- - yessign Version 3.5 (yessign)

- - yessign Version 3.5 (yessign). 2000. 8.29. 2000. 8.29. 2001. 7. 5. 2001. 7. 5. 2001.12.17. 2001.12.17. 2002. 3.12. 2002. 3.12. 2002. 8.21. 2002. 9. 5. 2002.12.27. 2003. 1.13. 2004. 3.31. 2004. 6.12. 2004. 9.16. 2004.10. 1. 2005. 2.21. 2005. 3. 8. 2005.11.17. 2005.12. 2. 2005.12.29. 2006. 1.13. 2006. 6.14. 2006. 7. 1. 2006. 6.30. 2006. 8. 1. 2007. 5.21. 2007. 8. 1. 2009.10. 7. 2009.10.22. 2010. 6. 3. 2010. 7. 1. 2011. 3. 9. 2011. 3.28. 2011. 9. 8. 2011. 9.30. 2013. 8.27. 2013. 9.26. ccopyright 2013 yessign ALL RIGHTS RESERVED - - 1. 1 1.1 1 1.1.1 1 1.1.2 1 1.1.3 1 1.1.4 2 1.2 3 1.3 3 1.3.1 3 1.3.2 3 1.3.3 4 1.3.4 4 1.3.5 5 1.3.6 5 1.3.7 5 1.3.8 7 1.3.9 7 1.3.10 9 1.4 10 1.4.1 10 1.4.2 10 1.4.3 10 1.4.4 11 1.4.5 11 1.5 11 1.5.1 11 1.5.2 12 2. 13 2.1 13 2.2 13 2.2.1 14 2.2.2 14 2.2.3 14 2.2.4 14 2.3 15 3. 16 3.1 16 3.1.1 16 3.1.2 16 3.1.3 16 3.2 17 3.2.1 17 3.2.2 18 3.3 20 3.3.1 20 3.3.2 21 3.4 22 3.4.1 22 3.4.2 22 3.5 22 3.5.1 22 3.5.2 22 3.6 23 3.6.1 23 3.6.2 23 3.6.3 24

3.6.4 (CRL) 24 3.6.5 24 3.6.6 25 3.6.7 25 3.6.8 25 3.7 (OCSP) 25 3.8 26 3.9 27 3.10 (CRL) 29 3.11 (OCSP) 31 3.12 33 3.13 33 3.13.1 33 3.13.2 33 3.14 33 4. 35 4.1 35 4.2 35 4.2.1 35 4.2.2 35 5. 36 5.1 36 5.1.1 36 5.1.2 36 5.1.3 37 5.1.4 37 5.1.5 37 5.1.6 37 5.1.7, 38 5.1.8 38 5.1.9 38 5.1.10 38 5.1.11 38 5.2 39 5.2.1 39 5.2.2 39 5.2.3 39 5.3 40 5.3.1 40 5.3.2 40 5.3.3 40 5.3.4 40 5.3.5 40 5.3.6 40 5.3.7 41 5.3.8 S/W 41 5.3.9 42 5.3.10 42 5.4 42 5.4.1, 43 5.4.2, 43 5.4.3 43 5.5 44 5.5.1 44 5.5.2 44 5.5.3 44 5.6 45 5.6.1 45 5.6.2 45 5.6.3 45 5.7 45 5.7.1 46 5.7.2 46 5.7.3 46 5.7.4 47 5.7.5 47 6.6 52 6.7 53 6. 48 6.1 48 6.1.1 48 6.1.2 48 6.2 48 6.2.1 48 6.2.2 48 6.2.3 49 6.3 49 6.3.1 49 6.3.2 49 6.3.3 49 6.3.4 ( ) 50 6.4 50 6.4.1 50 6.4.2 50 6.4.3 51 6.4.4 51 6.5 51 6.5.1 51 6.5.2 52

1.1 1.1.1 1. ( ). ( ) ( ), ( ), ( ), ( ),. 1.1.2,, 5.,, ( ),. 1.1.3 32( ) 1986 6 2,,, 2000 4 12 4( ).. - : 463-811, 213 9 - URL : http://www.yessign.or.kr - : yessign@kftc.or.kr - : 1577-5500 - : 02)531-3109 1.1.4 1.1.4.1 15,.,.,,. 1.1.4.2 16( ),. 1.1.4.3... 1.2 yessign. 1.3. 1.3.1 (PKI, Public Key Infrastructure). - -,,, - - 1.3.2 25(). - 4-141 - 183-192 - - - - - - 1.3.3 4( ) 8( ). - - -,,,,,, -, CRL - - - 1.3.4,,,,. ( ),, 4.2.1 -.

1.3.5 ( ).,. ().,. 1.3.7.2 21( ). 1.3.7.3 8( ). 1.3.6. 1.3.7 1.3.7.1 222( ) yessign (http://www.yessign.or.kr). - - - - - - CRL - 1.3.7.4 21( ),. yessign(http://www.yessign.or.kr), CRL, CRL,. 1.3.7.5,,,. 1.3.7.6 15( ),. 1.3.8 1.3.8.1 7( ),,,,,. 3( ). 1.3.8.2 15( ),. 1.3.8.3.. 1.3.9 1.3.9.1 15( ).. - - - -, - 1.3.9.2 ( ).,. 1.3.9.3 21( )... 1.3.9.4 21( ). 1.3.9.5. ( ) 10. -

- - (,, ) 1.3.9.6. 1.3.10 1.3.10.1 ( ).. 1.3.10.2. - - - - 3 1.4 1.4.1 : : yessign@kftc.or.kr : 463-811, 213 9 : 1577-5500 FAX : (02)531-3109 1.4.2 6( )... - - - 1.3.10.3. 1.4.3 6( ) 15. 1.4.4. - : http://www.yessign.or.kr/cps.ht 1.4.5 30( ) ( ). - : SMS, 2. - 2 :. 1.5.2. - CRL : Certificate Revocation List, - DN : Ditinguished Nae, 1.5 1.5.1 1.5.1.1 6.6. 1.5.1.2. - :, CRL ITU-T X.500. - : (IP MAC ) (, ). - yessign :. - : (PC, ),.

2.. 2.1 /(),. 1. OID 1.2.410.200005.1.1.1, ( ) /, / 1.2.410.200005.1.1.4, / 1.2.410.200005.1.1.5 / / 1.2.410.200005.1.1.2, ( ),, 1.2.410.200005.1.1.6.8 CTR 1.2.410.200005.1.1.6.3 1.2.410.200005.1.1.6.5,, 1.2.410.200005.1.1.3 1.2.410.200005.1.1.6.X 1.2.410.200005.1.1.7.X. 4 4 2006 7 1. 2.2 2.2.1,. ( : /, ) 2.2.2. 2.2.3. (CRL) (OCSP) 2.2.4. 28( ). 2.3 7 7,.,. 7,. 3. 3.1 3.1.1 ( ), /. 3.1.2 -.,. -,. -.,. - yessign. -. 3.1.3. -

- - - - 3.2 3.2.1.,. 3.2.1.1 132( ) 133().,,.,. -, ( ) -, ( ),,. 3.2.1.2 132( ) 4 //.. - (ID) - - ( ). 3.2.2 3.2.2.1 7( ),,.., 7( ) 7. 3.2.2.2. -,, - - -,.. - - - - - - - DN. DN ID. ID,,., CRL.. 3.2.2.3,,. 3.2.2.4.,. 3.3 3.3.1 1.

1. 3.3.2 3.3.2.1.. - - - -,.. 3.3.2.2. - - -.. DN DN. 3.3.2.3 "3.2.2.3 " 3.3.2.4. "3.2.2.4 ". 3.4 3.4.1,.. 3.4.2 3.2.1 3.2.2. 3.5 3.5.1 (,, ). 3.5.2,. 3.2.2.4. 3.6..,,. 3.6.1. 3.6.2 18( ) "1.3.7 ". - -, - - - - - - yessign - 3.6.3 3.6.3.1, "3.2.1 ".. 3.6.3.2,. 7.. 3.6.4 (CRL) 24 CRL, yessign(http://www.yessign.or.kr). 3.6.5 "3.6.2 ".

3.6.6, "3.2.1 ".. 3.6.7 CRL CRL. 3.8 20( ). S/W, S/W.,. 3.6.8 17( ) 6. 3.7 (OCSP) (OCSP) OCSP(Online Certificate Status Protocol),, yessign.. S/W.,. 3.9 2). 1) # ASN.1 Note 1 Version INTEGER 0x02 ( 3) 2 Serial Nuber INTEGER 3 Signature OID Issuer [KCAC.TS.DN] type OID 4 C(Country) printablestring, printablestring value utf8string utf8string 5 Validity notbefore UTCTie notafter UTCTie [1] Subject [KCAC.TS.DN] type OID 6 C(Country) printablestring, printablestring value utf8string utf8string 7 Subject Public Key Info algorith OID subjectpublickey BIT STRING 8 Extensions Extensions [2] [1] "2.1 ", "3.3 ", "3.4 " [2] 2) # ASN.1 C Note 1 Authority Key Identifier keyidentifier OCTET STRING KeyID n authoritycertissuer GeneralNaes authoritycertserialnuber INTEGER 2 Subject Key Identifier OCTET STRING n subjectpublickey 160 3 Key Usage BIT STRING c, 4 Certificate Policy policyidentifier OID [1] policyqualifiers PolicyQualifierId OID CPS, UserNotice Qualifier c CPSuri IA5String URI UserNotice NoticeReference SEQUENCE - - ExplicitText BMPString 5 Policy Mappings - - - 6 Subject Alternative Naes othernae n rfc822nae o 7 Issuer Alternative Naes othernae n o id-kisa-identifydata VID id-kisa-identifydata 8 Extended Key Usage OID n o o id-kisa-hsm [2] 9 Basic Constraints - x x 10 Policy Constraints - - - 11 Nae Constraints - - - 12 13 CRL DistributionPoint distributionpoint DistributionPoint Nae reasons ReasonFlags - - n CRL crlissuer GeneralNaes o CRL Authority Inforation Access accessmethod OID n id-ad-ocsp accesslocation GeneralNaes OCSP URI [1] 2.1 [2] [KCAC.TS.HSM] (id-kisa-hsm)

3.10 (CRL) 2) CRL CRL. 1) # ASN.1 Note 1 Version INTEGER 0x01 ( 3) 2 Signature OID Issuer [KCAC.TS.DN] type OID 3 value printablestring utf8string C(Country) printablestring, utf8string 4 This Update UTCTie CRL 5 Next Update UTCTie CRL Revoked Certificates [1] usercertificate INTEGER 6 revocationdata UTCTie crlentryextensions Extensions [2] 7 CRL Extensions Extensions [3] [1] Revoked Certificates [2] 3) CRL [3] 2) CRL # ASN.1 C Note 1 Authority Key Identifier keyidentifier OCTET STRING KeyID n authoritycertissuer GeneralNaes authoritycertserialnuber INTEGER 2 Issuer Alternative Naes othernae n o 3 CRL Nuber INTEGER n 4 Issuing DistributionPoint onlycontainsusercerts BOOLEAN c - - # ASN.1 C Note 1 Reason Code ENUMERATED n 2 Hold Instruction Code OID n o 3 Invalidity Date UTCTie n o 4 Certificate Issuer GeneralNaes c o id-kisa-identifydata DistributionPointNae IA5String CRL [1] onlycontainscacerts BOOLEAN - - onlysoereasons BIT STRING - - IndirectCRL BOOLEAN o [2] [1] CRLDP ([KCAC.TS.DSCP] ) [2] IndirectCRL TRUE 3) CRL 3.11 (OCSP) 2). 1) 3.9, 1). # ASN.1 C Note 1 Authority Key Identifier keyidentifier OCTET STRING n authoritycertissuer GeneralNaes authoritycertserialnuber INTEGER 2 Subject Key Identifier OCTET STRING n subjectpublickey 160 3 Key Usage BIT STRING c, 4 Certificate Policy policyidentifier OID policyqualifiers PolicyQualifierId OID CPS, UserNotice Qualifier c OCSP CPSuri IA5String URI UserNotice NoticeReference SEQUENCE - - ExplicitText BMPString 5 Policy Mappings - - - 6 Subject Alternative Naes othernae n 7 Issuer Alternative Naes othernae n o 8 Extended Key Usage OID c 9 Basic Constraints - x x 10 Policy Constraints - - - 11 Nae Constraints - - - 12 13 CRL DistributionPoint distributionpoint DistributionPoint Nae reasons ReasonFlags o n CRL URI id-kisa-identifydata VID id-kisa-identifydata crlissuer GeneralNaes o CRL Authority Inforation Access accessmethod OID n o id-ad-ocsp [1] accesslocation GeneralNaes 14 OCSP No Check OID n o id-pkix-ocsp-nocheck [2] [1] [2] shortlived

3.12,. 3.13 3.13.1 30. 10( ) 6..,. - 4 - - 4 6 6-64 - 11 3.13.2. 3.13.2 60. ( " " ).,.. 3.14 6 4. 5. 4.1 5.1 CRL., 26(). 4.2 4.2.1,. - : ldap://ds.yessign.or.kr:389/ - : http://ocsp.yessign.org:4612 - : http://www.yessign.or.kr/ra.ht,,,, ( "" ). 5.1.1. -,, - -, 4.2.2, CRL 24., yessign(http://www.yessign.or.kr). 26(). 5.1.2. - -,, - -

- - CCTV - 2 5.1.3 30c. 5.1.4,,. 5.1.5,. - - 5.1.7,,. 5.1.8. -, - - 5.1.9. 5.1.10,. 5.1.6. -, 3T -, 5.1.11 10k,,. 5.2 5.3 5.2.1, 5.4.1,. -,, - -, ( 2 ) 1-2 - 2-2 5.2.2,,. 5.3.1 -. -. 5.3.2. - RSA KCDSA : 2048 - HAS-160 SHA-1 : 160 - SHA-256 : 256 5.3.3,. 5.3.4. 5.2.3. - 3-2 - 5.3.5. 5.3.6

. 5.3.7-2. -. -. -. -. -. -,. -. - //(, ). - //. -. -. 5.3.8 S/W S/W. - S/W - 5.3.9 -,. -. -. -. -,. -,. -. - //. - //. 5.3.10 5.1.1. 5.4,. 5.4.1, 12. - - 2 -, 5.4.2, -. -, 1. -. -,. -. 5.4.3 5.5 5.5.1 10. - - - - - - - - - (login) (logoff) - 5.5.2.,. 5.5.3. -.

5.6 5.6.1 22( ) 10. - - 5.6.2. -. -.,. 5.6.1 10K 1. 5.6.3. 5.7,. 5.7.1. 5.7.2. - -, -, Dos. - ( ) - - -. - - - 5.7.3 -. -,. -,. 5.7.4 -, Dos IP,. -. -, Dos,, S/W, ID, PASSWORD S/W,. -. -. - IP, S/W. 5.7.5 -. -. -. 6. 6.1 6.1.1. - -,,, - CRL 6.1.2,, 6.1.1,,. 6.2 6.2.1,, 26(). 6.2.2., 26 ()

. 6.2.3 25. 398( ).,. 6.3.4 ( ) ( ). -, 2() 3 -, 6.3 6.3.1. 6.3.2. 6.3.3,,.. 6.4 6.4.1 24( ),., 3. - ( ) - - - - 6.4.2, yessign,,,. - - - 6.4.3 yessign,,,. - :, e-ail,,, - : - : IP MAC, HDD Serial, USB Serial, OS,, 6.4.4 yessign, yessign. 6.5 6.5.1..,,, 7. 6.5.2.. - - - - - - - - - - 6.6 1.3. - - - -

. - - - (yessign) - - CRL. 6.7. 2013 9 26.