Abstract: An apparatus for cooperatively operating a Web browser and a local resource in a mobile terminal includes a Web browser for receiving a Web page requesting a local resource from a Web server connected to the mobile terminal; and a gateway server for controlling the local resource with parameters of the Web page and transmitting information regarding execution results of the local resource to the Web server by way of the Web browser. The parameters of the Web page include at least one of an ID of the Web server, a callback address (CallbackURL), a requested local resource function, and signature information.

Abstract: An identity protocol gate way according to the exemplary embodiments of the present invention includes an artifact generating and inquiring module generating an artifact by receiving a sharing request message from a mobile identity wallet according to a request made by an application program of a mobile device, inquiring corresponding identity information according to a request of the identity information including the artifact from a web server and transferring the inquired identity information to the web server; and a protocol converting module converting the sharing request message into a protocol message of a wired environment by receiving the sharing request message from the mobile identity wallet, transferring the protocol message to the identity web server, transferring sharing response information and the artifact to the application program of the mobile device by using a mobile protocol in response to the sharing response information from the identity web server.

Abstract: A key tree construction and key distribution method for hierarchical role-based access control, includes: constructing a key tree including relationships between a hierarchical structure of role groups and data; performing encryption and decryption of data keys and role keys; and generating a key table, in which the data keys required to decrypt encrypted data and the role keys required to decrypt encrypted data keys are stored, with reference to the key tree. Further, the key tree construction and key distribution method for hierarchical role-based access control includes performing management such that a specific role group can obtain a data key by performing decryption based on its own role key by using both the key tree and the key table.

Abstract: Disclosed herein is a method and apparatus for partially encoding/decoding data for a commitment service and a method of using encoded data. The apparatus includes an encoding/decoding module for encoding/decoding a database to be committed to a server using a private key of the user, obtained by accessing a key storage unit through a key management module which manages information about the private key of the user, stored in the key storage unit, and also encoding/decoding an SQL query required to use a DB committed to the server. The encoding/decoding module partially encodes/decodes one or more of table names, field names, and attribute values of the DB. In the present invention, the table names, field names, and field attribute values of the DB are partially encoded while the existing structure of the DB is maintained, and the partially encoded DB is committed to the server.

Abstract: Disclosed herein is a system and method for managing identity. The system includes a mobile terminal, a web server, and a service terminal. The mobile terminal includes a smart card on which a management server for managing user identity is mounted. The web server generates the user identity and provides the generated identity to the management server over a wired/wireless network. The service terminal receives a required identity from the mobile terminal using Near Field Communication (NFC).

Abstract: A pseudonymous ID (identification) management apparatus includes a token processing unit for validating an authentication token; a pseudonymous ID generation unit for issuing a pseudonymous ID corresponding to the authentication token; a temporary ID generation unit for issuing a temporary ID for use in an offline subscription; and an ID validation unit for validating a pseudonymous ID received from a web service apparatus along with a pseudonymous ID validation request and transmitting pseudonymous ID validation result to the web service apparatus, and validating a temporary ID received from the web service apparatus along with a pseudonymous ID exchange request and transmitting a pseudonymous ID corresponding to the temporary ID to the web service apparatus. The web service apparatus provides a service to which a user desires to subscribe.

Abstract: A user terminal for a user-centric identity management system includes: a browser that requests a service to the service provider server and receives a service parameter in which a plurality of selectable protocol parameters corresponding to the service are recorded from the service provider server; an interaction unit that selects any one protocol parameter among the plurality of protocol parameters by receiving the service parameter through the browser; and a service processing unit that performs a service protocol with the service provider server on the basis of the protocol parameter selected through the interaction unit, and receives token information required to receive the service from the service provider server and transfers the token information to the browser.

Abstract: Provided are an apparatus and method for managing identity information. The apparatus includes a contract detail manager managing details of an identity information sharing contract made between a user and an identity provider (IdP) wanting to provide identity information about the user, and details of an identity information sharing contract made between the user and an identity consumer (IdC) wanting to be provided with the identity information about the user, an IdP selector selecting an IdP capable of providing the identity information about the user based on the details of the sharing contract when a request for the identity information about the user is input from the IdC, and an information provider obtaining information according to the identity information request from the selected IdP, and providing the obtained information to the IdC. The apparatus and method can solve a problem that all of a user's identity information is provided to an IdC according to the user's comprehensive agreement.

Abstract: Provided is an Open ID authentication method using an identity selector, which can simplify the authentication of an open ID and reduce phishing and hacking risks by automatically performing an open ID-based login process without the need to manually input an open ID uniform resource locator (URL) to a login window.

Abstract: The present invention provides a method of validating a certificate by a certificate validation server using certificate policy and certificate policy mapping in a public key infrastructure (PKI). If the certificate validation server receives, from a client, an object certificate to be validated, a certificate of a certification authority which the client trusts, and a certificate policy which will be applied to validation of the object certificate, and receives a request for validation of the object certificate, the certificate validation server creates a certification path for the object certificate in response to the request. The certificate validation server validates the created certification path using a certificate policy mapping table if the validation of the object certificate is allowed, and then transmits a result message to the client according to the result of the validation of the certification path.

Abstract: The present invention provides a method for modifying validity of a certificate in a public key infrastructure (PKI)-based authentication system, which is capable of performing online suspension, recovery and revocation of a certificate between a user system and a certificate authority by executing user authentication with guaranteed reliability using user biometric information. Accordingly, there is no need for the user to personally visit a registration authority or certificate authority to modify the certificate validity. The user can easily modify the certificate validity using his/her user system connected online to the certificate authority.

Abstract: A portable USB storage device includes a case, a USB port, and a control device. The case contains therein a data storage. The USB port can be inputted into the case in a sliding motion. The control device selectively controls a location of the USB port to keep the USB port.

Abstract: A portable USB storage device includes a case, a USB port, and a control device. The case contains therein a data storage. The USB port can be inputted into the case in a sliding motion. The control device selectively controls a location of the USB port to keep the USB port.

Abstract: The present invention provides a method of validating a certificate by a certificate validation server using certificate policy and certificate policy mapping in a public key infrastructure (PKI). If the certificate validation server receives, from a client, an object certificate to be validated, a certificate of a certification authority which the client trusts, and a certificate policy which will be applied to validation of the object certificate, and receives a request for validation of the object certificate, the certificate validation server creates a certification path for the object certificate in response to the request. The certificate validation server validates the created certification path using a certificate policy mapping table if the validation of the object certificate is allowed, and then transmits a result message to the client according to the result of the validation of the certification path.

Abstract: The present invention provides a method for modifying validity of a certificate in a public key infrastructure (PKI)-based authentication system, which is capable of performing online suspension, recovery and revocation of a certificate between a user system and a certificate authority by executing user authentication with guaranteed reliability using user biometric information. Accordingly, there is no need for the user to personally visit a registration authority or certificate authority to modify the certificate validity. The user can easily modify the certificate validity using his/her user system connected online to the certificate authority.

Abstract: A method for issuing a certificate using biometric information in a public key infrastructure-based authentication system is provided. In the present invention, an authentication code used to protect a certificate issuance request message is assigned to a user by a certificate authority not at a registration step but at a certificate issuance request step where a user authentication is performed with user's biometric information. Therefore, there is no need for a user to remember and enter the complex authentication code to be issued the certificate, thereby simplifying certificate issuance procedures. Further, in the present invention, the authentication code is assigned to the user at the certificate issuance step only after a real-time authentication using the user's biometric information is performed.