2015, https://doi.org/10.6109/jkiice.2017.21.2.301