Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.5.59

Privacy-Enhanced Subject Identification method Embedded in X.509 Certificate  

Lee, Jae-Il (Korea Information Security Agency)
Park, Jong-Wook (Korea University)
Kim, Seung-Joo (SungKyunKwan University)
Song, Joo-Seok (Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.5, 2006 , pp. 59-66 More about this Journal
Abstract
A Certification Authority issues X.509 public key certificates to bind a public key to a subject. The subject is specified through one or more subject names in the 'subject' or 'subjectAltName' fields of a certificate. In reality, however, there are individuals that have the same or similar names. This ambiguity can be resolved by including a 'permanent identifier' in all certificates issued to the same subject, which is unique across multiple CAs. But, a person's unique identifier is regarded as a sensitive personal data. Such an identifier cannot simply be included as part of the subject field, since its disclosure may lead to misuse. We present a new method for secure and accurate user authentication through the PEPSI included in the standard certificate extension of a X.509 certificate. The PEPSI can be served not only for user authentication but also for the user anonymity without divulging personal information.
Keywords
PKI; X.509; Certificate; Authentication; Privacy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Housley, W. Polk, W. Ford and D. Solo, IETF RFC 3280, Internet X.509 Public Key Infrastructure: Certificate and CRL Profile, 2002
2 M. Myers, C. Adams, D. Solo and D. Kemp, IETF RFC 2511, Internet X.509 Certificate Request Message Format, 1999
3 RSA Laboratories PKCS#11 v2.11 , Cryptographic Token Interface Standard Revision 1, 2001
4 J. W. Park, J. I. Lee, H. S. Lee, S. J. Park, Polk, Tim, draft-ietf-pkix-sim-08.txt, 'Internet X.509 Public Key Infrastructure Subject Identification Method (SIM),' July 2006
5 D. Pinkas, T. Gindin, RFC4043, Internet X.509 Public Key Infrastructure Permanent Identifier, March, 2005
6 RSA Laboratories PKCS#10 v1.7, Certification Request Syntax Standard, 2000
7 IETF RFC 2510, Internet X.509 Public Key Infrastructure: Certificate Management Protocols, 1999
8 ITU-T Recommendation X.509, Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks, 2000
9 RSA Laboratories PKCS#8, Private Key Information Syntax Standard, 1993