• Title/Summary/Keyword: Certificate Path Processing

Search Result 7, Processing Time 0.021 seconds

An Efficient Certificate path Discovery Algorithm Making High a Certificate Path Validity. (인증 경로의 유효성을 높이는 효율적인 인증 경로 설정 알고리즘)

  • Choi Yeon hee;Jun Moon seog
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.12C
    • /
    • pp.1722-1728
    • /
    • 2004
  • To discover a certificate path is a very important topic in the PKI with a lot of candidate paths. The certificate path discovery processing is executed via many verifications and as the number of verification times increases, the validity of the discovered path becomes high. The selection of the path with high validity provides high-speed certificate validation by reducing the number of repetition times of path discovery and validation processing. Otherwise, there is a problem that the speed and computation overheads are increased. In this paper, we propose an efficient certificate path discovery algorithm can make high the certificate validity with low overhead.

A New Certificate Validation Method Allowing CAs to Participate the Certificate Path Validation Processing (CA를 인증 경로 처리 작업에 참여시키는 새로운 인증서 검증 방안)

  • Choi, Yeon-Hee;Park, Mi-Og;Jun, Moon-Seog
    • The KIPS Transactions:PartC
    • /
    • v.11C no.1
    • /
    • pp.21-30
    • /
    • 2004
  • Most applications using the PKI allows a user to execute the certificate validation processing. The efficiency of user system can be declined by the user-side processing resulting the overhead and low speed of the validation processing. Therefore, in this paper, we propose a new certificate validation processing method can decrease the overhead on user by allowing CAs of the hierarchical PKI to participate in the validation processing. Therefore, our proposed scheme can not only reduce the considerable overhead caused by the user-side whole processing without a new implementation of the delegated server but also improve the time spent for the processing by the reduction of the validation processing job on user.

A New Certificate Path Processing Scheme employed the Trusted CA for improving an efficiency on the Computational Aspect (연산적 측면의 효율성을 향상시키는 신뢰 CA를 이용한 새로운 인증 경로 처리 기법)

  • 최연희;전문석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.28 no.9C
    • /
    • pp.908-922
    • /
    • 2003
  • The Public Key Infrastructure (PKI) trends to delegate the certificate path processing to the Delegated Path Discovery (DPD) Server and Delegated Path Validation (DPV) server recently. The most critical factor for the selection of the delegated server is to allow the server to be equipped with a high reliability through a low cost, and simple implementation. In this paper, we propose a new certificate path processing scheme employed the trusted CA as the DPD/DPV server by adding the capability of the Validation Authority (VA) to the trusted CA. Since our proposed scheme uses the existing trusted CA as validation server, we can achieve a high trust through a simple implementation for the processing. Besides, we propose an additional scheme for reducing an overhead on the trusted CA. it is obtained by delegating digital signature verification to CAs on the path and by skipping the repeated path processing. As the result, our proposed validation scheme can be performed efficiently with high speed and low computational overhead.

A Secure Digital Signature Delegation Scheme using CAs (CA를 이용한 안전한 서명 검증 위임 기법)

  • 최연희;박미옥;전문석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.55-65
    • /
    • 2003
  • To perform the certificate validation processing on the user-side application induces the very considerable overhead because of the complex and time-consuming characteristic of the validation processing. Especially, the verification for digital signature over a certificate can be the major reason of the overhead, since the verification accompanies with the cryptographic calculation over each certificate on the certificate path. In this paper, we propose a new certificate validation scheme can reduce the overhead caused by user-side certificate validation processing and improve the utilization of CAs. As the result, our proposed scheme can not only reduces the overhead for the validation processing by decreasing the cryptographic calculation but also improves the utilization of CAs by employing them to the validation processing.

A New Certificate Validation Scheme for Delegating the Digital Signature Verification (디지틀 서명 검증을 위임하기 위한 새로운 인증서 검증 기법)

  • Choi Yeon-Hee;Park Mi-Og;Jun Moon-Seog
    • Journal of Internet Computing and Services
    • /
    • v.4 no.4
    • /
    • pp.53-64
    • /
    • 2003
  • To perform the certificate validation on the user-side application induces the very considerable overhead on the user-side system because of the complex and time-consuming characteristic of the validation processing. Most of the time spend for performing the validation processing is required for the digital signature verification, since the verification accompanies with the cryptographic calculation over each certificate on the certificate path. In this paper, we propose a new certificate validation scheme using DSVP(Delegated Signature Validation Protocol) which can reduce the overhead for the user-side certificate validation processing. It is achieved by delegating the digital signature verification to CAs of the PKI domain. As the proposed DSVP is the protocol performed between a user and CAs, it is applied to the hierarchical PKI efficiently and used for delegating the digital signature verification reliably and safely, our proposed scheme can not only reduces the overhead for the validation processing by decreasing the cryptographic calculation but also improves the utilization of CAs by employing them to the validation processing.

  • PDF

Optimal Certification Path and Secure Public Key Certificate Architecture (최적화된 인증 경로와 안전한 공개키 인증서 구조)

  • Song, Sung-Keun;Youn, Hee-Yong
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.11c
    • /
    • pp.1917-1920
    • /
    • 2003
  • 오늘날 대부분의 인증 시스템들은 PKI 환경으로 변화하는 추세이며, 인증서의 역할은 날로 중요해지고 있다. 만일 이런 인증서가 위조 된다면 심각한 정보 사고가 발생할 것이다. 따라서 인증서는 위조되면 안될 것이다. 그러나 인증서 위조 가능성은 존재한다. 왜냐하면 디지털 서명 방식을 사용하고 있기 때문이다. 인증서 위조 방법은 두 가지가 있다. 첫 번째가 인증기관의 비밀키를 알아내는 방법이고, 두 번째는 디지털 서명에 사용되는 해쉬 알고리즘의 충돌(Collision) 문제를 이용하여 위조하는 방법이다. 어느 것으로든 인증서가 위조되면 어느 누구도 기술적으로 위조라는 사실을 증명할 수 없다. 위조 인증서는 디지털 검증 방식에 의해 모두 유효하게 판정되기 때문이다. 첫 번째 방법은 디지털 서명에 있어서 원천적인 문제이다. 따라서 본 논문은 두 번째 방법인 해쉬 알고리즘의 충돌 문제를 이용한 위조를 해결하는 방법에 대해 연구한다. 또한 인증 경로를 최적화하는 방법에 대해서도 연구한다.

  • PDF

A study on Kerberos Authentication and Key Exchange based on PKINIT (PKINIT기반의 Kerberos 인증과 키 교환에 관한 연구)

  • Sin, Gwang-Cheol;Jeong, Il-Yong;Jeong, Jin-Uk
    • The KIPS Transactions:PartC
    • /
    • v.9C no.3
    • /
    • pp.313-322
    • /
    • 2002
  • In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.