• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.1-16
• /
• 2011

A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.11-20
• /
• 2002

In 1998, A. Young and M. Yung proposed the auto-recovery auto-certificate cryptosystem in public key infrastructure. We propose the new recoverable cryptosystem in public key infrastructure which is designed with the concept of A. Young et al's auto-recovery auto-certificate cryptosystem. It has the private/public key pairs of the user and the master private/public key pairs of the escrow authority. It is based on RSA cryptosystem and has efficiency and security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3352-3365
• /
• 2012

Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.'s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.'s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.55-67
• /
• 2007

In ad hoc network, especially in the environment which the system authority only exists at the beginning of the network, it is very important problem how to issue the certificates in self-initialized public key scheme that a node generates its certificate with public and private key pair and is signed that by the system authority. In order to solve this problem, early works present some suggestions; remove the system authority itself and use certificate chain, or make nodes as system authorities for other nodes' certificates. In this paper, we suggest another solution, which can solve many problem still in those suggestions, using proxy signature and threshold signature, and prove its performance using simulation and analyse its security strength in many aspects.

• Korean Security Journal
• /
• no.6
• /
• pp.103-122
• /
• 2003

Protection sciences are new science. therefore, protection martial arts sciences are will studied be based on study of protection in order to supply high level by request. Moreover, It is reconstruction that protection martial arts masters education, systematic manage, certificate system, protection martial arts recognition certificate, protection martial arts equipment, practice of protection martial arts. Protection martial arts occurs on the unforeseen accident and body guarding, therefore martial arts concept of protection martial arts different general martial arts and sport. In order to develope of protection martial arts First, scientific thesis need of protection martial arts learning. Especially, aims of present protection martial arts is not protect oneself, protect the VIP to safely from all dangers is different thing with aims of general martial arts. Instinct that VIP protect rather than oneself should study and develop. Second, techniques and model of protection martial arts spread to who in connection with security service by systematic and organized. Preferentially, study of protection martial arts Techniques and model possible the protection martial arts learned society, found laboratory and endowed protection martial arts society organize and prevention for random of protection martial arts and must make the original protection martial arts. Third, protection martial arts official certificate and license system must organize in order to training and manage of protection martial art master, Match director(First Second), life physical director(First, Second, Third) is systematically manage by Ministry of Culture & Tourism Republic of Korea. Like this protection martial arts also classify the certificate by scholarship and experience. Fourth, In union to university, private security service company, public institution, police and system that possible leaning to protection martial arts certificate course important. In addition, destroy the commercial character of present martial arts and cultivate the pure martial arts mind, should develop to martial arts in order to improve the humanism and temperament of right body guard.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.97-107
• /
• 2008

This paper proposes a mutual authentication scheme for mobile router in MANEMO. The NEMO used AAA server in order to authenticate mobile router in nested mobile network. So, this scheme has some problem that increases authentication message overhead and authentication time. The proposed scheme uses temporary certificate that signed by an access router's private key. The temporary certificate authenticates a mobile router when the mobile router entered a MANET domain. The proposed scheme reduces authentication message overhead and authentication time than the scheme to use AAA server when authenticating the mobile router.

• The Journal of Society for e-Business Studies
• /
• v.6 no.3
• /
• pp.101-113
• /
• 2001

Security is very important in EC(Electronic Commerce) environment because exchanged information(that is transaction details, private data, charges data(card-no, accounts), etc) is various and is very sensitive. So, In this paper, we propose Secure-ReXpis(Reliable St excellent Xh3 Processing Infrastructure) System that transfer message and support Message Level Security(Encryption/Decryption and Digital Signature). And we implement Message Confidentiality Service, User Authentication ＆ Message Integrity Service and Non-Repudiation Service among the various Security Services. This system support XML message format and EDI message, WEB Data and Private Format Data, etc.

• Journal of Korea Multimedia Society
• /
• v.6 no.2
• /
• pp.288-300
• /
• 2003

As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

• Convergence Security Journal
• /
• v.11 no.2
• /
• pp.25-33
• /
• 2011

Quantitative rise and qualitative seriousness in crime have limitation to preventing crime just with public police security. Ultimately, in order for private security guard to fulfill the duty of preventing crime, its members' excellent quality and ability need to be preceded. This change in the environment of crime prevention came to demand professionalism in the security field. Furthermore, it became an opportunity of being emerged the necessity of specialist qualification. For this, first, there is a need of reinforcing the public confidence of the security guard association, and of vitalizing a certificate of qualification. Second, qualification functions as linking education and labor market. Thus, many qualification acquisitors need to strengthen direction that the security guard company can reflect and utilize this. Third, there is a need of positively supplementing the result of utilizing qualification or the insufficient management system so that the private security guard qualification system can be recognized as the qualification system of being authorized by the country.

• Korean Security Journal
• /
• no.11
• /
• pp.159-181
• /
• 2006

This study is concerned on Why The Certified Security certification is needed and How to control the security quality to get better service to the clients. Theses days are required The Certified Certificate in all the industry. And in this point of view, the certified certificate is a kind of confirmation by an authority to the person who has how much special knowledge and practice in a certain field. Moreover, in the functionalism society the certified certificate system would be very positive effect to the related industry and society as official measurement by an authority. The security is freedom from fear and anxiety. Which means the security can not be operated in isolation from citizen's safe-living expectation, and which is also dealing with valuable human being's life. For getting the better purpose the security industry employees should have more organized special training and education. As my understanding the certified certificate exam system is the confirmation by an authority, the certified certificate is only neutral evidence to get the confidence and credit from the clients. In this point of view the core point is How to control The Certified Certificate by a credied authority.