• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.2
• /
• pp.21-28
• /
• 2008

There are some problems on the system that uses a password comprising a digital signature to identify the secret key owner under the public key infrastructure. For example, the password can be difficult to remember or easy to be disclosure, and users should make more complex password to protect it. A number of studies have been proceeded in order to overcome these defects using the fingerprint identification technologies, but they need to change the current standard of public key infrastructure. On the suggested private key escrow system, the private key can be withdrawn only through the enrollment and identification of a fingerprint template after it is saved to a reliable third system. Therefore, this new private key escrow system can remove previous inconveniences of managingthe private key on current public key infrastructure, and it exhibited superior results in terms of the evaluation items when compared with the integrated method of the existing fingerprint identification and public key infrastructure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.747-754
• /
• 2003

Thia paper suggests a milti user-authentication system comprises that DNA biometric informatiom, owner's RFID(Radio Frequency Identification) smartcard of hardware token, and PKI digital signqture of software. This system improved items proposed in [1] as follows : this mechanism provides one RFID smartcard instead of two user-authentication smartcard(the biometric registered seal card and the DNA personal ID card), and solbers user information exposure as RFID of low proce when the card is lost. In addition, this can be perfect multi user-autentication system to enable identification even in cases such as identical twins, the DNA collected from the blood of patient who has undergone a medical procedure involving blood replacement and the DNA of the blood donor, mutation in the DNA base of cancer cells and other cells. Therefore, the proposed system is applied to terminal log-on with RFID smart card that stores accurate digital DNA biometric information instead of present biometric user-authentication system with the card is lost, which doesn't expose any personal DNA information. The security of PKI digital signature private key can be improved because secure pseudo random number generator can generate infinite one-time pseudo randon number corresponding to a user ID to keep private key of PKI digital signature securely whenever authenticated users access a system. Un addition, this user-authentication system can be used in credit card, resident card, passport, etc. acceletating the use of biometric RFID smart' card. The security of proposed system is shown by statistical anaysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.141-151
• /
• 2004

According to the improvemnent of electronic commerce, the requirements of security devices are becoming increasingly pervasive. The security API must design easily and securely to support a compatibility feature between security devices. It is chosen the PKCS #11 interface by RSA Labs that shows the compatibility and extensibility standards of many application product and implementation, and supported KCDSA mechanism which is a korean digital signature standard. And the PKCS #11 security API defines new key management function which provides more secure key management ability. We suggest the object attributes and templates of KCDSA private and public key object, generate and verify digital signature using KCDSA mechanism. The PKCS #11 supporting KCDSA mechanism is designed, implemented using C-Language, tested a performance, and analyzed the security and compatibiltiy feature.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.463-466
• /
• 2016

Sharing of product and process information with partners is a basic activity and key requirement which ensures success of distribution. ePedigree that encapsulates all of the event data from manufacturer to retail shop provides a flexible mechanism of storing and sharing traceable information to the partners of supply chain and credibility of shared information through digital signature based on Public Key Infrastructure (PKI). To generate the signature that can be authenticated through PKI, the partners of supply chain should pay for PKI certificates from Certificate Authority (CA). In case of agrifood cooperatives which consist of petty merchants or farmers, it is hard to pay for the PKI certificate for all members and is a big obstacle for the ePedigree to be applied to the supply chain. This paper proposes a private certification method of ePedigree for cooperatives. Cooperatives can apply the ePedigree using the proposed method to all the members at small cost and the proposed method can assure the credibility of information at the same level of the previous ePedigree.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.1-16
• /
• 2011

A digital certificate mandated by the Electronic Signature Act has become familiar in our daily lives as 95% of the economically active population hold certificates. Due to upgrades to 256 bit level security that have become effective recently, the security and reliability of digital certificates are expected to increase. Digital certificates based on Public Key Infrastructure (PKI) have been known as "no big problem," but the possibility of password exposure in cases of leaked digital certificates still exists. To minimize this vulnerability, various existing studies have introduced alternative password methods, expansion of certificate storage media, and multiple certification methods. These methods perform enhanced functions but also have limitations including the fact that the secureness of passwords is not guaranteed. This study suggests an alternative method for enhancing the level of password secureness as a way to improve password security. This new method improves security management and enhances the convenience of using digital technologies. The results may be used for developing digital certificate related security technologies and research in the future.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.27-35
• /
• 2023

Currently, online user authentication is perform using joint certificates issued by accredited certification authorities and simple certificates issued by private agency. In such a PKI(Public Key Infrastructure) system, various cryptographic technologies are used, and in particular, digital signatures are used as a core technology. The digital signature scheme is equally used in DID(Decentralized Identity), which is attracting attention to replace the existing centralized system. As such, the digital signature-based user authentication used in current online services is also applied in the metaverse, which is attracting attention as the next-generation online world. Metaverse, a compound word of "meta," which means virtual and transcendent, and "universe," means a virtual world that includes the existing online world. Due to various developments of the metaverse, it is expted that new authentication technologies including biometric authentication will be used, but existing authentication technologies are still being used. Therefore, in this study, we study digital signature scheme that can be efficiently used for user authentication in the developing metaverse. In particular, we experimentally analyze the effectiveness of ECDSA, which is currently used as a standard for digital signatures, and Schnorr signatures, which can quickly verify a large amount of signatures.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.2
• /
• pp.371-378
• /
• 2004

As an agent is applied into various fields, it is suggested as the paradigm of new application technology in the area of computer communication. However, the mobile agent brines the problem of security on an agent due to mobility. This study proposals the mobile agent protection protocol framework for more effective protection and safety. The designed Framework of protocol uses the public ky, the private key and the digital signature in PKI environment based on JAVA. This is the mechanism accomplishing safely the work of an agent by tracking the pattern of execution and the mobility plan through the VS(verification server). This also secures the suity and the flawlessness of an agent through the VS guaranteeing safety from malicious attacks.