Beruflich Dokumente
Kultur Dokumente
5 Nov 2002
Contents
2
The Interoperability between NPKI & GPKI in KOREA
3
PKI Status in Korea
The Interoperability between NPKI & GPKI in KOREA
■ Object
✦ To assure the security and trust of electronic documents
and to promote use of it in private sector
■ Target of certificate issuance
✦ Citizen, Enterprise
■ Scope of certificate usage
✦ Internet Banking, Cyber Trading, e-Bidding and G4C
service, etc.
■ Relevant Act
✦ 1999. 7 : Enforce Digital Signature Act
✦ 2002. 4 : Enforce Electronic Signature Act [Revised]
4
NPKI Structure
The Interoperability between NPKI & GPKI in KOREA
•Setup
•Set upand
andexecute
execute
certificatepolicy
certificate policy MIC
MIC
•DesignateACAs
•Designate ACAs [Ministry of Information
[Ministry of Information
and Communication]
and Communication]
•Cross-certification
•Cross-certification
withforeign
foreignPKI
PKI •OperateRoot
•Operate RootCA
CA
with KISA •EvaluateACAs
•Evaluate ACAs
KCAC
KCAC •Supportfor
forfounding
founding
•Support
ACA
ACA
certificate issuance
subscriber Enterprise
Enterprise subscriber Enterprise
Enterprise
subscriber subscriber
5
The Interoperability between NPKI & GPKI in KOREA
■ Object
✦ To implement G4C(Government for Citizen) service
■ G4C Service
✦ To enable public services on the internet between
Citizen and Government
✦ One of the 11 projects for the e-Government in Korea
● Educational Administrative Information Systems, Integrated National Tax
services and e-Public Procurement Services, etc.
■ Target of certificate issuance
✦ Public officer
■ Scope of certificate usage
✦ G4C service
■ Relevant Act
✦ 2001. 7 : Enforce e-Government Act
6
The Interoperability between NPKI & GPKI in KOREA
GPKI Structure
•Setup
•Set upand
andexecute
execute PMA
PMA
certificatepolicy
certificate policy [policy Management Authority]
[policy Management Authority]
•Cross-certification
•Cross-certification
withforeign
foreignPKI
PKI
with MOGAHA
MOGAHA •Setup
upand
andexecute
execute
[Ministry of Government
[Ministry of Government •Set
Administration and Home Affairs]
Administration and Home Affairs] certificatepolicy
certificate policy
GCC
GCC •OperateRoot
•Operate RootCACA
[Government computer center]
[Government computer center]
••Evaluate subCAs
Evaluatesub CAs
GCC
certificate issuance
Public Public
Public
Public Officer
Officer
Officer Officer
7
1.3 Need of Interoperability between
The Interoperability between NPKI & GPKI in KOREA
Need of
Interoperability
NPKI GPKI
KISA GCC
GCC
KISA
Sub CA
G4C
ACA Website GPKI
CertA
Public
Public
Officer
Officer
Request or Response of public service + Signature
NPKI
CertA citizen
citizen
8
The Interoperability between NPKI & GPKI in KOREA
9
Activity of
NPKI-GPKI Interoperability
The Interoperability between NPKI & GPKI in KOREA
10
The Interoperability between NPKI & GPKI in KOREA
11
The Interoperability between NPKI & GPKI in KOREA
12
Certificate Trust List
The Interoperability between NPKI & GPKI in KOREA
■ One of the CA-CA Interoperability models
✦ CTL is used to distribute a information of Trusted CA
Certificates
■ CTL
✦ Issued by Competent Authority
✦ Includes a list of “Trusted CAs”
✦ a Signed PKCS#7 data structure
Trust List
(List :CA A, CA B) Add to Trust List Accreditation
(Signer : Com-Auth)
CA A CA B
Download or Check
Trust List
User User
A B
13
The Interoperability between NPKI & GPKI in KOREA
14
The Interoperability between NPKI & GPKI in KOREA
Certificate Path
PKI Domain A
CTL
R O OT Co mpetent
USE R A CA A (List: RootCA A)
CA A (Issuer: Comp-Auth) Authority
15
The Interoperability between NPKI & GPKI in KOREA
16
The Interoperability between NPKI & GPKI in KOREA
NPKI-GPKI Interoperability
based on CTL model in Korea
17
The Interoperability between NPKI & GPKI in KOREA
NPKI GPKI
Interop erability
CTL CTL
KISA GCC (List : KISA)
(List : GCC)
(Root CA) (Root CA) (Singer : GCC)
(Singer : KISA)
Accredited CA Sub CA
Citizen Public
Officer
18
The Interoperability between NPKI & GPKI in KOREA
19
The Interoperability between NPKI & GPKI in KOREA
20
The Interoperability between NPKI & GPKI in KOREA
KISA Directory
(Root CA)
NPKI GPKI GCC Directory
(Root CA)
Licensed CA Sub CA
Public
Citizen
Obtains CTL Officer Obtains CTL
21
The Interoperability between NPKI & GPKI in KOREA
version Default v1
subjectUsage 1.2.410.200004.8.1.1.1
listIdentifier X
sequenceNumber 1, 2, …
thisUpdate 2002/10/10
nextUpdate 2002/10/20
subjectAlgorithm SHA-1
trustedSubjects GCC certificate
extension X
22
Distributing CTL
The Interoperability between NPKI & GPKI in KOREA
■
✦ CTL DP of KISA
■ Verifying CTL
✦ PKCS#7->SignedData
● OID of SignedData
● Version of SignedData & SignerInfo
● CTL OID of contenttype
● authenticatedAttributes of SignerInfo
● encryptedDigest of SingerInfo(Signature Verifying)
✦ CTL
● Version, Validity, Subject Usage
● trustedSubjects(whether CTL includes a proper Root CA
Certificate)
23
The Interoperability between NPKI & GPKI in KOREA
24
Conclusion
The Interoperability between NPKI & GPKI in KOREA
■ Future Work
✦ The structure of GPKI has not fixed yet.
● If other Ministry wants to operate own Root CA in the
future, we may consider other models for NPKI-GPKI
Interoperability
25
The Interoperability between NPKI & GPKI in KOREA
Thank You !
Homepage : http://www.rootca.or.kr
Address : 78, Garak-Dong, Songpa-Gu,
Seoul, Korea 138-803
E-mail : hbs2593@kisa.or.kr
26