Mobile Password System for Enhancing Usability-Guaranteed Security in Mobile Phone Banking

  • SangJun Lee
  • SeungBae Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3597)


To use mobile phone banking, we have to input personal identification number, account password and security card number. When it comes to the time of using wireless public key infrastructure practically, it will be equipped with the four-stage password input system by adding the certificate password. In this paper, we introduce DAS4M(Dynamic Authentication System for Mobile phone user) password system where the password could prevent from being exposed to other people during inputting. To discuss and simulate the validity of the proposed system, we develop a mobile application which is operable on the WIPI mobile platforms. The proposed system enhances the exposure rate of the password compared to the incumbent mobile phone banking password input system up to more than 84 times. Moreover, through the experiment with the usability which has the tradeoff relationship with the password security in terms of input time, error rate and user response, we can observe that it does not make a big difference as a result.


Mobile Phone Smart Card Authentication System Mobile Phone User Mobile Banking 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    DaeHo, K. (ed.): Digital Convergence, Communication Books, Seoul (2004)Google Scholar
  2. 2.
    JiBum, J., HanJu, K.: Survey and analysis of mobile commerce. Weekly Technique Review 1139, ETRI (2004)Google Scholar
  3. 3.
    MahnYong, L., et al.: Cryptography and Application. Saengrung Publisher, Seoul (2002)Google Scholar
  4. 4.
    SeungBae, P., MoonSeol, K., SangJun, L.: Authenticated key exchange protocol secure against offline dictionary attack and server compromise. In: Li, M., et al. (eds.) GCC 2003. LNCS, vol. 3032, pp. 924–931. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    SeungBae, P., MoonSeol, K., SangJun, L.: User authentication protocol based on human memorable password and using ECC. In: Li, M., et al. (eds.) GCC 2003. LNCS, vol. 3032, pp. 1091–1094. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Security (CCS 1998), 122–131 (1998)Google Scholar
  7. 7.
    Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communication Review, ACM SIGCOMM 26(5), 5–20 (1996)CrossRefGoogle Scholar
  8. 8.
    Bellovin, S.M., Merrit, M.: Augmented encrypted key exchange: Password-based protocol secure against dictionary attack and password file compromise. In: ACM Security (CCS 1993), pp. 244–250 (1993)Google Scholar
  9. 9.
    Boyko, V., MacKenzie, P.P.S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)Google Scholar
  11. 11.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
  13. 13.
  14. 14.
    SeungBae, P., MoonSeol, K., SangJun, L.: New authentication systems. In: Li, M., et al. (eds.) GCC 2003. LNCS, vol. 3032, pp. 1095–1098. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    WIPI Specification,
  16. 16.
    SangJun, L.: A mobile application of client-side personalization based on WIPI platform. In: Zhang, J., He, J.-H., Fu, Y. (eds.) CIS 2004. LNCS, vol. 3314, pp. 903–909. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Ktf WIPI Emulator,

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • SangJun Lee
    • 1
  • SeungBae Park
    • 2
  1. 1.Department of Internet Information CommunicationShingyeong UniversityGyeonggi-doKorea
  2. 2.Department of Computer ScienceChodang UniversityMuanGun, JeonlanamDoKorea

Personalised recommendations