• Title/Summary/Keyword: Identification certificate

Search Result 52, Processing Time 0.022 seconds

The Integrated Identification Number Checking and Key Management Protocol with Certificates (인증서를 이용한 개인식별번호 확인 및 키분배 통합 프로토콜)

  • Kim Sung Duk;Jung Jae Dong;Won Dong Ho
    • The KIPS Transactions:PartC
    • /
    • v.12C no.3 s.99
    • /
    • pp.317-322
    • /
    • 2005
  • The existing certificate based authentication or identification just verifies whether the owner of private key corresponding to public key of certificate is the DN user set in the user field in the certificate or not, then we cannot find out who is the actual private key owner in a real world. To make up for this weak points, the method to insert the identification number like the resident registration number into the certificate extension field is applied as a technical standard to current domestic PKI system. In this paper, we propose the ECC based integrated identification, identification number checking and key management protocol providing user validation during the login.

A History Check System of Public Electronic Certificate using OCSP Service (OCSP 서비스를 이용한 공인인증서 사용이력 확인 시스템)

  • Kim, Nam-Gon;Cho, Beom-Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.3
    • /
    • pp.543-548
    • /
    • 2016
  • Public electronic certificates, as an important means for identification, have been used as the main economic transactions, including banking, e-government, e-commerce. identification. However, damage cases of certificates have been increased by Illegally issued and by hacking practices. Also the users have a difficult in ensuring that their certificates when and where to use. Therefore, the proposed system gives the organization code for the Institutions using OCSP services in advance, the organization code embedded in extensions of OCSP request message structure when institutions ask the validation of certificate to CA(Certificate Authority). Also, OCSP server can extract the organization code from OCSP request message, confirm the institution, and record it in certificate history management table of DB. In this paper, we presented a system that could determine the certificate history check using OCSP service, public electronic certificate validation service, and implemented to prevent and cope immediately with financial incidents.

Design of Online Certificate Revocation Information Transfer using Verifier Lists (검증자목록을 이용한 실시간 인증서 폐지 정보 전송의 설계)

  • 이용준;정재동;오해석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.45-54
    • /
    • 2003
  • A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

Biometric Certificate on Secure Group Communication

  • Han, Kun-Hee
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.4
    • /
    • pp.25-29
    • /
    • 2014
  • Security is a primary concern in group communication, and secure authentication is essential to establishing a secure group communication. Most conventional authentications consist of knowledge-based and token-based methods. One of the token-based methods is a X.509 certificate, which is used under a Public Key Infrastructure (PKI); it is the most well-known authentication system in a distributed network environment. However, it has a well-known weakness, which only proves the belonging of a certificate. PKI cannot assure identity of a person. The conventional knowledge-based and token-based methods do not really provide positive personal identification because they rely on surrogate representations of the person's identity. Therefore, I propose a secure X.509 certificate with biometric information to assure the identity of the person who uses the X.509 certificate in a distributed computing environment.

  • PDF

Design of Electronic ID System Satisfying Security Requirements of Authentication Certificate Using Fingerprint Recognition (지문 인식을 이용하여 공인인증서의 보안 요건을 만족하는 전자 신분증 시스템의 설계)

  • Lee, Chongho;Lee, Seongsoo
    • Journal of IKEEE
    • /
    • v.19 no.4
    • /
    • pp.610-616
    • /
    • 2015
  • In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

A Reform Measure of the Structure and Transaction Process for the Safety Improvement of a Credit Card (신용카드의 안전성 향상을 위한 구조 및 거래절차 개선방법)

  • Lee, Young Gyo;Ahn, Jeong Hee
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.3
    • /
    • pp.63-74
    • /
    • 2011
  • Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

A Study of the Change Method of Korean Resident Registration Number (주민등록번호 변경 방법에 대한 연구)

  • Lee, Younggyo;Ahn, Jeonghee
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.3
    • /
    • pp.65-74
    • /
    • 2016
  • The Korean resident registration number has been used since 1962 as a personal identification number. The Korean government assigns this number to each korean citizen and it is not able to be changed. In 2000s, as the Internet was rapidly spreaded out, personal information such as the Korean resident registration number, name, home address, and phone number was leaked. The companies provide diverse internet service while collecting personal information. However, personal information was sometimes leaked because of hacking, poor information management and so on. As s results, some of citizens asked government and court of Korea to change the Korean resident registration number because they suffered material damage and emotional distress. The constitutional court decided to be able to change the number from 2018. In this study, the Korean resident registration number which is possible to change, serial number, public certificate, I-PIN, and My-PIN were analyzed comparatively. In addition, considerations when the Korean resident registration number was changed were discussed. The public certificate and I-PIN were appropriate to the case of on-line Korean resident registration number. The Korean resident registration number, serial number, My-PIN were appropriate to the case of off-line Korean resident registration number. Lastly, it would be efficient to manage the Korean resident registration number separately such as on-line and off-line.

Certified Key Management in Multi K-FIDO Device Environment (복수 K-FIDO 기기 환경에서의 인증키 관리)

  • Lee, Byoungcheon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.293-303
    • /
    • 2017
  • FIDO(Fast IDentity Online) technology is expanding very rapidly which can replace traditional password-based authentication with biometrics technology[1,7]. FIDO provides convenient authentication with biometrics technology and secure key management with smart card technology, but it does not provide user identification, thus traditional user identification technology should be used before a FIDO device is registered to a FIDO server. K-FIDO[3] is an approach to implement FIDO and certificate-based authentication technology into a single device that user can utilize certificate-based authentication in initial registration of FIDO device to FIDO server. It is expected that very shortly users will own and use multiple K-FIDO devices. If we consider the traditional approach of copying single certificate to multiple devices or issuing independent certificate to each device, there will be many complex problems. In this paper we propose more secure and convenient key management technology in multiple K-FIDO device scenario using self-extended certification[4].

Management Method to Secure Private Key of PKI using One Time Password (OTP를 이용한 PKI 기반의 개인키 파일의 안전한 관리 방안)

  • Kim, Seon-Joo;Joe, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.14 no.12
    • /
    • pp.565-573
    • /
    • 2014
  • We have various e-commerce like on-line banking, stock trading, shopping using a PC or SmartPhone. In e-commerce, two parties use the certificate for identification and non-repudiation but, the attack on the certificate user steadily has been increasing since 2005. The most of hacking is stealing the public certificate and private key files. After hacking, the stolen public certificate and private key file is used on e-commerce to fraud. Generally, the private key file is encrypted and saved only with the user's password, and an encrypted private key file can be used after decrypted with user password. If a password is exposed to hackers, hacker decrypt the encrypted private key file, and uses it. For this reason, the hacker attacks user equipment in a various way like installing Trojan's horse to take over the user's certificate and private key file. In this paper, I propose the management method to secure private key of PKI using One Time Password certification technique. As a result, even if the encrypted private key file is exposed outside, the user's private key is kept safely.

Reliability of Education and Occupational Class: A Comparison of Health Survey and Death Certificate Data (면접조사자료와 사망등록자료 간 교육수준 및 직업계층의 신뢰도)

  • Kim, Hye-Ryun;Khang, Young-Ho
    • Journal of Preventive Medicine and Public Health
    • /
    • v.38 no.4
    • /
    • pp.443-448
    • /
    • 2005
  • Objectives : This study was done to evaluate the reliability of education and occupational class between using the health survey and the death certificate data. Methods : The 1998 National Health and Nutrition Examination Survey (NHANES) was conducted on a cross-sectional probability sample of South Korean households, and it contained unique 13-digit personal identification numbers that were linked to the data on mortality from the Korean National Statistical Office. The data from 263 deaths were used to estimate the agreement rates and the Kappa indices of the education and occupational class between using the NHANES data and the death certificate data. Results : The simple and weighted Kappa indices for education were 0.60 (95% CI=0.53-0.68) and 0.73 (95% CI=0.67-0.79) respectively, if the educational level was grouped into five categories: no-formal-education, elementary-school, middle-school, high-school and college or over. The overall agreement rate was 71.9% for these educational groups. The magnitude of reliability, as measured by the overall agreement rates and Kappa indices, tended to increase with a decrease in the educational class. The number of non-educated people with using the death certificate data was smaller than that with using the NHANES data. For the occupational class (manual workers, non-manual workers and others), the Kappa index was 0.40 (95% CI=0.30-0.51), which was relatively lower than that for the educational class. Compared with the NHANES, the number of non-manual workers for the deceased who were aged 30-64 tended to be increased (8 to 12) when using the death certificate data, whereas the number of manual workers tended to be decreased (59 to 41). Conclusions : The socioeconomic inequalities in the mortality rates that were based on the previous unlinked studies in South Korea were not due to a numerator/denominator bias. The mortality rates for the manual workers and the no-education groups might have been underestimated.