Enabling Secure
Digital
Authentication
for Electronic
Commerce

Development of National Public Key Infrastructure System

The public key Infrastructure system was created to check identities during electronic commerce and to allow safe use of electronic signatures. A public key contains the issuer, name of the subject, electronic signature validation key, certificate serial number, and expiry date. A digital signature is generated simply by entering a password. Developed by ETRI from 1998 to 2000, the national public key Infrastructure system was commercialized in 2000. Today, more than 30 million Koreans rely on this system for electronic commerce.

01 responsibility

Taking Responsibility
for Secure Electronic Commerce

Advanced IT has allowed the human race to lead more convenient lives than ever. However, this has also been accompanied by privacy infringement issues such as hacking, spreading of viruses, and leakage of intellectual property. In anticipation of such problems, ETRI has concentrated on developing information protection technology since the late 1990s.
With the development of the internet, Korea in the late 1990s saw an increase in internet banking, online stock trading, and other electronic commerce. It was necessary to perform identity checks for non-face-to-face transactions. At that time, some attempted to implement a national public key Infrastructure system based on foreign technology. Even though ETRI was a late starter in this area, it worked on developing a system for Korea using domestic technology from 1998 to 2000.
ETRI eventually succeeded in establishing a national public key Infrastructure system for Korea Financial Telecommunications and Clearings Institute (KFTC) and KOSCOM in accordance with the Digital Signature Act. This system offered higher security than foreign technology, and was optimized for the digital environment in Korea.
The information protection software toolkit was utilized by financial institutes in implementing information protection applications. Through technology transfers of core technologies to 30 information protection companies, ETRI received 690 million won as royalty. The public key Infrastructure system, one of ETRI’s major achievements, is being used by more than 30 million Koreans today.

02 endeavor

Endeavoring to Achieve
Both Stability and Convenience

Developments in mobile communications have led to a heavier use of the mobile environment over the PC environment. Electronic commerce is also moving from PCs to mobile devices. In 2006, ETRI developed a technology that transfers public key Infrastructures stored in PCs to mobile devices, allowing mobile phone users to engage in electronic commerce, such as making online purchases via a wireless connection.
The new system resolved the problem of phones registered under stolen names and other cases of identity theft. It also prevented users from misusing the existing authentication system, in which users receive an authentication code on their mobile phone and enter it into a PC.
At the same time, many people were identified following the activation of the wireless public key Infrastructure system. Digital signatures could not be provided by users of Apple’s Safari and some other web browsers due to the lack of a wireless public key infrastructure system compatible with different mobile operating systems. Most web browsers in smartphones did not support ActiveX and other plug-ins typically used by the public key Infrastructure system. As such, ETRI developed Smart Sign to allow smartphone users to create digital signatures in all web browsers. With the Smart Sign technology, the institute was highly praised for accelerating the development of more secure mobile services, similar to how it contributed to the internet through the public key Infrastructure system.

03 convenience

Replacing Inconvenience
with Convenience

ETRI continued to develop authentication technology to make the existing public key Infrastructure system more convenient for users. With the rapid progress of internet technology, malicious codes and phishing attacks have grown more complex as well.
In 2012, ETRI developed Smart Channel 2, which allows e-government services and financial services to be free from malicious codes and phishing. It is effective against active phishing, and detects threats by comparing GPS, login history, and IP addresses of web browsers.
Public key Infrastructure must be modified and improved constantly to accommodate the changing mobile environment. In addition, some feel that new technology should be developed to address the inconvenience of having to re-issue public key Infrastructures. Determined to provide Secure internet and mobile services in Korea, ETRI is developing a new authentication system that resolves existing problems.The public key Infrastructure system has been widely used throughout Korea. The researchers of ETRI take pride in the fact that many services would not have been possible without their efforts.