Follow Brian Li (@DecryptoBL) on Twitter.
Follow Brian Li (@bwhli) on Instagram.

CHAIN ID, ActiveX, and South Korea's Authentication Nightmare

May 22, 2018

In order to fully grasp the potential impact of theloop’s CHAIN ID, one must first understand the current digital authentication landscape in South Korea.
South Korea has always been technologically progressive. In fact, the world’s first smart city is situated 40 miles southwest of the country’s capital, Seoul. Thus, it’s no surprise that South Korea was one of the first countries to encourage Internet banking, shopping, and other services in the late 1990s.
It’s hard to believe now, but shopping and banking on the Internet was a completely new technology in the not so distant past. With this new way of carrying out business, both customers and businesses were wary of fraud. To dispel this fear, the South Korean government implemented a nationwide digital authentication system in the Digital Signature Act of 1999.

Authentication Certificates in South Korea

There are two types of certificates in South Korea – private and accredited.

Private Certificates

Private certificates are issued by institutions that are not accredited, or certified, by the South Korean government, and are only valid for specific services. For example, a bank might issue a private certificate to a customer that is only valid for services within the bank. Compared to accredited certificates, private ones are impossible to verify, valid only by mutual agreement by the parties involved, difficult to get compensation for, and are only valid for a limited scope of services. The only advantage of private certificates are that they are often easier to obtain.

Accredited Certificates

Accredited certificates are issued by institutions that are accredited by the government. Currently, the following institutions can issue accredited CAs – KFTC, KOSCOM, KICA, KECA, and KTNet. Accredited certificates, while more difficult to apply for, offer quite a few advantages when compared to private certificates. Accredited certificates are seen as legal binding endorsements, are valid for compensation in the event of damages caused by the certificate, and can be used for a variety of Internet services without the need for multiple certificates. Thus, the accredited certificate is by far the most popular authentication in Korea with over 33 million issued certificates.

How Accredited Certificates are Generated

Accredited certificates are issued by government-accredited institutions through a process of manual verification of a resident’s National ID and other documents. Following verification, a resident’s identifying details are hashed into a public/private key pair along with the issuing authority’s digital signature. This process places burden of proof on the issuing CA.

After the certificate is generated, the resident can use his or her public key for online financial services such as banking and shopping.

The Age of Internet Explorer & ActiveX

In the late 1990s, Internet Explorer was the most popular web browser in the world. Hard to imagine, right? In addition to basic browser capabilities, Internet Explorer also offered a software framework for plugin development called ActiveX. South Korean institutions ended up using ActiveX to develop software which allowed users to upload their certificates to authenticate financial transactions online. Keep in mind there is no industry-standard software. Thus, Koreans are forced to install many ActiveX plugins in order to use their assortment of authentication certificates. This can only be described as a user experience s***show with glaring security holes.
Over the next decade and a half, the rest of the world moved on. The online shopping and mobile device industries experienced unprecedented growth, and the FIDO Alliance was established. In short, FIDO provided a standardized protocol for supporting a full range of authentication technologies including biometric, fingerprint and iris scanners, voice recognition, and more. Korea’s inability to adapt and integrate with FIDO left the country at a disadvantage in the global business and trade sectors.
In May 2014, the South Korean government announced that authentication certificates would no longer be required for financial transactions under¬†?300,000 (approximately $280). This was a response both to complaints about a Microsoft-centric culture and also the inability for foreigners to buy goods online because they are unable to apply for accredited certificates. One notable example was Chinese customers not being able to purchase clothes and accessories worn by characters on the famous Korean drama,¬†??? ? ?? (My Love From the Star). While this particular situation may seem a little silly, it’s a great example of how South Korea’s absurdly complicated authentication requirements effectively put a bottleneck on the country’s economy.
An official statement from South Korea’s Financial Supervisory Service read, “the revision is expected to improve the complicated security system and diversify payment methods by giving more freedom to financial firms to decide on their own security.” As a result of this new regulation, new services would eventually find their way into Korea’s complicated authentication landscape, but accredited certificates are still issued and used to this day.

theloop, CHAIN ID, and ICON

Last October, theloop revealed that its blockchain-based authentication solution, CHAIN ID, was already being piloted by 25 banks and securities companies in the Korea Financial Investment Blockchain Consortium. Half a year later, theloop announced that CHAIN ID would be used by Samsung (one of Korea’s largest companies) in their biometric authentication technology, Samsung Pass. Recently, ICON Foundation wrote, “in the future it is expected that there will no longer be classifications of certified/private certifications, and all certificates will have the same authenticity.”
Connect the dots.

  • CHAIN ID is already being used by some of South Korea’s largest banks and securities companies.
  • CHAIN ID is being implemented in Samsung Pass. Samsung has over 57% market share in South Korea’s mobile smartphone market.
  • ICON revealed there will only be one kind of certificate in the future.

After a little reading between the lines and a tiny amount of educated speculation, I have come to the conclusion that the majority of digital authentication in South Korea will happen on the CHAIN ID platform in the near future. This blockchain solution is being aggressively adopted by the country’s biggest financial and technology firms. If there’s really only going to be one certificate in the future, it’s obvious they will be issued by the first mover in the space – theloop’s CHAIN ID.

What is CHAIN ID?

Now that we’ve established that CHAIN ID will probably take over South Korea similar to how Thanos took over the universe in the most recent Avengers movie, let’s talk a little about what CHAIN ID is exactly and how it may or may not affect ICON in the future.

A Smart & Distributed Network

South Korea’s current authentication system relies on a centralized network of government-approved entities who are allowed to issue accredited certificates. This system works because a certificate’s trust value is backed by the accreditation and approval of the government. CHAIN ID, on the other hand, provides trust via a decentralized or distributed network.

CHAIN ID leverages several aspects of a distributed network to provide a secure, scalable, and smart authentication platform. The decentralized nature of the platform makes it less prone to major hacks because data monopolization is not an issue. Secondly, decentralized networks are easier to scale than their centralized counterparts. Lastly, CHAIN ID runs on a system of smart contracts and extended feature sets can be easily implemented in the system. This means complex DApp ecosystems can easily integrate CHAIN ID for authentication services.
On the CHAIN ID platform, joint authentication certificates are issued through consensus of all the nodes on the network. These certificates are called “joint certificates” because they are generated through “joint consensus” of the network participants. As a result, these joint certificates are valid for all services offered by CHAIN ID nodes. Smart contracts ensure the network’s rules are being obeyed, keeping data secure and up to date.

The Future of CHAIN ID

On a philosophical level, the concept of identity is integral to the human condition. Proving our identity is part of our everyday lives, and this aspect of modern society moving over to the blockchain is absolutely fascinating. On a technical level, CHAIN ID is just a DApp running on theloop’s blockchain engine, but I believe it has the potential to have a profound impact on South Korea’s culture and economy. With so many major companies and institutions adopting CHAIN ID, it’s only a matter of time before we see more complex ecosystems governed by smart contracts with CHAIN ID acting as an authentication layer between the real world and digital world. Keep in mind that these DApp ecosystems will require an interoperable protocol to communicate with each other.
That’s where ICON comes in.


Questions?

Find me on Twitter, or send me an email.