D’Amo PKI

Public Key Infrastructure

Web services are present in almost all aspects of our lives. Circulation of important information, various transactions and trading take place on the web non-stop. Web security has been emphasized for a long time, as it is absolutely necessary in order to prevent information leakage and maintain consumers’ trust. However, there have been many cases where the provided security and its speed has not been satisfactory. D’Amo PKI can enhance trust through safe protection of circulating data and accurate user authentication. Also, it provides easier service maintenance, due to quick encryption/decryption.

issac-web

Expected Effects

  • Provide protective measures for individual privacy, in compliance with privacy laws implemented by public institutions
  • Improve public image
  • Secure new customers through publicity of trading security
  • Improve trust from pre-existing customers
  • Prevent illicit trading by external users
  • Prevent leakage of customer information
  • Prevent illicit trading by internal users (upon usage of digital signatures)
  • Pass the Financial Supervisory Commission’s security committee
  • Use administration protection products certified by the National Intelligence Service of Korea
  • Cut costs due to security failures by preventing security breaches

Product Features

  • Real-time encryption with one-time symmetric keys for data passed between a web server and a browser.
  • Enhanced effectiveness through usage of both public and symmetric-key algorithms
  • Supports all domestic standard encryption algorithms, and boasts top-notch encryption/decryption speed
  • User authorization through NPKI and GPKI possible

issac-web-features (1)

Function

  • Encryption of sent/received data during web session
  • Automatic installation of client module
  • Automatic generation of client’s one-time session key
  • Automatic encryption/decryption upon loading of web pages
    Enables selective encryption of HTML data
  • Security of HTTP, TCP/IP protocol
  • Supports digital certificates, public servant certificates and private certificates
  • PKI-based login
  • Digital signatures
  • Certificate management (view contents/change password/delete/send/retrieve)
  • Issuance, renewal and closure of certificates through connection with certification system (CA, RA)

Past Example for D’Amo PKI

Internet loan transaction system of firm A

Purpose

  • Enable convenient transaction methods such as bankbook-free transaction and giro transfer
  • Establish infrastructure for a new financial information to support promotion of e-commerce
  • Enhance national competitiveness through improving e-commerce

Measures

  1. Installed D’Amo PKI on the loan transaction server and host
  2. Provided public and private keys to the server and bank host
  3. The user goes through automatic installation after completing an ActiveX-based download of the client programm
  4. Encrypt the user’s inputted bank information with the bank’s public key
  5. All loan transaction information except for the bank information goes through digital signing with the user’s financial authentication certificate, along with the already-encrypted bank information
  6. The digitally signed information is encrypted with the loan transaction server’s public key and sent to the loan transaction server
  7. The loan transaction server decrypts the information and processes it after confirmation of the digital signature, except for the encrypted bank information
  8. The bank information, still encrypted, is sent to the bank host
  9. The bank host decrypts the bank information with the private key and sends the processed results to the loan transaction server
  10. The loan transaction server sends the processed results to the user

Measures

  1. Installed D’Amo PKI on the loan transaction server and host
  2. Provided public and private keys to the server and bank host
  3. The user goes through automatic installation after completing an ActiveX-based download of the client programm
  4. Encrypt the user’s inputted bank information with the bank’s public key
  5. All loan transaction information except for the bank information goes through digital signing with the user’s financial authentication certificate, along with the already-encrypted bank information
  6. The digitally signed information is encrypted with the loan transaction server’s public key and sent to the loan transaction server
  7. The loan transaction server decrypts the information and processes it after confirmation of the digital signature, except for the encrypted bank information
  8. The bank information, still encrypted, is sent to the bank host
  9. The bank host decrypts the bank information with the private key and sends the processed results to the loan transaction server
  10. The loan transaction server sends the processed results to the user

Installation Layout

network level pki damo layout

Results

  • Secure protection of online-circulated data
  • Secured enhanced trust with e-commerce based on digital signatures using financial authentication certificates
  • Prevented theft of bank information
  • Secured protection of the dedicated line network between firm A and the bank
  • Passed the e-commerce committee of the Financial Supervisory Service of Korea