• Journal of the Korea Society of Computer and Information
• /
• v.11 no.3
• /
• pp.57-66
• /
• 2006

In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.21-30
• /
• 2004

Most applications using the PKI allows a user to execute the certificate validation processing. The efficiency of user system can be declined by the user-side processing resulting the overhead and low speed of the validation processing. Therefore, in this paper, we propose a new certificate validation processing method can decrease the overhead on user by allowing CAs of the hierarchical PKI to participate in the validation processing. Therefore, our proposed scheme can not only reduce the considerable overhead caused by the user-side whole processing without a new implementation of the delegated server but also improve the time spent for the processing by the reduction of the validation processing job on user.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.5
• /
• pp.79-91
• /
• 2011

In this paper, a DS (Data Synchronization) server for mobile communication environments is constructed and the suitability and the performance of its operations are validated. The DS server provides a way to update the newest data and keep data consistency for clients (mobile devices). In addition, the DS server constructed in this paper supports various synchronization types, and detects all changes and conflicts. In case of data conflicts, the DS server resolves the conflicts according to the several policies implemented in this work. The DS server conforms to the OMA(Open Mobile Alliance) DS standard protocol for interoperability with other mobile devices and servers. In addition to the transmission-by record scheme proposed by the OMA DS standard protocol, the DS server constructed in this paper also provides the transmission-by field scheme for the enhancement transmission performance between the server and clients. In order to validate its operations, data synchronization between the DS server and the SCTS (SyncML Conformance Test Suit), the suitability validation tool provided by the OMA, is performed. The validation results show that the DS server constructed in this paper satisfies all of the test cases except the Large Object function. The Large Object function will be implemented later because the function is not needed for the personal information synchronization process which this paper aims for. Also, synchronization times of the DS server are measured while increasing the number of data and clients. The results of the performance evaluations demonstrate that the DS server is scalable, in the sense that it has not suffered from any serious bottlenecks with respect to the number of data and clients. We expect that this work will provide a framework for various studies in the future for improving mobile DS operations.

• Journal of Korea Multimedia Society
• /
• v.17 no.11
• /
• pp.1307-1312
• /
• 2014

Online games are virtual space where it connects individual users through network connection to offer enjoyment of play games and game developer who service online games have to develop new contents and provide them to users to extend life of their service. Typically, in order to update new contents, all service companies have maintenance schedule to stop the game service for a while to update both server and client applications. Usually this process takes quite amount of time and users do not have any other choice but disconnected from server and wait until it is over. The purpose of this thesis is to describe the advantages of new design system which will allows users to continue to play the game even during the update. The main focus of this design is to make users feel more convenience in online gaming experience by move client from previous server to new server while users are still playing. If they can to connect current client with new server without any certificate validation process while users information from the client can automatically pass through to the new server, users may not need to experience maintenance for new contents update.

• Journal of the Korea Computer Industry Society
• /
• v.5 no.5
• /
• pp.721-728
• /
• 2004

OCSP (Online Certificate Status Protocol) server which checks the certificate status provides the real time status verification in the PKI (Public Key Infrastructure) system which is the essential system of certificate. However, OCSP server need the message authentication with the server and client, so it has some shortcomings that has slow response time for the demands of many clients concurrently and has complexity of the mathematical process in the public encryption system. In this research, simulation model of the certificate status vertification server is constructed of the DEVS (Discrete EVent system Specification) formalism. This sever model is constructed to practice the authentication with hash function when certificate is checked. Simulation results shows the results of increase of the certificate status verification speed and decrease of the response time to the client.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.3371-3396
• /
• 2016

Authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in computing technologies and associated constraints. Lu et al. recently proposed a biometrics and smartcards-based authentication scheme for multi-server environment. The careful analysis of this paper demonstrates Lu et al.'s protocol is susceptible to user impersonation attacks and comprises insufficient data. In addition, this paper proposes an improved authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. The formal security of the proposed protocol is verified using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our protocol can withstand active and passive attacks. The formal and informal security analysis, and performance analysis sections determines that our protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

• Journal of Korea Society of Industrial Information Systems
• /
• v.23 no.1
• /
• pp.53-63
• /
• 2018

In this paper, we analyze the waiting time of a queueing system with D-BMAP (discrete-time batch Markovian arrival process) and D-policy. Customer group or packets arrives at the system according to discrete-time Markovian arrival process, and an idle single server becomes busy when the total service time of waiting customer group exceeds the predetermined workload threshold D. Once the server starts busy period, the server provides service until there is no customer in the system. The steady-state waiting time distribution is derived in the form of a generating function. Mean waiting time is derived as a performance measure. Simulation is also performed for the purpose of verification and validation. Two simple numerical examples are shown.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.

• Journal of KIISE:Databases
• /
• v.30 no.4
• /
• pp.397-407
• /
• 2003

Transactions of updating spatial dta with mobile clients are log transactions because a user disconnected from a server surveys real features and updates them. In this environment, it is appropriate to exploit the optimistic approach based on the validation test in order to control the concurrency of transactions. On the contrary, the pessimistic concurrency control scheme makes transactions wait for a long time due to the lock. In this paper, we propose the surrogate transaction model and implement its manager for the S-S-M(Server-Surrogate PC-Mobile Client) structure which is appropriate for updating spatial data in mobile environments. In the S-S-M structure, the mobile client communicates with the server by the surrogate PC. We extend the validation condition in consideration of spatial relationships between spatial objects in this model. We also present the commit protocol where the user of a surrogate PC adjusts objects of the conflicted surrogate transaction to minimize costs for the abortion of the transaction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.63-71
• /
• 2006

In this paper, we propose a secure solution for user authentication by using fingerprint verification on the sensor-client-server model, even with the client that is not necessarily trusted by the sensor holder or the server. To protect possible attacks launched at the untrusted client, our solution makes the fingerprint sensor validate the result computed by the client for the feature extraction. However, the validation should be simple so that the resource-constrained fingerprint sensor can validate it in real-time. To solve this problem, we separate the feature extraction into binarization and minutiae extraction, and assign the time-consuming binarization to the client. After receiving the result of binarization from the client, the sensor conducts a simple validation to check the result, performs the minutiae extraction with the received binary image from the client, and then sends the extracted minutiae to the server. Based on the experimental results, the proposed solution for fingerprint verification can be performed on the sensor-client-server model securely and in real-time with the aid of an untrusted client.