|
 |
|
 |
'KSignPKI
(Public Key Infrastructure) is a critical security foundation
that provides trusted user authentication service to
enable safe data transaction on the Internet through
confirming identity between sender and receiver 'KSignPKI'
constructs X.509v3 based certificate administration
system. |
|
|
 |
As a PKI solution,
'KSignPKI (Public Key Infrastructure) provides trusted
user authentication service to enable safe data transaction
on the Internet through authenticating identities between
sender and receiver.
KSignPKI is a user authentication system that uses PKI
cryptography to transform user's handwriting signature
or seal into electronic format of digital signature.
Users of 'KSignPKI' will be provided with various security
essential components(e.g authentication, confidentiality,
integrity, non-repudiation, access control) that are
strongly requested for Internet security.It is obvious
that if any application services on Internet cannot
provide absolutely secure and trusted environment for
users, such application service will experience difficulties
to lively develop or distribute over the World Wide
Web.
'KSignPKI' will be the best suit to establish firm trusted
security fundamentals for Internet application services.
'KSignPKI' enables safe data transactions with firm
trust between service users and content providers and
it is already in use for Internet Banking, groupware,
digital payment, issue various types of digital certificate,
online shopping, digital payment system, etc. |
|
|
 |
 |
KSignPKI Components
|
CA (Certification Authority) |
|
RA (Registration Authority) |
|
Directory Server (Storage) |
|
CGI Prog : (Proceeds users request through web) |
|
OCSP (Online Certificate Status Protocol) |
|
KRA (Key Recovery Authority) |
The components of 'KSignPKI' can be independently constructed
to deploy unique security system for the special need
or requirement.
(1)
KSignPKI CA / KSignPKI CA Admin :
The system to issue and administrate digital certificate.
|
|
Support various PKI algorithm: RSA,
KCDSA, ECDSA, etc |
|
Support digital signature, key distribution,
S/MIME, SSL, VPL, and Issue X.509v3 certificate,
|
|
Support administrative functions: reissue, update,
revoke, suspend and recover X.509v3 certificate |
|
Support interoperation between CAs (Cross-Certification,
Certificate Trust List, etc) |
|
Support setup management according to certificate
profile policies defined at RFC2459/3280 |
(2) KSignPKI RA / KSignPKI
RA Admin / KSignPKI LRA : The system to register and administrate
user information.
|
|
Register and administrate subscriber
information |
|
Prevent threats of alteration/forgery/deletion
of RA system |
|
Approve issuance of certificate after verifying
subscriber's identity by interviewing them in face
to face. |
|
Provide 'Role Based Access Control' for RA administrators |
|
Support digital certificate based 'Two-Factor
Authentication' to authenticate RA administrators |
(3) KSignPKI KGS : the system to generate
keys for CA system administrator and certificate request
form
|
|
CA system and administrator key generation,
and certificate request form generation system |
|
Generate digital signature key pair: RSA, ECDSA,
KCDSA, etc |
|
Generate certificate issuance request form: PKCS#10,
RFC2511 |
|
Setup policies for generate key pair and certificate
issuance request form |
|
Provide 'Role Based Access Control' by policy
manager, generation manager and audit manager |
|
Support 'Two-Factor Authentication' to authenticate
key generation system administrator |
(4) KSignPKI CIS : the smartcard issuance system
|
|
Setup smartcard's map |
|
Setup or modify smartcard's PIN value |
|
View or modify data stored in smartcard |
|
Unlock smartcard |
(5) KSignPKI OCSP :
Online Certificate Status Protocol
|
|
Support both CA dependent type/independent
type OCSP |
|
Can be configured with OCSP server/ OCSP Client/
OCSP Admin |
|
Real-time certificate status verification (RFC2560)
|
(6) KSignPKI TSA : Time Stamp System
|
|
Issue time stamp token |
|
Handle time stamp confirmation request |
|
Support time stamp server administration module |
|
Support administration on data of issued time
stamp token |
|
Provide security and signature libraries |
(7) KSignPKI Client
|
|
Support End to End(E2E) security communication
channel using PKCS#7, SSL, etc |
|
Support RFC2510 CMP protocol to issue and administrate
certificate |
|
Support various types of private key and certificate
storage format (PKCS#12) to
accommodate mobility and flexibility |
|
Able of choosing various of storage types (HDD,
Floppy Diskette, Smart Card, USB Key, etc) |
|
Support digital signature algorithms confirm
to PKCS#1 : RSA, ECDSA, KCDSA, etc |
|
|
|
 |
(1) Ensure international
product interoperability
|
|
Provide global security service with
ensuring international product interoperability |
|
Support IETF, ISO, PKCS Series and other major
international standards |
|
Passed NIST Interoperability Test to ensure interoperability
with overseas CA solution or CA service |
(2) Trust and Reliability
|
|
Satisfied all 273 security essential
subjects of Public Licensed CA under Digital Signature
Act of Korea |
(3) Easy of applying into
various applications services and E-Commerce
|
|
Able to add certification service
onto web, mail, EDI, XML, VPN and wireless Internet
security products. |
|
Provide sufficient development environment for
users through supporting various
domestic/international security algorithm and APIs |
(4) Support effective certificate
verification mechanism
|
|
Support selective certificate verification
mechanism for corresponding service environment
and purpose |
|
Support CRL(Certificate Revocation List) verification
mechanism |
|
Provide various and distinctive certificate verification
mechanism such as CRL DP, Delta CRL, etc |
(5) Easy of use for CA service
administrative function and enhanced security
|
|
Provide easy interface to facilitate
administrator to manage user and certificate information |
|
Support role based access control for administrator
by using hardware tokens such as smartcard, USB
key, etc |
(6) Variability and mobility
of user information management
|
|
Provide mobility and security through
supporting various types of storage methods
(smartcard, USB key, HDD, floppy diskette, etc) |
KSignPKI IN USE
'KSignPKI' is deployed in five Korean Public Licensed
CAs Korea Electronic Certification Authority, National
Computerization Agency, Korea Financial Telecommunications
& Clearings Institute, Korea Securities Computer
Corp and Korea Information Certificate Authority, and
successfully operating and providing trusted and reliable
security for these CAs.
KSIGN is the leader of PKI solution provider for government,
military, educational institutions, public institutions
to construct CAs since 'KSignPKI' is also deployed in
Headquarter of Korean Army, National Pension EDI, Korean
Telecom, Korea Power Exchange, Ministry of Finance and
Economy, Ulsan University, Supreme Public Prosecutor's
Office and other more.
PKI security based certification
service has large application areas where verifying
user identity means the critical importance such as
in Internet banking, online stock trading, enterprise
groupware, eCommerce, digital payment, ticket reservation,
and various certification issuances.
'KSignPKI' is capable of interoperating with the Data
Validation and Certificate Server (DVCS), Key Management
Infrastructure(KMI), Extranet Access Management(EAM),
PKI-based Conditional Access System(CAS), Data Encryption
Solution(SWAT), Application Security Toolkit (KSignCASE)
and other several PKI products. |
|
|
|
|
Server |
| |
- Operating System: Minimum Sun Solaris 2.5/2.6
- System: Minimum Ultra10 (Recommended)
- Memory: Minimum 512 MB (Recommended)
- HDD: Minimum 20M (Requested)
- Smart card reader and smart card: CA server use |
|
Client |
| |
- Operating System: MS Windows9X/NT/2000
- System: Minimum Intel Pentium 200MHz (Recommended)
- Memory: Minimum 32 MB (Recommended)
- HDD: Minimum 10MB
- Video: Minimum SVGA (Recommended)
- Smart card reader and smart card: for PC |
|
Installation Requirement |
| |
- Following software must be installed in advance before
installing KSignWPKI 2.0
- WEB Server: Apache web server 1.2/1.3
- Netscape browser: Minimum 4.6/4.7
- Directory Server: Netscape directroy server or Aphlion
directory server
- Data Base: Minimum Oracle 8.1.6 |
|
|
|
|
