• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.385-388
• /
• 2002

본 논문에서는 기본 데이터베이스의 보안적인 취약점에 대해서 알아보고 보안적인 취약점을 해결할 수 있는 방법으로써 Public Key Certificate와 Attribute Certificate를 이용한 서비스 모델을 제시한다. 즉 Public Key Certificate를 이용해서 인증 강도를 높이고 Attribute Certificate를 이용해서 데이터베이스를 사용하는 사용자들에게 Role 기반 권한을 제공해서 사용자들이 데이터베이스를 사용할 수 있는 권한을 손쉽게 세분화 할 수 있는 방법을 제안한다. 또한 공개키 기반 암호화를 사용해서 사용자가 특정 자료를 암호화해서 데이터베이스에 저장함으로써 비도덕적인 데이터베이스 관리자나 혹은 데이터베이스 시스템 내부의 침입자에 의해서 사용자의 데이터가 유출되는 것을 방지하는 방법을 제안한다.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.5
• /
• pp.721-728
• /
• 2004

OCSP (Online Certificate Status Protocol) server which checks the certificate status provides the real time status verification in the PKI (Public Key Infrastructure) system which is the essential system of certificate. However, OCSP server need the message authentication with the server and client, so it has some shortcomings that has slow response time for the demands of many clients concurrently and has complexity of the mathematical process in the public encryption system. In this research, simulation model of the certificate status vertification server is constructed of the DEVS (Discrete EVent system Specification) formalism. This sever model is constructed to practice the authentication with hash function when certificate is checked. Simulation results shows the results of increase of the certificate status verification speed and decrease of the response time to the client.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.45-54
• /
• 2003

A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.59-67
• /
• 2003

PMI(Privilege Management Infrastructure) certificates as well as Public-Key certificates must be validated before being used. Validation for a PMI certificate requires PMI certificate path validation, and PKC(Public-Key Certificate) path validations for each entity in the PMI certificate path. This validation work is quite complex and burdened to PMI certificate verifiers. Therefore, this paper suggests a delegated PMI certificate validation that uses specialized validation server, and defines a validation protocol which is used between validation server and client.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.3
• /
• pp.543-548
• /
• 2016

Public electronic certificates, as an important means for identification, have been used as the main economic transactions, including banking, e-government, e-commerce. identification. However, damage cases of certificates have been increased by Illegally issued and by hacking practices. Also the users have a difficult in ensuring that their certificates when and where to use. Therefore, the proposed system gives the organization code for the Institutions using OCSP services in advance, the organization code embedded in extensions of OCSP request message structure when institutions ask the validation of certificate to CA(Certificate Authority). Also, OCSP server can extract the organization code from OCSP request message, confirm the institution, and record it in certificate history management table of DB. In this paper, we presented a system that could determine the certificate history check using OCSP service, public electronic certificate validation service, and implemented to prevent and cope immediately with financial incidents.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4C
• /
• pp.290-295
• /
• 2005

When a Certification Authority (CA) issues X.509 public-key certificate to bind a public key to a user, the user is specified through one or more subject name in the 'subject' field and the 'subjectAltName' extension field of a certificate. The 'subject' field or the 'subjectAltName' extension field may contain a hierarchically structured distinguished name, an electronic mail address, If address, or other name forms that correspond to the subject. In this paper, we present the requirements for certificate holder's privacy protection and propose the methods to protect the user's privacy information contained in the 'subject' field or the 'subjectAltName' extension field of a public-key certificat

• Disaster and Security
• /
• v.5 no.1
• /
• pp.93-100
• /
• 2015

Although many years passed since 'The Legislative bill on the support of voluntary activities of enterprises for disaster reduction'(hereinafter referred to as 'enterprise disaster reduction act') has been first enacted in 2007, BCMS is still not activated in our society. In contrast, after 911 Terror, importance of BCM is getting magnified and standardization research & institutionalization i s a lso proceeding i all over world. Lately, Disaster preventing activities is urgently needed like the sinking of 'Sewol ferry'. So the purpose of this paper is proposed for establishment of 'BCMS' and activation of the certificate system for Best-Run Business by analyzing the problem of 'enterprise disaster reduction act' and weak of activation as following. First, propel changing the policy of self-regulated participation to mandatory about the certificate system for Best-Run Business from public entity to government ministry and it is able to activate by propelling demo business of the certificate system for Best-Run Business. Second, public entity that has been given the certificate system for Best-Run Business by affiliating with Disaster Management Assessment of government management can be exempted from Disaster Management Assessment or those entity can arrange for connectivity acquisition method of 'Excellent rate'. Third, to publicize the activation of the law mentioned above, makes public entity r ecognizable by incorporating 'BCMS' into National safety management plan and establishment of National critical infrastructures security plan. Fourth, it should be reviewed to improving the related act regarding to inclusion of public organizations as well as private enterprises.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37C no.9
• /
• pp.841-850
• /
• 2012

Most of banks in Korea provide smartphone banking services. To use the banking service, public key certificates with private keys, which are stored in personal computers, should be installed in smartphones. Many banks provides intermediate servers that relay certificates to smartphones over the Internet, because the transferring certificates via USB cable is inconvenient. In this paper, we analyze the certificate transfer protocol between personal computer and smartphone, and consider a possible attack based on the results of the analysis. We were successfully able to extract a public key certificate and password-protected private key from encrypted data packets. In addition, we discuss several solutions to transfer public key certificates from personal computers to smartphones safely.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.472-481
• /
• 2006

J. Zhou et al. proposed a new public-key framewort in which the maximum lifetime of a certificate is divided into short periods and the certificate could be expired at the end of any period under the control of the certificate owner(or his manager in a corporate environment). However, J. Zhou et al.'s public-key framework is not suitable on implementation in real world. Therefore, we review some security Parameters to change them into more suitable ones for implementation and remove an unnecessary trust party of J. Zhou et al.'s public-key framework. Then, we propose an improved scheme for realistic solution. Moreover, we present a practical application based on the improved framework.

• Review of KIISC
• /
• v.3 no.3
• /
• pp.80-85
• /
• 1993

다른 가입자가 특정 가입자의 공개키를 인증하기 위한 분리된 certificate가 필요하지 않은 공개키 개념인 self-certified 공개키의 개념을 소개한다. Self-certified 공개키 개념은 공개키 방식 (public key schemes) 에서 저장공간과 계산량을 감소시킬 수 있으며, 비밀키는 가입자 자신이 직접 선택할 수 있으며, 센터에게는 비밀로 할 수 있다. 센터와 가입자가 공개키ㅡ 계산하는 전략은 공개키자체에 certificate를 삽입하여 certificate를 별도로 취하지 않는 것이다.