• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.381-384
• /
• 2002

현재 인증서의 상태 검증을 실시간으로 제공하기 위해 각 CA(Certificate Authority)들은 고전적 방법인 CRL(Certificate Revocation List) 배포보다는 OCSP(Online Certificate Status Protocol)을 통하여 인증서의 상태에 대한 정보를 실시간으로 제공한다. 그러나, 경로검증 및 인증서 정책 맵핑 및 정책검증과 인증서 상태검증을 제공하는 SCVP(Simple Certificate Validation Protocol)는 CRL을 사용하는 한계로 인하여 실시간 검증을 제공하지 못하고 있다. 또한 OCSP는 인증서의 실시간 상태검증만을 제공할 뿐, 인증서의 경로검증과 인증서 정책 맵핑 및 정책검증에 대한 서비스는 제공하지 못하고 있다. 따라서, 이러한 두 프로토콜의 단점을 보안하고, 인증서 검증서버가 제공해야 하는 모든 서비스를 제공하기 위해 OCSP와 SCVP의 연동방안에 대한 연구를 통하여 SCVP에서의 실시간 검증을 제공할 수 있도록 한다.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.11b
• /
• pp.259-262
• /
• 2002

인터넷을 이용한 전자 상거래의 비중이 점차 증가하고 기업 활동 또한 인터넷으로 이동하고있다. 인터넷을 이용하는 e-Commerce가 활성화됨에 따라 보안 관련 문제점들이 부각되고 있으며 이를 해결하기 위한 다양한 방법들이 제시되고 있다. 그 중에서 신뢰성과 안전성을 보장하는 공개키 기반 구조(PKI) 방법이 널리 사용되고 있다. 최근 e-Commerce에서는 XML 형식을 이용한 메시지 교환 방식이 널리 사용되고 있고 이에 대한 보안 역시 해결해야 할 문제이다. 본 논문에서는 XML을 이용하여 메시지를 전달하고 암호화를 통한 기밀성을 제공하고, PKI를 이용하여 신뢰성, 인증, 안전성을 제공하는 CA(Certificate Authority)를 설계한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.601-603
• /
• 2003

사용자 어플리케이션에서 인증 경로를 검증하는 일은 매우 복잡하고 많은 시간이 소요됨으로서 사용자측에 상당한 부담을 줄 수 있다. 특히, 비계층적 PKI에서의 검증 작업은 다수의 후보 경로가 존재함에 따라서 그 부담이 더욱 커진다. 따라서 본 논문에서는 비계층적 PKI의 인증 기관(Certificate Authority： CA)을 서명 검증 작업에 창설시킴으로서 사용자 측 검증 작업에 대한 부담을 감소시킬 수 있는 새로운 형태의 인증 경로 처리 방안을 제안하였다. 제안한 방안은 서명 검증에 수반되는 사용자 측 암호화 작업을 크게 줄임으로서 검증에 대한 부담을 감소시킬 뿐만 아니라 CA들의 검증 작업의 참여로 인해 정적인 CA들의 활용도를 높일 수 있다.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

• The Journal of Society for e-Business Studies
• /
• v.4 no.2
• /
• pp.23-40
• /
• 1999

Nowadays, major application of public key certification technology based on PKI(Public Key Infrastructure) is electronic commerce. Public key certification technology may include various sub-technologies such as key recovery, secret sharing, certificate/key management, and directory system technology. This thesis discusses PKI-based certification authority technology for electronic commerce on the Internet.

• Journal of KIISE:Information Networking
• /
• v.36 no.6
• /
• pp.545-551
• /
• 2009

In this paper, we propose the secure key management framework to connect USN with different network. Although connected USN with different network has no CA (Certificate Authority), it is important to use public key based cryptography system because this network consists of numerous devices. The proposed mechanisms focus on device authentication and public/private key management without existing PKI system of IP network. To solve no CA and certificate problems, the IDC (Identity Based Cryptography) concept is adopted in our proposed mechanism. To verify the possibility of realization, we make an effort to implement the proposed mechanisms to real system. In the test bed, both USN and PLC network are connected to IP network; and proposed mechanisms are implemented to PLC and sensor devices. Through this test using the proposed mechanism, we met the similar performance with symmetric algorithms on key generation and update process. Also, we confirmed possibility of connection between different network and device authentication.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.318-321
• /
• 2001

We have designed an Internet voting system applicable for worldwide voting which is based on Ohkubo et. al,'s scheme[9] combined with Public Key Infrastructure (PKI). To the best of our knowledge, this is the first trial to serve secure Internet voting system to the world. In our system, voter's privacy is guaranteed by using blind signature and mix-net, and robustness is provided through the threshold encryption scheme. By employing Java technology, we propose a way of typical implementation for internet voting system. Furthermore, PKI permits worldwide key distribution and achieve “one certificate/one vote” policy. Therefore, anyone can participate in the voting if he gets a certificate from Certificate Authority (CA). By the joint work between Korean and Japanese teams, the implementation aims to select MVPs in 2002 FIFA World Cup Korea-Japan$\^$TM/ in easy and friendly manner for any Internet user to participate and enjoy Internet voting.

• Journal of Internet Computing and Services
• /
• v.9 no.4
• /
• pp.69-77
• /
• 2008

I propose adding users’Media Access Control (MAC) addresses to standard X.509 certificates to provide more secure authentication. The MAC address can be added by the issuing Certification Authority (CA) to the "extensions" section of the X.509 certificate. I demonstrate that when two users with MAC address information on their digital certificates communicate, the MAC address on the first user’s certificate can be easily verified by the second user. In this way, security can be improved without markedly degrading system performance and the level of initial trust between participants in virtual communities will be improved.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.463-466
• /
• 2016

Sharing of product and process information with partners is a basic activity and key requirement which ensures success of distribution. ePedigree that encapsulates all of the event data from manufacturer to retail shop provides a flexible mechanism of storing and sharing traceable information to the partners of supply chain and credibility of shared information through digital signature based on Public Key Infrastructure (PKI). To generate the signature that can be authenticated through PKI, the partners of supply chain should pay for PKI certificates from Certificate Authority (CA). In case of agrifood cooperatives which consist of petty merchants or farmers, it is hard to pay for the PKI certificate for all members and is a big obstacle for the ePedigree to be applied to the supply chain. This paper proposes a private certification method of ePedigree for cooperatives. Cooperatives can apply the ePedigree using the proposed method to all the members at small cost and the proposed method can assure the credibility of information at the same level of the previous ePedigree.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.2
• /
• pp.231-239
• /
• 2002

This paper gives a comprehensive overview of the SSO solution design on the intranet. SSO described in this paper is based on LDAP, PKI and CA. We designed the data structure to hold many various application services by changing the attribute and DN of LDAP DB. We built LDAP DB using the employee records stored in our organization database. LDAP DB is routinely updated from the database. CA Server that depends on PKI is used to issue the certificates. SHTTP based on SSL is used to protect the data between certificate server and the intranet users.