As the means of authentication become more diverse and the need for more convenient financial services grows, the Korean Accredited Certification Authority (Koscom SignKorea) is building a ‘United Authentication Platform’ to streamline and secure online authentication for end users of services from securities firms, banks and credit card issuers. As part of this project, it has selected Trustonic to secure its national public key infrastructure (PKI) certificates on devices and thus enable robust and secure authentication services using PINs, biometrics such as fingerprint, or passwords.
“National PKI certificates for online service authentication need to be renewed frequently. They must also be combined with a limited set of authentication options to access a given service.” commented Ben Cade, CEO at Trustonic. “Koscom’s new platform unites multiple authentication methods and, because certificates are now stored in the Trustonic Trusted Execution Environment*, they are allowed to be valid for three years.”
Trustonic’s Application Protection and Secured Platform solutions ensure that Koscom certificates are protected by market-leading software to safeguard against malicious attacks across iOS and Android devices. Uniquely, where Trustonic’s TEE hardware device security is present, certificates will be stored in the isolated area, making it completely immune to all software threats. Thirty million Korean citizens use their certificates to access many areas of financial services. Removing the need for annual certificate updates provides users with a more secure, simpler, better and faster user experience. In addition, with an extended certificate lifetime of three years, it is unlikely that many users will ever need to re-apply for a new certificate before they replace their handset.
Jae Kyu Lee, Managing Director, Head of Financial Information Group at Koscom, said: “We have listened to our customers and four million end users and have tailored this new service to their needs. The United Authentication Platform brings enhanced convenience and efficiency so that customers and users can perform authentication procedures the way they want. Trustonic’s solution gives us scale to protect certificates across all devices, not just a sub-set.”
Earlier this year, Trustonic became the first vendor globally to achieve Common Criteria security certification for a TEE device security product, paving the way for mass market delivery of trusted services on connected devices. It is also the only open TEE available, permitting third-party applications to be provisioned after the handset or device has been deployed. This opens up vast commercial opportunities for device manufacturers and gives digital service providers the ability to add value to the end user by offering new secure services and functionality, once the device is already in their hands.