Your SlideShare is downloading. ×
SG(Signgate) PKI Abroad Business
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

SG(Signgate) PKI Abroad Business

2,894
views

Published on

SG, SignGATE, is the first accredited Certification Authority (CA) in South Korea and has issued over 1,000,000 digital certificates and providing PKI-based authentication services for government …

SG, SignGATE, is the first accredited Certification Authority (CA) in South Korea and has issued over 1,000,000 digital certificates and providing PKI-based authentication services for government officials and private sector since 1999.
SG established National PKI in Panama, Philippines and provided PKI consulting in many countries such as Costa Rica, Cameroon, Indonesia, Mongolia, etc.

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,894
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
81
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SG Solutions & Services Global Business Team
  • 2. Contents CEO’s Statement PKI Applications About SG Internet Banking History National Tax Service (NTS) Business Scope and Areas Public Procurement Service (PPS) Ministry of Health & Welfare Business Models Certificated e-Document Authority Financial Stability Mobile Auth Organization Map Mobile Key Advanced E-Procurement SSL Device Authentication SG Solutions SG Abroad Business Problems of e-Commerce/e-Government Abroad Business Areas SG KGS Projects SG CA The Philippines SG RA Panama SG PKI Client Vietnam SG SecuKit Egypt SG OCSP Cameroon SG TSA SG EWS SG SSO SG SecuXML 1
  • 3. CEO’s Statement The first and the best Security service provider! The most important factors in Internet e-Commerce trade are Safety, Trust, and Convenience. Korea Information Certificate Authority, Inc., inaugurated as the 1 st licensed CA which was accredited by Ministry of Information & Commerce in 1999, are building a platform for e-Commerce activation with Safety, Trust, and Convenience by providing not only a certificate which is treated as “ Identification card on Internet ” , but also e-Commerce infrastructure of certification services on contents trading & device certificate, SSL certificates, security solutions, etc. SG, which has core technologies on security area, participated in major e-Government projects processed on governmental agencies: Ministry of Health & Welfare, Ministry of National Defense, Ministry of Education & Human Resources Surveillance, Public Procurement Service, National Tax Service, Korea Customs Service, Postal Service, etc and takes a big role to maintain the e-Government systems, as well as participated foreign e-Government projects on Egypt, Vietnam, Philippine, etc. SG is a trustworthy partner of Korean government and top-level nationwide licensed CA as well. SG and its employees have all ears to hear any comment of our customer as well as trying to get ultimate customer-satisfaction with zeal and creativeness. As a representative licensed CA in Korea , we will not only do our best to meet the goal of safe Internet e-Commerce for nation people, but also expand our business globally. Thank you! Kim, In-sik, CEO & Chairman 2
  • 4. About SG Korea Information Certificate Authority +Major Customers • Government authorities • Major banks • Samsung electronics, LG electronics, SK, GS We provide a safe and clean • LG chemicals, CJ, Hyundai etc. infrastructure for the Internet. • Telecom companies: KT, SKT, KTF Feb 2000, Designated by the Korea Government as the first accredited CA Oct 2004, Achieved ISMS 04-004 Nov 2007, Designated the First digital contents transaction CA Achieved Korea Evaluation and Certification Scheme by Korea National Intelligence Service (NIS) 3
  • 5. History 2010 03 Supported an e-procurement system and established a CA system under the e-Government Committee in Costa Rica 10 Established a National PKI in the Philippines Acquired ISO 270001 08 Established an e-procurement pilot system in Vietnam 03 Conducted a PKI feasibility study in Cameroon 12 Awarded the prize for excellent for internet part of information security by KISA 2009 11 Conducted a PKI feasibility study in Indonesia 08 Completed the establishment of an e-Government project in Panama 05 Took over the certification services and systems of National Information Society Agency 2008 03 Launched the mobile certification service (Mobilkey) 11 Designated as the 1st TCA for online contents transaction 08 Provided F/S consulting services for the electronic procurement project in Mongol 2007 06 Signed a RA agreement for licensed certificates for the Ministry of Health and Welfare 08 Conducted a PKI feasibility study in Egypt 2006 01 Provided the Linux banking solution for the Korea Post and started model services 09 Implemented the online security section and document distribution part for the Internet customs systems owned by the Korea Customs Service 2005 01 Passed the security test by the National Intelligence Service (EWS, SecuKit (C, Java), SignGATE RA) 12 Developed wireless e-bidding system of Public Procurement Service 2004 10 Granted ISMS (Information Security Management System) certification 2003 12 Awarded a special prize in the second Information Security Award 2002 04 Provided licensed certificate to 'Home tax service' of National Tax Service 11 Provided licensed certification service for electronic petitions for the four major national insurances (National Pension, National Health Care, Employment, Industrial Accident) 06 Provided licensed certification service for the electronic tax payment system for public organizations 2000 02 Designated as the first national licensed certification authority by the government 1999 07 Established Korea Information Certificate Authority 4
  • 6. Business scope and areas System Water- Smartcard Applications Security marking Certification Wireless Data Biometrics Service Service Security PKI Technologies Services Solutions Total Solutions +Services +Solutions +Abroad Business • Certification service • PKI Solution: CA, RA, KGS • Feasibility Studies powered by KIPA1) Sender authentication and data encryption - Cameroon for National PKI • Time Stamping/OCSP • EWS: Enterprise Web Security - Indonesia for PKI center • Device Authentication Corporation security system - Mongolia for e-Procurement • Digital Contents • SecuKit: based on C, Java, etc. - Egypt for National PKI Transaction Certification PKI –based certification Libraries • KOICA2) PKI Construction projects • Certified e-Document • SecuXML: - Panama for e-Government Authority XML-based data digitally signing/encryption - The Philippines for National PKI - Vietnam for e-Procurement KIPA1):Korea SW Industry Promotion Agency KOICA2):Korea International Cooperation Agency 5
  • 7. Business Models Model Customers Model Customers PPS (Public Procurement Service), MND EDI for medical e-Procurement (Ministry of National Defense), KEPCO, SKT, KT, DACOM, S1 service KTF, … etc. (over 20 companies) Samsung Heavy Industries, Hyundai Heavy e-Warranty ECFC (Electronic Contractors’ Financial e-Marketplace Industries, … etc. Service Cooperative), CG (Construction Guarantee) KDC (Korea Development Cooperation), Internet MIC e-POST, Standard Chartered First Bank, Digital Contract Kolon Engineering & Construction, … etc. Banking Korea Exchange Bank, Woori Bank LG Electronics, Lotte Department Store, Internet e-Tax Service Lotte Magnet, Sinshege Department Store, Almost all insurance companies Insurance E-mart, Hyundai Department Store, … etc. Internet Internet Hansol CSN, InterPark, Auction, … etc. KRA (Korea Racing Agency) Shopping Lottery Boyond Networks (SI Company), Local Online Civil e-Marketplace Governmental Office (Seo-Cho, Song-Pa, KT Medilinks, En2B Service for medicine Gang-Nam Gu…etc.) Home-Tax NTS (National Tax Service), Pusan province e-Prescription Ilsan Hospital, KT Medilinks, … etc. Service office Korail, KRIHS (Korea Research Institute for Others Human Settlements) 6
  • 8. Financial Stability +Financial Statement (Unit: USD) +Shareholders Total amount of capital 22 Million Net income 2.3 Million Year 2007 Sales 16 Million Net income 2.5 Million Year 2008 Sales 18 Million Total USD 22M of Capital Net income 4 Million Year 2009 Sales 20.5 Million +Other Information Human resources 100 Employees (52 Engineers) 16th FL., Nuritkum Square Business Tower, 1605, Location Sangam-dong, Mapo-gu, Seoul, Korea Others No.1 ranked in corporate certification market 7
  • 9. Organization Map CEO Management Planning Division Certification Business Division Security Business Division Technologies Laboratory Certification Strategic Security Strategic Global Planning Management New Business Solution Business Business Business Innovation Business Service Team R&D Team Team Support Team Team Teram Team Team Team Team Team Contact Information - Worldwide Asia 16th Floor, Nurikum Square Building Mapo-gu Vietnam Philippines Indonesia Seoul, Korea Phone: +82-2-360-3223 E-mail: ice031@signgate.com Mongolia Iran Oman America & Africa SG Customer 16th Floor, Nurikum Square Building Mapo-gu Panama Egypt Cameroon Satisfaction Seoul, Korea Service Phone: +82-2-360-3221 E-mail: jhshin@signgate.com Costa Rica 8
  • 10. Security Vulnerability Problems of internet banking, online transactions, e-Government etc. - Connection of unspecified persons: no face-to-face contact makes difficult to identity person - Easy to change contents and make forgery document on digital document - Possibility of repudiation of transactions - Risk of breach about transactions and personal information They cause to be weakened against cyber crimes and fakes Thus, information and data protection with PKI Solutions is needed. 9
  • 11. Digital Certificates for Internet Banking Korea Internet Banking When users try to log on or online transfer on Internet banking, digital certificates are used for user identification and digitally signing Number of daily domestic Internet banking transactions: about 28,000,000 (Jan. ’10) Amount of daily money transferring: approx. 26,483,830,059 (USD) Comparison of internet banking users among major countries (Unit: 10,000) Country Number of e-Banking users Population Using rate of e-Banking as a percentage of population China 14,818 134,580 11.0% U.S.A 5,700 30,888 18.5% England 2,150 6,138 35.0% Korea 5.921 5,006 118.3% World 37,000 680,895 5.4% 10
  • 12. SG PKI Toolkit on Internet Banking Woori Bank http://www.woribank.com 11
  • 13. SG PKI Toolkit on Internet Banking Korea Post Bank http://www.epostbank.go.kr 12
  • 14. Benefits and Effects SG PKI for Internet Banking SG established a convenient and secure Internet banking environment by signing Registration Authority (RA) contracts with Korea Post offices and by providing security toolkits since 2000. By using digital certificates which are more secure than ID/Password-based login, the amount of customer deposits has been increased drastically and Banks are able to earn benefits from online services such as “online deposit”. Total amount of Korea Post’s deposits reached 44,965,000,000 USD (Apr 2010) Internet-only deposit service of Korea Post released (Oct 2009) Korean major banks such as Korea Exchange Bank (‘06), Woori Bank (‘06), Hana Bank(‘05), Standard Chartered Bank (‘04) signed RA contract with SG and uses SG security toolkits for their enhanced online security. 13
  • 15. National Tax Service Home Tax Service (HTS) Korea National Tax Service has been providing HTS which is able to conduct tax payment at home not visiting a tax office. Since 2002, SG has been providing SecuTAX which is able to submit documents related to e-tax bill to National Tax Service in a secured online way and issuing digital certificates for tax payers. Number of HTS online users hit 11,000,000 in 7 years. The most of taxes such as corporate tax (96%), general income tax (81%), VAT (75%) are being paid through HTS in Korea. By improving user convenience such as Web Accessibility , using rate of HTS is higher than U.S. (57%) and England (33%). 14
  • 16. SG PKI Toolkit on HTS Home Tax Service http://www.hometax.go.kr (Korean) Diverse user environments MS Windows & IE MAC OS X, Safari Linux & Firefox Consistent Web section certificate encryption selection UI (by EWS) 15
  • 17. Korea e-Procurement Korea ON-line E-Procurement System (KONEPS) KONEPS SG e-Bidding Server With security add-on for Web Application Server Evaluation Identity Keeping Non-repudiation of online authentication deadline of bidding document for by integrity bidding applicant time stamping Korean On-line e-Procurement System (KONEPS) On- e- Expected effects (Korea study case) World’s one of biggest market places 92% of bidding in public organizations (20 billion US$) (Handling volume: 36 billion US$/year) Cut expenses 4.5 billion US$/year (Over 90% from private 30,000 organizations & 110,000 corporations sector) 60,000 document transaction and 80,000 people web site visit Additional task except e-Bidding, handled on web site or shopping mall in digital way (online) Guarantee both legal protection and stable technology using licensed certificate infrastructure 16
  • 18. KONEPS SG SecuXML in KONEPS SG has been issuing digital certificates for KONEPS users since 2000. SG PKI system and SecuXML which provides digital signature functions and prevents document altering and forgery are able to conduct user identification and guarantee enhanced security. KONEPS (including SG solutions) has been exported and introduced in other countries such as Vietnam, Costa Rica. <Structure map of SecuXML> 17
  • 19. Ministry of Health and Welfare (MHW) Charges for health insurance able to search via Online SG has been providing digital certificates. After logging on with a digital certificate, it’s able to view charges for medical on the online service hosted by Ministry of Health and Welfare. Service targets: 81,901 hospitals and clinics, 13,452 long-term nursing houses (as of 2009) Able to request health insurance evaluation after logging on with a digital certificate on the MHW website (since Jan 2008) Able to calculate accurate statistics for medical items and rates via references and documents submitted by the online service EX) Prescription rate of antibiotics, etc. It’s expected to reduce time and cost during an evaluation request and improve user convenience. 18
  • 20. MHW Online Service National Health Insurance 19
  • 21. PKI Applications Certificated Electronic Document Repository Methods of authentication and encryption Expected effects Issues on data management due to B2B connection between Cost reduction of human resources/ equipment related to contracting companies and the contractors storage Issues on data management during the consulting or execution Safe and reliable data storage of informatization for contracting companies Easy browsing and management of stored data Provides premium services through transfer to the certified repository Implements services specialized for each site in addition to the basic functions of the certified electronic document repository 20
  • 22. PKI Applications Copyright Certification Service Copyright Certification Process License Certification Process Copyright 3 Copyright Certification Certification Korea Authority Authority Copyright 3 Commission 2 4 5 4 1 Korea 1 Copyright Commission 2 Copyright Owner Copyright Content Provider Owner 1 Occurrence and Registration of Copyright Occurrence of License Transaction & 1 Registration of License Agreement 2 Issue of Copyright Registration 2 Request about License Certificate Issue Request about Copyright Certificate Issue 3 (with Attachment of Copyright Registration) Verification Process about License Ownership 3 Verification Process about Copyright Ownership (Interoperability of the two authorities) 4 (Interoperability of the two authorities) 4 Issue of License Certificate Issue of Copyright Certificate 5 (with Digital Signature Process) (with Digital Signature Process) Expected effects Able to extend PKI technology to copyright industry Contribution to activating copyright industry by integrated management of copyright information World-first realization of copyright certification technology and accumulating Know-how 21
  • 23. PKI Applications Mobile auth Stored certificates into mobile phone are handy and safe preventing against memory hacking Authentication and Sections to be encrypted 3. Sign for checking payment using the saved certificate Certification service via mobile phone where user’s certificate is in mobile phone stored 2. Send a payment Able to use in 3 mobile service providers’ environments (SK, KTF, request message will LG) be signed Methods of authentication and encryption User mobile 4. Send a signed Server payment check message Sending encrypted or signed data by performing computing operations inside mobile phone Service VM is installed in mobile phones in order to use 1. Decide to buy the item you selected certificates Storing certificates into a mobile phone to prevent memory hacking CP Web page Expected effects User have control to save and sign anywhere, anytime Expand the PSE to mobile phone 5. Process the payment for user response 22
  • 24. PKI Applications Mobile Key Stored certificates into mobile phone are handy and safe preventing against memory hacking Store mobile key Into SMS mobile phone Internet Wireless 가입자 PC User PO He has his certificate User’s mobile phone Mobile 이동 통신사 SMS service Store Mobile Key provider into PC Like special, local and saving banks, Anywhere PC public authorities, credit card Use companies, etc. certificate Internet Certification Service Methods of authentication and encryption Expected effects Blinding by rearranging a private key to be transferred to Enhance security level by applying diverse algorithms mobile phone, PKI-based encryption and digitally signing Applicable to all services that require certificates Distribution to storing in an intermediary server to prevent loss All kinds of mobile phones are possible to use of storage media Prevent against loss of mobile phones Storing certificates into a mobile phone via only callback messages (without additional VM installation) 23
  • 25. PKI Applications Secure Server SSL/TLS 1. Visit secure web site (https://...) and request secure session to web server 2. Respond secure session from web server Issue a secure installed SSL certificate server certificate SSL session 3. SSL session establishment Web Browser Web Server SG Secure Toolkit Client Server Toolkit Secure Channel Toolkit Personal information protection Secure Server PC 24
  • 26. PKI Applications Advanced E-Procurement In order to prevent illegal bidding using lent certificates, only registered substitutes are allowed to join by using their certificates stored in BIO HSMs Certification and Sections to be encrypted Smart BIO MCU Using Suppliers’ and Buyers’ certificates stored in Bio HSMs card sensor Promoting mandatory use of BIO HSM on joining in wireless environment such as PDA and mobile phone l USB2.0 l Mobile Phone l Storing Bio-info User registration, system log-in, and submitting and opening (24 pin) application documents l Private key and cert. lBio-info scan l Personal distinguishing info Methods of authentication and encryption PKCS#11 API as interface of PKI applications and BIO HSM Application BIO HSM API to manage HSMs E-Bidding Certificate Bio-secure token Application Mgmt. Program Mgmt. Program Expected effects Certificate owners can create their digital signatures via verifying fingerprint information stored in BIO HSM and prevent problems caused by lent or lost certificates BIO HSM BIO HSM BIO HSM offers dedicated hardware-based key management PKCS#11 API to protect personal certificate from attack API mgmt. API All digital signing operations are performed within the BIO HSM to increase performance and maintain security BIO HSM Program 25 25
  • 27. PKI Applications Device Authentication Device Authentication guarantees secure communications and device authenticity by using device certificates when communication with diverse networking devices Sections to be encrypted Devices accessible via network Interconnect devices Methods of authentication and encryption Authentication based on device identity information such as MAC and serial number Device certificates to confirm that a device has passed authentication tests and approved Key management and encryption such as Diffie-Hellman key exchange , digital signature and encryption (for integrity of data transferred) Expected effects Enhance security of device-based services and improve reliabilities Ensured services via device identity and authentication Raise reliability of services via certification services Integrity of a diverse of transferred information and encryption RFID URC Cable Set Top CCTV CMLA Able to extend certification services of diverse devices Robot Modem 26 26
  • 28. SG Solutions SG KGS SG KGS(Key Generation System) is to generate a digital signature creation key which will be used on CA and RA and allowed by only 3 or more authorized administrators. | Functions | v Generate a digital signature creation key that over 1,024 bit of RSA security is applied to v Able to be independently operated, not connected with internal/external information networks v Encrypt a digital signature creation key and keep the key at a creation key storage medium v Delete a digital signature creation key promptly after generating and storing the creation key v Guarantee the integrity of the digital signature creation key in a creation key storage medium v Generate a digital signature creation key by 3 or more authorized staff v Keep details on fact, time, behavior, etc. as audit logs | Features | v Verified solution operated by Accredited CA in Korea v Linkable with HSMs like lunaCA and nCipher v Able to create K of N via Secret Sharing method v Provides administrator authentication by using smart cards 27
  • 29. SG Solutions SG CA Certificate Issuance and Management System (SG CA) issues a digital certificate upon subscriber’s request after RA identifies and registers the subscriber. Also the system provides search service when a subscriber verifies a certificate by periodically updating a directory server. | Functions | v Manage certificate policy, CRL policy, directory policy which are important information as the basis of PKI center operations by Database v Provide policy settings of certificate and CRL profiles v Implement certificate management works by administrator such as certificate issuance, re-issuance, revocation, suspension, recovery for subscribers registered v Manage subscriber registration/certificates/information | Features | v Complied with PKI international standards (PKCS, IETF) : national and international technical standards v Supports to link HSM like Luna CA and nCipher, and PKCS#11 v Supports administrator authentication using smart cards v Able to real-time distribute CRL via DP (distribution point) v Provides programs only for CA administrators and RA administrators 28
  • 30. SG Solutions SG RA SG RA, a system to register user information to a CA (Certificate Authority) in order to issue certificates which are necessarily used in a PKI-security environment, is able to manage user certificates more efficiently by complying with RFC 2510 and 2511. | Functions | v Encryption of user information by using symmetric or public key algorithm v Create digital signature of specific data and verifying the signature value v User certificate suspension/recovery/revocation v User registration/information modification/re-registration/deletion v BRA administrator registration/modification/deletion/search v Register user registration status (daily/weekly/monthly/yearly) | Features | v As a single server, linkable with other CAs v Passed NIS security tests and verified by Korean government authorities v Complied with international certificate processing standards (RFC2510/2511) v Provides high-stability and reliability v RDBMS support : ORACLE, IBM DB2, INFORMIX 29
  • 31. SG Solutions SG PKI Client SG PKI Client means subscriber software installed on a subscriber’s PC, implements electronic signature key management, certificate management, identification using distinguishable numbers, digital signature creation/validation, certificate verification, PKI Client configuration. | Functions | v Digital signature key management to generate a digital signature creation key and store into a storage medium v Certificate management includes a certificate management protocol, certificate storage, certificate delivery v Digital signature and certificate validation, user software configuration v Identification via user’s certificate v Complied with International standards: PKCS7(signed-data, enveloped-data), CMS (Cryptographic Message Syntax) v Diverse storage media: Floppy, HDD, smartcard, USB, HSM etc. | Features | v Accredited CA product by passing KISA (Korea Information Security Authority) actual tests v Provides convenient and handy user interface and certificate mgmt. functions v Provides integrated APIs to apply PKI to systems v Complied with international PKI standards (IETF-PKIX, RSA-PKCS) v Provides certificate-based strong access certification 30
  • 32. SG Solutions SG SecuKit SG SecuKit which consists of server and client toolkits, provides developers with APIs to easily use digital signature and encryption technology regardless of specialized knowledge of PKI | Functions | v Public key-based digital signature, encryption/decryption v Complied with international standards (PKCS) v Support national and international algorithms of public key, symmetric key and message digest v Active-typed client toolkit v Complied with technical standards of accredited certification and digital signature management schemes v Create XML SOAP messages v Enable XML documents by applying XML encryption and XML Signature Spec | Features | v Supports a diverse of development environments such as Plug-In, ActiveX , Java, Windows , Unix and Linux v Supports multiple development languages such as Unix-C, .NET, ASP, PHP, JAVA, etc. v Easy to install modules, easy to apply to application programs by calling APIs 31
  • 33. SG Solutions SG OCSP SG OCSP is a system to verify the validity of certificate in real-time via an OCSP server. SG OCSP conducts real-time certificate status service, interlocking CA database. When a problem occurs on the database, an operator verifies a respective certificate by using a CRL published on a Directory Server. | Functions | v Provide rapid and reliable services relating to verification of the validity of user certificates v Able to process multiple requests and to efficiently use resources as it is Multithread-based v Logging service for various-level OCSP messages. v Notify operators of the fact that an error occurred in a server via SMS v Able to send error information of OCSP server to operators per every hour | Features | v Applied by RFC 2560 in order to implement the management procedure for status inquiry messages v Applied by RFC 3280 in order for certificate verification v Diverse types of OCSP clients (jar, dll, so) that are based on Web Application development v TCP Socket daemons C/S based for OCSP message transactions 32
  • 34. SG Solutions SG TSA SG TSA is a system to issue electronically signed tokens by using reliable time information in order to prove the fact that a document or data has been not altered since a specific time. It can be applied to time-based applications such as e-Bidding, e-Contract and others. | Functions | v Issue time-stamping tokens and confirm forgery and altering v Provide reliable time resources like GPS and support time modification v Able to process multiple requests and to efficiently use resources as it is Multithread-based v Able to search the details of time-stamping service, errors and management logs created by administrators v Notify operators of the fact that an error occurred in a TSA server via SMS v Able to send error information of TSP server to operators per every hour | Features | v Applied by draft-ietf-pkix-time-stamp in order for requesting or issuing time-stamping tokens v Applied by RFC 3161 in order to prevent forgery or altering v Diverse types of TSP clients (jar, dll, so) that are based on Web Application development v TCP Socket daemons C/S based for TSA message transactions 33
  • 35. SG Solutions SG EWS SG EWS(Enterprise Web Security) is a solution to automatically encrypt/decrypt transferring data between web browsers and application server. Without any changes of applications, SG EWS provides security functions thru simple settings, doesn’t cause application’s speed down by applying important data selectively. | Functions | v Change management of server environment settings by using XML v Security functions are provided without any change s of application sources v Transaction management depending work priorities or characteristics v Transferring diverse encrypted and plain texts according to security standards v Encrypting and digitally signing of uploaded or downloaded files v End-to-End encryption, digital signature and non-repudiation of sending/receiving histories v Prevention to view sources due to source encryption | Features | v Supports Java Cryptography Architecture standards v Supports JSP1.3 and Servlet 2.3 Specifications v Supports national and international PKI standards and algorithms v Automatic client installation 34
  • 36. SG Solutions SG SSO (Single Sign-On) By constructing an integrated certification/authority management system, It enables manage servers’ accounts and get system security and efficiency. It manages accounts and access lists of an existing application system and newly introduced application system so that it is able to apply the equal access control policy according to user authorities, group and security grades. | Functions | v Designed for a Java-based integrated certification/authority management server, provide system security and extensity. v Support a hierarchical model which is able to apply to complicated systems in a secure way v Provide diverse authentication mechanisms according to target’s security grades | Features | v Able to conduct quick response against failures due to distribution-based design v Improved efficiency through SSO server caches v Support diverse operation environments and easy management interface v Flexible scalability v Statistics and monitoring v Single log-on v Access control settings according to user characteristics and positions 35
  • 37. SG Solutions SG SecuXML SG SecuXML is the strongest security product, based on XML (Extensible Markup- Language), used for data transfer between corporations, e-Procurement, e- Commerce and guarantees the best performance and security in XML security. | Functions | v Digitally sign a whole or part of XML documents v Digitally sign normal documents (binary data) v Multiply sign XML documents or binary-data documents v Support diverse key management methods v Provide diverse encryption types (Element, Element Content, Binary) | Features | v Complied with international standards 1) W3C XML Signature Syntax and Processing, 2) W3C XML Encryption Syntax and Processing v Support international and domestic digital signature and encryption algorithms v High-level scalability, flexibility and compatibility v Convenient APIs able to apply to diverse environments v Cross-certification with certificates issued from other CAs in Korea 36
  • 38. SG Abroad Business Abroad Business Areas Asia PKI Consortium ► Leading experience on Asia PKI Business WG Business Cooperation ► Taiwan CA & NII ► China Infosec ► HongKong Post NPKI Certification Scheme ► HTT, Cameroon Consultation & Establishment ► Panama ► The Philippines ► Cameroon ► Egypt ► Vietnam ► Mongolia ► Costa Rica 37
  • 39. SG Abroad Business Abroad National PKI Establishment and Consulting Projects Nation Project Name Cooperation Authorities Remark SIG (Presidential Secretariat for Governmental Innovation Project for e- Established the PKI system Panama Innovation) Government and e-Learning 2007.8 ~ 2008.07 MICI (Ministry of Commerce and Industry) CICT (Commission on Information and Communications Technology) National PKI Establishment for the Established the PKI system Philippines NCC (National Statistics Office, Policies, Research & Philippines 2008.07 ~ Present Standards Office) DTI (Department of Trade and Industry) Establishment technology and ITIDA (Information Technology Industry Performed PKI Feasibility Egypt operation system for Egypt PKI Development Agency) Study 2006.05 ~ 2006.08 system Establishment of an e- Established CA system Vietnam procurement pilot system in MPI (Ministry of Planning and Investment) under MPI Vietnam 2009.09 ~ Present Feasibility Study Consulting for Conducted the feasibility MINPOSTEL (Ministry of Posts and Communications) Cameroon Establishing a National PKI of study research Cameroon HTT (High Tech Telesoft) 2009.05 ~ 2009.07 38
  • 40. SG Abroad Business The Philippines v The Title of the project: “National PKI Establishment for the Philippines” v Government Body: E-commerce Act § CICT (Commission on Information and Communications Technology)/NCC (National Statistics Office, Policies, Research & Standards Office) § DTI (Department of Trade and Industry) v Current Status § December 2, 2005 : KIPA (Korea IT industry Promotion Agency) entered into an MOU with NCC/CICT for Feasibility Study project § March 30, 2006 ~ July 10, 2006 : SG executed the F/S for NPKI establishment with CICT/NCC. § September 2007: KOICA ISP study team performed local research for PKI project. § July 2008 ~ Present: SG built the PKI system in the Philippines and carried out master plan establishment. DTI CICT Advisory (Accreditation Unit) (Auditing Unit) Committee (Providing Cooperation Technical Advices) NCC (Root CA Unit) ACA1 ACA2 ACA3 39
  • 41. SG Abroad Business Panama v The Title of the project: “Innovation Project for e-Government and e-Learning” v Government Body: E-signature Act § SIG (Presidential Secretariat for Governmental Innovation) § MICI (Ministry of Commerce and Industry) v Current Status § September 2007 contracted with KOICA to build PKI system in Panama. § October 15, 2007 ~ December 10, 2007 executed the PKI consulting for NPKI establishment with MICI/SIG. § August 2007 ~ July 2008 built the PKI center and developed pilot application PKI-related. MICI (Auditing Unit/ Accreditation Unit) Advisory Committee (Root CA Unit) SIG ACA2 ACA3 (Government CA) 40
  • 42. SG Abroad Business Vietnam v The Title of the project: “Investment in building the evaluation center for secrecy and information security products” v Government Body: E-transaction Act § VGISC (Government Information Security Commission) v Current Status § June, 2006: VGISC and KIPA signed LOI to do consulting for Vietnam Feasibility Study § August 1, 2006 ~ October 20, 2006 : SG is performing PKI Feasibility Study for about 3 months in cooperation with VGISC. § October 2007: Korea Eximbank visited VGISC for MOD. § October 2009: established a electronic procurement pilot system for the Vietnam government Cooperation MPT Advisory VGISC Root CA (Evaluation Unit) (Accreditation Committee (specialists) Unit) ACA1 ACA2 ACA3 41
  • 43. SG Abroad Business Egypt v The Title of the project: “Establishment technology and operation system for Egypt PKI system” v Government Body: E-signature Act § ITIDA (Information Technology Industry Development Agency) v Current Status § March 14, 2006: ITIDA and KIPA signed MOU to do consulting for Egypt PKI Feasibility Study § May 4, 2006 ~ August 10, 2006 : SG has performed PKI Feasibility Study for about 3 months in cooperation with ITIDA. 42
  • 44. SG Abroad Business Cameroon v The Title of the project: “Feasibility Study Consulting for Establishing a National PKI of Cameroon” v Government Body: Cyber Security and Cyber Criminality Act § MINPOSTEL(Ministry of Posts and Communications) § HTT (High Tech Telesoft) v Current Status § September, 2008: Signed Strategic Partnership Agreement with MPT § May ~ July, 2009: Conducted the feasibility study research MINPOSTEL (Auditing Unit) Advisory MINPOSTEL Committee (Root CA) (specialists) HTT (Accredited CA) 43
  • 45. Thank you for your paying attention. We’re always ready to listen to your voice. keyguard@signgate.com Young-joo Ko youngyj3@yahoo.com Team Manager / T. +82-2-360-3215 Global Business Team M.+82-10-4729-7086 44