September 25, 2017 -
SignKorea is developing a united authentication platform to streamline and secure online authentication for end users of services from security companies, banks and credit card issuers.
As part of the project, Trustonic will secure SignKorea’s national public key infrastructure (PKI) certificates on devices.
Trustonic’s application protection and secured platform solutions ensure that Koscom certificates are protected.
The company’s Trusted Execution Environment (TEE) hardware device security allows certificates to be stored in the isolated area, safeguarding it from all software threats across iOS and Android devices.
“National PKI certificates for online service authentication need to be renewed frequently. They must also be combined with a limited set of authentication options to access a given service,” said Ben Cade, CEO at Trustonic. “Koscom’s new platform unites multiple authentication methods and, because certificates are now stored in the Trustonic Trusted Execution Environment, they are allowed to be valid for three years.”
Thirty million Korean citizens use SignKorea’s certificates to access many areas of financial services as they eliminate the need for annual certificate updates for a more secure, simpler, better and faster user experience.
The extended certificate lifetime of three years makes it unlikely that many users will ever need to re-apply for a new certificate before they replace their handset.
“We have listened to our customers and four million end users and have tailored this new service to their needs,” Jae Kyu Lee, managing director of head of Koscom’s Financial Information Group, said. “The United Authentication Platform brings enhanced convenience and efficiency so that customers and users can perform authentication procedures the way they want. Trustonic’s solution gives us scale to protect certificates across all devices, not just a subset.”
Earlier this year, Trustonic became the first vendor in the world to achieve Common Criteria security certification for a TEE device security product, further driving mass market delivery of trusted services on connected devices.
The solution is also the only open TEE available, granting third-party applications to be provisioned after the handset or device has been deployed, providing more commercial opportunities for device manufacturers and allowing digital service providers to add value to the end user.
Just last week, Trustonic revealed that its cryptographic library has been validated in line with the Federal Information Processing Standard (FIPS) 140-2, which ensures that apps developed using Trustonic’s security technology meet the strict security requirements implemented by both the US government and other regulated industries.