Trustonic Underpins Korean National Certification Platform

Korean Accredited Certification Authority Koscom protects financial services with hardware-based PKI certificates to simplify how millions of Korean citizens access high value services 

As the means of authentication become more diverse and the need for more convenient financial services grows, the Korean Accredited Certification Authority (Koscom SignKorea) is building a ‘United Authentication Platform’ to streamline and secure online authentication for end users of services from securities firms, banks and credit card issuers. As part of this project, it has selected Trustonic to secure its national public key infrastructure (PKI) certificates on devices and thus enable robust and secure authentication services using PINs, biometrics such as fingerprint, or passwords.

“National PKI certificates for online service authentication need to be renewed frequently. They must also be combined with a limited set of authentication options to access a given service.” commented Ben Cade, CEO at Trustonic. “Koscom’s new platform unites multiple authentication methods and, because certificates are now stored in the Trustonic Trusted Execution Environment*, they are allowed to be valid for three years.”

Trustonic’s Application Protection and Secured Platform solutions ensure that Koscom certificates are protected by market-leading software to safeguard against malicious attacks across iOS and Android devices. Uniquely, where Trustonic’s TEE hardware device security is present, certificates will be stored in the isolated area, making it completely immune to all software threats. Thirty million Korean citizens use their certificates to access many areas of financial services.  Removing the need for annual certificate updates provides users with a more secure, simpler, better and faster user experience. In addition, with an extended certificate lifetime of three years, it is unlikely that many users will ever need to re-apply for a new certificate before they replace their handset.

Jae Kyu Lee, Managing Director, Head of Financial Information Group at Koscom, said: “We have listened to our customers and four million end users and have tailored this new service to their needs. The United Authentication Platform brings enhanced convenience and efficiency so that customers and users can perform authentication procedures the way they want. Trustonic’s solution gives us scale to protect certificates across all devices, not just a sub-set.”

Earlier this year, Trustonic became the first vendor globally to achieve Common Criteria security certification for a TEE device security product, paving the way for mass market delivery of trusted services on connected devices. It is also the only open TEE available, permitting third-party applications to be provisioned after the handset or device has been deployed. This opens up vast commercial opportunities for device manufacturers and gives digital service providers the ability to add value to the end user by offering new secure services and functionality, once the device is already in their hands. To find out more about Trustonic, visit the website and blog.

 

* The TEE is a secure area of the main processor in a smartphone (or any connected device) that ensures sensitive data is stored, processed and protected in an isolated, trusted environment. The TEE’s ability to offer safe execution of authorised security software, known as ‘trusted applications’, enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights. The TEE offers complete protection against software attacks coming from apps running in the Rich OS environment. It also provides control of access rights and houses sensitive applications, which need to be isolated from the Rich OS.

Trustonic is a venture formed in 2012 by blue chip leaders in the semiconductor industry (ARM) and digital security (Gemalto). Trustonic’s mission is to protect, enrich and simplify people’s digital lives by enabling optimum security on all smart connected devices and associated services and applications. Trustonic has already pioneered the adoption of advanced Trusted Execution Environment (TEE) security technology into the world’s leading mobile devices, such as those from Samsung, vivo, OPPO, Xiaomi, LG, Meizu and Gionee, and has working solutions today underpinning Samsung Knox, Samsung Pay, Alipay and Symantec VIP.