• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.9
• /
• pp.841-850
• /
• 2012

Most of banks in Korea provide smartphone banking services. To use the banking service, public key certificates with private keys, which are stored in personal computers, should be installed in smartphones. Many banks provides intermediate servers that relay certificates to smartphones over the Internet, because the transferring certificates via USB cable is inconvenient. In this paper, we analyze the certificate transfer protocol between personal computer and smartphone, and consider a possible attack based on the results of the analysis. We were successfully able to extract a public key certificate and password-protected private key from encrypted data packets. In addition, we discuss several solutions to transfer public key certificates from personal computers to smartphones safely.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4C
• /
• pp.290-295
• /
• 2005

When a Certification Authority (CA) issues X.509 public-key certificate to bind a public key to a user, the user is specified through one or more subject name in the 'subject' field and the 'subjectAltName' extension field of a certificate. The 'subject' field or the 'subjectAltName' extension field may contain a hierarchically structured distinguished name, an electronic mail address, If address, or other name forms that correspond to the subject. In this paper, we present the requirements for certificate holder's privacy protection and propose the methods to protect the user's privacy information contained in the 'subject' field or the 'subjectAltName' extension field of a public-key certificat

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.45-54
• /
• 2003

A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.472-481
• /
• 2006

J. Zhou et al. proposed a new public-key framewort in which the maximum lifetime of a certificate is divided into short periods and the certificate could be expired at the end of any period under the control of the certificate owner(or his manager in a corporate environment). However, J. Zhou et al.'s public-key framework is not suitable on implementation in real world. Therefore, we review some security Parameters to change them into more suitable ones for implementation and remove an unnecessary trust party of J. Zhou et al.'s public-key framework. Then, we propose an improved scheme for realistic solution. Moreover, we present a practical application based on the improved framework.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.6
• /
• pp.1480-1491
• /
• 2013

Certificate-based cryptography is a new cryptographic primitive which eliminates the necessity of certificates in the traditional public key cryptography and simultaneously overcomes the inherent key escrow problem suffered in identity-based cryptography. However, to the best of our knowledge, all existed constructions of certificate-based encryption so far have to be based on the bilinear pairings. The pairing calculation is perceived to be expensive compared with normal operations such as modular exponentiations in finite fields. The costly pairing computation prevents it from wide application, especially for the computation limited wireless sensor networks. In order to improve efficiency, we propose a new certificate-based encryption scheme that does not depend on the pairing computation. Based on the decision Diffie-Hellman problem assumption, the scheme's security is proved to be against the chosen ciphertext attack in the random oracle. Performance comparisons show that our scheme outperforms the existing schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.59-67
• /
• 2003

PMI(Privilege Management Infrastructure) certificates as well as Public-Key certificates must be validated before being used. Validation for a PMI certificate requires PMI certificate path validation, and PKC(Public-Key Certificate) path validations for each entity in the PMI certificate path. This validation work is quite complex and burdened to PMI certificate verifiers. Therefore, this paper suggests a delegated PMI certificate validation that uses specialized validation server, and defines a validation protocol which is used between validation server and client.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.5
• /
• pp.721-728
• /
• 2004

OCSP (Online Certificate Status Protocol) server which checks the certificate status provides the real time status verification in the PKI (Public Key Infrastructure) system which is the essential system of certificate. However, OCSP server need the message authentication with the server and client, so it has some shortcomings that has slow response time for the demands of many clients concurrently and has complexity of the mathematical process in the public encryption system. In this research, simulation model of the certificate status vertification server is constructed of the DEVS (Discrete EVent system Specification) formalism. This sever model is constructed to practice the authentication with hash function when certificate is checked. Simulation results shows the results of increase of the certificate status verification speed and decrease of the response time to the client.

• Journal of Arbitration Studies
• /
• v.9 no.1
• /
• pp.367-390
• /
• 1999

The basic requirements for conducting electronic commerce include confidentiality, integrity, authentication and authorization. Cryptographic algorithms, make possible use of powerful authentication and encryption methods. Cryptographic techniques offer essential types of services for electronic commerce : authentication, non-repudiation. The oldest form of key-based cryptography is called secret-key or symmetric encryption. Public-key systems offer some advantages. The public key pair can be rapidly distributed. We don't have to send a copy of your public key to all the respondents. Fast cryptographic algorithms for generating message digests are known as one-way hash function. In order to use public-key cryptography, we need to generate a public key and a private key. We could use e-mail to send public key to all the correspondents. A better, trusted way of distributing public keys is to use a certification authority. A certification authority will accept our public key, along with some proof of identity, and serve as a repository of digital certificates. The digital certificate acts like an electronic driver's license. The Korea government is trying to set up the Public Key Infrastructure for certificate authorities. Both governments and the international business community must involve archiving keys with trusted third parties within a key management infrastructure. The archived keys would be managed, secured by governments under due process of law and strict accountability. It is important that all the nations continue efforts to develop an escrowed key in frastructure based on voluntary use and international standards and agreements.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.762-764
• /
• 2016

The ECQV(Elliptic Curve Qu-Vanstone) is a implicit certificate scheme based on ECC(Elliptic Curve Cryptography). Implicit certificates are smaller and faster than a traditional explicit certificate. Therefore, it can be used in a memory or bandwidth constraint communication environments. Also, the butterfly key expansion algorithm is a method to issue many certificates by using only one public key. In this study, by applying the butterfly key expansion algorithm to ECQV, we suggest a new useful issuing certificate method that can be used in vehicular communication environments.

• Review of KIISC
• /
• v.3 no.3
• /
• pp.80-85
• /
• 1993

다른 가입자가 특정 가입자의 공개키를 인증하기 위한 분리된 certificate가 필요하지 않은 공개키 개념인 self-certified 공개키의 개념을 소개한다. Self-certified 공개키 개념은 공개키 방식 (public key schemes) 에서 저장공간과 계산량을 감소시킬 수 있으며, 비밀키는 가입자 자신이 직접 선택할 수 있으며, 센터에게는 비밀로 할 수 있다. 센터와 가입자가 공개키ㅡ 계산하는 전략은 공개키자체에 certificate를 삽입하여 certificate를 별도로 취하지 않는 것이다.