• Title/Summary/Keyword: Public electronic certificate

Search Result 46, Processing Time 0.025 seconds

A History Check System of Public Electronic Certificate using OCSP Service (OCSP 서비스를 이용한 공인인증서 사용이력 확인 시스템)

  • Kim, Nam-Gon;Cho, Beom-Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.3
    • /
    • pp.543-548
    • /
    • 2016
  • Public electronic certificates, as an important means for identification, have been used as the main economic transactions, including banking, e-government, e-commerce. identification. However, damage cases of certificates have been increased by Illegally issued and by hacking practices. Also the users have a difficult in ensuring that their certificates when and where to use. Therefore, the proposed system gives the organization code for the Institutions using OCSP services in advance, the organization code embedded in extensions of OCSP request message structure when institutions ask the validation of certificate to CA(Certificate Authority). Also, OCSP server can extract the organization code from OCSP request message, confirm the institution, and record it in certificate history management table of DB. In this paper, we presented a system that could determine the certificate history check using OCSP service, public electronic certificate validation service, and implemented to prevent and cope immediately with financial incidents.

Technology Standardization, Government Intervention, and Public Electronic Certificate in Korea (기술표준화, 정부개입, 그리고 공인인증서)

  • Song, Yeongkwan
    • KDI Journal of Economic Policy
    • /
    • v.37 no.sup
    • /
    • pp.1-32
    • /
    • 2015
  • Korea witnesses continued debate over the policy that mandates the use of the public authentication certificate (electronic certificate) in electronic financing. The debate mainly centers on the rationale of the government compelling, as a standard, a public electronic certificate based on a specific technology, among several user authentication technologies. This paper looks into the impacts of both adoption and abolition of this mandatory policy and thereby analyzes the effects of government intervention in technology standardization. To that end, two main questions are presented: what conditions would enable a single technology to serve as a standard in the market without government intervention; and what conditions would make the standard determined in the market contribute to maximizing social welfare. This paper demonstrates that the attitude and preference of market participants towards each technology determine the level of market equilibria and social welfare caused by the adoption and abolition of the mandatory policy on electronic certificate.

  • PDF

A Study on the Certification System in Electromic Commerce (전자상거래(電子商去來)의 인증체계(認證體系)에 관한 고찰(考察))

  • Ha, Kang Hun
    • Journal of Arbitration Studies
    • /
    • v.9 no.1
    • /
    • pp.367-390
    • /
    • 1999
  • The basic requirements for conducting electronic commerce include confidentiality, integrity, authentication and authorization. Cryptographic algorithms, make possible use of powerful authentication and encryption methods. Cryptographic techniques offer essential types of services for electronic commerce : authentication, non-repudiation. The oldest form of key-based cryptography is called secret-key or symmetric encryption. Public-key systems offer some advantages. The public key pair can be rapidly distributed. We don't have to send a copy of your public key to all the respondents. Fast cryptographic algorithms for generating message digests are known as one-way hash function. In order to use public-key cryptography, we need to generate a public key and a private key. We could use e-mail to send public key to all the correspondents. A better, trusted way of distributing public keys is to use a certification authority. A certification authority will accept our public key, along with some proof of identity, and serve as a repository of digital certificates. The digital certificate acts like an electronic driver's license. The Korea government is trying to set up the Public Key Infrastructure for certificate authorities. Both governments and the international business community must involve archiving keys with trusted third parties within a key management infrastructure. The archived keys would be managed, secured by governments under due process of law and strict accountability. It is important that all the nations continue efforts to develop an escrowed key in frastructure based on voluntary use and international standards and agreements.

  • PDF

A pairing-free key-insulated certificate-based signature scheme with provable security

  • Xiong, Hu;Wu, Shikun;Geng, Ji;Ahene, Emmanuel;Wu, Songyang;Qin, Zhiguang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.3
    • /
    • pp.1246-1259
    • /
    • 2015
  • Certificate-based signature (CBS) combines the advantages of both public key-based signature and identity-based signature, while saving from the disadvantages of drawbacks in both PKS and IBS. The insecure deployment of CBS under the hostile circumstances usually causes the exposure of signing key to be inescapable. To resist the threat of key leakage, we present a pairing-free key insulated CBS scheme by incorporating the idea of key insulated mechanism and CBS. Our scheme eliminates the costly pairing operations and as a matter of fact outperforms the existing key insulated CBS schemes. It is more suitable for low-power devices. Furthermore, the unforgeability of our scheme has been formally proven to rest on the discrete logarithm assumption in the random oracle model.

Enhanced Certificate with User's Privacy Protection Methods (프라이버시 보호 기능이 추가된 인증서 프로화일에 관한 연구)

  • Yang Hyung kyu
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.4C
    • /
    • pp.290-295
    • /
    • 2005
  • When a Certification Authority (CA) issues X.509 public-key certificate to bind a public key to a user, the user is specified through one or more subject name in the 'subject' field and the 'subjectAltName' extension field of a certificate. The 'subject' field or the 'subjectAltName' extension field may contain a hierarchically structured distinguished name, an electronic mail address, If address, or other name forms that correspond to the subject. In this paper, we present the requirements for certificate holder's privacy protection and propose the methods to protect the user's privacy information contained in the 'subject' field or the 'subjectAltName' extension field of a public-key certificat

Public Key Certification Technology for Electronic Commerce (전자 상거래 인증 기술)

  • 하영국;임신영;강상승;함호상;박상봉
    • The Journal of Society for e-Business Studies
    • /
    • v.4 no.2
    • /
    • pp.23-40
    • /
    • 1999
  • Nowadays, major application of public key certification technology based on PKI(Public Key Infrastructure) is electronic commerce. Public key certification technology may include various sub-technologies such as key recovery, secret sharing, certificate/key management, and directory system technology. This thesis discusses PKI-based certification authority technology for electronic commerce on the Internet.

  • PDF

Effective Certificate Verification of Wireless PKI Based in WAP (WAP에서 무선 PKI기반의 효율적인 인증서 검증)

  • Shin Jung-Won;Choi Seong-Kwon;Ji Hong-Il;Lee Byong-Rok;Cho Yong-Hwan
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2005.11a
    • /
    • pp.175-180
    • /
    • 2005
  • To data service is offered successfully including electronic commercial transaction in radio Internet, security problem should be solved. Security protocole for radio internet does certification and key exchange by leitmotif and designed because suppose WPKI(WAP Public Key Infrastructure) mainly and use certificate. Wish to discuss efficient certificate verification of PKI that consider radio surrounding hereupon.

  • PDF

Biometric-based key management for satisfying patient's control over health information in the HIPAA regulations

  • Bui, Quy-Anh;Lee, Wei-Bin;Lee, Jung-San;Wu, Hsiao-Ling;Liu, Jo-Yun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.1
    • /
    • pp.437-454
    • /
    • 2020
  • According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.

Public Key Infrastructure of Electronic Bidding System using the Fingerprint Information (지문 정보를 이용한 공개키 기반의 전자입찰시스템)

  • Park, So-Ah;Chae, Cheol-Joo;Cho, Han-Jin;Lee, Jae-Kwang
    • The Journal of the Korea Contents Association
    • /
    • v.12 no.2
    • /
    • pp.69-77
    • /
    • 2012
  • In the case of the password-based PKI technology, because it protects by using the password which is easy that user memorizes the private key, he has the problem about the password exposure. In addition, in the system of electronic bidding, the illegal use using the authentic certificate of the others increases. Recently, in order to solve this problem, the research about the PKI technology using the biometrics is actively progressed. If the bio information which the user inputs for the bio authentication is converted to the template, the digest access authentication in which the security is strengthened than the existing authentication technology can be built. Therefore, in this paper, we had designed and developed the system of electronic bidding which it uses the most widely used fingerprint information in the biometrics, it stores the user fingerprint information and certificate in the fingerprint security token and can authenticate the user. In case of using the system of electronic bidding of the public key infrastructure using the fingerprint information proposed in this paper the agent bid problem that it uses the certificate of the others in not only user authentication intensification but also system of electronic bidding can be concluded.