• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.85-92
• /
• 2005

For an efficient role based access control in highly distributed computing environment to reduce management cost, we utilize attribute certificates. Especially highly distributed computing environments such as ubiquitous computing environments which cannot have global or broad control, need another attribute certificate management technique. The techniques for transmission of the attribute certificates and management of the group keys should be considered to reduce management cost. For better performance we structure attribute certificates. We group roles and make the role group relation tree. It results secure and efficient role renewing and distribution. For scalable attribute certificate distribution, multicasting packets are used. We take into account the packet loss and quantifying performance enhancements of structuring attribute certificates.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.342-347
• /
• 2004

An ID certificate is digitally signed by a certificate authority for authentication and an attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. The dependencies between them should be maintained. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods. And we proposed a binding mechanism using one-time attribute certificates in order to solve their problems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.83-91
• /
• 2008

IISO/IEC 9594-8 defines the public key framework and attribute certificate framework. Attribute certificate framework deals with privilege management infrastructure(PMI). In PMI, for privilege management using attribute certificates, role assignment certificates and role specification certificates are used to assign and specify privileges independently. Role specification certificates includes privilege specifications and the details far privilege management of network environments. Privilege management of unreliable network environment tries to enhance the reliability and efficiency of privilege information transmission forwarding over unreliable routes in the presence of potentially faulty nodes and edges. Each node forms a role specification tree based on role specification relationship data collected from the network. In this paper privilege management cost with the role specification certificates tree structure is evaluated trying to reduce the overhead incurred by role creation and modification of privileges. The multicasting of packets are used for scalability. We establish management cost model taking into account the packet loss and node reliability which continuously join and leave for network. We present quantitative results which demonstrate the effectiveness of the proposed privilege management scheme.

• The Journal of Information Technology
• /
• v.6 no.1
• /
• pp.107-115
• /
• 2003

With the development of Information Communication Technique, electronic commerce is widely used in internet using public key certificates. And the study for access control in database system is also progressed actively. In this paper, we analyze access control mechanism using attribute certificated and we propose new access mechanism in distributed system using attribute certificates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.15-24
• /
• 2004

Electronic commerce is widely used with the development of information communication technologies in internet using public key certificates. And the study for access control in Web application and DB system is also progressed actively. There are many verification method for PKC(Public Key Certificates), which are CRL, OCSP, SCVP and others. But their certificates verification methods for PKC cannot to be applied to PMI(Privilege Management Infrastructure) which is using AC(Attribute certificates) because of synchronization of PKC and AC. It is because AC has no public key, AC Verifier must get the PKC and verify the validity on PKC and AC. So in this paper we proposed the new AC-based certificate verification model. which provide the synchronization in two certificates(AC and PKC).

• The Journal of Information Technology
• /
• v.5 no.4
• /
• pp.81-88
• /
• 2002

An ID certificate is digitally signed by a certificate authority for authentication and a attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods and we proposed the new mechanism in order to solve their problems.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.1-9
• /
• 2005

In a role based access control through attribute certificate, the use of role assignment certificates and role specification certificates can reduce management cost and the overhead incurred by changing roles, Highly distributed computing environments such as ubiquitous computing environments not having global or broad control. need another attribute certificate management technique, Actually just having role specification certificate separately reduce management cost, But for better performance we structure role specification, We group roles and make the role group relation tree, It results secure and efficient role renewing and distribution, For scalable role specification certificate distribution, the multicasting of packets is used, We take into account the packet lass and quantify performance enhancements of structuring role specification certificates.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.41 no.1
• /
• pp.45-52
• /
• 2004

With the development of Information Communication Technique, electronic commerce is widely used in Internet using public key certificates. And the study on access control for web server or database server is also progressed actively. In this paper, we analyze the proposed access control method for server and the binding method between public key certificates and attribute certificates using OCSP server.

• The Journal of Information Technology
• /
• v.6 no.1
• /
• pp.11-20
• /
• 2003

With the development of Information Communication Technique, electronic commerce using PKIs is widely used over the Internet. The goal of access control is to counter the threat of unauthorized operations involving Web-server or data base systems. The RBAC(Role-Based Access Control) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls. In this paper we propose two methods, the RBAC system using attribute certificates and the RBAC system using SPKI certificates. And we analyze and compare the two methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.75-84
• /
• 2001

Existent public key certificates provide authentication information through some information on user\`s public key. However, an attribute certificate which stores and manage user\`s attribute information, provides various privilege information such as position, privilege and role. In recent, international organizations establishes standards on attribute certificate, and the researches and developments on attribute certificate have been widely made. In addition it may be expected to be used many real application area requiring for authorization information as well as authentication information. Therefore, this paper considers background and standardization trends of attribute certificate and describes the profile and related techniques of attribute certificate currently established by IETF. In addition, it introduces and access control system using attribute certificate and specifies applications of attribute certificate.