• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2554-2571
• /
• 2014

Certificate-based cryptography is a new cryptographic paradigm that provides an interesting balance between identity-based cryptography and traditional public key cryptography. It not only simplifies the complicated certificate management problem in traditional public key cryptography, but also eliminates the key escrow problem in identity-based cryptography. As an extension of the signcryption in certificate-based cryptography, certificate-based signcryption provides the functionalities of certificate-based encryption and certificate-based signature simultaneously. However, to the best of our knowledge, all constructions of certificate-based signcryption in the literature so far have to be based on the costly bilinear pairings. In this paper, we propose a certificate-based signcryption scheme that does not depend on the bilinear pairings. The proposed scheme is provably secure in the random oracle model. Due to avoiding the computationally-heavy paring operations, the proposed scheme significantly reduces the cost of computation and outperforms the previous certificate-based signcryption schemes.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.91-97
• /
• 2008

The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI (Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates' status for clients. In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time.

• The Korean Society of Law and Medicine
• /
• v.10 no.2
• /
• pp.115-150
• /
• 2009

The Article 17 (1) of the Medical Service Act states that no one but medical doctor, dentist or herb doctor shall prepare medical certificate, post-mortem examination, certificate or prescription. Though medical certificate, post-mortem examination or certificate is a private document issued by doctor personally, it is accepted as reliable as public document. Therefore, for medical certificate, post-mortem examination or certificate, unlike other private document to guarantee authenticipy of the content, the Article 233 of the Criminal Act states the Crime of Issuance of Falsified Medical Certificates. In other words, the Criminal Act Article 233 states that If a medical or herb doctor, dentist or midwife prepares false medical certificate, post-mortem examination or certificate life or death, one shall be punished by imprisonment or imprisonment without prison labor for not more than three years, suspension of qualifications for not more than seven years, or a fine not exceeding thirtht million won. The subject of the Crime of Issuance of Falsified Medical Certificates is only a medical or herb doctor, dentist or midwife and the eligibility requirements are specified in the Medical Service Act. Medical certificate is the medical document to be issued by medical doctor to certify the health status and show the Jugdement about the result of the diagnosis, Post-mortem examination is the document to be listed by medical doctor to confirm medically about human body or dead body, and Certificate life or death is a kind of medical certificate to verify the fact of birth or death, the cause of death, such as Birth Certificate, Certificate of Stillbirth or Certificate of Dead Fetus. To constitute the crime of Issuance of Falsified Medical Certificates, it is necessary for the contents of the certificate to be substantially contrary to the truth, as well as it is needed the subjective perception that the contents of the certificate are false. The Supreme Court Decision 2004DO3360 Delivered on March 23, 2006 declared that although the Defendant did not MRI scan, etc. for precise observation about the disability status of Mr Park, it was difficult to believe that the contents of the Disability Certificate of this case were contrary to the objective truth or the defendant had perception that the contents of the certificate were false. I don't agree with the Supreme Court Decision, because the Supreme Court confirmed the decision by the court below despite the Supreme Court should have made the court below retry the reason why the Defendant did not MRI scan, etc. for precise observation about the disability status of Mr Park.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.109-121
• /
• 2009

As our society is changed to the information & digital society based on the internet, the requirement that the analog certificate of Korean residence is changed to digital one is increased. The Korean Government selected the smart card of 72 KB for the digital certificate of Korean residence and try to insert the personnel information of 41 items to it. The method that the numerous personnel information is stored in one smart card is convenience to use. If the certificate of residence is lost, the number of personnel information is misused or spreaded thorough the Internet by the hacking. In this paper, we analyze the problem about the digital certificate of Korean residence and propose the countermeasure about the problem. In the proposal, the digital certificate of residence have only the certificate. Therefore, the size of the smart card is minimized and can be canceled at the loss of the certificate of residence. And the exposure worry of personnel information will be decreased.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.757-760
• /
• 2006

This paper describes X.509 certificate profile, which is basic and important element in the PKI. X.509 certificate consists of basic fields, unique identifiers fields(added in version 2 certificate), and extension fields(added in version 3 certificate). extension fields of version 3 certificate supplement basic fields. We describes extension fields value and its meaning in current internet certificate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.45-54
• /
• 2003

A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.147-154
• /
• 2006

The certificate status validation mechanism is a critical component of a public key infrastructure based on certificate system. The most generally mechanisms used these days are the use of the certificate revocation list and the real-time certificate status protocol. But the certificate revocation list can not give the real-time certificate status because the certificate is being delivered periodically, and the real-time certificate status protocol method will generate a concentrated load to the server because the protocol in the central server will be accessed whenever a certification is necessary. It will also take a long time to validate the certificate because each trade has to send mass information through the network. This paper will present that real-time validation is guaranteed as the real-time certificate status protocol method and the traffic congestion in the network Is reduced in a way that the certification would be requested using the user information hash value and would be validated using the user information kept in the certification authorities and the service providers. Based on the this study, we suggest a real-time certificate status validation mechanism which can reduce the certificate status validation time using the signed user information hash value. And we confirm speed of certificate status verification faster than existing CRL(Certificate Revocation List) and OCSP(Online Certificate Status Protocol) method by test.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.4
• /
• pp.744-752
• /
• 2017

ECQV implicit certificate reconstructs the public key from the certificate without validation of the signature unlike the explicit certificate. Like this, the certificate and the public key is implicitly validated when a public key is reconstructed from a certificate. Hence, ECQV implicit certificate is shorter than the explicit certificate due to be only comprised of the public key reconstruction data instead of the signature and the public key, and faster to reconstruct the public key from the certificate than validating the signature. Furthermore, ECQV is well suited for environments and application that resources such as memory and bandwidth are limited because it is shorter the key length, and faster the performance than other cipher cryptography due to be run on ECC. In this paper, we describe prerequisites of ECQV specified in the SECG SEC 4 and issuance of an implicit certificate, reconstruction of the public key from an implicit certificate. Also we designed and implemented ECQV, and measured the performance of it.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.59-63
• /
• 2017

Recently, Certificate has been loosed 100 times in a four years as Phising or hacking. The service that use certificate in financial services occurs practical and secure issues. Therefore, the Korea government abolished the mandatory system used in the certificate service. However, they did not provide a replacing method for a certificate. And is not to fill the gaps of the certificate with one time password or secure card. Therefore this paper is propose the alternative method with total authentication service, that is lead the more secure electronic commercial.

• Journal of the Korean Data and Information Science Society
• /
• v.28 no.1
• /
• pp.163-171
• /
• 2017

With the advance of function of smart phone system and internet services, mobile trade grows more popular in the area of e-business or banking. These environmental changes, it makes the needs of authorized certificates. Authorized certificate is not only important in these days but also future society. In 2015, 27 millions of Korean people used public key certificate, but most of them does not know the details on the public key certificate. Therefore, in this paper, we explain and investigate the characteristics on the public certificate and explain the relation ship between authorized certificate and public key encrytion. By investigating several papers, internet data, newspapers and books, we found the historical changes, substantial aspects, the encryption systems on the authorized certificate. Also we study the pros and cons of authorized certificate. Finally we predict the number of issued authorized certificate for the future society based on nonparametric statistical method.