|
 |
|
 |
KSignCASE
is a toolkit that provides PKI based crypto libraries
and enables developers to rapidly deploy applications
without having to have deep knowledge of crypto. Being
developed upon existing and emerging standard including
RFC series, PKCS series and other international standard,
KSignCASE has high stability and interoperability. |
|
|
 |
ISince it is difficult
to trust someone's identity because of anonymity of
the Internet, simply it is not easy to verify and trust
eCommerce user or any Internet transactions while the
Internet is a vast open environment that anyone can
reach certain information. It is not hard to imagine
that many security incidents (e.g. hackings, legalistic
disputes) have been caused due to these security defects
on the Internet environment, and of course, security
countermeasures have been emphasized and considered.
'KSignCASE(KSign Certificate API for Secure Environment)'
is a PKI application security toolkit which provides
PKI-based information security service (e.g. internet
banking, online stock trading, cyber government administration
& petition, comprehensive information system, eCommerce)
on wireline/wireless internet environment.
'KSignCASE' is provided as API (Application Program
Interface) library format that can be used to issue,
manage and verify certificate, used to generate private/public
key pair, and used to digital sign/verify message.
In addition, 'KSignCASE' supports various platform environments
(e.g. HP, SUN, IBM, Windows, Linux) to easily deploy
in various OS and languages. 'KSignCASE' supports most
frequently used language (C/C++, Java) as well.
Especially, since all API processes and protocols are
developed under complying RFC Series, PKCS Series and
other international security standards, it has high
stability and it is easily interoperable too. 'KSignCASE'
provides best-suited environment for if developing PKI
application program.
As implementing 'KSignCASE', user and server will be
provided with trusted environment. Build Internet service
environment that can more safely protect data exchange
between user and server.
|
|
|
| KSignCASE enables various digital
certificates provided functions that are used in PKI application
programs. Each application programs will interoperate
with CAs and other application programs, and following
PKI-based APIs will be provided. |
|
Certificate management API (KCASECM) |
|
Certificate issuance and revocation API (KCASECMP) |
|
PKCS(Public Key Cryptography Standard) API (KCASEPKCS)
|
|
Certificate verification API (KCASECV) |
|
PEM encoding and memory management API (KCASECOMMON) |
|
Storage method management API (KCASESTORAGE) |
|
Encryption and decryption API (KCASECRYPTO) |
|
ASN.1 API (KCASEASN1) |
|
|
 |
(1) Provide stabilized
API
|
|
Provide best-suit API to develop application
program that using PKI digital certificate |
(2) Capable of using various
application program
|
|
Capable of using in application
programs that are to use certificate independently
from platform |
|
Support various platforms; SUN, HP, IBM, COMPAQ,
Linux, MS Windows |
(3) Support safe communication
module
|
|
Support communication module between
certification server and directory server(LDAP)
through using CMP(Certificate Management Protocol) |
(4) Support various types
of storage methods
|
|
Support certificate storage hardware
like smart card and USB Key, and support biometrics
authentication method. |
(5) Support development
environment with complying RFC, PKCS and other international
security standard
|
|
Retrieve certification path and
CRL(Certification Revocation List) verification
(RFC2459-Internet X.509 Public Key Infrastructure
Certificate, and CRL Profile) |
|
Issue, reissue, revoke and update certificate
(RFC2510-Internet X.509 PKI Certificate Management
Protocols) |
|
Generate key pair, digital signature/verification,
encryption/decryption |
|
Encrypt private key (PKCS #5 Password-Based
Encryption Standard) |
|
Standardized digital signature (Signed-data),
encryption (Enveloped-data), digital signature
with encryption (Signed-and-enveloped-data), message
format support (PKCS-#7 Cryptographic Message
Syntax Standard) |
(6) Support
international standard PKI application algorithms
|
|
Digital signature algorithm : RSA,
KCDSA, DSA, ECC |
|
Data encryption algorithm : DES, SEED, AES,
RC2/4/5, IDEA, CAST |
|
Hash algorithm : SHA-1, SHA, MD2/4/5, HAS160
|
KSignCASE in Use
KSIGN has supplied and constructed 'KSignCASE' for Ministry
of Finance and Economy's 'Financial and economic data
system construction project' and Ministry of Government
Operation and Home Affairs' 'CA system expansion project',
and recently KSIGN has supplied ˇ°KSignCASE' for
Korean Food and Drug Association's 'Cyber Petition Service'.
KSIGN also has supplied 'Security Toolkits' to Evali
Harex InfoTech, EVALI and LG Capital
'KSignCASE' assists precise user authentication by providing
PKI certificate-based API(Application Program Interface).
'KSignCASE' can be deployed to any Internet service
environment that is requiring more safely protect exchange
data between user and server.
'KSignCASE' is capable of interoperating with various
PKI products; certification system (PKI), Data Validation
and Certificate Server (DVCS), Key Management Infrastructure(KMI),
Extranet Access Management(EAM), PKI-based Conditional
Access System(CAS), Data Encryption Solution(SWAT),
Application Security Toolkit (KSignCASE) and other several
PKI products.
|
|
|
|
|
KSignCASE(C) |
| |
- SUN: Solaris2.7/ IBM : AIX 4.3 / HP : HPUX 10.20
/ COMPAQ : DEC UNIX 4.0 Alpha-tru64 / X86 : Red Hat LINUX
5.2 / X86 : MS Windows 98, NT, 2000 |
|
KSignCASE(JAVA) |
| |
- JAVA : JDK1.3.1 |
|
KSignCASE UI for
ATL/COM |
| |
- MS Windows 98/ NT/ 2000 |
|
|
|
|
