魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team

魂▪創▪通魂▪創▪通 2 Web Browser caserver.com bank.com 3. use certificate (digital signature) 2. Issue certificate 4. Verify certificate Korean banking use case 1.Public key pair is generated in the browser.

魂▪創▪通魂▪創▪通 Prototype Architecture 3 CA Server Issuing/Updating/Revoking WebCert Gateway Client Side Server Side

魂▪創▪通魂▪創▪通 CMP in Browser 4 Firefox Web Browser Crypto Library WebCert App CMP (Certificate Management Protocol) Library WebCert API Cert and Key Store ASN.1 Library PKCS#11 Library HTML/JavaScript Firefox Cert/Key DB NSS Library Open Source ETRI Imp.

魂▪創▪通魂▪創▪通 CMP operation flow in Browser 5 CMP message handling CMP ASN.1 encoding Crypto operation Certificate issuing request CMP ASN.1 decoding Crypto operation CMP message handling Certificate issuing response Storage operation HTTP request HTTP response CMP operation flow in the case of certificate issuing Key generation and Encryption Digital Signature Verification Store private key and cert to DB

魂▪創▪通魂▪創▪通 Requirement for future work 6  Private key Private key should be wrapped and unwrapped using a password Private key should be wrapped when not in use Password policy is required for strong password  Digital signature and encryption API API that support PKCS#7 or JOSE for digital signature and encryption  CertStorage API API that can access a key and certificate DB in a browser Without this API, a certificate can not be used  External secure device support Strong requirement that a private key should be stored in secure element such as Smart Card or USIM in Korea Need to support for PKCS11 compatible devices  UI for certificate management & usage Guideline to suggest UI for better user experience in cert management & usage

魂▪創▪通魂▪創▪通 7 Thank You