Information Systems Review (경영정보학연구)

The Korea Society of Management Information Systems (한국경영정보학회)
권호 표지

Development and Application of a Digital Certificate Classification Framework: A Configuration Perspective

디지털 인증 분류 프레임워크의 개발과 적용: 상황적 관점

  • Published : 2009.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we review digital certificate technologies and their applications in e-commerce. Current digital certificate technologies are evaluated and their importance is explained. The configuration of certificate flows from providers to users through software, hardware, and network technologies is described. These five domains and the configuration of digital certificate flows guide our review of the characteristics of digital certificates. We then develop a framework for the classification of digital certificates that integrate these five domains with VeriSign's types and levels of assurance. In order to demonstrate the adequacy of our digital certificate classification framework, we populated it with VeriSign's digital certificates. Within each domain, VeriSign's classes of digital certificates are classified in accordance with the VeriSign type and level of assurance. The results of our analysis suggest that the framework is a useful step in developing a taxonomy of digital certificate technologies. The strengths and weaknesses of the study are discussed, and opportunities for further research are identified and discussed.

본 논문은 현재 전자거래에서 폭넓게 활용되고 있는 디지털인증 기술에 대하여 초점을 집중하고 있다. 즉, 현재 다양하게 활용되고 있는 디지털인증 기술들을 체계적으로 분류하기 위한 프레임워크의 개발과 적용 그리고 시사점에 대하여 고찰하였다. 먼저, 본 연구에서는 디지털 인증의 상황적인 흐름을 제공자에서부터 사용자까지 소프트웨어, 하드웨어, 네트워크 측면으로 구분하여 제시하였다. 이어서, 디지털인증의 다섯 가지 구성요소와 주요 요소기술 클래스 그리고 인증유형과 수준에 근거하여 디지털인증 분류 프레임워크를 개발하였다. 본 연구에서 개발된 디지털인증 분류 프레임워크를 베리사인의 디지털 인증 메커니즘에 적용하여 그 유용성을 검증하였다. 실제 사례에 본 연구에서 개발한 디지털인증 분류 프레임워크를 적용한 결과 디지털 인증 기술의 세부적인 분류와 응용을 이해하는데 유효하다는 것을 알 수 있었다. 마지막으로 본 연구의 강점과 약점 그리고 시사점 및 향후 연구 방향에 대하여 논의하였다.

Keywords

References

  1. Aladdin, Using EntrustTM Digital Certificates with eToken, 2001, www.eAladdin.com
  2. Bosworth, K. P. and N. Tedeschi, "Public Key Infrastructures-The Next Generation", BT Technology Journal, Vol.19, No.3, July 2001, pp. 44-59 https://doi.org/10.1023/A:1011982014166
  3. Chau, J., "Digital Certificates-Is Their Importance Underestimated?", Computer Fraud and Security, December 2005, pp. 14-16
  4. Chheda, N., The Governing Dynamics of Digital Certificates: The Evaluation of the Adoption of Digital Certificates in the E-Business Environment., Temple University, Fox School of Business, Unpublished research, 2004
  5. Cisco Systems, Inc., "Certificate Server: Simplifying IPSec VPN Deployment with Digital Certificates", Data Sheet, 2003, pp. 1-2
  6. Gerck E., "Overview of Certification Systems: X. 509, PKIX, CA, PGP and SKIP", THE BELL, Vol.1, No.3, July 2000, pp. 3-8, (continued on http://www.thebell.net/papers/certover.pdf)
  7. Gerck, E., Comparison of Secure E-Mail Technologies X.509/PKI, PGP, and IBE. ICFAI University Press, 2007, pp. 171-196
  8. Hancock, B., "Digital Certificates Get Creative", Computers and Security, Vol.19, No.6, 2000, pp. 480-482 https://doi.org/10.1016/S0167-4048(00)06006-5
  9. Hunt, R., "Technological Infrastructure for PKI and Digital Certification", Computer Communications, Vol.24, 2001, pp. 1460-1471 https://doi.org/10.1016/S0140-3664(01)00293-6
  10. IdenTrust, IdenTrust ECA Digital Certificates, The IdentTrust ECA Program, 2007
  11. Jaweed, S., "Could There Ever Be a Unitary Digital Certificate?", Information Security Technical Report, Vol.8, No.3, 2003, pp. 36-44 https://doi.org/10.1016/S1363-4127(03)00305-4
  12. Josang, A., D. Povey, and A. Ho, "What You See is Not Always What You Sign", In the proceedings of AUUG2002, Melbourne, September 2002. Vol.4, No.6
  13. Laudon, K. C. and P. Jane, Management Information Systems, Prentice-Hall, Inc., 2002
  14. Levi, A., and C. K. Koç6, "Inside Risks: Risks in Email Security", Communications of the ACM, Vol.44, No.8, August 2001, p. 112 https://doi.org/10.1145/381641.381666
  15. Lioy, A., M. Marian, M. Moltchanova, and M. Palapast, "PKI Past, Present and Future", Vol. 5, No.1, January 2006, pp. 18-29
  16. Lopez, J., R. Oppliger, and G. Pernul, "Why Have Public Key Infrastructures Failed so Far?", Internet Research, Vol.15, No.5, October 2005, Emerald, Bradford, England
  17. Mott, S., "The Second Generation of Digital Commerce Solutions", Computer Networks, Vol.32, 2000, pp. 669-683 https://doi.org/10.1016/S1389-1286(00)00024-4
  18. McKnight, D. H., V. Choudhury, and C. H. Kacmar, "Developing and Validating Trust Measures for e-Commerce: An Integrative Typology", Information Systems Research, Vol.13, No.3, September 2002, pp. 334-359 https://doi.org/10.1287/isre.13.3.334.81
  19. Nambiar, S., C. H. Lu, and L. R. Liang, "Analysis of Payment Transaction Security in Mobile Commerce", Information Reuse and Integration, Proceedings of the 2004 IEEE International Conference, Vol.8, No.10, 2004, pp. 475-480
  20. Oracle, Managing E-Business Security Challenges. White Paper, 2002
  21. Schneier, B., "Two Factor Authentication: Too Little, Too Late", Communications of the ACM, Vol. 48, No.4, April 2005, p. 136 https://doi.org/10.1145/1053291.1053327
  22. Venter, H. S., J. H. P. Eloff, A Taxonomy for Information Security Technologies, Elsevier, 0167-4048/03, 2003, pp. 299-307
  23. VeriSign, Digital ID: A Brief Overview, White Paper, 2004
  24. VeriSign, VeriSign Cable Modem Authentication Service, Data Sheet, 2005a
  25. VeriSign, VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates, Business Guide, 2005b
  26. VeriSign, What Every E-business Knows About SSL Security and Consumer Trust, Business Guide, 2005c
  27. VeriSign, Maximizing Site Visitor Trust Using Extended Validation SSL, White Paper, 2007
  28. VeriSign, The Latest Advancements in SSL Technology, White Paper, 2008
  29. Ward, M., "Digital Certificates and Payment Systems", Information Security Technical Report, Vol.2, No.4, 1998, pp. 23-31 https://doi.org/10.1016/S1363-4127(97)80790-X
  30. Weise, J., Public Key Infrastructure Overview, SunPSSM Global Security Practice Sun Blue-PrintsTM OnLine, 2001
  31. Wiedenbeck, S., J. Waters, J. Birget, A. Brodskiy, and N. Memon, "PassPoints: Design and Longitudinal Evaluation of a Graphical Password System", International Journal of Human-Computer Studies, Vol.63, 2005, pp. 102-127 https://doi.org/10.1016/j.ijhcs.2005.04.010
  32. Wilson, S., "Digital Signatures and Future of Documentation", Information Management and Computer Security, Vol.7, No.2, 1999, pp. 83-87 https://doi.org/10.1108/09685229910265510
  33. http1, http://www.arx.com/digital-signatures-faq.php
  34. http2, http://www.computerworld.com/printthis/2001/0,4814,61990,00.html
  35. http3, http://www.computerworld.com/action/article. do?command = viewArticleTOC&special ReportId = 11&articleId = 62002
  36. http4, http://www.geotrusteurope.com/enterprise_ssl/enterprise-ssl.htm
  37. http5, http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzahu/rzahutypesofcerts.htm
  38. http6, http://en.wikipedia.org/wiki/Digital_certificates
  39. http7, http://www.gsa.gov/aces
  40. http8, http://www.techagreements.com/agreementreview.aspx?num = 23724&title = Microsoft%20/%20VeriSign%20~%20Preferred%20Provider% 20Agreement
  41. http9, https://www.verisign.com.au/repository/tutorial/digital/intro1.shtml
  42. http10, https://www.verisign.com/products-services/index.html
  43. http11, http://www.verisign.com/ssl/buy-ssl-certificates/secure-site-services/index.html
  44. http12, http://en.wikipedia.org/wiki/Wireless_Application_Protocol
  45. http13, http://www.securecomputing.com/index.cfm?sKey = 664
  46. http14, http://www.aladdin.com/etoken/devices/pro-anywhere.aspx
  47. http15, http://technet.microsoft.com/en-us/library/cc758348.aspx
  48. http16, http://technet.microsoft.com/en-us/library/cc778623.aspx