Subject Identification Method (SIM) <draft-ietf-pkix-sim-00. txt> Korea Certification Authority Central Korea Information Security Agency Jong-Wook, Park (khopri@kisa. or. kr) http: //www. rootca. or. kr/eng/doc_en. html
Subject Identification Method (SIM) Overview n Document Background - In practical, Subject Name in certificate MAY NOT GUARANTEE that it is unique for each subject entity - In some countries, a person/corporation's identifier is regarded as a "private or personal data" by law ☞ How to satisfy these requirements? n Outstanding Characteristics - Defined new unique & cryptographically secure value, VID (Virtual Identifier) - Could be embedded in standards such as RFC 3280, PKCS#10, CRMF, PKCS#8, PKCS#11 etc - Already implemented and widely used in South Korea. 2
Subject Identification Method (SIM) Overall Procedures 1. Initialization • Obtain CA’s certificate & generate a public key pair 2. Random string generation • 160 -bit random string, R 3. Generating VID • VID = h(h(ID, R)) h() : Hash function (SHA-1 recommended) R : Random string (20 byte) 4. Encryption of VID • E : Encryption function EVID = E(VID, R) ID : Person or Organization Number 5. Certificate request • PKCS#10 or CRMF/CMP 6. Certification • Put into the VID into the Sub. Alt. Name extension 3
Subject Identification Method (SIM) Use-Cases n 3 use-cases described in the draft F Case 1 : RP request new user’s ID and R F Case 2 : RP already knows the user’s ID F Case 3 : User wants to protect his/her ID from RP < Case 1> Step User 1 Relying Party ID, R 2 SECURE CHANNEL Certificate 3 Extract VID from a certificate 4 Compute VID' = h(h(IDN, R)) 5 Check VID & VID’ are equal 4
Subject Identification Method (SIM) Next Step n Looking for more comments & implementations n Support for the ‘centralized scheme’ • • Globally unique and secure R for end entities MAY be generated by CAs The centralized scheme to be included in the next draft (draft-ietf-pkix-sim-01. txt) 5
Скачать презентацию Subject Identification Method SIM draft-ietf-pkix-sim-00 txt Korea Certification
e796046619ebe5aa6fb32b6fd40edae3.ppt