• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.7 no.5
• /
• pp.858-865
• /
• 2006

A certificate that is issued by the certification authority can be revoked within the period of validity by various reasons such as the loss of private key, disqualification or the change in key. Therefore, the certificate status verification must precede prior to use Currently, the CRL or the OCSP methods are used in most cases. But the CRL system can't guarantee the present status of the certificate, and the OCSP generates heavy network traffic by checking or requesting certificate status in real-time using high-capacity messages. In this paper, we propose a system that requests the certificate verification by creating VDN for user identity information. Through this system, the certification authority will be able to guarantee the certificate's status in real-time, and solve the problem of the sewer and network overload by verifying and finding user identity information from VDN, Based on the results, we propose a real-time certificate status verification system which can improve the speed of the verification. We confirmed the improvement in speed by testing and comparing it with the existing methods.

• Journal of Internet Computing and Services
• /
• v.4 no.4
• /
• pp.53-64
• /
• 2003

To perform the certificate validation on the user-side application induces the very considerable overhead on the user-side system because of the complex and time-consuming characteristic of the validation processing. Most of the time spend for performing the validation processing is required for the digital signature verification, since the verification accompanies with the cryptographic calculation over each certificate on the certificate path. In this paper, we propose a new certificate validation scheme using DSVP(Delegated Signature Validation Protocol) which can reduce the overhead for the user-side certificate validation processing. It is achieved by delegating the digital signature verification to CAs of the PKI domain. As the proposed DSVP is the protocol performed between a user and CAs, it is applied to the hierarchical PKI efficiently and used for delegating the digital signature verification reliably and safely, our proposed scheme can not only reduces the overhead for the validation processing by decreasing the cryptographic calculation but also improves the utilization of CAs by employing them to the validation processing.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.301-308
• /
• 2005

According to banking online transaction grows very rapidly, guarantee validity about business transaction has more meaning. To offer guarantee validity about banking online transaction efficiently, certificate status verification system is required that can an ieai-time offer identity certification, data integrity, guarantee confidentiality, non-repudiation. Existing real-time certificate status verification system is structural concentration problem generated that one node handling all transactions. And every time status verification is requested, network overload and communication bottleneck are occurred because ail useless informations are transmitted. it does not fit to banking transaction which make much account of real response time because of these problem. To improve problem by unnecessary information and structural concentration when existing real-time certificate status protocol requested , this paper handle status verification that break up inspection server by domain. This paper propose the method of real~time certificate status verification that solves network overload and communication bottleneck by requesting certification using really necessary Reduction information to certification status verification. And we confirm speed of certificate status verification $15\%$ faster than existing OCSP(Online Certificate Status Protocol) method by test.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4A
• /
• pp.304-311
• /
• 2005

OCSP has specific characters which can suspend, close, and correct in real time. But, as more clients use the OCSP server verification, more updated information is needed, which can lead to jamming in the OCSP server. To apply this technique of Distributed OCSP server so as to reduce the certificate verification OCSP from jamming. Also, the Distributed OCSP server will solve the problems of the intensive central structure. Simulation results show that the average reply time of certificate verification request and server load are reduced in the case using distributed OCSP. In addition to this advantage, resource distribution and fault tolerance are acquired because of multiple OCSP.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.435-441
• /
• 2009

The one-time password system solves the problem concerning password reuse caused by the repeated utilization of an identical password. The password reuse problem occurs due to the cyclic repetition at the time of password creation, and authentication failure can occur due to time deviation or non-synchronization of the number of authentication. In this study, the password is created asynchronously and exchanged with the user, who then signs using a digital signature in exchange for the password and a valid verification is requested along with the certificate to ensure non-repudiation. Besides this, a verification system for one-time password is proposed and designed to improve security by utilizing the validity verification that is divided into certificate verification and password verification. Comparative analysis shows that the mechanism proposed in this study is better than the existing methods in terms of replay attack, non-repudiation and synchronization failure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.55-65
• /
• 2003

To perform the certificate validation processing on the user-side application induces the very considerable overhead because of the complex and time-consuming characteristic of the validation processing. Especially, the verification for digital signature over a certificate can be the major reason of the overhead, since the verification accompanies with the cryptographic calculation over each certificate on the certificate path. In this paper, we propose a new certificate validation scheme can reduce the overhead caused by user-side certificate validation processing and improve the utilization of CAs. As the result, our proposed scheme can not only reduces the overhead for the validation processing by decreasing the cryptographic calculation but also improves the utilization of CAs by employing them to the validation processing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.25-37
• /
• 2004

A certificate is expected to use for its entire validity period. However, a false information record of user and compromise of private key may cause a certificate to become invalid prior to the expiration of the validity period. The CA needs to revoke the certificate. The CA periodically updates a signed data structure called a certificate revocation list(CRL) at directory server. but as CA updates a new CRL at directory server. the user can use a revoked certificate. Not only does this paper analyzes a structure of CRL and a characteristic of certificate status conviction, OCSP method but also it proposes a new certificate status verification method adding an observer information in handshake process between user and server.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.95-105
• /
• 2005

As a research on PKI is being very popular, the study relating to certificate status validation is being grown with aim to reduce an overhead of the protocol and to provide an efficient operation. The OCSP of the standard protocol related to the study enables applications to determine the revocation state of an identified certificate. However, the OCSP server can not service millions of certificate status validation requests from clients in a second on E-commerce because of the computational time for signature and verification. So, we propose the Real-time Certificate Status Validation Protocol(RCSVP) that has smaller computational time than OCSP. RCSVP server reduce the computational time of certificate status validation using hash function and common secret value. Also RCSVP client does not need the computational time of certificate verification to acquire the public key from an identified certificate. Therefore, the proposed protocol enables server to response millions of certificate status validation requests from clients in a second on E-commerce.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.5
• /
• pp.721-728
• /
• 2004

OCSP (Online Certificate Status Protocol) server which checks the certificate status provides the real time status verification in the PKI (Public Key Infrastructure) system which is the essential system of certificate. However, OCSP server need the message authentication with the server and client, so it has some shortcomings that has slow response time for the demands of many clients concurrently and has complexity of the mathematical process in the public encryption system. In this research, simulation model of the certificate status vertification server is constructed of the DEVS (Discrete EVent system Specification) formalism. This sever model is constructed to practice the authentication with hash function when certificate is checked. Simulation results shows the results of increase of the certificate status verification speed and decrease of the response time to the client.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.49-66
• /
• 2022

The COVID-19 pandemic has led many countries around the world to introduce and employ a digital certificate system to prevent infectious diseases, however, there are difficulties in using the compatible digital certificate between countries in that the international standards of the system have not been developed. Accordingly, we propose an improved system, comparing two methods of presenting a certificate, existing QR code-based and a short-range wireless communication-based certificates. The proposed system is a digital certificate system against the spread of infectious disease by storing verification information of the certificate using decentralized identity-based technology on the blockchain. Blockchain-based trust anchor improves security by solving the problem of forgery and alteration of certificates and guaranteeing the identity of certificate issuers and presenters. This system is also expected to enhance usability providing concurrent verification of a number of certificates(vaccination certificates, recovery certificates, test results, identity certificates, etc.) in a single certificate presentation.