The standard evangelism group for universial access and trust of web in Korea
Mr. Vladimir said his experience of Korean internet banking to know technical issue about SEED. Thanks for his trouble in korean sites. I’ll introduce technical description for that. (Before you read this article, please read his It’s gone to SEED.)
In first introduction of SEED in 1997, there was only cryptographic ActiveX or NSPlugin (was deprecated after browser wars). It works issuing and managing personal certificate by national CAs and “adding digital signature” to “important text” as like account number to transfer money in transaction. InisafeWeb is one of them. (There are almost eight providers in Korea, so if you use several national CA services such as banking, cyber trading and e-government, you must install at least over three same functional ActiveX control. It’s so ridiculous)
In fact, it’s almost same with SSL transaction. All browser has a certificate manager as similar User-interface as Mr. Vladimir saw. Why korean didn’t use browser’s basic function? One is SEED encryption algorithm. The other is the digital signature function not to be standardized in browser. It is similar with crypto.signText(), in fact, it was originated by that idea in 10 years. The cryptographic ActiveX has these functions.
Finally, I will explain the rest ActiveX controls. There has been a financial accidents by hacked personal certificate and security number affected by key logging tools. It caused by user’s insensible installing ActiveX in Korea. (Most people was educated by clicking “Yes” in prompting Security Warning in installing ActiveX by IE. Why? Most of public services has used ActiveX. So people cannot help affecting spywares or malwares. It’s just a vicious circle of security.) So most of bank started to give a prohibiting key logging(”SoftCamp”) and online firewall and vaccine ActiveXs(”Hauri”). InsisWeb is only Shinhan’s insurance processing ActiveX. As same as cryptographic ActiveX, there are each several providers of these tools. So installing ActiveXs were continually increased. Maybe most of korean has almost over 10 ActiveX controls to use public services.
The problem is that all ActiveX controls are highly coupled and there is no right to choose them to users. It’s not the end. Most of e-government sites offer DRM-enabled printing ActivX for all printer drivers. In credit card transactions, there are several providers and their ActiveX controls. In korea, even Visa3D was operated in ActiveX. (The government made a guideline to use National CA system over credit card transaction over $300. So If you want to buy something in online shopping mall, you must install above all.) If you want cyber trading…? Yes. There is another ActiveX.)
It’s very serious situation, there has been several warnings in Windows XP SP2 and ending support of Windows 98. But, korean government ignored them, most of software companies has used dodging tactics to protect their business.) Now it’s not only SEED’s problem in korean situation. It’s almost national Intranet system optimized in Windows and Internet Explorer attacked by inner hackers. It’s korean home brew.
The Web Standards Korea is the standard evangelism group for universal access and trust of web in Korea. We engage various evangelism activities including community, education, documentation, lecture and governmental relationship for standard issues.