KR20170100235A - System and method for security of certificate - Google Patents
System and method for security of certificate Download PDFInfo
- Publication number
- KR20170100235A KR20170100235A KR1020160022532A KR20160022532A KR20170100235A KR 20170100235 A KR20170100235 A KR 20170100235A KR 1020160022532 A KR1020160022532 A KR 1020160022532A KR 20160022532 A KR20160022532 A KR 20160022532A KR 20170100235 A KR20170100235 A KR 20170100235A
- Authority
- KR
- South Korea
- Prior art keywords
- storage object
- certificate
- protected storage
- security system
- virtual drive
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
Description
The present invention relates to a public certificate security system and a method thereof. And more particularly, to an authorized certificate security system and method for protecting an authorized certificate used in authentication software from the outside.
An authorized certificate is a kind of electronic ID (certificate) created by adding owner information to a public key (referred to as "digital signature verification information" in the digital signature method) necessary for the verification of the digital signature. Public key certificate, digital certificate, electronic certificate, and the like. The public certificate exists in pairs with the private key (denoted as 'digital signature generation information' in the digital signature law). In noncommunicative online e-commerce, digital signing is required for contract writing and identification of the other party, and at the same time, the identity of the person who generated the digital signature is confirmed by the official certificate. The public key infrastructure (PKI) presupposes the existence of a trusted third party (certification authority) responsible for securely distributing the private and public keys used to generate and verify digital signatures.
Korea's accredited certificate system is also based on a public key infrastructure. A certificate based on a public key infrastructure can be divided into a server certificate used to verify the identity of the server and a personal certificate used to verify the identity of the user. A Korean certificate can be used for both purposes, but a common Korean certificate is used mainly for personal certificates. Certificates can be issued by several authorized organizations such as KFTC, Korea Information Authentication, and Korea Electronic Certification. They can also be issued by registrars such as banks, securities companies, and post offices. The main areas of use are banking Internet banking and online shopping mall real time settlement.
Although the file format of Korean public certificates and private keys conforms to the international standard, the location and method of storing and storing the files are unique and can not be used with general web browsers. Therefore, in order to use Korean public certificates, The program must be installed, and these additional programs are called authentication software. Typical examples of authentication software are Hecom Secure's XecureSmart, CrossCert PKI CS Suite, and INITECH INISAFE.
A public certificate used in the authentication software is stored in a predetermined location (directory). For example, in the case of a Windows operating system, a public certificate is stored in a specific directory such as C: \ Program Files \ NPKI. Since the location where the authorized certificate is stored is determined as described above, there is a problem that when the user's computer is hacked, the authorized certificate itself is easily leaked. When a public certificate is leaked, a serious security problem may arise, so that there is a strong need for security of the public certificate itself.
SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide an authorized certificate security system and method for protecting an authorized certificate used in authentication software from the outside.
According to an aspect of the present invention, there is provided a method of authenticating a user, comprising: generating a protected storage object corresponding to a certificate storage object storing an authorized certificate and corresponding private key information; And a control module for controlling the authentication software to access the protected storage object instead of the certificate storage object when a predetermined authentication software that performs authentication of the certificate storage object to access the certificate storage object is to access the certificate storage object.
In one embodiment, when the authentication software calls an application programming interface (API) for requesting file reference information necessary for accessing the certificate storage object, And may return file reference information for accessing the protected storage object.
In one embodiment, the authorized certificate security system may further include an encryption module for encrypting data recorded in the protected storage object and decrypting data read from the protected storage object.
In one embodiment, the encryption module encrypts data recorded in the protected storage object for each predetermined encryption unit, decrypts data read from the protected storage object for each encryption unit, and the encryption unit is a bit Or bytes.
In one embodiment, the generation module generates the protected storage object on a predetermined virtual drive, and the encryption module encrypts data recorded in the virtual drive for each encryption unit, and reads the encrypted storage object from the virtual drive The encryption unit is implemented in the form of a device driver for the virtual drive that performs a function of decrypting data for each encryption unit, and the encryption unit is a unit block of a bit, byte, or file system of the virtual drive .
In one embodiment, the encryption module may only allow access to the virtual drive requested by a predetermined application program or a predefined process.
In one embodiment, the generating module deletes the public key certificate and its corresponding private key information stored in the certificate storage object after creating the protected storage object if the certificate storage object is a directory, The object and the subdirectory structure included in the certificate storage object can be preserved.
According to another aspect of the present invention, there is provided a method of generating a secure storage object, the method comprising: generating a protected storage object corresponding to a certificate storage object storing an authorized certificate and corresponding private key information; There is provided an authorized certificate security method comprising the step of controlling the authentication software to access the protected storage object instead of the certificate storage object when a predetermined authentication software that performs authentication attempts to access the certificate storage object .
In one embodiment, the replacing step may include, when the authentication software calls an API requesting file reference information required to access the certificate storage object, returning the protected storage object to the authentication software in response to the API call And returning file reference information for access.
In one embodiment, the public certificate security system further includes an encryption step of performing encryption of data recorded in the protected storage object, and a decryption step of decrypting data read from the protected storage object can do.
In one embodiment, the encrypting step may include encrypting data recorded in the protected storage object for each predetermined encryption unit, and the decrypting step may include encrypting data read from the protected storage object, And the encryption unit may be a bit or a byte.
In one embodiment, the generating step includes generating the protected storage object on a predetermined virtual drive, and the encrypting step and the decrypting step may include encrypting data recorded in the virtual drive in each of the encryption units And a device driver for the virtual drive that performs a function of decrypting data read from the virtual drive for each of the encryption units, wherein the encryption unit is a bit, a byte, or a unit block of a file system of the virtual drive .
In one embodiment, the device driver may only allow access to the virtual drive requested by a predetermined application program or a predefined process.
In one embodiment, when the certificate storage object is a directory, the generating step deletes the public key certificate and corresponding private key information stored in the certificate storage object after creating the protected storage object, The object and the subdirectory structure included in the certificate storage object may be preserved.
According to another aspect of the present invention, a computer program installed in a data processing apparatus and stored in a computer-readable recording medium for performing the above-described method is provided.
According to another aspect of the present invention there is provided an authorized certificate security system comprising a processor and a memory for storing a computer program executed by the processor, wherein the computer program, when executed by the processor, An authorized certificate security system is provided in which the system performs the above-described method.
According to the technical idea of the present invention, it is possible to provide an authorized certificate security system and method for protecting the authorized certificate used in the authentication software from the outside.
In the past, since the location where the authorized certificate and the corresponding private key information are stored is predetermined, it is highly likely that the authorized certificate itself is leaked to the outside. On the other hand, according to the technical idea of the present invention, since the authorized certificate is stored in a separate protected storage object and it is difficult to grasp the path in the case of the protected storage object, it is difficult to take out the authorized certificate and the corresponding private key information There are advantages.
Also, according to an embodiment of the present invention, the authorized certificate and the corresponding private key information may be stored in encrypted form in the protected storage object. Therefore, even if the protected storage object is leaked for some reason, And the security for the corresponding private key information can be maintained.
According to an embodiment of the present invention, only a part of data required by the authentication software can be decrypted from the entire encrypted data. That is, it is not necessary to decrypt the entire protected storage object to read data from the protected storage object that stores the encrypted data, and only the necessary portion is decrypted. Therefore, (For example, decoding time, computing power, and the like) required for reading data can be reduced.
BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
1 is a schematic diagram for explaining a public certificate security system according to an embodiment of the present invention.
FIG. 2A is a view for explaining a method of accessing a certificate storage object by an authentication software of a typical user terminal. FIG. 2B is a view for explaining a method of authenticating a certificate storage object according to an embodiment of the present invention The security system controls the authentication software to access the protected storage object instead of the certificate storage object.
3 is a block diagram illustrating a schematic configuration of a public certificate security system according to an embodiment of the present invention.
4 is a flowchart illustrating a method of securing an authorized certificate according to an exemplary embodiment of the present invention.
BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.
In this specification, the terms "comprises" or "having" and the like refer to the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, But do not preclude the presence or addition of features, numbers, steps, operations, components, parts, or combinations thereof.
Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.
Hereinafter, the present invention will be described in detail with reference to the embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
1 is a schematic diagram for explaining a public certificate security system according to an embodiment of the present invention. As shown in FIG. 1, in order to implement the public certificate security method according to the technical idea of the present invention, a public
The authorized
The
The
The authorized certificate may be a digital certificate in the form of an international protocol (for example, X.509) issued by an authorized Certificate Authority (CA) or a registration agency thereof, and may be a public key certificate Certificate. Certification bodies can be, for example, Korea Information Assurance (KICA), Koscom (KOSCOM), KFTC, Korea Electronic Certification (KECA), Korea Trade Information Telecommunication (KTNET), Korea Information Society Promotion Agency. The authorized certificate may include the unique number assigned by the CA, the encryption algorithm information used for the signature, the issuer (CA) information, the valid period, information on the subject of the authorized certificate, the subject's public key, and the signature information of the CA . The authorized certificate may be in the form of a file having extensions such as .cer, .der, .pem, .p7b, .p7c, .pfx, .p12, and the like. Meanwhile, the private key information corresponding to the public key certificate may be information on a private key paired with the public key of the subject included in the public key certificate. The private key information may be present in the corresponding public key certificate or in a separate file (.key file, etc.).
Meanwhile, the
The path of the
Meanwhile, the authorized
Meanwhile, the public
At least some of the components of the public
Meanwhile, when the
In this specification, accessing a storage object may mean writing data to the storage object or reading data stored in the storage object. Also, access to the storage object may refer to access to the storage object (file) itself if the storage object is in the form of a file. If the storage object is in the form of a directory, (E. G., A public certificate file or a private key file).
In one embodiment, the authorized
To this end, at least some of the components of the authorized
2A is a diagram for explaining a method for an authentication software of a typical user terminal without the authorized
First, referring to FIG. 2A, in a typical case, the authentication software may request file reference information necessary for accessing the certificate storage object A by an operating system (OS) (S10). For example, for requesting file reference information, the authentication software may call the file open API provided by the operating system. Then, the operating system may return file reference information Ha for accessing A (S20).
The authentication software can then write data to the certificate storage object A or read the data from the certificate storage object A via the file reference information Ha. For example, the authentication software can call the write API provided by the operating system for data recording using the file reference information Ha (S30), and the operating system can record the data (S40). Also, the authentication software can call the read API provided by the operating system to read the data using the file reference information Ha (S50), and the operating system reads the data from the certificate storage object A (S60) , And can return it to the authentication software (S70).
In contrast, FIG. 2B illustrates a case where the public
The
In FIG. 2B, in reality, the authorized certificate and the corresponding private key information are stored in the protected storage object B instead of the certificate storage object A. However, since the
Since the location where the
Meanwhile, the public
Meanwhile, the authorized
In addition, the public
FIG. 3 is a block diagram illustrating a schematic configuration of an authorized
Referring to FIG. 3, the authorized
The authorized
In this specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and it does not necessarily mean a physically connected code or a kind of hardware. It can easily be deduced to a technician.
The
The
The
In one embodiment, the
The
Meanwhile, the path of the protected
If the
In one embodiment, the
If the certificate storage object is a directory, the
The
The
In one example, the
The
The
The
Normally, in the case of a block device such as a hard disk drive or a virtual drive, a method of recording and reading data depends on block-level I / O. That is, in the case of a block device, I / O is performed in units of blocks (for example, 512 bytes, 4 KB, 8 KB, etc.) of a predetermined size specified in the file system of the corresponding device, instead of reading or writing data in units of bits or bytes. Therefore, the public-key
Meanwhile, the
The
At this time, the predetermined application program may include the
The
4 is a flowchart illustrating a method of securing an authorized certificate according to an exemplary embodiment of the present invention.
4, the public
In step S200, when the certificate storage object is a directory, the public
Meanwhile, in one embodiment, the public
The authorized
If the
In this case, the public
When the
Meanwhile, according to an embodiment, the public
Meanwhile, the public certificate security method according to the embodiment of the present invention may be implemented in the form of computer-readable program instructions and stored in a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.
Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of software.
Examples of the computer-readable recording medium include magnetic media such as a hard disk, a floppy disk and a magnetic tape, optical media such as CD-ROM and DVD, a floptical disk, And hardware devices that are specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like. The above-mentioned medium may also be a transmission medium such as a light or metal wire, wave guide, etc., including a carrier wave for transmitting a signal designating a program command, a data structure and the like. The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner.
Examples of program instructions include machine language code such as those produced by a compiler, as well as devices for processing information electronically using an interpreter or the like, for example, a high-level language code that can be executed by a computer.
The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be.
It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
It is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. .
Claims (16)
And a substitute module for controlling the authentication software to access the protected storage object instead of the certificate storage object when a predetermined authentication software that performs user authentication using the authorized certificate intends to access the certificate storage object Certificate security system.
The replacement module includes:
When the authentication software calls an application programming interface (API) for requesting file reference information necessary for accessing the certificate storage object, a file reference for accessing the protected storage object by the authentication software in response to the API call Authorized certificate security system that returns information.
The authorized certificate security system comprises:
Further comprising an encryption module for encrypting data recorded in the protected storage object and decrypting data read from the protected storage object.
The encryption module includes:
Encrypting data recorded in the protected storage object for each predetermined encryption unit, decrypting data read from the protected storage object for each encryption unit,
Wherein the encryption unit is a bit or a byte.
Wherein the generation module comprises:
Creating the protected storage object on a predetermined virtual drive,
The encryption module includes:
And a device driver for the virtual drive that performs a function of encrypting data recorded in the virtual drive for each encryption unit and decrypting data read from the virtual drive for each encryption unit,
Wherein the encryption unit is a bit, a byte, or a unit block of a file system of the virtual drive.
The encryption module includes:
And permits access only to the virtual drive requested by a predetermined application or a predefined process.
Wherein the generating module, when the certificate storage object is a directory,
The certificate storage object and the certificate storage object are deleted, the public key certificate stored in the certificate storage object and the corresponding private key information are deleted, and the subdirectory structure included in the certificate storage object and the certificate storage object is preserved .
When a predetermined authentication software that performs user authentication using an authorized certificate intends to access the certificate storage object, the authorized certificate security system performs control such that the authentication software accesses the protected storage object instead of the certificate storage object A method of securing an authorized certificate, the method comprising:
Wherein said replacing comprises:
Returning file reference information for accessing the protected storage object to the authentication software in response to the API call when the authentication software calls an API requesting file reference information required to access the certificate storage object The method comprising:
The authorized certificate security method includes:
Wherein the authorized certificate security system comprises: an encryption step of encrypting data recorded in the protected storage object; And
Wherein the authorized certificate security system further comprises a decryption step of decrypting data read from the protected storage object.
Wherein the encrypting step comprises:
And encrypting data recorded in the protected storage object for each predetermined encryption unit,
The decoding step includes:
And decrypting data read from the protected storage object for each encryption unit
Wherein the encryption unit is a bit or a byte.
Wherein the generating comprises:
And creating the protected storage object on a predetermined virtual drive,
Wherein the encrypting step and the decrypting step comprise:
And a device driver for the virtual drive that performs a function of encrypting data recorded in the virtual drive for each encryption unit and decrypting data read from the virtual drive for each encryption unit,
Wherein the encryption unit is a bit, a byte, or a unit block of a file system of the virtual drive.
The device driver includes:
Allowing only access to the virtual drive requested by a predetermined application or a predefined process.
Wherein if the certificate storage object is a directory,
Deleting the public certificate stored in the certificate storage object and corresponding private key information after creating the protected storage object, and preserving the subdirectory structure included in the certificate storage object and the certificate storage object How to Secure Certified Certificates.
A processor; And
A memory for storing a computer program executed by the processor,
The computer program causes the authorized certificate security system to perform the method of any one of claims 8 to 14 when executed by the processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160022532A KR20170100235A (en) | 2016-02-25 | 2016-02-25 | System and method for security of certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160022532A KR20170100235A (en) | 2016-02-25 | 2016-02-25 | System and method for security of certificate |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170100235A true KR20170100235A (en) | 2017-09-04 |
Family
ID=59924263
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160022532A KR20170100235A (en) | 2016-02-25 | 2016-02-25 | System and method for security of certificate |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170100235A (en) |
-
2016
- 2016-02-25 KR KR1020160022532A patent/KR20170100235A/en not_active Application Discontinuation
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3704621B1 (en) | Secure identity and profiling system | |
JP6117317B2 (en) | Non-repudiation method, settlement management server for this, and user terminal | |
US8966580B2 (en) | System and method for copying protected data from one secured storage device to another via a third party | |
US7526649B2 (en) | Session key exchange | |
KR101608510B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
US9075957B2 (en) | Backing up digital content that is stored in a secured storage device | |
JP4067985B2 (en) | Application authentication system and device | |
US9769654B2 (en) | Method of implementing a right over a content | |
EP2600275A1 (en) | Method for accessing a secure storage, secure storage and system comprising the secure storage | |
US20090276474A1 (en) | Method for copying protected data from one secured storage device to another via a third party | |
CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
CN111310213A (en) | Service data protection method, device, equipment and readable storage medium | |
JP6756056B2 (en) | Cryptographic chip by identity verification | |
WO2015117523A1 (en) | Access control method and device | |
JP2009543211A (en) | Content management system and method using a generic management structure | |
WO2019083379A1 (en) | Data transmission | |
JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
WO2022212396A1 (en) | Systems and methods of protecting secrets in use with containerized applications | |
Kim et al. | Secure user authentication based on the trusted platform for mobile devices | |
CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
KR20170100235A (en) | System and method for security of certificate | |
Gerard | Identity and Access Management Via Digital Certificates | |
JP2008171116A (en) | Storage device and its access control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |