Abolition of Public Certificates: The Age of Private Certificates Led by the ‘Court of Chun Song-i’ … Is There a Problem?

The public certificate, which caused problems with various plugins and ActiveX installations, disappeared after 21 years.

As the public certificate was abolished due to the implementation of the amendment to the Electronic Signature Law on the 10th, a “private certificate” is used for the year-end settlement of workers and the issuance of a resident registration certificate. in addition to Internet banking. How will the authentication method change for online transactions in the future? Is there a problem?

The deletion of the credited certificate is unlikely to cause significant changes to the online transaction method immediately.

This is because it means that the existing system was not completely abolished, only the ‘official’ label was removed, and now you are in a situation where users have to choose between it, just like certificates private.

However, since there is a high possibility that suitable certificates will continue to appear in the future, it is very likely that the existing certificate system that has gone through complicated procedures will disappear with the passage of time.

The private certifications that currently dominate the industry are the Kakao Pay and Pass (PASS) certification from three telecommunications companies.

First of all, the Kakao Pay certification launched in June 2017 is being used by more than 20 million people as of this month.

It is a service that Kakao Pay generates as an electronic document when a customer signs a message delivered to Kakao Talk and provides it to the user organization.

It has the advantage of being easy to access because it uses KakaoTalk, a ‘national messenger’. There are more than 200 user agencies that certify Kakao Pay, such as the Korea Transportation Security Authority and the National Pension Service.

The cumulative number of pass certificates issued by the three telecommunications companies in April last year also exceeded 20 million. The pass can be issued in 1 minute by performing biometric authentication such as a 6-digit PIN number or a fingerprint. Currently, more than 100 institutions, including NH Nonghyup Bank, are using it as a simple authentication method.

In the case of Naver, which entered the market in March, although it is a newcomer, it started an aggressive business expansion using the ‘competitiveness of the portal’. Currently, the cumulative number of Naver certificates is 2 million and there are 47 affiliated organizations.

With this change, the private certificate will be used for the year-end settlement of workers early next year.

Currently, the government is verifying the safety of private companies through field inspections. The five candidates that private companies can use for the year-end settlement are Kakao, KB Kookmin Bank, NHN Payco, Pass, and Korea Information Certification.

Compared to existing public certificates, private certificates armed with new technologies are evaluated as superior in terms of technical security and ease of use.

However, when looking overseas, there were quite a few cases where there was controversy over certificate security technology.

Last year, Google’s ‘Pixel 4’ launched with facial recognition when users closed their eyes, raising concerns about security.

The Galaxy S10 and Galaxy Note 10, which were previously released by Samsung Electronics, also had the problem that the security was broken with the fingerprints of others while using the silicone case.

In the past banking case, HSBC Bank introduced biometric authentication, emphasizing the security of voice recognition services. However, this authentication method was controversial because it could not distinguish the voices of twins with similar voices.

At the time, BBC reporter Dan Simmons used his twin brother’s voice to film a video where mobile banking authentication was launched.

In addition to these security blind spots, there is also the problem that companies can take advantage of their users.

In May, PASS received corrective action from the Korea Communications Commission.

This is because the app was recently found to induce subscription without properly notifying customers of additional paid services such as health, real estate and stock information, which are up to 22 in the app.

For this reason, some voices say that monitoring should be strengthened to see if there is an increase in additional paid services that attract users to the screen such as online payment, security and personal authentication.

To prevent this situation, the government introduced the ‘System of Evaluation and Business Recognition of Electronic Signature Certification’, which assesses the stability and operation of private certificates.

Consequently, the evaluation agency selected by the Minister of Science and ICT will evaluate whether or not the operator complies with the operational standards.

Additionally, only companies that have prepared security features, such as counterfeit prevention measures, data protection facilities and measures, and fair operating methods, can issue private certificates.

In this regard, an IT critic Insu Han said: “Because we are going to monitor whether technical standards, minimum security technologies, institutional devices and business procedures are operated systematically, I believe that only companies that comply should issue certificates “. Said on YTN Radio Live Economy.

He emphasized that “standards and management and supervision systems are operated with the minimum standard, but it will also be necessary to incentivize parties such as incentives so that they can further develop the technology.”

The background for this change was the popular SBS drama ‘My Love from the Star’, which aired in 2013-2014.

Due to the influence of the Korean Wave, this drama was exported to other countries and gained great popularity.

At that time, fans from all over the world, including China, flocked to the national mall to see the so-called ‘Cheon Song-i coat’ that actor Ji-hyun Ji-hyun was wearing, but it was blocked by the certificate wall. official.

As a result of this, public opinion in favor of the abolition of accredited certificates began in Korea and the financial authorities repealed the regulation of ‘misuse’ of accredited certificates in March 2015 as a first step.

Simpler authentication systems for private companies like Kakao Pay and PASS also appeared one after another.

So this time, the ‘official’ rating from the public certificate has also disappeared.

The accredited certificate was first introduced in 1999, when the Internet was initially used, for self-authentication of websites of financial and government institutions. It was a means of increasing the security of electronic signatures on the Internet, such as certificates of seal in paper transactions.

However, it has been criticized by users because the issuance process is complicated, such as having to accompany several add-ons and ActiveX, it is difficult to be compatible between PC and smartphone, and it is inconvenient to use as storing and updating the security certificate.