|
 |
|
 |
'KSignOCSP(Online
Certificate Status Protocol)' retains validity of certificate
in real-time basis. Therefore, users can request to
verify their certificates and the system sends the result
of certificate status to users via online in real-time
basis.'KSignOCSP' can be either constructed with CA
or constructed independently to perform OCSP function
of own, and it enables consistent management of security
policies such as real-time certificate verification
function. |
|
|
Since Internet security
with using cryptography and digital signature on digital
certificate has become vastly common, and need for verifying
and update certificate status data (revocation, suspension
and validity of certificate) have been arisen. Especially,
there are some cases that revocation data cannot be
monitored or verified by real-time upon different policies
for revoked certificates at CA in accordance with certificate
management mechanism. Therefore, KSignOCSP downloads
CRL in regular interval to overcome such problem.
|
|
|
KSignOCSP (Online Certificate Status Protocol) carries out real-time
certificate validity verification, certificate path verification
to enable consistent management on security policy. This is
a easier method of administrate certificate than existing CRL
(Certificate Revocation List method of verification.
|
|
 |
(1) Complete
interoperation with PKI authentication system
|
OCSP can be explained as a extended
idea of certificate verification mechanism against
from existing PKI authentication, that enables to
provide variable service with certificate verification
mechanism through CRL (Certificate Revocation List),
interoperation with current PKI certification is
priority condition, and KSignOCSP is the product
that fully satisfy all above conditions. |
(2) Multi CA certificate
information service
|
|
A single OCSP Server can synchronize
multiple number of CA and certificate data. Therefore,
any organization deploying compound certification
system such as from wireless, wireline, accredited
to private is able to run service with a single
OCSP. |
(3) Ensures interoperability
by deploying international standards
|
|
Deployed all the OCSP international
standards and various security technologies for
current PKI certification service. |
(4) Maximize effectiveness of certification
service
|
|
Certificate verification through CRL
with certificate verification through OCSP will
maximize effectiveness and variability of the service. |
(5) Support various protocol
|
|
There is no need for extra web server
since it supports http protocols such as post and
get by it self, and many other applications are
available since it is able of servicing with TCP/IP
protocol too. |
(6) User management
|
|
Able of providing selective service
to separate users and the subject user service record
can be supervised too. |
(7) Provide convenience of operation
management
|
|
It has best suited management function
through multiple CA server registration and management
by administrator S/W that equipped with functions
to gather figures and report, OCSP management interface
based on GUI. |
|
|
|
|
|
KSignOCSP
Proxy Demon |
| |
- OS: Solaris 2.6 / 2.7 / 2.8
- H/W: HDD 1G, Main Memory 256M, CPU 500Mhz -- Need to
confirm |
|
KSignOCSP Server |
| |
- OS: Solaris 2.6 / 2.7 / 2.8
- H/W: HDD 1G, Main Memory 256M, CPU 500Mhz |
|
KSignOCSP Client Toolkit |
| |
- OS: Windows 98
- H/W: HDD 1G, Main Memory 128M, CPU 500Mhz |
|
KSignOCSP Server Toolkit |
| |
- OS: Solaris 2.6 / 2.7 / 2.8 Unix (HP, Compaq, Sun,
IBM, etc)
- H/W: Minimum of HDD 1G, Main Memory 128M, CPU 500Mhz |
|
|
|
|
