SG, SignGATE, is the first accredited Certification Authority (CA) in South Korea and has issued over 1,000,000 digital certificates and providing PKI-based authentication services for government officials and private sector since 1999.
SG established National PKI in Panama, Philippines and provided PKI consulting in many countries such as Costa Rica, Cameroon, Indonesia, Mongolia, etc.
2. Contents
CEO’s Statement PKI Applications
About SG Internet Banking
History National Tax Service (NTS)
Business Scope and Areas Public Procurement Service (PPS)
Ministry of Health & Welfare
Business Models
Certificated e-Document Authority
Financial Stability Mobile Auth
Organization Map Mobile Key
Advanced E-Procurement
SSL
Device Authentication
SG Solutions SG Abroad Business
Problems of e-Commerce/e-Government Abroad Business Areas
SG KGS Projects
SG CA The Philippines
SG RA Panama
SG PKI Client Vietnam
SG SecuKit Egypt
SG OCSP Cameroon
SG TSA
SG EWS
SG SSO
SG SecuXML
1
3. CEO’s Statement
The first and the best Security service provider!
The most important factors in Internet e-Commerce trade are Safety, Trust, and
Convenience. Korea Information Certificate Authority, Inc., inaugurated as the 1 st
licensed CA which was accredited by Ministry of Information & Commerce in 1999, are
building a platform for e-Commerce activation with Safety, Trust, and Convenience by
providing not only a certificate which is treated as “ Identification card on Internet ” ,
but also e-Commerce infrastructure of certification services on contents trading &
device certificate, SSL certificates, security solutions, etc.
SG, which has core technologies on security area, participated in major e-Government
projects processed on governmental agencies: Ministry of Health & Welfare, Ministry of
National Defense, Ministry of Education & Human Resources Surveillance, Public
Procurement Service, National Tax Service, Korea Customs Service, Postal Service, etc
and takes a big role to maintain the e-Government systems, as well as participated
foreign e-Government projects on Egypt, Vietnam, Philippine, etc. SG is a trustworthy
partner of Korean government and top-level nationwide licensed CA as well.
SG and its employees have all ears to hear any comment of our customer as well as
trying to get ultimate customer-satisfaction with zeal and creativeness. As a
representative licensed CA in Korea , we will not only do our best to meet the goal of
safe Internet e-Commerce for nation people, but also expand our business globally.
Thank you!
Kim, In-sik, CEO & Chairman
2
4. About SG
Korea Information Certificate Authority
+Major Customers
• Government authorities
• Major banks
• Samsung electronics, LG electronics, SK, GS
We provide a safe and clean • LG chemicals, CJ, Hyundai etc.
infrastructure for the Internet. • Telecom companies: KT, SKT, KTF
Feb 2000, Designated by the Korea Government as the
first accredited CA
Oct 2004, Achieved ISMS 04-004
Nov 2007, Designated the First digital
contents transaction CA
Achieved Korea Evaluation and Certification Scheme
by Korea National Intelligence Service (NIS)
3
5. History
2010 03 Supported an e-procurement system and established a CA system under the e-Government Committee in
Costa Rica
10 Established a National PKI in the Philippines
Acquired ISO 270001
08 Established an e-procurement pilot system in Vietnam
03 Conducted a PKI feasibility study in Cameroon
12 Awarded the prize for excellent for internet part of information security by KISA
2009 11 Conducted a PKI feasibility study in Indonesia
08 Completed the establishment of an e-Government project in Panama
05 Took over the certification services and systems of National Information Society Agency
2008 03 Launched the mobile certification service (Mobilkey)
11 Designated as the 1st TCA for online contents transaction
08 Provided F/S consulting services for the electronic procurement project in Mongol
2007 06 Signed a RA agreement for licensed certificates for the Ministry of Health and Welfare
08 Conducted a PKI feasibility study in Egypt
2006 01 Provided the Linux banking solution for the Korea Post and started model services
09 Implemented the online security section and document distribution part for the Internet customs systems
owned by the Korea Customs Service
2005 01 Passed the security test by the National Intelligence Service (EWS, SecuKit (C, Java), SignGATE RA)
12 Developed wireless e-bidding system of Public Procurement Service
2004 10 Granted ISMS (Information Security Management System) certification
2003 12 Awarded a special prize in the second Information Security Award
2002 04 Provided licensed certificate to 'Home tax service' of National Tax Service
11 Provided licensed certification service for electronic petitions for the four major national insurances
(National Pension, National Health Care, Employment, Industrial Accident)
06 Provided licensed certification service for the electronic tax payment system for public organizations
2000 02 Designated as the first national licensed certification authority by the government
1999 07 Established Korea Information Certificate Authority
4
6. Business scope and areas
System Water- Smartcard Applications
Security marking
Certification Wireless Data Biometrics
Service Service Security
PKI Technologies
Services Solutions
Total Solutions
+Services +Solutions +Abroad Business
• Certification service • PKI Solution: CA, RA, KGS • Feasibility Studies powered by KIPA1)
Sender authentication and data encryption - Cameroon for National PKI
• Time Stamping/OCSP
• EWS: Enterprise Web Security - Indonesia for PKI center
• Device Authentication
Corporation security system - Mongolia for e-Procurement
• Digital Contents • SecuKit: based on C, Java, etc. - Egypt for National PKI
Transaction Certification PKI –based certification Libraries • KOICA2) PKI Construction projects
• Certified e-Document • SecuXML: - Panama for e-Government
Authority XML-based data digitally signing/encryption - The Philippines for National PKI
- Vietnam for e-Procurement
KIPA1):Korea SW Industry Promotion Agency
KOICA2):Korea International Cooperation Agency
5
7. Business Models
Model Customers Model Customers
PPS (Public Procurement Service), MND
EDI for medical
e-Procurement (Ministry of National Defense), KEPCO, SKT, KT, DACOM, S1
service
KTF, … etc. (over 20 companies)
Samsung Heavy Industries, Hyundai Heavy e-Warranty ECFC (Electronic Contractors’ Financial
e-Marketplace
Industries, … etc. Service Cooperative), CG (Construction Guarantee)
KDC (Korea Development Cooperation), Internet MIC e-POST, Standard Chartered First Bank,
Digital Contract
Kolon Engineering & Construction, … etc. Banking Korea Exchange Bank, Woori Bank
LG Electronics, Lotte Department Store,
Internet
e-Tax Service Lotte Magnet, Sinshege Department Store, Almost all insurance companies
Insurance
E-mart, Hyundai Department Store, … etc.
Internet Internet
Hansol CSN, InterPark, Auction, … etc. KRA (Korea Racing Agency)
Shopping Lottery
Boyond Networks (SI Company), Local
Online Civil e-Marketplace
Governmental Office (Seo-Cho, Song-Pa, KT Medilinks, En2B
Service for medicine
Gang-Nam Gu…etc.)
Home-Tax NTS (National Tax Service), Pusan province
e-Prescription Ilsan Hospital, KT Medilinks, … etc.
Service office
Korail, KRIHS (Korea Research Institute for
Others
Human Settlements)
6
8. Financial Stability
+Financial Statement
(Unit: USD)
+Shareholders
Total amount of capital 22 Million
Net income 2.3 Million
Year 2007
Sales 16 Million
Net income 2.5 Million
Year 2008
Sales 18 Million
Total USD 22M of Capital
Net income 4 Million
Year 2009
Sales 20.5 Million
+Other Information
Human resources 100 Employees (52 Engineers)
16th FL., Nuritkum Square Business Tower, 1605,
Location
Sangam-dong, Mapo-gu, Seoul, Korea
Others No.1 ranked in corporate certification market
7
9. Organization Map
CEO
Management Planning Division Certification Business Division Security Business Division Technologies Laboratory
Certification Strategic Security Strategic Global
Planning Management New Business Solution
Business Business Business Innovation Business Service Team R&D Team
Team Support Team Team Teram
Team Team Team Team Team
Contact Information - Worldwide
Asia
16th Floor, Nurikum Square Building Mapo-gu Vietnam
Philippines Indonesia
Seoul, Korea
Phone: +82-2-360-3223
E-mail: ice031@signgate.com Mongolia Iran Oman
America & Africa
SG Customer 16th Floor, Nurikum Square Building Mapo-gu
Panama Egypt Cameroon
Satisfaction Seoul, Korea
Service Phone: +82-2-360-3221
E-mail: jhshin@signgate.com Costa Rica 8
10. Security Vulnerability
Problems of internet banking, online transactions, e-Government etc.
- Connection of unspecified persons: no face-to-face contact makes difficult
to identity person
- Easy to change contents and make forgery document on digital document
- Possibility of repudiation of transactions
- Risk of breach about transactions and personal information
They cause to be weakened against cyber crimes and fakes
Thus, information and data protection with PKI Solutions is needed.
9
11. Digital Certificates for Internet Banking
Korea Internet Banking
When users try to log on or online transfer on Internet banking, digital certificates
are used for user identification and digitally signing
Number of daily domestic Internet banking transactions: about 28,000,000 (Jan. ’10)
Amount of daily money transferring: approx. 26,483,830,059 (USD)
Comparison of internet banking users among major countries
(Unit: 10,000)
Country Number of e-Banking users Population Using rate of e-Banking as a
percentage of population
China 14,818 134,580 11.0%
U.S.A 5,700 30,888 18.5%
England 2,150 6,138 35.0%
Korea 5.921 5,006 118.3%
World 37,000 680,895 5.4%
10
12. SG PKI Toolkit on Internet Banking
Woori Bank http://www.woribank.com
11
13. SG PKI Toolkit on Internet Banking
Korea Post Bank http://www.epostbank.go.kr
12
14. Benefits and Effects
SG PKI for Internet Banking
SG established a convenient and secure Internet banking environment by signing Registration
Authority (RA) contracts with Korea Post offices and by providing security toolkits since 2000.
By using digital certificates which are more secure than ID/Password-based login, the amount
of customer deposits has been increased drastically and Banks are able to earn benefits from
online services such as “online deposit”.
Total amount of Korea Post’s deposits reached 44,965,000,000 USD (Apr 2010)
Internet-only deposit service of Korea Post released (Oct 2009)
Korean major banks such as Korea Exchange Bank (‘06), Woori Bank (‘06), Hana Bank(‘05),
Standard Chartered Bank (‘04) signed RA contract with SG and uses SG security toolkits for
their enhanced online security.
13
15. National Tax Service
Home Tax Service (HTS)
Korea National Tax Service has been providing HTS which is able to conduct tax
payment at home not visiting a tax office.
Since 2002, SG has been providing SecuTAX which is able to submit documents
related to e-tax bill to National Tax Service in a secured online way and issuing digital
certificates for tax payers.
Number of HTS online users hit 11,000,000 in 7 years.
The most of taxes such as corporate tax (96%), general income tax (81%), VAT (75%) are
being paid through HTS in Korea.
By improving user convenience such as Web Accessibility , using rate of HTS is higher
than U.S. (57%) and England (33%).
14
16. SG PKI Toolkit on HTS
Home Tax Service http://www.hometax.go.kr (Korean)
Diverse user environments
MS Windows & IE
MAC OS X, Safari
Linux & Firefox
Consistent Web section
certificate encryption
selection UI (by EWS) 15
17. Korea e-Procurement
Korea ON-line E-Procurement System (KONEPS)
KONEPS
SG e-Bidding Server
With security add-on
for
Web Application Server
Evaluation Identity Keeping Non-repudiation
of online authentication deadline of bidding
document for by
integrity bidding applicant time stamping
Korean On-line e-Procurement System (KONEPS)
On- e- Expected effects (Korea study case)
World’s one of biggest market places 92% of bidding in public organizations (20 billion US$)
(Handling volume: 36 billion US$/year) Cut expenses 4.5 billion US$/year (Over 90% from private
30,000 organizations & 110,000 corporations sector)
60,000 document transaction and 80,000 people web site visit Additional task except e-Bidding, handled on web site or
shopping mall in digital way (online)
Guarantee both legal protection and stable technology using
licensed certificate infrastructure
16
18. KONEPS
SG SecuXML in KONEPS
SG has been issuing digital certificates for KONEPS users since 2000.
SG PKI system and SecuXML which provides digital signature functions and prevents
document altering and forgery are able to conduct user identification and guarantee enhanced
security.
KONEPS (including SG solutions) has been exported and introduced in other countries such as
Vietnam, Costa Rica.
<Structure map of SecuXML> 17
19. Ministry of Health and Welfare (MHW)
Charges for health insurance able to search via Online
SG has been providing digital certificates.
After logging on with a digital certificate, it’s able to view charges for medical on
the online service hosted by Ministry of Health and Welfare.
Service targets: 81,901 hospitals and clinics, 13,452 long-term nursing houses (as of 2009)
Able to request health insurance evaluation after logging on with a digital certificate
on the MHW website (since Jan 2008)
Able to calculate accurate statistics for medical items and rates via references and
documents submitted by the online service
EX) Prescription rate of antibiotics, etc.
It’s expected to reduce time and cost during an evaluation request and improve user
convenience.
18
21. PKI Applications
Certificated Electronic Document Repository
Methods of authentication and encryption Expected effects
Issues on data management due to B2B connection between Cost reduction of human resources/ equipment related to
contracting companies and the contractors storage
Issues on data management during the consulting or execution Safe and reliable data storage
of informatization for contracting companies Easy browsing and management of stored data
Provides premium services through transfer to the certified
repository
Implements services specialized for each site in addition to the
basic functions of the certified electronic document repository
20
22. PKI Applications
Copyright Certification Service
Copyright Certification Process License Certification Process
Copyright 3 Copyright
Certification Certification
Korea
Authority Authority
Copyright
3 Commission 2
4 5 4
1
Korea 1
Copyright
Commission
2 Copyright
Owner
Copyright Content
Provider
Owner
1 Occurrence and Registration of Copyright Occurrence of License Transaction &
1
Registration of License Agreement
2 Issue of Copyright Registration
2 Request about License Certificate Issue
Request about Copyright Certificate Issue
3
(with Attachment of Copyright Registration)
Verification Process about License Ownership
3
Verification Process about Copyright Ownership (Interoperability of the two authorities)
4
(Interoperability of the two authorities)
4 Issue of License Certificate
Issue of Copyright Certificate
5 (with Digital Signature Process)
(with Digital Signature Process)
Expected effects
Able to extend PKI technology to copyright industry
Contribution to activating copyright industry by integrated management of copyright information
World-first realization of copyright certification technology and accumulating Know-how
21
23. PKI Applications
Mobile auth
Stored certificates into mobile phone are handy and safe preventing against memory
hacking
Authentication and Sections to be encrypted
3. Sign for checking payment
using the saved certificate Certification service via mobile phone where user’s certificate is
in mobile phone stored
2. Send a payment Able to use in 3 mobile service providers’ environments (SK, KTF,
request message will LG)
be signed
Methods of authentication and encryption
User mobile 4. Send a signed Server
payment check message Sending encrypted or signed data by performing computing
operations inside mobile phone
Service VM is installed in mobile phones in order to use
1. Decide to buy the item you selected certificates
Storing certificates into a mobile phone to prevent memory
hacking
CP Web page Expected effects
User have control to save and sign anywhere, anytime
Expand the PSE to mobile phone
5. Process the payment for
user response
22
24. PKI Applications
Mobile Key
Stored certificates into mobile phone are handy and safe preventing against memory
hacking
Store
mobile key
Into SMS
mobile phone
Internet
Wireless
가입자 PC
User PO
He has his certificate
User’s
mobile phone
Mobile
이동 통신사 SMS
service
Store
Mobile Key
provider
into PC
Like special, local and saving banks,
Anywhere PC public authorities, credit card
Use companies, etc.
certificate Internet
Certification
Service
Methods of authentication and encryption Expected effects
Blinding by rearranging a private key to be transferred to Enhance security level by applying diverse algorithms
mobile phone, PKI-based encryption and digitally signing Applicable to all services that require certificates
Distribution to storing in an intermediary server to prevent loss All kinds of mobile phones are possible to use
of storage media
Prevent against loss of mobile phones
Storing certificates into a mobile phone via only callback
messages (without additional VM installation)
23
25. PKI Applications
Secure Server
SSL/TLS
1. Visit secure web site (https://...) and
request secure session to web server
2. Respond secure session from web server Issue a secure
installed SSL certificate server certificate
SSL session
3. SSL session establishment
Web Browser Web Server SG
Secure Toolkit
Client Server
Toolkit Secure Channel Toolkit
Personal information protection
Secure Server
PC
24
26. PKI Applications
Advanced E-Procurement
In order to prevent illegal bidding using lent certificates, only registered substitutes are
allowed to join by using their certificates stored in BIO HSMs
Certification and Sections to be encrypted
Smart BIO
MCU Using Suppliers’ and Buyers’ certificates stored in Bio HSMs
card sensor
Promoting mandatory use of BIO HSM on joining in wireless
environment such as PDA and mobile phone
l USB2.0 l Mobile Phone
l Storing Bio-info User registration, system log-in, and submitting and opening
(24 pin) application documents
l Private key and cert. lBio-info scan
l Personal distinguishing info Methods of authentication and encryption
PKCS#11 API as interface of PKI applications and BIO HSM
Application BIO HSM API to manage HSMs
E-Bidding Certificate Bio-secure token
Application Mgmt. Program Mgmt. Program Expected effects
Certificate owners can create their digital signatures via
verifying fingerprint information stored in BIO HSM and
prevent problems caused by lent or lost certificates
BIO HSM BIO HSM BIO HSM offers dedicated hardware-based key management
PKCS#11 API to protect personal certificate from attack
API mgmt. API
All digital signing operations are performed within the BIO
HSM to increase performance and maintain security
BIO HSM Program 25
25
27. PKI Applications
Device Authentication
Device Authentication guarantees secure communications and device authenticity by using
device certificates when communication with diverse networking devices
Sections to be encrypted
Devices accessible via network
Interconnect devices
Methods of authentication and encryption
Authentication based on device identity information such as
MAC and serial number
Device certificates to confirm that a device has passed
authentication tests and approved
Key management and encryption such as Diffie-Hellman key
exchange , digital signature and encryption (for integrity of data
transferred)
Expected effects
Enhance security of device-based services and improve
reliabilities
Ensured services via device identity and authentication
Raise reliability of services via certification services
Integrity of a diverse of transferred information and encryption
RFID URC Cable Set Top CCTV CMLA Able to extend certification services of diverse devices
Robot Modem 26
26
28. SG Solutions
SG KGS
SG KGS(Key Generation System) is to generate a digital signature creation key
which will be used on CA and RA and allowed by only 3 or more authorized
administrators.
| Functions |
v Generate a digital signature creation key that over 1,024 bit of RSA security is applied to
v Able to be independently operated, not connected with internal/external information networks
v Encrypt a digital signature creation key and keep the key at a creation key storage medium
v Delete a digital signature creation key promptly after generating and storing the creation key
v Guarantee the integrity of the digital signature creation key in a creation key storage medium
v Generate a digital signature creation key by 3 or more authorized staff
v Keep details on fact, time, behavior, etc. as audit logs
| Features |
v Verified solution operated by Accredited CA in Korea
v Linkable with HSMs like lunaCA and nCipher
v Able to create K of N via Secret Sharing method
v Provides administrator authentication by using smart cards
27
29. SG Solutions
SG CA
Certificate Issuance and Management System (SG CA) issues a digital certificate
upon subscriber’s request after RA identifies and registers the subscriber. Also
the system provides search service when a subscriber verifies a certificate by
periodically updating a directory server.
| Functions |
v Manage certificate policy, CRL policy, directory policy which are important information as the basis of
PKI center operations by Database
v Provide policy settings of certificate and CRL profiles
v Implement certificate management works by administrator such as certificate issuance, re-issuance,
revocation, suspension, recovery for subscribers registered
v Manage subscriber registration/certificates/information
| Features |
v Complied with PKI international standards (PKCS, IETF) : national and international technical standards
v Supports to link HSM like Luna CA and nCipher, and PKCS#11
v Supports administrator authentication using smart cards
v Able to real-time distribute CRL via DP (distribution point)
v Provides programs only for CA administrators and RA administrators
28
30. SG Solutions
SG RA
SG RA, a system to register user information to a CA (Certificate Authority) in
order to issue certificates which are necessarily used in a PKI-security
environment, is able to manage user certificates more efficiently by complying
with RFC 2510 and 2511.
| Functions |
v Encryption of user information by using symmetric or public key algorithm
v Create digital signature of specific data and verifying the signature value
v User certificate suspension/recovery/revocation
v User registration/information modification/re-registration/deletion
v BRA administrator registration/modification/deletion/search
v Register user registration status (daily/weekly/monthly/yearly)
| Features |
v As a single server, linkable with other CAs
v Passed NIS security tests and verified by Korean government authorities
v Complied with international certificate processing standards (RFC2510/2511)
v Provides high-stability and reliability
v RDBMS support : ORACLE, IBM DB2, INFORMIX
29
31. SG Solutions
SG PKI Client
SG PKI Client means subscriber software installed on a subscriber’s PC,
implements electronic signature key management, certificate management,
identification using distinguishable numbers, digital signature creation/validation,
certificate verification, PKI Client configuration.
| Functions |
v Digital signature key management to generate a digital signature creation key and store into a storage
medium
v Certificate management includes a certificate management protocol, certificate storage, certificate
delivery
v Digital signature and certificate validation, user software configuration
v Identification via user’s certificate
v Complied with International standards: PKCS7(signed-data, enveloped-data), CMS (Cryptographic
Message Syntax)
v Diverse storage media: Floppy, HDD, smartcard, USB, HSM etc.
| Features |
v Accredited CA product by passing KISA (Korea Information Security Authority) actual tests
v Provides convenient and handy user interface and certificate mgmt. functions
v Provides integrated APIs to apply PKI to systems
v Complied with international PKI standards (IETF-PKIX, RSA-PKCS)
v Provides certificate-based strong access certification
30
32. SG Solutions
SG SecuKit
SG SecuKit which consists of server and client toolkits, provides developers with
APIs to easily use digital signature and encryption technology regardless of
specialized knowledge of PKI
| Functions |
v Public key-based digital signature, encryption/decryption
v Complied with international standards (PKCS)
v Support national and international algorithms of public key, symmetric key and message digest
v Active-typed client toolkit
v Complied with technical standards of accredited certification and digital signature management
schemes
v Create XML SOAP messages
v Enable XML documents by applying XML encryption and XML Signature Spec
| Features |
v Supports a diverse of development environments such as Plug-In, ActiveX , Java, Windows , Unix and
Linux
v Supports multiple development languages such as Unix-C, .NET, ASP, PHP, JAVA, etc.
v Easy to install modules, easy to apply to application programs by calling APIs
31
33. SG Solutions
SG OCSP
SG OCSP is a system to verify the validity of certificate in real-time via an OCSP
server. SG OCSP conducts real-time certificate status service, interlocking CA
database.
When a problem occurs on the database, an operator verifies a respective
certificate by using a CRL published on a Directory Server.
| Functions |
v Provide rapid and reliable services relating to verification of the validity of user certificates
v Able to process multiple requests and to efficiently use resources as it is Multithread-based
v Logging service for various-level OCSP messages.
v Notify operators of the fact that an error occurred in a server via SMS
v Able to send error information of OCSP server to operators per every hour
| Features |
v Applied by RFC 2560 in order to implement the management procedure for status inquiry messages
v Applied by RFC 3280 in order for certificate verification
v Diverse types of OCSP clients (jar, dll, so) that are based on Web Application development
v TCP Socket daemons C/S based for OCSP message transactions
32
34. SG Solutions
SG TSA
SG TSA is a system to issue electronically signed tokens by using reliable time
information in order to prove the fact that a document or data has been not
altered since a specific time. It can be applied to time-based applications such as
e-Bidding, e-Contract and others.
| Functions |
v Issue time-stamping tokens and confirm forgery and altering
v Provide reliable time resources like GPS and support time modification
v Able to process multiple requests and to efficiently use resources as it is Multithread-based
v Able to search the details of time-stamping service, errors and management logs created by
administrators
v Notify operators of the fact that an error occurred in a TSA server via SMS
v Able to send error information of TSP server to operators per every hour
| Features |
v Applied by draft-ietf-pkix-time-stamp in order for requesting or issuing time-stamping tokens
v Applied by RFC 3161 in order to prevent forgery or altering
v Diverse types of TSP clients (jar, dll, so) that are based on Web Application development
v TCP Socket daemons C/S based for TSA message transactions
33
35. SG Solutions
SG EWS
SG EWS(Enterprise Web Security) is a solution to automatically encrypt/decrypt
transferring data between web browsers and application server. Without any
changes of applications, SG EWS provides security functions thru simple settings,
doesn’t cause application’s speed down by applying important data selectively.
| Functions |
v Change management of server environment settings by using XML
v Security functions are provided without any change s of application sources
v Transaction management depending work priorities or characteristics
v Transferring diverse encrypted and plain texts according to security standards
v Encrypting and digitally signing of uploaded or downloaded files
v End-to-End encryption, digital signature and non-repudiation of sending/receiving histories
v Prevention to view sources due to source encryption
| Features |
v Supports Java Cryptography Architecture standards
v Supports JSP1.3 and Servlet 2.3 Specifications
v Supports national and international PKI standards and algorithms
v Automatic client installation
34
36. SG Solutions
SG SSO (Single Sign-On)
By constructing an integrated certification/authority management system, It
enables manage servers’ accounts and get system security and efficiency. It
manages accounts and access lists of an existing application system and newly
introduced application system so that it is able to apply the equal access control
policy according to user authorities, group and security grades.
| Functions |
v Designed for a Java-based integrated certification/authority management server, provide system
security and extensity.
v Support a hierarchical model which is able to apply to complicated systems in a secure way
v Provide diverse authentication mechanisms according to target’s security grades
| Features |
v Able to conduct quick response against failures due to distribution-based design
v Improved efficiency through SSO server caches
v Support diverse operation environments and easy management interface
v Flexible scalability
v Statistics and monitoring
v Single log-on
v Access control settings according to user characteristics and positions
35
37. SG Solutions
SG SecuXML
SG SecuXML is the strongest security product, based on XML (Extensible Markup-
Language), used for data transfer between corporations, e-Procurement, e-
Commerce and guarantees the best performance and security in XML security.
| Functions |
v Digitally sign a whole or part of XML documents
v Digitally sign normal documents (binary data)
v Multiply sign XML documents or binary-data documents
v Support diverse key management methods
v Provide diverse encryption types (Element, Element Content, Binary)
| Features |
v Complied with international standards
1) W3C XML Signature Syntax and Processing,
2) W3C XML Encryption Syntax and Processing
v Support international and domestic digital signature and encryption algorithms
v High-level scalability, flexibility and compatibility
v Convenient APIs able to apply to diverse environments
v Cross-certification with certificates issued from other CAs in Korea
36
38. SG Abroad Business
Abroad Business Areas
Asia PKI Consortium
► Leading experience on
Asia PKI Business WG
Business Cooperation
► Taiwan CA & NII
► China Infosec
► HongKong Post
NPKI Certification Scheme
► HTT, Cameroon
Consultation &
Establishment
► Panama
► The Philippines
► Cameroon
► Egypt
► Vietnam
► Mongolia
► Costa Rica
37
39. SG Abroad Business
Abroad National PKI Establishment and Consulting Projects
Nation Project Name Cooperation Authorities Remark
SIG (Presidential Secretariat for Governmental
Innovation Project for e- Established the PKI system
Panama Innovation)
Government and e-Learning 2007.8 ~ 2008.07
MICI (Ministry of Commerce and Industry)
CICT (Commission on Information and
Communications Technology)
National PKI Establishment for the Established the PKI system
Philippines NCC (National Statistics Office, Policies, Research &
Philippines 2008.07 ~ Present
Standards Office)
DTI (Department of Trade and Industry)
Establishment technology and
ITIDA (Information Technology Industry Performed PKI Feasibility
Egypt operation system for Egypt PKI
Development Agency) Study 2006.05 ~ 2006.08
system
Establishment of an e- Established CA system
Vietnam procurement pilot system in MPI (Ministry of Planning and Investment) under MPI
Vietnam 2009.09 ~ Present
Feasibility Study Consulting for Conducted the feasibility
MINPOSTEL (Ministry of Posts and Communications)
Cameroon Establishing a National PKI of study research
Cameroon HTT (High Tech Telesoft)
2009.05 ~ 2009.07
38
40. SG Abroad Business
The Philippines
v The Title of the project: “National PKI Establishment for the Philippines”
v Government Body: E-commerce Act
§ CICT (Commission on Information and Communications Technology)/NCC (National Statistics Office,
Policies, Research & Standards Office)
§ DTI (Department of Trade and Industry)
v Current Status
§ December 2, 2005 : KIPA (Korea IT industry Promotion Agency) entered into an MOU with NCC/CICT
for Feasibility Study project
§ March 30, 2006 ~ July 10, 2006 : SG executed the F/S for NPKI establishment with CICT/NCC.
§ September 2007: KOICA ISP study team performed local research for PKI project.
§ July 2008 ~ Present: SG built the PKI system in the Philippines and carried out master plan
establishment.
DTI CICT Advisory
(Accreditation Unit) (Auditing Unit) Committee
(Providing
Cooperation Technical
Advices)
NCC
(Root CA Unit)
ACA1 ACA2 ACA3
39
41. SG Abroad Business
Panama
v The Title of the project: “Innovation Project for e-Government and e-Learning”
v Government Body: E-signature Act
§ SIG (Presidential Secretariat for Governmental Innovation)
§ MICI (Ministry of Commerce and Industry)
v Current Status
§ September 2007
contracted with KOICA to build PKI system in Panama.
§ October 15, 2007 ~ December 10, 2007
executed the PKI consulting for NPKI establishment with MICI/SIG.
§ August 2007 ~ July 2008
built the PKI center and developed pilot application PKI-related.
MICI
(Auditing Unit/
Accreditation Unit)
Advisory
Committee
(Root CA Unit)
SIG ACA2 ACA3
(Government CA)
40
42. SG Abroad Business
Vietnam
v The Title of the project: “Investment in building the evaluation center for secrecy and
information security products”
v Government Body: E-transaction Act
§ VGISC (Government Information Security Commission)
v Current Status
§ June, 2006: VGISC and KIPA signed LOI to do consulting for Vietnam Feasibility Study
§ August 1, 2006 ~ October 20, 2006 : SG is performing PKI Feasibility Study for about 3 months in
cooperation with VGISC.
§ October 2007: Korea Eximbank visited VGISC for MOD.
§ October 2009: established a electronic procurement pilot system for the Vietnam government
Cooperation MPT Advisory
VGISC Root CA
(Evaluation Unit) (Accreditation
Committee
(specialists)
Unit)
ACA1 ACA2 ACA3
41
43. SG Abroad Business
Egypt
v The Title of the project: “Establishment technology and operation system for Egypt PKI system”
v Government Body: E-signature Act
§ ITIDA (Information Technology Industry Development Agency)
v Current Status
§ March 14, 2006: ITIDA and KIPA signed MOU to do consulting for Egypt PKI Feasibility Study
§ May 4, 2006 ~ August 10, 2006 : SG has performed PKI Feasibility Study for about 3 months in
cooperation with ITIDA.
42
44. SG Abroad Business
Cameroon
v The Title of the project: “Feasibility Study Consulting for Establishing a National PKI of
Cameroon”
v Government Body: Cyber Security and Cyber Criminality Act
§ MINPOSTEL(Ministry of Posts and Communications)
§ HTT (High Tech Telesoft)
v Current Status
§ September, 2008: Signed Strategic Partnership Agreement with MPT
§ May ~ July, 2009: Conducted the feasibility study research
MINPOSTEL
(Auditing Unit)
Advisory
MINPOSTEL Committee
(Root CA) (specialists)
HTT
(Accredited CA)
43
45. Thank you for your paying attention.
We’re always ready to listen to your voice.
keyguard@signgate.com
Young-joo Ko
youngyj3@yahoo.com
Team Manager /
T. +82-2-360-3215
Global Business Team
M.+82-10-4729-7086
44