The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Enhanced Certificate with User's Privacy Protection Methods

프라이버시 보호 기능이 추가된 인증서 프로화일에 관한 연구

  • 양형규 (강남대학교 컴퓨터미디어공학부)
  • Published : 2005.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

When a Certification Authority (CA) issues X.509 public-key certificate to bind a public key to a user, the user is specified through one or more subject name in the 'subject' field and the 'subjectAltName' extension field of a certificate. The 'subject' field or the 'subjectAltName' extension field may contain a hierarchically structured distinguished name, an electronic mail address, If address, or other name forms that correspond to the subject. In this paper, we present the requirements for certificate holder's privacy protection and propose the methods to protect the user's privacy information contained in the 'subject' field or the 'subjectAltName' extension field of a public-key certificat

CA가 공개키를 포함하는 X.509 인증서를 사용자에게 발급할 때, 사용자는 하나 이상의 subject name을 "subject" 필드와 "subjectAltName" 확장 필드에 명시해야 한다. "subject" 필드 또는 "subjectAltName" 확장 필드는 DN, 전자메일 주소, IP 어드레스 등의 계층적인 구조를 포함할 수 있다. 본 논문에서 우리는 인증서 소유자의 프라이버시 보호를 위한 요구 조건들을 제시하였고, 그리고 공개키 인증서내의 "subject" 필드와 "subjectAltName" 확장 필드에 포함돼 있는 사용자의 프라이버시를 보호하는 즉, 제시한 요구조건들을 만족하는 방법을 제안하였다.

Keywords

References

  1. E.IITF principles, supra note 19, at 5
  2. J.J. Hwang and S.C. Hsueh, 'Greater protection for credit card holders : a revised SET protocol', Computer Standards and Interfaces 19, pp.1-8, 1988
  3. M. Bellare, J.A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E.V. Herreweghen, and M. Waidner, 'Design, implementation, and deployment of the iKP secure electronic payment system', IEEE Journal on Selected Areas in Communications 18(4), pp. 611-627, April 1991
  4. Australian Transaction Report and Analysis Center, 'RGEC report -- research and technical advice volume 3', http://www.austrac.gov.au/text/publications/rgec/3/pdf/ch1.pdf, Dec, 1999
  5. R. Housley, W. Ford, W. Polk, and D. Solo, 'Intenet X.509 public key infrastructure certificate and Certificate Revocation list (CRL) profile', IETF RFC 3280, April 2002
  6. Hongkong Post, 'e-Cert certification practice statement', 2001
  7. J. Park, J. Yoon, S. Kim, S. Park, J.Lee, H. Lee, and T. Polk, 'Internet X.509 public key infrastructure subject identification method' draft-ietf-pkix-sim-03.txt, Feb. 2004
  8. Verisign, 'VeriSign enhances digital IDs to enable universial website login and one-step registration', http://www.verisign.comjpress/product/isv.htrnl, , April 1997
  9. S.G. Renfro, 'VeriSign CZAG: privacy leak in X.509 certificates', Proceedings of the 11th USENIX Security Symposium, August 2002
  10. MasterCard and VISA, 'Secure Electronic Transaction (SET) specification', Book 1 : Business Description, version 1.0(1997)
  11. MasterCard and VISA, 'Secure Electronic Transaction (SET) specification', Book 2 : Programmer's Guide, version 1.0(1997)
  12. MasterCard and VISA, 'Secure Electronic Transaction (SET) specification', Book 3 : Formal Protocol Definition, version 1.0 (1997)
  13. J.J. Hwang, T.C. Yeh, and J.B. Li, 'Securing on-line credit card payments without disclosing privacy information', Computer Standards and Interfaces 25, pp.119-129, 2003 https://doi.org/10.1016/S0920-5489(02)00102-2
  14. W. Diffie and M.E. Hellman, 'New Directions in cryptography', IEEE Trans. Inform. Theory, IT-22, pp.644-654, 1976
  15. J. Camenisch and M. Stadler, 'Proof systems for general statements about discrete logarithms', Technical Report TR 260, 13pages, Department of Computer Science, ETH Zurich, March 1997
  16. M. Bellare and P. Rogaway, 'Random oracles are practical: A paradigm for designing efficient protocols', Proc. First Annual Conference on Computer and Communications Security, ACM, 1993 https://doi.org/10.1145/168588.168596