• Title/Summary/Keyword: X-509

Search Result 155, Processing Time 0.025 seconds

A study on Kerberos Authentication and Key Exchange based on PKINIT (PKINIT기반의 Kerberos 인증과 키 교환에 관한 연구)

  • Sin, Gwang-Cheol;Jeong, Il-Yong;Jeong, Jin-Uk
    • The KIPS Transactions:PartC
    • /
    • v.9C no.3
    • /
    • pp.313-322
    • /
    • 2002
  • In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

Privacy-Enhanced Subject Identification method Embedded in X.509 Certificate (X.509 인증서에 포함된 프라이버시 보호기능을 가진 개인 식별 방법)

  • Lee, Jae-Il;Park, Jong-Wook;Kim, Seung-Joo;Song, Joo-Seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.5
    • /
    • pp.59-66
    • /
    • 2006
  • A Certification Authority issues X.509 public key certificates to bind a public key to a subject. The subject is specified through one or more subject names in the 'subject' or 'subjectAltName' fields of a certificate. In reality, however, there are individuals that have the same or similar names. This ambiguity can be resolved by including a 'permanent identifier' in all certificates issued to the same subject, which is unique across multiple CAs. But, a person's unique identifier is regarded as a sensitive personal data. Such an identifier cannot simply be included as part of the subject field, since its disclosure may lead to misuse. We present a new method for secure and accurate user authentication through the PEPSI included in the standard certificate extension of a X.509 certificate. The PEPSI can be served not only for user authentication but also for the user anonymity without divulging personal information.

A Study on Multi_Kerberos Authentication Mechanism based on Certificate (인증서기반의 Multi_Kerberos 인증시스템에 관한 연구)

  • Shin, Kwang-Cheul;Cho, Sung-Je
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.3
    • /
    • pp.57-66
    • /
    • 2006
  • In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

  • PDF

Delegation using X.509 Certificates in PKI Based (PKI 기반에서 X.509 인증서를 사용한 권한위임)

  • 유정각;이건희;이상하;김동규
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.262-265
    • /
    • 2001
  • 분산 시스템에서 사용자가 시스템에 로그인 상태에서 자신의 시스템에 존재하지 않는 자원을 이용하기 위한 방안으로 권한위임이 필수적이다. 이러한 권한위임은 다양하게 요구되는 정보보호 응용 서비스의 가용성을 증대시킨다. 본 논문에서는 권한위임을 처리하기 위해서 권한위임 인증서를 생성하여 안전하게 인증서를 중개자에게 전달해야한다. 개시자와 중개자 최종 목적지까지 다단계 권한위임이 발생하는 연결고리에서 PKI 기반 X.509의 공개키를 이용한 효율적이고 추적 및 검증이 가능한 프로토콜을 제안한다.

  • PDF

A study on advanced Kerberos Authentication between Realms based on PKINIT (PKINIT기반의 향상된 Kerberos 인증에 관한 연구)

  • 신광철;정진욱
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.12
    • /
    • pp.1541-1548
    • /
    • 2001
  • In this paper, We propose a new Kerberos certification mechanism that improve certification service based on PKINIT that announce in IETF CAT Working Group. Certification between area connected by chain through PKINIT that use X.509 and DS/DNS mutually for service. In order to provide regional services used private key and public key, X.509 of PKINIT is employed on session part and Kerberos's private key on actual authentication part. New mechanism be reduced communication overload doing to simplify certification formality between Client and remote KDC by KDC's certificate use to get ticket in remote sacred ground and remote KDC's reaffirmation process omitted.

  • PDF

A Study of Cross Certification between Realms in Public Key Infrastructure based on X.509 (X.509기반 PKI의 영역간 상호인증 프로토콜에 관한 연구)

  • 신광철
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.6
    • /
    • pp.845-852
    • /
    • 2001
  • Electronic commerce and application service is to universal on the internet, and a large quantity information transmitted on the network, It's needs procedure to access only permit objects for the integrity of information. In order to provide regional services is authentication for control resource and client identification. In particular, public key system is to implement in distributed environment, it is able to insurance users convenience and integrity at the same time. In this paper designed mechanism of cross certification between realms in PKI based on X.509 associated with DNS (Domain Name System) that is presented.

  • PDF

Design and Implementation of Message Security Protocol using SPKI/SDSI (SPKI/SDSI를 이용한 메시지 보안 프로토콜 설계 및 구현)

  • Kwak Moon-Sang;Hong Young-Sik
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2006.06c
    • /
    • pp.322-324
    • /
    • 2006
  • 네트워크의 발달과 분산처리 시스템의 확산에 따라 정보의 노출이나 손실 및 변경과 같은 보안상의 문제들이 크게 증가하고 있다. 따라서 메시지처리와 보안에 대한 많은 연구가 진행 중에 있으며 X.400 메시지처리시스템과 메시지 보안 프로토콜이 대표적인 예이다. 하지만 메시지 보안 프로토콜은 X.509 공개키 기반구조를 사용하고 있어 인증단계가 복잡하다는 단점이 있다. 이에 본 논문은 기존 X.509 공개키 기반구조를 보다 단순화시켜 유연하게 지원하기 위해 SPKI/SDSI기반구조의 SPKI/SDSI인증형식을 갖춘 인증서를 정의하여 X.509 인증구조보다 간소화한 메시지 보안 프로토콜을 설계 및 구현하였다.

  • PDF

A Study on Smartcard-based Certification System using Kerberos and X.509 (Kerberos와 X.509를 이용한 스마트카드 기반 인증시스템에 관한 연구)

  • 박정용;남길현
    • Journal of the military operations research society of Korea
    • /
    • v.26 no.1
    • /
    • pp.115-124
    • /
    • 2000
  • In this paper, we are introduced a certification system for open network environment. The Kerberos which was developed by MIT uses a secret key cryptosystem for authentication. It is secure and efficient for closed network users to authenticate each others. However, the kerberos has a disadvantage of managing a lot of secret keys for In this paper, we are introduced a certification system for open network environment. users in the open network environment. This paper suggests a method that uses X.509 to provide public keys with certification to Kerberos users for authentication in the X.500 directory standard. And we also suggest the smartcard as data storage device to enhance the security and availability.

  • PDF

SPKI/SDSI HTTP Secure Server to support Role-based Access Control & Confidential Communication (역할기반 접근제어 및 비밀통신을 지원하는 SPKI/SDSI 보안 서버)

  • 이영록;김민수;김용민;노봉남;이형효
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.6
    • /
    • pp.29-46
    • /
    • 2002
  • We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.

STABILITY OF DRYGAS TYPE FUNCTIONAL EQUATIONS WITH INVOLUTION IN NON-ARCHIMEDEAN BANACH SPACES BY FIXED POINT METHOD

  • KIM, CHANG IL;HAN, GIL JUN
    • Journal of applied mathematics & informatics
    • /
    • v.34 no.5_6
    • /
    • pp.509-517
    • /
    • 2016
  • In this paper, we consider the following functional equation with involution f(x + y) + f(x + σ(y)) = 2f(x) + f(y) + f(σ(y)) and prove the generalized Hyers-Ulam stability for it when the target space is a non-Archimedean Banach space.