|Title||The Research for Alternatives of the Resident Registration Numbers and Improvement of Authentication|
151101_The Research for Alternatives of the Resident Registration Numbers and Improvement of Authentication Process.hwp
The Research of Alternatives for the Resident Registration Numbers and Improvement of Authentication Process.
2. Purpose of the study
o In May 1962, Korean government enacted the 'Resident Registration Act', adopting Resident Registration Number (RRN) to improve administrative efficiency and citizens’ convenience. However, as the RRN began to be used universally – both in the public and private sectors - as a personal identification means, it has been a major target in privacy infringement issues.
o Consequently, the government amended laws such as the 'Act on Promotion of Information and Communication Network Utilization and Information Protection, Etc.' and the ‘Personal Information Protection Act' in attempt to prohibit institutes from acquiring RRN and adopt alternatives. However, newly developed technologies such as I-PIN, public key certificate, and mobile phones have also contained risks like vulnerability to hacking and malignant codes, leading to the need for a new alternative.
o Therefore, this study attempts to explore possible alternatives, for example, OTP, account numbers issued by financial institutes, mobile phone messages, embedded SE(eSE), the HSM technology, security card, the HCI technology, USIMs, and IP address certificates, and examine them if they are suitable to be adopted as a new authentication method. Through this examination, this study also attempts to innovate Korea’s internet services which have been dependent solely on the RRN authentication system.
3. Contents and Scope of the Study
o This study attempts to find out how authentication system in Korea can be improved by examining relevant laws and institutions that give a room for newly developed technologies and exploring adaptability of these alternatives.
o This study is conducted in three areas. First, the pros and cons of the authentication methods currently in use, how the system works, and major components or the technology are examined. Online surveys have been conducted on general states of authentication authorities, authentication technologies, and practical problems, in order to present suggestions to improve the current system. Moreover, authentication systems and relevant laws and institutions of other major countries are also studied, seeking alternatives that can be imported. For this purpose, expert surveys have been conducted.
o Secondly, it examines new authentication technologies that can be adopted for establishing a new identification system. For this, it explores suitability of those new technologies, and suggests ways to adopt additional authentication.
o Second, it is to provide a plan to take advantage of alternative means of identification after review the Introduction of new authentication technology.
o Lastly, for effectiveness, this study has been consulted by an expert group over five meetings. It presents comprehensive ways to improve Korea’s online identification and authentication process based on the results of the consulting.
4. Results and Achievements
o Achievements of this study are as follows:
o First, it is found that besides the I-Pin, public key certificates, and mobile authentication systems which the government approved to use as an official identification means, OTP, account numbers issued by financial institutes, mobile phone messages, embedded SE (eSE), the HSM technology, security card, the HCI technology, USIMs, and IP address certificates can be also used to replace the RRN system. After a thorough examination on these methods in terms of exclusiveness, consistency, universality, reliability, serviceability, and adaptability, it has concluded that mobile authentication, OTP, biometrics such as iris and vein, and credit cards are the most suitable identification method.
o Secondly, this study investigate identification and authentication means used in other countries, and find that major countries currently use identification numbers issued for certain purposes. For authentication, server, PIN, OTP, QR codes, biometrics, electronic IDs(eID), and universal digital IDs are in use. After surveys, it has been concluded that among the alternative options, OTP and eIDs seem to be most suitable.
o Thirdly, alternative authentication methods and their possibilities to be adopted are examined. Currently, biometrics and PINs are in use, and technologies like Open ID, multimodal authentication, KIDS, behavioral authentication, HCE authentication, Timepass, and tokens are in the process of being adopted. These technologies are evaluated in terms of convenience, universality, reliability, consistency, continuity, and economic feasibility. On these standards, technologies like smart authentication, biometrics, and behavioral authentication are evaluated to be most suitable.
o Fourth, it has found that diversification of extra authentications, save locations, comprehensive authentication is necessary to improve the existing identification methods such as I-PINs, public key certificates, and mobile phones, respectively. Moreover, it asserts that users should be able to select one of options such as extra authentication options, combination of different authentication technologies, and pre-registering of devices, when new authentication means are adopted.
o Lastly, it presents comprehensive improvement plans that includes legal and institutional, technological, and operational areas.
5. Application Suggestions
o This study examines preceding studies on significant problems occurred in existing authentication procedures. Based on this examination, it attempts to execute improvement plans for personal information protection though revision of regulations and technology development, with consideration of diversity and security.
o Also, it can be suggested which technology is suitable to benchmark based on this study’s examination of authentication methods that other countries like the United States, Canada, Germany, Sweden, the United Kingdom, and Japan adopt.
o Furthermore, this study presents standards to evaluate new authentication technology, as information technology is evolving rapidly and so does privacy infringement.
o Additionally, it presents suggestions for improvement on laws and institutions, technologies, and operations of such technologies, so that online security and convenience can be enhanced.
6. Expected effects
o This study can be used as a basic resource for amending relevant laws such as ‘Cloud Development Act’, ‘Personal Information Protection Act', 'Act on Promotion of Information and Communication Network Utilization and Information Protection, Etc.', and 'Use and Protection of Credit Information Act', which can lead to reinforcement of authentication means.
o Also, it is expected to be used as a basis for preparing preemptive measures that can enhance privacy protection within the legal boundaries.
o Furthermore, it may present a standardized framework for authentication methods that can be imported from other countries, so that the imported technologies can be used and adopted universally.
o Lastly, this study can serve as a momentum for adopting various new authentication technologies and preparing standards for those technologies, so that authentication methods are diversified while the processes are simplified.
|PREVIEW||A Study on Security Information Sharing Among the|
|NEXT||Research on Reinforcement of IoT Service Responsib|