• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.11C
• /
• pp.1090-1096
• /
• 2002

The HTTP does not support continuity for browser-server interaction between successive visits or a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on X.509 public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL(Secure Socket Layer) protocol that is widely used for security of HTTP environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.11
• /
• pp.1996-2001
• /
• 2006

Open System Authentication Method, Shared Key Method, Mac Based Authentication Method are very hard to use in wireless network that needs security. So now, many researches have been performed about 802.1x and user authentication method applying PKI. but certificate verification protocol has been used abolished list called CRL since it's first usage of PKI, there were still has a problem about distribution point. This paper applied CVS to use CA direct not to use CRL and OSCP server in order to improve this problems. Also It suggested the system that can make authentication steps more shorter using authentication server and Mutual authentication system by public certificate(small size/low speed wireless terminal can access to wireless network fast and safely)

• Journal of Korea Multimedia Society
• /
• v.17 no.11
• /
• pp.1307-1312
• /
• 2014

Online games are virtual space where it connects individual users through network connection to offer enjoyment of play games and game developer who service online games have to develop new contents and provide them to users to extend life of their service. Typically, in order to update new contents, all service companies have maintenance schedule to stop the game service for a while to update both server and client applications. Usually this process takes quite amount of time and users do not have any other choice but disconnected from server and wait until it is over. The purpose of this thesis is to describe the advantages of new design system which will allows users to continue to play the game even during the update. The main focus of this design is to make users feel more convenience in online gaming experience by move client from previous server to new server while users are still playing. If they can to connect current client with new server without any certificate validation process while users information from the client can automatically pass through to the new server, users may not need to experience maintenance for new contents update.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.5
• /
• pp.113-124
• /
• 2010

In this study, the hybrid authorization quotation technique is based on the device ID for the integrity of the source region guarantee of user certificate, in order to improve the convenience and security for user in the hybrid PKI certificate Mechanism for authentication. The feature of the model in which it is presented from this paper is 5. First, because the user can select the policy himself in which it matches with each authentication situation and security level, the convenience can be improved. Second, the integrity of the source region of the user certificate can be guaranteed through the comparison of the DLDI Key, that is the hash-value of the device ID. Third, the security can be improved by continuously changing an encoding, and the value of the key in which it decodes through the EOTP Key. Fourth, the index value is added to a certificate, and the storage of a certificate is possible at the Multi-Device. Fifth, since the addi the inan aratus for the integrity of the source region guarantee of a certificate is not needed, the authentication process time can be reduced and the computational load of the certificate server can be reduced also.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.1-8
• /
• 2019

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.233-236
• /
• 2008

Wire wireless integrated service of BcN(Broadband convergence Network) is expanding. Information Security issue is highlighted for opposing attack of getting information illegally on wire wireless network. The user of PKI(Public Key Infrastructure) cipher system among Information security technology receives various security services about authentication, confidentiality, integrity, non-repudiation and access control etc. A mobile client and server are loaded certificate and wireless internet cryptography module for trusted data send receive. And data sends receives to each other after certification process through validity check of certificate. Certificate and data security system is researched through PKI on wireless network environment and data security system in this paper.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.403-404
• /
• 2014

WAVE(Wireless Access in Vehicular Environment)에서 V2V(Vehicle to Vehicle) 통신 시 OBU(On Board Unit)인 자동차 단말은 수신한 정보가 제대로 된 정보인지를 확인하는 과정에서 공인인증서가 필요하다. 동시에 자동차 단말은 이 공인인증서의 상태가 유효한 지를 확인해야 한다. 이것을 확인하는 방법은 자동차 단말이 도로변에 설치돼 있는 RSU(Road Side Unit)인 OCSP(Online Certificate Status Protocol) 서버에게 공인인증서의 상태 확인 요청을 하는 것이다. OCSP 서버는 자동차 단말의 요청에 응답하기 위해서 인증서 폐지 목록인 CRL(Certificate Revocation List)을 가지고 있어야 한다. 본 논문에서는 WAVE 시스템의 OCSP 서버가 공인인증서 상태 정보를 자동차 단말로 알려줄 수 있도록 하기 위해 CA(Certificate Authority)의 CRL 저장소로부터 CRL 을 업데이트 하는 프로토콜을 제안한다. OCSP 서버가 CRL 을 업데이트 할 때, OCSP 서버가 가지고 있는 CRL 과 CRL 저장소가 가지고 있는 CRL 의 값을 비교하여 두 값이 같은 경우에는 CRL 을 업데이트 하지 않도록 한다. OCSP 서버가 선택적으로 CRL 을 업데이트 함으로써 불필요한 부하를 줄일 수 있을 것으로 기대된다.

• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.83-91
• /
• 2006

In this paper, we improved a cryptography system model based on the secure initial authentication public key with PKINIT of authentication and key recovery protocol. It is applied to all fields of cryptography system using certificate. This study presents two mechanisms to authenticate between member users. The first mechanism is initial authentication and distribution of session key by public key cryptography based on certificate between entity and server, and the second mechanism is a key recovery support protocol considering loss of session key in the secure communication between application servers.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.913-916
• /
• 2002

정보보호 핵심 기반 구조인 PKI는 인증서 검증에 따르는 클라이언트의 부담 및 CRL의 적시성 부재와 관리 문제, 또한 각각의 환경에 따라 구축된 PKI 도메인 간의 상호 연동 등 해결해야 할 문제점들이 있다. ETRI/VA는 클라이언트의 인증서 검증을 대신하여 클라이언트의 부담을 줄이고, 인증서의 상태 검증의 적시성 및 OCSP를 사용함으로써 CRL의 문제점을 해결하며, PKI 상호연동을 지원 및 도메인간의 인증서 정책을 중앙집중 관리함으로써 기존 PKI의 문제점들을 제거할 수 있다 본 논문에서는 이러한 ETRI/VA의 각 모듈 및 프로토콜에 대하여 간략히 소개하고 ETRI/VA의 인증서 검증 방법을 설명하였다.