• Title/Summary/Keyword: electronic certificates

Search Result 36, Processing Time 0.019 seconds

Efficient certificate management system design and implementation on the use of medical solutions (의료솔루션 사용과 관련된 효율적인 인증서 관리 시스템 설계 및 구현)

  • Lee, Hyo Seung;Oh, Jae Chul
    • Smart Media Journal
    • /
    • v.5 no.1
    • /
    • pp.114-121
    • /
    • 2016
  • Currently, different medical institutions have been carrying out the e-healthcare system project. The system includes electronic medical record and prescription delivery system, and, the Medical Treatment law permits electronic signature for medical record management, which reduced the relevant costs and enabled sharing medical record. And medical solution using online certificates is expanding its application. In that light, the role of certificates became more important than ever. However, in contrast to active effort made to manage personal certificates, certificates related to medical solutions and other types of work are not being managed properly. Most work-related certificates are saved in office computers, which makes them vulnerable to various security threats. Although certificate servers can be used as a solution to this problem, hospitals must build the server separately and, therefore, small and medium-size hospitals can be reluctant to bear the burden. This study proposed a way to design and implement an effective and secure certificate management system by save the certificate file as a BLOB, using existing resources without needing to build a separate certificate server, at minimized costs.

A Certificate Verification Method based on the Attribute Certificates (AC기반의 인증서 검증 모델)

  • Park ChongHwa;Kim JiHong;Lee ChulSoo;Kim Dongkyoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.6
    • /
    • pp.15-24
    • /
    • 2004
  • Electronic commerce is widely used with the development of information communication technologies in internet using public key certificates. And the study for access control in Web application and DB system is also progressed actively. There are many verification method for PKC(Public Key Certificates), which are CRL, OCSP, SCVP and others. But their certificates verification methods for PKC cannot to be applied to PMI(Privilege Management Infrastructure) which is using AC(Attribute certificates) because of synchronization of PKC and AC. It is because AC has no public key, AC Verifier must get the PKC and verify the validity on PKC and AC. So in this paper we proposed the new AC-based certificate verification model. which provide the synchronization in two certificates(AC and PKC).

Certificates Binding Method Using OCSP Server (OCSP 서버를 이용한 인증서 결합방안)

  • Kim JiHong;Chi JunWoong
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.41 no.1
    • /
    • pp.45-52
    • /
    • 2004
  • With the development of Information Communication Technique, electronic commerce is widely used in Internet using public key certificates. And the study on access control for web server or database server is also progressed actively. In this paper, we analyze the proposed access control method for server and the binding method between public key certificates and attribute certificates using OCSP server.

A Study on Tainting Technique for leaking official certificates Malicious App Detection in Android (공인인증서 유출형 안드로이드 악성앱 탐지를 위한 Tainting 기법 활용 연구)

  • Yoon, Hanj Jae;Lee, Man Hee
    • Convergence Security Journal
    • /
    • v.18 no.3
    • /
    • pp.27-35
    • /
    • 2018
  • The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.

  • PDF

A Study on the Improvement of Personal Identity Proofing Service Using an Alternative Method for Resident Registration Number Based on Electronic Signature (전자서명 기반의 주민등록번호 대체수단을 사용한 본인확인서비스 개선 방안에 대한 연구)

  • Kim, Jong Bae
    • The Journal of the Convergence on Culture Technology
    • /
    • v.7 no.3
    • /
    • pp.453-462
    • /
    • 2021
  • As the status of public certificates expired due to the recent revision of the Electronic Signature Act, electronic signature-based public certificates were also lost in the means of replacing resident registration numbers(RRN). As a result, public certification institutions have recently been designated by the Korea Communications Commission as identity verification service providers through a review of the designation of personal identity proofing agency based on alternative means of RRN. However, unlike existing RRN replacements such as i-PIN, mobile phones, and credit cards, the personal identity proofing process for applicants for certificates is different from existing alternatives. The proposed method shows that it is possible to protect users' personal information and provide universal, reasonable, and safe identification services by applying improvements to electronic signature-based personal identity proofing services.

Access Control using Attribute Certificates in Distributed System (분산시스템에서의 속성인증서를 이용한 접근통제방안)

  • Kim, Ji-Hong;Park, Chong-Hwa;Hwang, Tae-Hyun
    • The Journal of Information Technology
    • /
    • v.6 no.1
    • /
    • pp.107-115
    • /
    • 2003
  • With the development of Information Communication Technique, electronic commerce is widely used in internet using public key certificates. And the study for access control in database system is also progressed actively. In this paper, we analyze access control mechanism using attribute certificated and we propose new access mechanism in distributed system using attribute certificates.

  • PDF

RBAC Method using Certificates (인증서를 이용한 역할기반 접근제어방안)

  • Park, Chong-Hwa;Kim, Ji-Hong
    • The Journal of Information Technology
    • /
    • v.6 no.1
    • /
    • pp.11-20
    • /
    • 2003
  • With the development of Information Communication Technique, electronic commerce using PKIs is widely used over the Internet. The goal of access control is to counter the threat of unauthorized operations involving Web-server or data base systems. The RBAC(Role-Based Access Control) has recently received considerable attention as a promising alternative to traditional discretionary and mandatory access controls. In this paper we propose two methods, the RBAC system using attribute certificates and the RBAC system using SPKI certificates. And we analyze and compare the two methods.

  • PDF

A History Check System of Public Electronic Certificate using OCSP Service (OCSP 서비스를 이용한 공인인증서 사용이력 확인 시스템)

  • Kim, Nam-Gon;Cho, Beom-Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.3
    • /
    • pp.543-548
    • /
    • 2016
  • Public electronic certificates, as an important means for identification, have been used as the main economic transactions, including banking, e-government, e-commerce. identification. However, damage cases of certificates have been increased by Illegally issued and by hacking practices. Also the users have a difficult in ensuring that their certificates when and where to use. Therefore, the proposed system gives the organization code for the Institutions using OCSP services in advance, the organization code embedded in extensions of OCSP request message structure when institutions ask the validation of certificate to CA(Certificate Authority). Also, OCSP server can extract the organization code from OCSP request message, confirm the institution, and record it in certificate history management table of DB. In this paper, we presented a system that could determine the certificate history check using OCSP service, public electronic certificate validation service, and implemented to prevent and cope immediately with financial incidents.

A Robust and Efficient Anonymous Authentication Protocol in VANETs

  • Jung, Chae-Duk;Sur, Chul;Park, Young-Ho;Rhee, Kyung-Hyune
    • Journal of Communications and Networks
    • /
    • v.11 no.6
    • /
    • pp.607-614
    • /
    • 2009
  • Recently, Lu et al. proposed an efficient conditional privacy preservation protocol, named ECPP, based on group signature scheme for generating anonymous certificates from roadside units (RSUs). However, ECPP does not provide unlinkability and traceability when multiple RSUs are compromised. In this paper, we make up for the limitations and propose a robust and efficient anonymous authentication protocol without loss of efficiency as compared with ECPP. Furthermore, in the proposed protocol, RSUs can issue multiple anonymous certificates to an OBU to alleviate system overheads for mutual authentication between OBUs and RSUs. In order to achieve these goals, we consider a universal re-encryption scheme and identity-based key establishment scheme as our building blocks. Several simulations are conducted to verify the efficiency and effectiveness of the proposed protocol by comparing with those of the existing ECPP.