• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.342-347
• /
• 2004

An ID certificate is digitally signed by a certificate authority for authentication and an attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. The dependencies between them should be maintained. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods. And we proposed a binding mechanism using one-time attribute certificates in order to solve their problems.

• The Journal of Information Technology
• /
• v.5 no.4
• /
• pp.81-88
• /
• 2002

An ID certificate is digitally signed by a certificate authority for authentication and a attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods and we proposed the new mechanism in order to solve their problems.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.91-97
• /
• 2008

The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI (Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates' status for clients. In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.21-30
• /
• 2004

Most applications using the PKI allows a user to execute the certificate validation processing. The efficiency of user system can be declined by the user-side processing resulting the overhead and low speed of the validation processing. Therefore, in this paper, we propose a new certificate validation processing method can decrease the overhead on user by allowing CAs of the hierarchical PKI to participate in the validation processing. Therefore, our proposed scheme can not only reduce the considerable overhead caused by the user-side whole processing without a new implementation of the delegated server but also improve the time spent for the processing by the reduction of the validation processing job on user.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.10
• /
• pp.63-68
• /
• 2016

Recently, Biometrics is being magnified than ID or password about user authentication. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. As FIDO(Fast IDentity Online) than existing server storing method, It stores a user's biometric information to the user device. And the user device authentication using the user's biometric information, the user equipment has been used a method to notify only the authentication result to the server FIDO. However, FIDO has no mutual authentication between the user device and the FIDO server. We use a Certificate Authority in order to mutually authenticate the user and the FIDO server. Thereby, we propose a more reliable method and compared this paper with existed methods about security analysis.

• Journal of Korea Multimedia Society
• /
• v.6 no.2
• /
• pp.288-300
• /
• 2003

As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.7 no.5
• /
• pp.858-865
• /
• 2006

A certificate that is issued by the certification authority can be revoked within the period of validity by various reasons such as the loss of private key, disqualification or the change in key. Therefore, the certificate status verification must precede prior to use Currently, the CRL or the OCSP methods are used in most cases. But the CRL system can't guarantee the present status of the certificate, and the OCSP generates heavy network traffic by checking or requesting certificate status in real-time using high-capacity messages. In this paper, we propose a system that requests the certificate verification by creating VDN for user identity information. Through this system, the certification authority will be able to guarantee the certificate's status in real-time, and solve the problem of the sewer and network overload by verifying and finding user identity information from VDN, Based on the results, we propose a real-time certificate status verification system which can improve the speed of the verification. We confirmed the improvement in speed by testing and comparing it with the existing methods.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.5
• /
• pp.298-305
• /
• 2014

In this study, a novel Randomly Shifted Certification Authority Authentication protocol was used in ad hoc networks to provide authentication by considering the MAC layer characteristics. The nodes achieve authentication through the use of public key certificates issued by a CA, which assures the certificate's ownership. As a part of providing key management, the active CA node transfers the image of the stored public keys to other idle CA nodes. Finally the current active CA randomly selects the ID of the available idle CA and shifts the CA ownership by transferring it. Revoking is done if any counterfeit or duplicate non CA node ID is found. Authentication and integrity is provided by preventing MAC control packets, and Enhanced Hash Message Authentication Code (EHMAC) can be used. Here EHMAC with various outputs is introduced in all control packets. When a node transmits a packet to a node with EHMAC, verification is conducted and the node replies with the transmitter address and EHMAC in the acknowledgement.

• Journal of Korean Institute of Industrial Engineers
• /
• v.26 no.4
• /
• pp.411-420
• /
• 2000

Among the standards of CALS, CITIS(Contractor Integrated Technical Information Service) is a standard in information share procedure which manages all data and services occurred between a contractor and a purchaser. CITIS services have some security problems like authentication problem and repudiation problem, when they are implemented using the Internet. To solve these problems, CITIS needs a user certificate system which can allow to access important information only to qualified users. This paper proposed a PKI(Public Key Infrastructure) Certificate Authority for CITIS, and created a real User Certificate System which can be adjusted to circumstances of real CITIS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.55-67
• /
• 2007

In ad hoc network, especially in the environment which the system authority only exists at the beginning of the network, it is very important problem how to issue the certificates in self-initialized public key scheme that a node generates its certificate with public and private key pair and is signed that by the system authority. In order to solve this problem, early works present some suggestions; remove the system authority itself and use certificate chain, or make nodes as system authorities for other nodes' certificates. In this paper, we suggest another solution, which can solve many problem still in those suggestions, using proxy signature and threshold signature, and prove its performance using simulation and analyse its security strength in many aspects.