1 / 7

2013. 11. 15.

Use Case and Requirement for Future Work. 2013. 11. 15. Sangrae Cho Authentication Research Team. Korean banking use case. 2. Issue certificate. Web Browser. Public key pair is generated in the browser. 4. Verify certificate. 3. use certificate (digital signature). bank.com.

melora
Télécharger la présentation

2013. 11. 15.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Use Case and Requirement for Future Work 2013. 11. 15. Sangrae Cho Authentication Research Team

  2. Korean banking use case 2. Issue certificate Web Browser Public key pair is generated in the browser. 4. Verify certificate 3. use certificate(digital signature) bank.com caserver.com

  3. Prototype Architecture Client Side Server Side WebCert Gateway CA Server Issuing/Updating/Revoking

  4. CMP in Browser WebCert App HTML/JavaScript WebCert API Firefox Web Browser ETRI Imp. CMP (Certificate Management Protocol) Library Crypto Library ASN.1 Library Open Source PKCS#11 Library NSS Library • Cert and Key Store Firefox Cert/Key DB

  5. CMP operation flow in Browser CMP operation flow in the case of certificate issuing Certificate issuing request CMP message handling Crypto operation Key generation and Encryption CMP ASN.1 encoding HTTP request HTTP response Certificate issuing response CMP ASN.1 decoding Crypto operation Digital Signature Verification CMP message handling Store private key and cert to DB Storage operation

  6. Requirement for future work • Private key • Private key should be wrapped and unwrapped using a password • Private key should be wrapped when not in use • Password policy is required for strong password • Digital signature and encryption API • API that support PKCS#7 or JOSE for digital signature and encryption • CertStorage API • API that can access a key and certificate DB in a browser • Without this API, a certificate can not be used • External secure device support • Strong requirement that a private key should be stored in secure element such as Smart Card or USIM in Korea • Need to support for PKCS11 compatible devices • UI for certificate management & usage • Guideline to suggest UI for better user experience in cert management & usage

  7. Thank You

More Related