• Title/Summary/Keyword: Certificate-based Authentication

Search Result 157, Processing Time 0.023 seconds

Biometric Certificate on Secure Group Communication

  • Han, Kun-Hee
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.4
    • /
    • pp.25-29
    • /
    • 2014
  • Security is a primary concern in group communication, and secure authentication is essential to establishing a secure group communication. Most conventional authentications consist of knowledge-based and token-based methods. One of the token-based methods is a X.509 certificate, which is used under a Public Key Infrastructure (PKI); it is the most well-known authentication system in a distributed network environment. However, it has a well-known weakness, which only proves the belonging of a certificate. PKI cannot assure identity of a person. The conventional knowledge-based and token-based methods do not really provide positive personal identification because they rely on surrogate representations of the person's identity. Therefore, I propose a secure X.509 certificate with biometric information to assure the identity of the person who uses the X.509 certificate in a distributed computing environment.

  • PDF

A Design and Implementation of Two-Phase Server Login Authentication System based on XML-Signature Extension (XML-Signature 확장을 통한 2단계 서버 로그인 인증 시스템의 설계 및 구현)

  • Kim, Yong-Hwa;Kim, Jin-Sung;Kim, Yong-Sung
    • The KIPS Transactions:PartC
    • /
    • v.14C no.4
    • /
    • pp.321-330
    • /
    • 2007
  • This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

A Study on Mobile IPv4 Authentication Mechanisms

  • Lim, Jung-Muk;Lim, Hyung-Jin;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2005.11a
    • /
    • pp.277-280
    • /
    • 2005
  • With the proliferation of mobile terminals, use of the Internet in mobile environments is becoming more common. To support mobility in these terminals, Mobile IPv4 is proposed and represents the standard in IPv4 environments. Authentication should be mandatory, because mobile terminals can utilize Internet services in any foreign domain. Mobile IPv4 provides symmetric key based authentication using the default HMAC-MD5. However, symmetric key based authentication creates a key distribution problem. To solve this problem, public key based authentication mechanisms have been proposed. In this paper, the performance of each of these mechanisms is evaluated. The results present that, among these mechanisms, partial certificate based authentication has superior performance, and certificate based authentication has the worst performance. Although current public key based authentication mechanisms have lower performance than symmetric key based authentication, this paper presents the possibility that public key based authentication mechanisms may be used for future mobile terminal authentication.

  • PDF

An Authentication Model based Fingerprint Recognition for Electronic Medical Records System (지문인식 기반의 전자의무기록 시스템 인증 모델)

  • Lee, Yong-Joon
    • The KIPS Transactions:PartC
    • /
    • v.18C no.6
    • /
    • pp.379-388
    • /
    • 2011
  • Ensuring the security of medical records is becoming an increasingly important problem as modern technology is integrated into existing medical services. As a consequence of the adoption of EMR(Electronic Medical Records) in the health care sector, it is becoming more and more common for a health professional to edit and view a patient's record. In order to protect the patient's privacy, a secure authentication model to access the electronic medical records system must be used. A traditional identity based digital certificate for the authenticity of EMR has private key management and key escrow of a user's private key. In order to protect the EMR, The traditional authentication system is based on the digital certificate. The identity based digital certificate has many disadvantages, for example, the private key can be forgotten or stolen, and can be easily escrow of the private key. Nowadays, authentication model using fingerprint recognition technology for EMR has become more prevalent because of the advantages over digital certificate -based authentication model. Because identity-based fingerprint recognition can eliminate disadvantages of identity-based digital certificate, the proposed authentication model provide high security for access control in EMR.

A Comparative Analysis of PKI Authentication and FIDO Authentication (PKI 인증과 FIDO 인증에 대한 비교 분석)

  • Park, Seungchul
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.7
    • /
    • pp.1411-1419
    • /
    • 2017
  • The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

Wireless PKI for Reducing Certificate Acquisition Time According to Authentication Path

  • Choi Seung-Kwon;Cho Yong-Hwan;Shin Seung-Soo;Jang Yoon-Sik
    • International Journal of Contents
    • /
    • v.1 no.1
    • /
    • pp.29-34
    • /
    • 2005
  • In this paper, we proposed an advanced authentication structure for reducing the certificate acquisition time which is one of the factors that should be improved in a conventional wireless PKI. A conventional key exchange method simply performs the key exchange setup step based on discrete algebraic subjects. But the mutual-authentication procedure of wireless PKI for reducing authentication time uses an elliptical curve for a key exchange setup step. We simulated and compared the authentication structure proposed by Sufatrio, K. Lam[4] and proposed authentication structure in terms of the authentication time. Simulation results show that the proposed method reduces the authentication time compared to the conventional wireless PKI authentication method.

  • PDF

Algorithm of certificate security based-on using query language (사용자 질의어를 이용한 개인 인증 보안 알고리즘)

  • Lee, Chang-Jo
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.45-51
    • /
    • 2011
  • Certificate security oriented cyber certificate is important tool for the purpose of offering user-authentication service based on on-line system. In the paper, we analyzed management implement which could make the efficient use of certificate security oriented cyber terror response. This algorithm called SOL(Security Oriented Language) will make efficient use of the service about authentication consisting of the basis in the age of information through efficient management and partial use of each certificates. Especially, SOL could be used efficiently by grafting a small group of on-line system which is operated with particular purposes.

Pairing Free Certificate Based Signcryption Schemes Using ECQV Implicit Certificates

  • Braeken, An
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.3
    • /
    • pp.1546-1565
    • /
    • 2019
  • Signcryption schemes offer the possibility to simultaneously sign and encrypt a message. In order to guarantee the authentication of both signer and receiver in the most efficient way during the signcryption, certificate based solutions have been proposed in literature. We first compare into detail three recently proposed certificate based signcryption systems relying on the elliptic curve discrete logarithm problem and without the usage of compute intensive pairing operations. Next, we demonstrate how the performance of these certificate based systems can be improved by using the Elliptic Curve Qu Vanstone (ECQV) implicit certificates. What is more, generalized signcryption schemes are easily derived from these schemes and the anonymity feature of sender and receiver is already inherently included or can be very efficiently obtained without a significant additional cost.

A Method of Digital Signature Using FIDO2 CTAP (FIDO2 CTAP을 활용한 전자서명 방법)

  • Cho, Han-koo;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.5
    • /
    • pp.1049-1062
    • /
    • 2019
  • The national accredited certificate is a user certificate issued based on the user's personal information, which has been identified in advance, and has become a universal authentication method used for most electronic financial transactions and user authentication. And it contributed a lot to the use of e-government and domestic service. However, due to the lack of web standards on how to use, it was inconvenient to install a separate plug-in, and efforts to improve it have been continued. In this paper, we attempt to solve the problem of certificate usage environment by presenting the certificate digital signature method using the extension of the FIDO2 (Fast Identity Online v2) client to authentication protocol (CTAP) specification.

A Study on Measures for Improving Obligatory Use of Digital Certificate for Eletronic Financial Transactions (전자금융거래시 공인인증서 의무사용 개선방안에 관한 연구)

  • Jeong, Gi Seog
    • Convergence Security Journal
    • /
    • v.13 no.6
    • /
    • pp.25-33
    • /
    • 2013
  • Digital certificate must be used for electronic financial transactions in Korea. But because digital certificate is based ActiveX of Internet Explorer, it is difficult to use digital certificate in other web browsers. It interrupts a development of various authentication technology and a growth of related industry. Also digital certificate can be leaked because of being stored in harddisk or USB. The government eased obligatory use of digital certificate and opened doors to other authentication techniques. But any other authentication techniques are not used because they are not approved as alternative technology. The revised bills with digital certificate abolition as the main agenda have been submitted to the National Assembly. Whether the revised bills pass or not will be decided by a regular session of the National Assembly depending on the calculation and dynamics composition of related industry. In this paper, a controversy over obligatory use of digital certificate is examined and measures are found.