• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.317-322
• /
• 2005

The existing certificate based authentication or identification just verifies whether the owner of private key corresponding to public key of certificate is the DN user set in the user field in the certificate or not, then we cannot find out who is the actual private key owner in a real world. To make up for this weak points, the method to insert the identification number like the resident registration number into the certificate extension field is applied as a technical standard to current domestic PKI system. In this paper, we propose the ECC based integrated identification, identification number checking and key management protocol providing user validation during the login.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.3
• /
• pp.543-548
• /
• 2016

Public electronic certificates, as an important means for identification, have been used as the main economic transactions, including banking, e-government, e-commerce. identification. However, damage cases of certificates have been increased by Illegally issued and by hacking practices. Also the users have a difficult in ensuring that their certificates when and where to use. Therefore, the proposed system gives the organization code for the Institutions using OCSP services in advance, the organization code embedded in extensions of OCSP request message structure when institutions ask the validation of certificate to CA(Certificate Authority). Also, OCSP server can extract the organization code from OCSP request message, confirm the institution, and record it in certificate history management table of DB. In this paper, we presented a system that could determine the certificate history check using OCSP service, public electronic certificate validation service, and implemented to prevent and cope immediately with financial incidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.45-54
• /
• 2003

A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.25-29
• /
• 2014

Security is a primary concern in group communication, and secure authentication is essential to establishing a secure group communication. Most conventional authentications consist of knowledge-based and token-based methods. One of the token-based methods is a X.509 certificate, which is used under a Public Key Infrastructure (PKI); it is the most well-known authentication system in a distributed network environment. However, it has a well-known weakness, which only proves the belonging of a certificate. PKI cannot assure identity of a person. The conventional knowledge-based and token-based methods do not really provide positive personal identification because they rely on surrogate representations of the person's identity. Therefore, I propose a secure X.509 certificate with biometric information to assure the identity of the person who uses the X.509 certificate in a distributed computing environment.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.610-616
• /
• 2015

In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.63-74
• /
• 2011

Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.65-74
• /
• 2016

The Korean resident registration number has been used since 1962 as a personal identification number. The Korean government assigns this number to each korean citizen and it is not able to be changed. In 2000s, as the Internet was rapidly spreaded out, personal information such as the Korean resident registration number, name, home address, and phone number was leaked. The companies provide diverse internet service while collecting personal information. However, personal information was sometimes leaked because of hacking, poor information management and so on. As s results, some of citizens asked government and court of Korea to change the Korean resident registration number because they suffered material damage and emotional distress. The constitutional court decided to be able to change the number from 2018. In this study, the Korean resident registration number which is possible to change, serial number, public certificate, I-PIN, and My-PIN were analyzed comparatively. In addition, considerations when the Korean resident registration number was changed were discussed. The public certificate and I-PIN were appropriate to the case of on-line Korean resident registration number. The Korean resident registration number, serial number, My-PIN were appropriate to the case of off-line Korean resident registration number. Lastly, it would be efficient to manage the Korean resident registration number separately such as on-line and off-line.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.293-303
• /
• 2017

FIDO(Fast IDentity Online) technology is expanding very rapidly which can replace traditional password-based authentication with biometrics technology[1,7]. FIDO provides convenient authentication with biometrics technology and secure key management with smart card technology, but it does not provide user identification, thus traditional user identification technology should be used before a FIDO device is registered to a FIDO server. K-FIDO[3] is an approach to implement FIDO and certificate-based authentication technology into a single device that user can utilize certificate-based authentication in initial registration of FIDO device to FIDO server. It is expected that very shortly users will own and use multiple K-FIDO devices. If we consider the traditional approach of copying single certificate to multiple devices or issuing independent certificate to each device, there will be many complex problems. In this paper we propose more secure and convenient key management technology in multiple K-FIDO device scenario using self-extended certification[4].

• The Journal of the Korea Contents Association
• /
• v.14 no.12
• /
• pp.565-573
• /
• 2014

We have various e-commerce like on-line banking, stock trading, shopping using a PC or SmartPhone. In e-commerce, two parties use the certificate for identification and non-repudiation but, the attack on the certificate user steadily has been increasing since 2005. The most of hacking is stealing the public certificate and private key files. After hacking, the stolen public certificate and private key file is used on e-commerce to fraud. Generally, the private key file is encrypted and saved only with the user's password, and an encrypted private key file can be used after decrypted with user password. If a password is exposed to hackers, hacker decrypt the encrypted private key file, and uses it. For this reason, the hacker attacks user equipment in a various way like installing Trojan's horse to take over the user's certificate and private key file. In this paper, I propose the management method to secure private key of PKI using One Time Password certification technique. As a result, even if the encrypted private key file is exposed outside, the user's private key is kept safely.

• Journal of Preventive Medicine and Public Health
• /
• v.38 no.4
• /
• pp.443-448
• /
• 2005

Objectives : This study was done to evaluate the reliability of education and occupational class between using the health survey and the death certificate data. Methods : The 1998 National Health and Nutrition Examination Survey (NHANES) was conducted on a cross-sectional probability sample of South Korean households, and it contained unique 13-digit personal identification numbers that were linked to the data on mortality from the Korean National Statistical Office. The data from 263 deaths were used to estimate the agreement rates and the Kappa indices of the education and occupational class between using the NHANES data and the death certificate data. Results : The simple and weighted Kappa indices for education were 0.60 (95% CI=0.53-0.68) and 0.73 (95% CI=0.67-0.79) respectively, if the educational level was grouped into five categories: no-formal-education, elementary-school, middle-school, high-school and college or over. The overall agreement rate was 71.9% for these educational groups. The magnitude of reliability, as measured by the overall agreement rates and Kappa indices, tended to increase with a decrease in the educational class. The number of non-educated people with using the death certificate data was smaller than that with using the NHANES data. For the occupational class (manual workers, non-manual workers and others), the Kappa index was 0.40 (95% CI=0.30-0.51), which was relatively lower than that for the educational class. Compared with the NHANES, the number of non-manual workers for the deceased who were aged 30-64 tended to be increased (8 to 12) when using the death certificate data, whereas the number of manual workers tended to be decreased (59 to 41). Conclusions : The socioeconomic inequalities in the mortality rates that were based on the previous unlinked studies in South Korea were not due to a numerator/denominator bias. The mortality rates for the manual workers and the no-education groups might have been underestimated.