by Alain Megias, IBLS
Digital signatures in South Korea are regulated by the Digital Signature Act n. 5792, dated February 5, 1999 (the “DSA.”) The DSA establishes the legal validity, enforceability and admissibility of digital signatures.
The DSA was enacted to foster the development of electronic commerce in South Korea. The specific purpose of the DSA is to establish the basic framework for digital signatures in order to achieve the integrity and reliability of electronic messages and to promote their use, thereby stimulating the use of electronic records and communications. To this end, the DSA establishes the legal validity, enforceability and admissibility of digital signatures. The DSA also addresses the functions of certification authorities (“CAs”), the general requirements for a licensed CA, and the application procedures to become a licensed CA. Finally, it delineates requirements for the issuance, suspension and revocation of a certificate.
How is digital signature defined under the DSA?
Digital Signature is defined as information, which is unique to an electronic message, created by a private key using an asymmetric cryptosystem such that the identity of the person generating the electronic message and any possible alteration thereof can be verified.
What are the legal effects of a digital signature?
Article 3 of the DSA provides that a digital signature created by a private key that corresponds to a public key listed in the certificate issued by a licensed CA is deemed to be a legally effective signature. In addition, there is a legal presumption that such digital signature is the signature of the person to whom a respective electronic message correlates and that the respective electronic message has not been altered after it was digitally signed.
What rules apply to the issuance of digital certificates?
Article 15 of the DSA states that prior to issuing a certificate, a licensed CA must verify the identification of the applicant, taking into account the scope of intended use and other considerations for the certificate. The certificate must contain:
The subscriber's name;
The subscriber's public key, a public key being defined as information in electronic form used to verify a digital signature;
The type of digital signature used by the subscriber and the licensed certification authority;
The serial number of the certificate;
The effective period of the certificate;
The name of the licensed CA;
Matters relating to any limitation as to the scope of authorized uses; and
Matters relating to the agency when a subscriber is acting on behalf of a third party.
How are CAs regulated?
CAs are regulated under Chapter 2 of the DSA. Under this Chapter, Article 4 states that the Minister of Information and Communication may license certain entities as CA if said entities are deemed to be capable of carrying out the certification practice in a secure and reliable manner. These entities can only be government agencies, local self-governing bodies and juridical persons. As a prior condition to obtaining a license, the CA must possess certain technical and financial capabilities, facilities and equipment. Article 6 also provides that prior to the commencement of its practice, a licensed CA must file a certification practice statement with the Minister of Information and Communication. This statement must includes: (i) the categories of certification practices; (ii) the working rules and procedures of certification practices; (iii) the terms and fee charged for certification services; (iv) other necessary matters in carrying out the certification practice.
http://www.ibls.com/internet_law_news_portal_view.aspx?s=articles&id=BB91365E-FF0C-4576-82A1-8A8EFDF52C1C
In the same way that the Minister of Information and Communication can grant a license, it may also suspend or revoke the license granted to a CA, in the conditions stated in Article 12 of the DSA. These conditions notably include the case where the CA obtained its license through fraud or any other wrongful means and the case where the CA fails to suspend certification practice in violation of an order.
