1. Field of the Invention
The present invention relates to a server having the ability to safely transmit a user's certificate to a mobile terminal in order to use the certificate in mobile terminal-based environment, a communication system to which the server is applied, and a method using the same.
This work was supported by the IT R&D program of MIC/IITA [2005-S-060-02, Development of Universal Security Service Platform Technology for Protecting e-Identity].
2. Description of the Related Art
Nowadays, the use of wireless Internet with mobile terminals is rapidly increasing, and wireless Internet using habits of mobile terminal users are diversifying. However, compared to using Internet with fixed terminals such as a Personal Computer (PC), a complex process is required to use Internet with mobile terminals. In addition, due to problems in a mobile terminal's performance compared to a PC's performance, it is difficult to provide a sufficient level of security while using Internet with mobile terminals. In the past, Wireless Public Key Infrastructure (WPKI) suitable for a processing rate of mobile terminals was suggested. However, recently, with an increase of the performance of mobile terminals, a method of carrying a wired certificate has been discussed to provide a sufficient level of security.
Korean Patent Publication No. 10-2004-0082362 disclosed in Sep. 24, 2004 titled “authorized certificate management method and user authentication method using mobile terminal” relates to a method of managing an authorized certificate by using a mobile terminal as a storage medium, by which an authorized certificate stored in a user's network terminal is downloaded to the mobile terminal, and if the authorized certificate is necessary, the authorized certificate stored in the mobile terminal is transmitted for an authentication process. However, in order to drive a certificate management module of the mobile terminal and transmit the authorized certificate to a certificate management server, a Short Message Service (SMS) including a callback Uniform Resource Locator (URL) is required, and the mobile terminal simply acts as a certificate storage medium. In addition, since the certificate management server can read all communications between the mobile terminal and the network terminal, the certificate management server may be used for a malicious purpose.