SlideShare una empresa de Scribd logo

Eco [3 c] introduction of national pki-sg-jaejung kim-15_apr10

Hai Nguyen
Hai Nguyen

1. South Korea has 5 accredited certificate authorities that issue digital certificates to around 20 million users for applications like internet banking, online stock trading, e-commerce, and e-government services. 2. The PKI landscape in South Korea consists of a national PKI (NPKI) established in 1999 and a government PKI (GPKI) established in 2001. The two systems were later cross-certified to ensure interoperability. 3. Over time, the Korean PKI system saw upgrades to technologies, expansion of mandatory certificate usage in certain industries, introduction of fees for individual certificates, and division of certificate markets between certificate authorities (CAs).

1 de 21
Descargar para leer sin conexión
3. PKI Status in Korea
Overview (1/3) 5 Accredited CA’s issued accredited certificates to user around 20 million in total Major PKI Applications Internet Banking, Online Stock, Internet Shopping, Procurement, e-Gov Services Shopping mall: Credit card 20.7 (over 300,000 KRW) Nov.,2005 18.7 Cyber trading Mar., 2003 17.2 14.4 Internet banking Sep., 2002 11.0 9.5 E-Bidding dd 7.8 78 Oct., 2000 4.9 1.5 0.3 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009.6 Number of annual issuance of certificates (published by MOPAS, Unit: Million) 38 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Overview (2/3) Statistics on Accredited CA’s i i di d ’ (published by O S) ( bli h d b MOPAS) Accredited CA/ Accredited Main Business No. Characteristics Web site Date Area SG (CA: SignGATE) All industry, 1 2000. 02. 10 Corporation http://www.signgate.com government KOSCOM (CA: SignKorea) Special purpose 2 2000. 02 2000 02. 10 Cyber trading http://www.signkorea.com Corporation KFTC (CA: yessign) Non-commercial 3 2000. 04. 12 Internet banking http://www.yessign.com Organization CrossCert (CA: CrossCert) 4 2001. 11. 24 Corporation - http://gca.crosscert.com State-run KTNET (CA: TradeSign) 5 2002. 03. 11 Corporation with Trading http://www.tradesign.net special mission 39 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Overview (3/3) PKI Model i Korea d l in GPKI NPKI Established in 2001 pursuant to Established in 1999 under Electronic Act E-Government Act Signature Act Ministry MOPAS (Ministry of Public Administration and Security) in Charge Root CA GCMA (http://www.gpki.go.kr) KISA (http://www.rootca.or.kr) Main Public Servants Individual, Company p y Customer Algorithm NEET (not open) SEED, AES Types of Accredited Certificate and Fees Types Entity Certificate Usage Field Fee Individual All electronic transactions ≅ US$ 4/year General Corporation All electronic transactions ≅ US$ 100/year - G2C, Bank, Insurance Free Specific - G2C, Stock, Insurance Free - G4C, Credit Card Free 40 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
PKI Scheme Mutual Recognition g N ti National R t CA l Root G Government R t CA t Root (KISA) (GCMA) Certification issuance / Certification issuance / g Management g Management Accredited CA … Accredited CA Accredited CA … Accredited CA Certification issuance / Certification issuance / Management Management … E-Government … E-Government Service Provider Service Provider Subscriber Subscriber 41 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Role of Root CA Accredited CA Root CA International Cooperation Root CA (KISA) Technical T h i l Specification Environment of Usage of Electronic Legal & Policy Signature g Issue www.sgco.kr 42 Copyright 1999-2008@SG Inc. www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved All rights reserved
Scope of Benchmarking Subject contents Electronic Signature Act, Decree and Ordinance Law, Policy, Certification Practices St t C tifi ti P ti Statement t Standards Electronic Signature Certification Technology Government PKI National PKI Electronic Signature Promotion Provide User s Convenience User’s User End of Certificate Free Trial Period Adapt HSM (Hardware Security Module) PKI Model Interoperability among Accredited CA’s CA s Accredited A di d Upgrading of PKI technologies CA Division of PKI Markets Cross certification for NPKI and GPKI Root R t CA Addition of Root CA Certificate to MS IE Applications Mandating Accredited Certificate (bank, stock) PKI E-Procurement, Internet Banking, Payment Gateway, G4C etc Applications 43 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Framework of Registration - Ensure the security and reliability of electronic documents Electronic El t i and to promote their use Signature Act - Promoting nationwide informationalization and improving convenience in people's living standard people s Electronic Signature Act, Decree and Ordinance CA Accredited CA’s Accredited CA’s Accredited CA’s accreditation Operation i Protection CPS measure Regulation on Guideline for Regulation on Accredited CPS Accredited CA’s CA s Certification Practice Accredited CA’s Facility and Equipment protective measures Framework Technical Specification 44 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
CPS (Certification Practices Statement) Contents Detail - Transmission of Registered Information - Request for Issuance of Certificate Management - Generation of Certificates of - Request for Suspension, Restoration and Revocation of Certificates Certificates - Generation of Certificate Suspension and Revocation List - Public Announcement and Validation of Certificates - Generation of Private Pairs - Protection of Private Pairs Management - Backup of Private Pairs - Revocation of Private Pairs of Key Pairs - Loss, Destruction, Theft or Leakage of Private Keys Other - Provision of Time Stamping - Time Reception and Correction Certification - Storage of Time Stamping Records - Storage of Electronic Documents Services - Backup of Time Stamping Records - Other Supplementary Services - Conformity with Technical Specifications - Scope and Intended Use of Certificates - Conformity to Certification Procedure - Matters concerning Facilities and Equipment g q p - Management of Certification Service Records Others - Management of Certification Service Records through the representative - Management of Audit Records - Management of Registration Authorities g g - Test Run of Certification Practice - Correct Provision of Information and Public Notification 45 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
History of NPKI in Korea Year ‘00 ‘01 ‘02 ‘03 ‘04 ‘05 ‘06 ‘07 ‘08 Activity Electronic Signature Promotion Interoperability among Accredited CA’s Provide User s Convenience User’s Cross certification for NPKI and GPKI Mandating Accredited Certificate (bank, stock, E-malls) End of Certificate Free Trial Period Upgrading of PKI technologies Division of PKI Markets Addition of Root CA Certificate to MS IE and other Browsers Adapt HSM (Hardware Security Module) 46 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Interoperability among Accredited CA’s general-purpose CA A certificate User A x Company 1 App 1 CA B User B App 2 Company 2 Accredited CA E-service Provider S/W development p y Company -Subscriber who has an general-purpose accredited certificate can do all kinds of electronic transaction at Internet -To provide t h l i T id technologies th t recognize and process accredited that i d dit d Goals certificates regardless of who issue them -To provide data to policy-makers on how to determine the scope and conditions of each accredited certificate Lesson to The interoperability issue should be considered which learn l arises during early stages of the NPKI construction construction. 47 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Cross-Certification for NPKI and GPKI A PKI B PKI CTL B issuance A Root CA Root CA Hash Certificate Path Hash A_RootCA A_RootCA Cert B_RootCA CA CTL CTL issued by A_RootCA CTL B_RootCA Cert B_CA B CA A_CA B_CA Cert B_User Cert verify generate signature i signature i B_USER B USER A_USER -Two years after establishment of the NPKI in 1999, the GPKI was brought to birth. The two got to have overlapped service areas. Background -To smooth out simultaneous operation of both, realization of cross- certification is vital, which was obtained by means of a simplified CTL (i.e. (i e Certificate Trust List) List). To avoid duplication of resources and confusion in Lesson to policy-making, policy-making services should be provided through a learn single root CA. 48 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Mandatory Use of Accredited Certificates -The mandatory use was intended to protect the banking and trading systems, where security breaches occurred frequently in the process of Background identity verification, against hacking and other attacks and to enhance security b mandating accredited certificates, a tool that verifies i by d i di d ifi l h ifi identification most efficiently. -Accredited certificate in Banking and Stock Trade  ◊ Mandating use of the certificate in banking & online stock trading   * Government consulted with Financial Supervisory Service (FSS) about using the certificate in the financial field   * FSS made it mandatory to use the certificate in internet bank (Sep., 2002) and online stock trading (March, 2003) Progresses -Accredited certificate in Online Shopping ◊ Use credit card with the certificate at internet shopping mall   * FSS announces a new policy that credit cards should be used with the certificate in Online Shopping (July, 2003) * E-malls have to be configured to verify the identity of the cardholder and the payer by September, 2006. Lesson to To boost the certification market, the mandatory use learn of PKI on some industries has been recommended. 49 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Accredited Certificate Fees for Individuals -To promote use of accredited certificates, services were provided free of charge. -Accredited certificates were provided without any charge to relieve the initial burden of customers to secure adjustment period and to customers, period, build up the Internet services. -The deteriorating financial status of CA’s led to efforts to improve Background security and quality of certification services. ◊ Only corporate certificates began to be charged for (Approximately, 100 $ /year).  ◊ It was unable to impose any liabilities on CA’s since they did not generate any profits profits.  ◊ CA’s were unable to make additional investments, for example, in equipment. -Individuals began to pay fees. (June, 2004) ◊ Individual accredited certificate of general purpose: $4/year  Progresses ◊ Individual accredited certificate of limited purpose: Implementation thereof was in the sole discretion of a CA (CA’s were CA. (CA s able to charge only after September, 2004.) Lesson to For CA’s to serve the public with stability in operation an CA s learn d services, free trial periods should not be provided. 50 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Division of PKI Markets Individual CA Characteristics General Specific Purpose Corporation Total Purpose (Bank) non-profit 63% 76% 29% 67% KCFC organization 4$/year Free 100$/year or Free -KESA (Korea Electronic Signature Act) amended to set “borders” between different markets (December, 2005) ◊Th amended KESA d ◊The d d demands tougher requirements f d h i for a government agency or a non-profit organization to get designated as Progresses CA. -Implementation of PKI with divided roles (July, 2006) Implementation  ◊ The KCFC, under the new KESA, is not allowed to issue certificates of general purpose; it can only issue certificates required for banking. Different natures of CA’s may lead to conflicts and Lesson to harm to the market. Thus, it is necessary, in some case, learn to t b t set boundary between certificate markets. d b t tifi t k t 51 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Upgrading of PKI technologies -The term “upgrading (or its verb form “to upgrade”) refers to any effort made to increase system security and compatibility of Background technologies such as renewal of private keys, adjustment of length of private keys application of RFC3280 etc keys, RFC3280, etc. -Renewal of Root CA certificate and Accredited CA Certificates -Upgrading of private-key lengths Upgrading private key Before Feb., 2006 After Feb., 2006 Valid period Key Length Valid period Key Length Root CA 10 years 2048 bit 20 years 2048 bit Major M j Accredited CA 5 years 1024 bit 10 years 2048 bit missions User 1 year 1024 bit 1 year 1024 bit -Application of RFC 3280 Application ◊ International standard changed: RFC 2459 RFC 3280 -Offline operation of Root CA’s directory ◊ The CRL’s of Root CA are posted on directories of six CA’s. Advance of technologies does not always guarantee Lesson to stability of certification technologies. Thus, counter- counter learn measures should be considered in advance. 52 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Addition of Root CA Certificate to MS IE JCSI VeriSign RSA Hongkong Post VISA Thawte Microsoft Korean Root CA • Microsoft Root Certificate Program Members: 58 CA’s (15 accredited CA s) CA s CA’s) -When using services like e-mail and web server with domestic certificates, security warnings popped up, causing confusion among  Problems users. -Foreign CA’s (i.e., VeriSign) recognized by MS Windows got to and monopolize the Korean PKI markets for SSL, code signing certificates. solutions -By mounting certificates of Korean Root CA’s on MS Windows, it has y ou t g ce t cates o o ea oot C s o S W do s, t as become possible to apply their certificates to Windows-based web services including web server, secured e-mail and code signing etc A country should accumulate and retain its own Lesson to technologies related to security and certification to learn enhance its national competitive edge. ★ Inclusion KISA Root CA Certificate in Web Browsers (~'08) Internet Explorer ('06.02), Safari ('07.03), Opera ('08.05), FireFox ('06~) 53 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
HSM Token as a secure storage Storage for Certificate Interface between the Token and the Subscriber s Subscriber’s S/W <Subscriber's S/W> <HSM Access Program> <HSM Token> -A hardware protected secure storage with hardware cryptographic accelerator to generate and store private keys Background ① Digital signing and generation of a private key can be done inside the Token ② Private keys can not be exported Token, -If subscriber uses hard disk for certificate storage, some malicious Problems programs can control subscriber’s PC and extract that information. -Developing the technical specifications for HSM Token with certificate ('06~'07.8) Progresses -Carrying out the evaluation for the interoperability of HSM Token ('07.9~) Lesson to In order to enhance subscriber’s personal security learn environment, HSM Token as a secure storage can use. 54 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
HSM Evaluation Process Storage media for private key and certificate should be evaluated by Root CA in order to provide the interoperability of personal security environment. Evaluation Criteria • HSM Storage Format Specification for Accredited Certificate Root CA • Accredited Certificate Usage Specification for HSM Request evaluation Give certificate CA Vender Publish Into Lists Certified Product Lists User’s PC EE A S/W User can choose Smar any products PKCS#11 t Card PSE • PSE: Personal Security Environment, HSM: Hardware Security Module 55 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Asia PKI Consortium • Non-profit i fi international collaboration b d i Asia region, specialized f i f i l ll b i body in i i i li d for information security areas i i • Objectives : To realize borderless and seamless e-commerce in a secure and trustworthy way, in Asia regions •F Founded : N d d Nov. 2007 • Member : Korea (KISA), China, Taiwan (As of June, 2008) Composed of all P i i l member C d f ll Principal b Approve resolutions by GA Determine policy, direction, strategy Steering Committee (SC) Composed of all members Elect Ch i l Chairperson and Vice chairperson d i h i General Assembly (GA) Decide to Start and Dismiss WG Task-force based Working Group Secretariat Actual WG Mobile Privacy PKI WG SME WG Other WG WG WG Candidate WG Thoughts should be given to the issue of international Lesson to interoperability. Close cooperation, for example, with learn the Asia PKI Consortium will be helpful. 56 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
Mr. Jaejung Kim jjkim@signgate.com T. +82-10-2223-4978 +82 10 2223 4978

Recomendados

PKI in Korea
PKI in KoreaPKI in Korea
PKI in KoreaThe World Bank
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business Jinhwan Shin
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Enhancing System Security Using PKI
Enhancing System Security Using PKIEnhancing System Security Using PKI
Enhancing System Security Using PKIChin Wan Lim
 
electronic_payment_system_in_korea_eng
electronic_payment_system_in_korea_engelectronic_payment_system_in_korea_eng
electronic_payment_system_in_korea_engFrank Mercado
 
Future of Public Key Infrastructure
Future of Public Key InfrastructureFuture of Public Key Infrastructure
Future of Public Key InfrastructureChin Wan Lim
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010SC Leung
 

Recomendados

PKI in Korea
PKI in KoreaPKI in Korea
PKI in KoreaThe World Bank
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business Jinhwan Shin
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Enhancing System Security Using PKI
Enhancing System Security Using PKIEnhancing System Security Using PKI
Enhancing System Security Using PKIChin Wan Lim
 
electronic_payment_system_in_korea_eng
electronic_payment_system_in_korea_engelectronic_payment_system_in_korea_eng
electronic_payment_system_in_korea_engFrank Mercado
 
Future of Public Key Infrastructure
Future of Public Key InfrastructureFuture of Public Key Infrastructure
Future of Public Key InfrastructureChin Wan Lim
 
Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010SC Leung
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesUbisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...Ubisecure
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyUbisecure
 
The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020OpenID Foundation Japan
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldUbisecure
 
Bhadale group of companies bfsi products catalogue
Bhadale group of companies bfsi products catalogueBhadale group of companies bfsi products catalogue
Bhadale group of companies bfsi products catalogueVijayananda Mohire
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificateAshvini Soni
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3Chin Wan Lim
 
E-Signature Webcast for Financial Services Legal Counsel (Slides)
E-Signature Webcast for Financial Services Legal Counsel (Slides)E-Signature Webcast for Financial Services Legal Counsel (Slides)
E-Signature Webcast for Financial Services Legal Counsel (Slides)eSignLive by VASCO
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign|區塊鏈線上簽署系統
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementMartijn Oostdijk
 
Department of Transportation and Communications of Philippines Selects Guardt...
Department of Transportation and Communications of Philippines Selects Guardt...Department of Transportation and Communications of Philippines Selects Guardt...
Department of Transportation and Communications of Philippines Selects Guardt...flashnewsrelease
 
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...Gerson Rolim
 
Mastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationMastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationScott Leinweber
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
Validity Of E singnature In India
Validity Of E singnature In IndiaValidity Of E singnature In India
Validity Of E singnature In IndiaRohit6699
 
E To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
E To The Rescue: Opportunity in Mortgage Servicing and Loss MitigationE To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
E To The Rescue: Opportunity in Mortgage Servicing and Loss MitigationCDB Consultancy LLC
 
FCM Sustainable Communities, Panel February 9 2012
FCM Sustainable Communities, Panel February 9 2012FCM Sustainable Communities, Panel February 9 2012
FCM Sustainable Communities, Panel February 9 2012Rick Huijbregts
 

Más contenido relacionado

La actualidad más candente

Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesUbisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...Ubisecure
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesUbisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyUbisecure
 
The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020OpenID Foundation Japan
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldUbisecure
 
Bhadale group of companies bfsi products catalogue
Bhadale group of companies bfsi products catalogueBhadale group of companies bfsi products catalogue
Bhadale group of companies bfsi products catalogueVijayananda Mohire
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificateAshvini Soni
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
E-Signature Webcast for Financial Services Legal Counsel (Slides)
E-Signature Webcast for Financial Services Legal Counsel (Slides)E-Signature Webcast for Financial Services Legal Counsel (Slides)
E-Signature Webcast for Financial Services Legal Counsel (Slides)eSignLive by VASCO
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementMartijn Oostdijk
 
Department of Transportation and Communications of Philippines Selects Guardt...
Department of Transportation and Communications of Philippines Selects Guardt...Department of Transportation and Communications of Philippines Selects Guardt...
Department of Transportation and Communications of Philippines Selects Guardt...flashnewsrelease
 
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...Gerson Rolim
 
Mastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationMastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationScott Leinweber
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
Validity Of E singnature In India
Validity Of E singnature In IndiaValidity Of E singnature In India
Validity Of E singnature In IndiaRohit6699
 

La actualidad más candente (20)

Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with Smartphones
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
 
Spellpoint - Securing Access for Microservices
Spellpoint - Securing Access for MicroservicesSpellpoint - Securing Access for Microservices
Spellpoint - Securing Access for Microservices
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategy
 
The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital World
 
Bhadale group of companies bfsi products catalogue
Bhadale group of companies bfsi products catalogueBhadale group of companies bfsi products catalogue
Bhadale group of companies bfsi products catalogue
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificate
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3
 
E-Signature Webcast for Financial Services Legal Counsel (Slides)
E-Signature Webcast for Financial Services Legal Counsel (Slides)E-Signature Webcast for Financial Services Legal Counsel (Slides)
E-Signature Webcast for Financial Services Legal Counsel (Slides)
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity Management
 
Department of Transportation and Communications of Philippines Selects Guardt...
Department of Transportation and Communications of Philippines Selects Guardt...Department of Transportation and Communications of Philippines Selects Guardt...
Department of Transportation and Communications of Philippines Selects Guardt...
 
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
eID and e-Signature (PKI) in Mercosul - Tools to support eGovernment and eBus...
 
Mastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer PresentationMastercard CMU Capstone Midsummer Presentation
Mastercard CMU Capstone Midsummer Presentation
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014
 
Validity Of E singnature In India
Validity Of E singnature In IndiaValidity Of E singnature In India
Validity Of E singnature In India
 

Similar a Eco [3 c] introduction of national pki-sg-jaejung kim-15_apr10

E To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
E To The Rescue: Opportunity in Mortgage Servicing and Loss MitigationE To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
E To The Rescue: Opportunity in Mortgage Servicing and Loss MitigationCDB Consultancy LLC
 
FCM Sustainable Communities, Panel February 9 2012
FCM Sustainable Communities, Panel February 9 2012FCM Sustainable Communities, Panel February 9 2012
FCM Sustainable Communities, Panel February 9 2012Rick Huijbregts
 
micron technollogy 8-K_041006_results
micron technollogy 8-K_041006_resultsmicron technollogy 8-K_041006_results
micron technollogy 8-K_041006_resultsfinance36
 
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...E-Government Center Moldova
 
Cloud Trend In Us Eno 2010 Feb
Cloud Trend In Us Eno 2010 FebCloud Trend In Us Eno 2010 Feb
Cloud Trend In Us Eno 2010 FebNissho Electronics
 
Darryl.mitchell
Darryl.mitchellDarryl.mitchell
Darryl.mitchellNASAPMC
 
Darryl.mitchell
Darryl.mitchellDarryl.mitchell
Darryl.mitchellNASAPMC
 
01 cisco by p schmid
01 cisco by p schmid01 cisco by p schmid
01 cisco by p schmidpwschmid
 
รายงาน
รายงาน รายงาน
รายงานAY Un
 
รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์
รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์
รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์FUEANG Far
 
昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构
昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构
昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构samanthaleee
 
Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...
Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...
Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...HospitalityLawyer.com
 
Avner allgom IGT-DLD International event
Avner allgom IGT-DLD International eventAvner allgom IGT-DLD International event
Avner allgom IGT-DLD International eventAvner Algom
 
Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...
Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...
Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...DavidPehlke
 
Emulex Corporate Presentation: Company Overview
Emulex Corporate Presentation: Company OverviewEmulex Corporate Presentation: Company Overview
Emulex Corporate Presentation: Company OverviewEmulex Corporation
 
micron technollogy 2006_8-k_disclosure_results_operations_financial_condition
micron technollogy 2006_8-k_disclosure_results_operations_financial_conditionmicron technollogy 2006_8-k_disclosure_results_operations_financial_condition
micron technollogy 2006_8-k_disclosure_results_operations_financial_conditionfinance36
 

Similar a Eco [3 c] introduction of national pki-sg-jaejung kim-15_apr10 (20)

E To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
E To The Rescue: Opportunity in Mortgage Servicing and Loss MitigationE To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
E To The Rescue: Opportunity in Mortgage Servicing and Loss Mitigation
 
FCM Sustainable Communities, Panel February 9 2012
FCM Sustainable Communities, Panel February 9 2012FCM Sustainable Communities, Panel February 9 2012
FCM Sustainable Communities, Panel February 9 2012
 
3 d ic
3 d ic3 d ic
3 d ic
 
micron technollogy 8-K_041006_results
micron technollogy 8-K_041006_resultsmicron technollogy 8-K_041006_results
micron technollogy 8-K_041006_results
 
SoftBank IMS + Femto
SoftBank IMS + FemtoSoftBank IMS + Femto
SoftBank IMS + Femto
 
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...
 
Cloud Trend In Us Eno 2010 Feb
Cloud Trend In Us Eno 2010 FebCloud Trend In Us Eno 2010 Feb
Cloud Trend In Us Eno 2010 Feb
 
Darryl.mitchell
Darryl.mitchellDarryl.mitchell
Darryl.mitchell
 
Darryl.mitchell
Darryl.mitchellDarryl.mitchell
Darryl.mitchell
 
01 cisco by p schmid
01 cisco by p schmid01 cisco by p schmid
01 cisco by p schmid
 
รายงาน
รายงาน รายงาน
รายงาน
 
รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์
รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์
รายงาน เรื่อง ทรัยพ์สินทางปัญญา ม. 5 4 อ. ทรงศัดิ์
 
昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构
昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构
昆腾技术白皮书-利用统一的多层备份设计提供稳固可扩展的备份基础架构
 
Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...
Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...
Hospitality Law Conference 2010 - Information Protection & Privacy: The New H...
 
RFCD 2011: Andrew Crawford: Cluster Development Costa Rica
RFCD 2011: Andrew Crawford: Cluster Development Costa RicaRFCD 2011: Andrew Crawford: Cluster Development Costa Rica
RFCD 2011: Andrew Crawford: Cluster Development Costa Rica
 
Avner allgom IGT-DLD International event
Avner allgom IGT-DLD International eventAvner allgom IGT-DLD International event
Avner allgom IGT-DLD International event
 
Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...
Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...
Skyworks Perspective on 5G and Introduction of the Sky5 Product Line for 5G R...
 
Emulex Corporate Presentation: Company Overview
Emulex Corporate Presentation: Company OverviewEmulex Corporate Presentation: Company Overview
Emulex Corporate Presentation: Company Overview
 
Q1 2009 Earning Report of Sanmina-Sci Corp.
Q1 2009 Earning Report of Sanmina-Sci Corp.Q1 2009 Earning Report of Sanmina-Sci Corp.
Q1 2009 Earning Report of Sanmina-Sci Corp.
 
micron technollogy 2006_8-k_disclosure_results_operations_financial_condition
micron technollogy 2006_8-k_disclosure_results_operations_financial_conditionmicron technollogy 2006_8-k_disclosure_results_operations_financial_condition
micron technollogy 2006_8-k_disclosure_results_operations_financial_condition
 

Más de Hai Nguyen

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthenticationHai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 enHai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationHai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseHai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheetHai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheetHai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationHai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationxHai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 

Más de Hai Nguyen (20)

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Sms based otp
Sms based otpSms based otp
Sms based otp
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 

Eco [3 c] introduction of national pki-sg-jaejung kim-15_apr10

  • 1. 3. PKI Status in Korea
  • 2. Overview (1/3) 5 Accredited CA’s issued accredited certificates to user around 20 million in total Major PKI Applications Internet Banking, Online Stock, Internet Shopping, Procurement, e-Gov Services Shopping mall: Credit card 20.7 (over 300,000 KRW) Nov.,2005 18.7 Cyber trading Mar., 2003 17.2 14.4 Internet banking Sep., 2002 11.0 9.5 E-Bidding dd 7.8 78 Oct., 2000 4.9 1.5 0.3 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009.6 Number of annual issuance of certificates (published by MOPAS, Unit: Million) 38 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 3. Overview (2/3) Statistics on Accredited CA’s i i di d ’ (published by O S) ( bli h d b MOPAS) Accredited CA/ Accredited Main Business No. Characteristics Web site Date Area SG (CA: SignGATE) All industry, 1 2000. 02. 10 Corporation http://www.signgate.com government KOSCOM (CA: SignKorea) Special purpose 2 2000. 02 2000 02. 10 Cyber trading http://www.signkorea.com Corporation KFTC (CA: yessign) Non-commercial 3 2000. 04. 12 Internet banking http://www.yessign.com Organization CrossCert (CA: CrossCert) 4 2001. 11. 24 Corporation - http://gca.crosscert.com State-run KTNET (CA: TradeSign) 5 2002. 03. 11 Corporation with Trading http://www.tradesign.net special mission 39 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 4. Overview (3/3) PKI Model i Korea d l in GPKI NPKI Established in 2001 pursuant to Established in 1999 under Electronic Act E-Government Act Signature Act Ministry MOPAS (Ministry of Public Administration and Security) in Charge Root CA GCMA (http://www.gpki.go.kr) KISA (http://www.rootca.or.kr) Main Public Servants Individual, Company p y Customer Algorithm NEET (not open) SEED, AES Types of Accredited Certificate and Fees Types Entity Certificate Usage Field Fee Individual All electronic transactions ≅ US$ 4/year General Corporation All electronic transactions ≅ US$ 100/year - G2C, Bank, Insurance Free Specific - G2C, Stock, Insurance Free - G4C, Credit Card Free 40 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 5. PKI Scheme Mutual Recognition g N ti National R t CA l Root G Government R t CA t Root (KISA) (GCMA) Certification issuance / Certification issuance / g Management g Management Accredited CA … Accredited CA Accredited CA … Accredited CA Certification issuance / Certification issuance / Management Management … E-Government … E-Government Service Provider Service Provider Subscriber Subscriber 41 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 6. Role of Root CA Accredited CA Root CA International Cooperation Root CA (KISA) Technical T h i l Specification Environment of Usage of Electronic Legal & Policy Signature g Issue www.sgco.kr 42 Copyright 1999-2008@SG Inc. www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved All rights reserved
  • 7. Scope of Benchmarking Subject contents Electronic Signature Act, Decree and Ordinance Law, Policy, Certification Practices St t C tifi ti P ti Statement t Standards Electronic Signature Certification Technology Government PKI National PKI Electronic Signature Promotion Provide User s Convenience User’s User End of Certificate Free Trial Period Adapt HSM (Hardware Security Module) PKI Model Interoperability among Accredited CA’s CA s Accredited A di d Upgrading of PKI technologies CA Division of PKI Markets Cross certification for NPKI and GPKI Root R t CA Addition of Root CA Certificate to MS IE Applications Mandating Accredited Certificate (bank, stock) PKI E-Procurement, Internet Banking, Payment Gateway, G4C etc Applications 43 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 8. Framework of Registration - Ensure the security and reliability of electronic documents Electronic El t i and to promote their use Signature Act - Promoting nationwide informationalization and improving convenience in people's living standard people s Electronic Signature Act, Decree and Ordinance CA Accredited CA’s Accredited CA’s Accredited CA’s accreditation Operation i Protection CPS measure Regulation on Guideline for Regulation on Accredited CPS Accredited CA’s CA s Certification Practice Accredited CA’s Facility and Equipment protective measures Framework Technical Specification 44 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 9. CPS (Certification Practices Statement) Contents Detail - Transmission of Registered Information - Request for Issuance of Certificate Management - Generation of Certificates of - Request for Suspension, Restoration and Revocation of Certificates Certificates - Generation of Certificate Suspension and Revocation List - Public Announcement and Validation of Certificates - Generation of Private Pairs - Protection of Private Pairs Management - Backup of Private Pairs - Revocation of Private Pairs of Key Pairs - Loss, Destruction, Theft or Leakage of Private Keys Other - Provision of Time Stamping - Time Reception and Correction Certification - Storage of Time Stamping Records - Storage of Electronic Documents Services - Backup of Time Stamping Records - Other Supplementary Services - Conformity with Technical Specifications - Scope and Intended Use of Certificates - Conformity to Certification Procedure - Matters concerning Facilities and Equipment g q p - Management of Certification Service Records Others - Management of Certification Service Records through the representative - Management of Audit Records - Management of Registration Authorities g g - Test Run of Certification Practice - Correct Provision of Information and Public Notification 45 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 10. History of NPKI in Korea Year ‘00 ‘01 ‘02 ‘03 ‘04 ‘05 ‘06 ‘07 ‘08 Activity Electronic Signature Promotion Interoperability among Accredited CA’s Provide User s Convenience User’s Cross certification for NPKI and GPKI Mandating Accredited Certificate (bank, stock, E-malls) End of Certificate Free Trial Period Upgrading of PKI technologies Division of PKI Markets Addition of Root CA Certificate to MS IE and other Browsers Adapt HSM (Hardware Security Module) 46 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 11. Interoperability among Accredited CA’s general-purpose CA A certificate User A x Company 1 App 1 CA B User B App 2 Company 2 Accredited CA E-service Provider S/W development p y Company -Subscriber who has an general-purpose accredited certificate can do all kinds of electronic transaction at Internet -To provide t h l i T id technologies th t recognize and process accredited that i d dit d Goals certificates regardless of who issue them -To provide data to policy-makers on how to determine the scope and conditions of each accredited certificate Lesson to The interoperability issue should be considered which learn l arises during early stages of the NPKI construction construction. 47 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 12. Cross-Certification for NPKI and GPKI A PKI B PKI CTL B issuance A Root CA Root CA Hash Certificate Path Hash A_RootCA A_RootCA Cert B_RootCA CA CTL CTL issued by A_RootCA CTL B_RootCA Cert B_CA B CA A_CA B_CA Cert B_User Cert verify generate signature i signature i B_USER B USER A_USER -Two years after establishment of the NPKI in 1999, the GPKI was brought to birth. The two got to have overlapped service areas. Background -To smooth out simultaneous operation of both, realization of cross- certification is vital, which was obtained by means of a simplified CTL (i.e. (i e Certificate Trust List) List). To avoid duplication of resources and confusion in Lesson to policy-making, policy-making services should be provided through a learn single root CA. 48 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 13. Mandatory Use of Accredited Certificates -The mandatory use was intended to protect the banking and trading systems, where security breaches occurred frequently in the process of Background identity verification, against hacking and other attacks and to enhance security b mandating accredited certificates, a tool that verifies i by d i di d ifi l h ifi identification most efficiently. -Accredited certificate in Banking and Stock Trade  ◊ Mandating use of the certificate in banking & online stock trading   * Government consulted with Financial Supervisory Service (FSS) about using the certificate in the financial field   * FSS made it mandatory to use the certificate in internet bank (Sep., 2002) and online stock trading (March, 2003) Progresses -Accredited certificate in Online Shopping ◊ Use credit card with the certificate at internet shopping mall   * FSS announces a new policy that credit cards should be used with the certificate in Online Shopping (July, 2003) * E-malls have to be configured to verify the identity of the cardholder and the payer by September, 2006. Lesson to To boost the certification market, the mandatory use learn of PKI on some industries has been recommended. 49 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 14. Accredited Certificate Fees for Individuals -To promote use of accredited certificates, services were provided free of charge. -Accredited certificates were provided without any charge to relieve the initial burden of customers to secure adjustment period and to customers, period, build up the Internet services. -The deteriorating financial status of CA’s led to efforts to improve Background security and quality of certification services. ◊ Only corporate certificates began to be charged for (Approximately, 100 $ /year).  ◊ It was unable to impose any liabilities on CA’s since they did not generate any profits profits.  ◊ CA’s were unable to make additional investments, for example, in equipment. -Individuals began to pay fees. (June, 2004) ◊ Individual accredited certificate of general purpose: $4/year  Progresses ◊ Individual accredited certificate of limited purpose: Implementation thereof was in the sole discretion of a CA (CA’s were CA. (CA s able to charge only after September, 2004.) Lesson to For CA’s to serve the public with stability in operation an CA s learn d services, free trial periods should not be provided. 50 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 15. Division of PKI Markets Individual CA Characteristics General Specific Purpose Corporation Total Purpose (Bank) non-profit 63% 76% 29% 67% KCFC organization 4$/year Free 100$/year or Free -KESA (Korea Electronic Signature Act) amended to set “borders” between different markets (December, 2005) ◊Th amended KESA d ◊The d d demands tougher requirements f d h i for a government agency or a non-profit organization to get designated as Progresses CA. -Implementation of PKI with divided roles (July, 2006) Implementation  ◊ The KCFC, under the new KESA, is not allowed to issue certificates of general purpose; it can only issue certificates required for banking. Different natures of CA’s may lead to conflicts and Lesson to harm to the market. Thus, it is necessary, in some case, learn to t b t set boundary between certificate markets. d b t tifi t k t 51 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 16. Upgrading of PKI technologies -The term “upgrading (or its verb form “to upgrade”) refers to any effort made to increase system security and compatibility of Background technologies such as renewal of private keys, adjustment of length of private keys application of RFC3280 etc keys, RFC3280, etc. -Renewal of Root CA certificate and Accredited CA Certificates -Upgrading of private-key lengths Upgrading private key Before Feb., 2006 After Feb., 2006 Valid period Key Length Valid period Key Length Root CA 10 years 2048 bit 20 years 2048 bit Major M j Accredited CA 5 years 1024 bit 10 years 2048 bit missions User 1 year 1024 bit 1 year 1024 bit -Application of RFC 3280 Application ◊ International standard changed: RFC 2459 RFC 3280 -Offline operation of Root CA’s directory ◊ The CRL’s of Root CA are posted on directories of six CA’s. Advance of technologies does not always guarantee Lesson to stability of certification technologies. Thus, counter- counter learn measures should be considered in advance. 52 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 17. Addition of Root CA Certificate to MS IE JCSI VeriSign RSA Hongkong Post VISA Thawte Microsoft Korean Root CA • Microsoft Root Certificate Program Members: 58 CA’s (15 accredited CA s) CA s CA’s) -When using services like e-mail and web server with domestic certificates, security warnings popped up, causing confusion among  Problems users. -Foreign CA’s (i.e., VeriSign) recognized by MS Windows got to and monopolize the Korean PKI markets for SSL, code signing certificates. solutions -By mounting certificates of Korean Root CA’s on MS Windows, it has y ou t g ce t cates o o ea oot C s o S W do s, t as become possible to apply their certificates to Windows-based web services including web server, secured e-mail and code signing etc A country should accumulate and retain its own Lesson to technologies related to security and certification to learn enhance its national competitive edge. ★ Inclusion KISA Root CA Certificate in Web Browsers (~'08) Internet Explorer ('06.02), Safari ('07.03), Opera ('08.05), FireFox ('06~) 53 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 18. HSM Token as a secure storage Storage for Certificate Interface between the Token and the Subscriber s Subscriber’s S/W <Subscriber's S/W> <HSM Access Program> <HSM Token> -A hardware protected secure storage with hardware cryptographic accelerator to generate and store private keys Background ① Digital signing and generation of a private key can be done inside the Token ② Private keys can not be exported Token, -If subscriber uses hard disk for certificate storage, some malicious Problems programs can control subscriber’s PC and extract that information. -Developing the technical specifications for HSM Token with certificate ('06~'07.8) Progresses -Carrying out the evaluation for the interoperability of HSM Token ('07.9~) Lesson to In order to enhance subscriber’s personal security learn environment, HSM Token as a secure storage can use. 54 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 19. HSM Evaluation Process Storage media for private key and certificate should be evaluated by Root CA in order to provide the interoperability of personal security environment. Evaluation Criteria • HSM Storage Format Specification for Accredited Certificate Root CA • Accredited Certificate Usage Specification for HSM Request evaluation Give certificate CA Vender Publish Into Lists Certified Product Lists User’s PC EE A S/W User can choose Smar any products PKCS#11 t Card PSE • PSE: Personal Security Environment, HSM: Hardware Security Module 55 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 20. Asia PKI Consortium • Non-profit i fi international collaboration b d i Asia region, specialized f i f i l ll b i body in i i i li d for information security areas i i • Objectives : To realize borderless and seamless e-commerce in a secure and trustworthy way, in Asia regions •F Founded : N d d Nov. 2007 • Member : Korea (KISA), China, Taiwan (As of June, 2008) Composed of all P i i l member C d f ll Principal b Approve resolutions by GA Determine policy, direction, strategy Steering Committee (SC) Composed of all members Elect Ch i l Chairperson and Vice chairperson d i h i General Assembly (GA) Decide to Start and Dismiss WG Task-force based Working Group Secretariat Actual WG Mobile Privacy PKI WG SME WG Other WG WG WG Candidate WG Thoughts should be given to the issue of international Lesson to interoperability. Close cooperation, for example, with learn the Asia PKI Consortium will be helpful. 56 www.sgco.kr Copyright 1999-2009@SG Inc. All rights reserved
  • 21. Mr. Jaejung Kim jjkim@signgate.com T. +82-10-2223-4978 +82 10 2223 4978