SEOUL, Jan. 24 (Korea Bizwire) — The Ministry of Science and ICT announced on January 24 that before the end of the year it would downgrade the importance of the public key certificate, a widely used personal identification tool in South Korea, by essentially removing the word “public” and turning it into a security system equal to any other privately operated counterpart.
By removing the public key certificate’s long-held dominance on user security pertaining to financial and civic affairs, the government will open up the market to alternatives provided by the private sector in the form of blockchain-supported systems and biometrics.
First introduced in 1999, public key certificates were developed to serve as digital signatures on contracts, but was quickly adopted by the finance industry and public organizations as a form of digital ID.
Despite guaranteeing a high measure of security, public key certificates are vulnerable to hacking as they must be saved in file format either on a computer, hard drive or smartphone. In addition, to input one’s public key certificate on a website requires the installation of ActiveX or various plug-in programs, a cumbersome process for internet users.
Many privately-run security systems avoid relying on ActiveX and instead are considered “no plug-in”. According to the Financial Supervisory Service, the number of financial firms offering no plug-in systems has increased from 2016 to 2017, with KEB Hana Bank, KB Kookmin Bank and Busan Bank only a few banking institutions offering a variety of different ways for users to access their online services.
The use of blockchain has in particular proliferated throughout the financial industry. Since last October, 11 firms have been testing personal identification systems relying on blockchain infrastructure.
Other firms have opted for biometrics. Samsung Pay and LG Pay, two digital payment services, utilize fingerprint readers for user identification, and adoption of the technology is slowly being witnessed across traditional financial service firms.
Meanwhile, the government’s decision to lower the public key certificate’s standing is expected to place greater pressure on private companies with regards to user identification and security. Previously, certain security issues could be blamed on either the customer or the government (for losing or misplacing a government-mandated security tool), but the responsibility may shift somewhat to companies’ shoulders as the burden of providing a trustworthy system will fall to them.