• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.313-322
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.59-66
• /
• 2006

A Certification Authority issues X.509 public key certificates to bind a public key to a subject. The subject is specified through one or more subject names in the 'subject' or 'subjectAltName' fields of a certificate. In reality, however, there are individuals that have the same or similar names. This ambiguity can be resolved by including a 'permanent identifier' in all certificates issued to the same subject, which is unique across multiple CAs. But, a person's unique identifier is regarded as a sensitive personal data. Such an identifier cannot simply be included as part of the subject field, since its disclosure may lead to misuse. We present a new method for secure and accurate user authentication through the PEPSI included in the standard certificate extension of a X.509 certificate. The PEPSI can be served not only for user authentication but also for the user anonymity without divulging personal information.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.3
• /
• pp.57-66
• /
• 2006

In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.262-265
• /
• 2001

분산 시스템에서 사용자가 시스템에 로그인 상태에서 자신의 시스템에 존재하지 않는 자원을 이용하기 위한 방안으로 권한위임이 필수적이다. 이러한 권한위임은 다양하게 요구되는 정보보호 응용 서비스의 가용성을 증대시킨다. 본 논문에서는 권한위임을 처리하기 위해서 권한위임 인증서를 생성하여 안전하게 인증서를 중개자에게 전달해야한다. 개시자와 중개자 최종 목적지까지 다단계 권한위임이 발생하는 연결고리에서 PKI 기반 X.509의 공개키를 이용한 효율적이고 추적 및 검증이 가능한 프로토콜을 제안한다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.12
• /
• pp.1541-1548
• /
• 2001

In this paper, We propose a new Kerberos certification mechanism that improve certification service based on PKINIT that announce in IETF CAT Working Group. Certification between area connected by chain through PKINIT that use X.509 and DS/DNS mutually for service. In order to provide regional services used private key and public key, X.509 of PKINIT is employed on session part and Kerberos's private key on actual authentication part. New mechanism be reduced communication overload doing to simplify certification formality between Client and remote KDC by KDC's certificate use to get ticket in remote sacred ground and remote KDC's reaffirmation process omitted.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.6
• /
• pp.845-852
• /
• 2001

Electronic commerce and application service is to universal on the internet, and a large quantity information transmitted on the network, It's needs procedure to access only permit objects for the integrity of information. In order to provide regional services is authentication for control resource and client identification. In particular, public key system is to implement in distributed environment, it is able to insurance users convenience and integrity at the same time. In this paper designed mechanism of cross certification between realms in PKI based on X.509 associated with DNS (Domain Name System) that is presented.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06c
• /
• pp.322-324
• /
• 2006

네트워크의 발달과 분산처리 시스템의 확산에 따라 정보의 노출이나 손실 및 변경과 같은 보안상의 문제들이 크게 증가하고 있다. 따라서 메시지처리와 보안에 대한 많은 연구가 진행 중에 있으며 X.400 메시지처리시스템과 메시지 보안 프로토콜이 대표적인 예이다. 하지만 메시지 보안 프로토콜은 X.509 공개키 기반구조를 사용하고 있어 인증단계가 복잡하다는 단점이 있다. 이에 본 논문은 기존 X.509 공개키 기반구조를 보다 단순화시켜 유연하게 지원하기 위해 SPKI/SDSI기반구조의 SPKI/SDSI인증형식을 갖춘 인증서를 정의하여 X.509 인증구조보다 간소화한 메시지 보안 프로토콜을 설계 및 구현하였다.

• Journal of the military operations research society of Korea
• /
• v.26 no.1
• /
• pp.115-124
• /
• 2000

In this paper, we are introduced a certification system for open network environment. The Kerberos which was developed by MIT uses a secret key cryptosystem for authentication. It is secure and efficient for closed network users to authenticate each others. However, the kerberos has a disadvantage of managing a lot of secret keys for In this paper, we are introduced a certification system for open network environment. users in the open network environment. This paper suggests a method that uses X.509 to provide public keys with certification to Kerberos users for authentication in the X.500 directory standard. And we also suggest the smartcard as data storage device to enhance the security and availability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.29-46
• /
• 2002

We generally use SSL/TLS protocol utilizing X.509 v3 certificates so as to provide a secure means in establishment an confidential communication and the support of the authentication service. SPKI/SDSI was motivated by the perception that X.509 is too complex and incomplete. This thesis focuses on designing a secure server and an implementation of the prototype which has two main modules, one is to support secure communication and RBAC, not being remained in the SPKI/SDSI server which was developed by the existing Geronimo project and the other is to wholly issue name-certificate and authorization-cerificate. And the demonstration embodied for our sewer is outlined hereafter.

• Journal of applied mathematics & informatics
• /
• v.34 no.5_6
• /
• pp.509-517
• /
• 2016

In this paper, we consider the following functional equation with involution f(x + y) + f(x + σ(y)) = 2f(x) + f(y) + f(σ(y)) and prove the generalized Hyers-Ulam stability for it when the target space is a non-Archimedean Banach space.