PKI in Korea: Preparing for wireless

The present use of digital certificates and signatures is limited, as both the private and public sector still find a combination of paper documents, signature impression and personal encounter as the only valid way to handle authentication.

The Ministry of Information and Communication (MIC) is taking the lead to promote the use of public key infrastructure, or PKI, aimed at creating an environment in which the public can freely exchange information.

After setting up the direction of legislation in 1997, the Digital Signature Act was legally enforced in 1999.

However, the present use of digital certificates and signatures is limited, as both the private and public sector still find a combination of paper documents, signature impression and personal encounter as the only valid way to handle authentication and transactions.

Under strong government support and industry expectations of streamlined procurement and trading process, the number of B2B exchanges have sharply increased this year. But of the total of 170 Internet exchanges in operation in the third quarter, only 24 have actual transaction records.

Internet shopping malls are likely to come under obligation to adopt an electronic signature system soon, while digital certificate is used to authenticate those who want to log onto adult-only Web sites.

Along with binding Internet shopping malls to adopt electronic signature, the government has encouraged Internet banking services, which currently use their own certificates, to switch to certificates issued by government-authorized organizations, namely, Korea Information Certificate Authority, Korea Securities Computer Corp., and Korea Financial Telecommunication & Clearings Institute.

Collectively, measures have been introduced to apply digital certificates to virtual private network (VPN) and emails, and to use wireless PKI solutions to secure safety of wireless Internet services whose demand is increasing at an explosive rate, officials said.
In the mean time, the government is seeking revision of regulations that hinder the use of electronic signature and cooperation of other countries for mutual recognition of each other's electronic signature.

The MIC is responsible for designating CAs and cross-certification with foreign governments whereas KISA operates root CAs and evaluates LCAs (licensed CAs). In July 1999, KCAC (Korea Certification & Authentication Central) was established as a Root CA. Subsequently, four licensed CAs have been designated.

Another interesting initiative is the development of a national wireless PKI technical standard. Korea plans to set up a wireless PKI certification agency to operate a wireless PKI for WAP, digital signature and key distribution.

The range of applications earmarked for wired and wireless PKI to authenticate identification and transaction statement include Internet Banking and Cyber Trading, bidding for public supplies, storing medical records, digital signature on prescription, insurance contract, and Internet stockholder's meetings.

Read more about PKI in Asia.