[ad_1]
The era of the accredited certificate monopoly, which has existed for about 20 years, is over. When the revised digital signature law was implemented on the 10th, the monopoly status of public certificates disappeared. The era of private authentication began when the public certificate, which had caused annoyance to users, removed the ‘official’ bracelet.
The vacancy of the public certificate is expected to be filled by the evolutionary version of the financial authentication service, the PASS of the three mobile operators, the Naver certificate, the Kakao Pay certificate, the Toss certificate and the NHN Payco certificate through the competition .
What will the national certification market look like in the future? Will the accredited certificate disappear? What is a private authentication service?
I explained it in a question and answer format to facilitate understanding.
Why was the accredited certificate created?
First, you need to explain the accredited certificate. The accredited certificate can be compared to the seal stamp used online. With the development of the Internet, it is necessary to demonstrate that the user is the person himself, since transactions and services are provided online. However, every time I made a transaction, I couldn’t get together to show my ID card and stamp it, so I needed an electronic signature to replace it. In response to this need, it was created in 1999 as a “certified certificate”. The public certificate allows you to verify your identity using your resident registration card and your online signature.
However, the accredited certificate created for such a good purpose won the originality of users. To install an accredited certificate, programs such as ActiveX or executable files must be installed, as well as inconvenient storage, updating, and use on various devices. Therefore, opinions on the exclusive revocation of public certificates began to rise.
Will the public certificate disappear from the 10th?
One of the things that many people misunderstand is knowing that public certificates will disappear due to the implementation of the amendment to the Digital Signature Law. Unfortunately (?) The accredited certificate does not disappear. The “exclusive status” of the credited certificate is deleted.
Existing public certificates are renamed to “joint certificate” after removing the “official” bracelet. So if you want to continue using a public certificate, you can use a joint certificate. However, the previously issued public certificate can be used up to the validity period.
What is a financial certification service?
KFTC, one of the places that issued public certificates, developed and introduced a new certificate last month. It is the “financial authentication service”. It is characterized by improving comfort and security by eliminating the inconvenience of public certificates that have been purchased for the past. The KFTC plans to provide two-way financial authentication services and joint authentication services.
If so, what is a financial certification service and what is the difference to a joint certificate (previously accredited certificate)? Financial certification services can be seen as an evolutionary version of public certificates. Until now, if the procedure to obtain an accredited certificate was complicated and different for each bank, the financial certification service has simplified it.
Financial authentication services are as easy to issue and use as financial technology services. You can get it by entering your name, mobile phone number and date of birth without installing a separate program. To log in or make a transfer from online banking, you can enter a 6-digit password or perform a live verification. The renewal of the certificate is three years, three times that of a public certificate.
Best of all, it’s stored in the cloud, so there’s no need to move or copy it. It is not stored on USB or stored on a single device (media) like an existing certificate. Since the financial authentication service supports multiple devices, such as PCs and mobile devices, it can be used on any device or service that the user wants. The cloud uses KFTC’s private cloud.
Currently, Woori Bank and Daegu Bank have introduced financial authentication services.
Is the financial authentication service secure?
According to the KFTC, a financial certificate is issued after a thorough face-to-face or non-face-to-face bank identification according to the current electronic signature method. Therefore, the KFTC explains that it has obtained the same reliability as the issuance of a public certificate.
Additionally, financial certificates are encrypted and stored in the cloud, and transfer and copy are prohibited to prevent loss and leakage. When using the financial authentication service, perform authentication (2-factor authentication) that confirms two factors via smartphone SMS authentication (possibility-based), password, or biometric input (knowledge-based). or features) and locks the certificate when the password fails 10 times. To prevent illegal use.
In addition, it provides secure authentication services through the management of the institutions that apply the financial authentication service (white list), the fraud prevention system (FDS) and the authentication history service.
What is a private certificate and where can it be used?
In the services of public and financial institutions, you can choose and use various private certificates, such as PASS, Kakao Pay and NHN Payco, which are common to us.
Among the private certificates, the most used is the ‘pass’ of the three mobile communications companies. At the end of November, the cumulative number of passes exceeded 20 million. The 6-digit PIN number and the live certification in the Pass app will be issued within 1 minute.
In addition, there are several types, such as the Naver Certificate, the Kakao Pay Certificate, the Toss Certificate and the NHN Payco Certificate. Certificates created by the financial industry include KB Mobile Certificate from KB Kookmin Bank, NH One Pass from NH Nonghyup Bank and Hana OneQ Mobile Certificate from Hana Bank.
However, to provide a complete authentication service, you must be selected as a designated verification agency by the Korea Communications Commission. If you are designated as an identity verification agency, you can make an identity verification request through the company’s platform instead of by text message. Currently, only three mobile operators (pass) have been designated among the private authentication companies. Naver, Kakao and Tos (Viva Republica) are known to be awaiting the results of the evaluation. If they are designated as the identity verification agency, identity verification is done in one place on KakaoTalk, the Naver app, and the Toss app.
Private authentication services can also be used in the public sector. The government is verifying the safety of private companies through field inspections. Candidates for the private authentication services companies that will be submitted for the year-end liquidation early next year are Kakao, KB Kookmin Bank, NHN Payco, Pass, and Korea Information Certificate. The government is reportedly planning to select a commercial operator within this month. Pilot service begins in January 2021.
<관련기사> goodbye! Certified Certificate … The era of infinite competition for digital signature authentication has begun
Written. Byline Network
<홍하나 기자>[email protected]
