[ CHAPTER 2 - LICENSED CERTIFICATION AUTHORITIES ]
Article
4. Licensing of Certification Authorities
(1) The Minister of Information
and Communication may license an entity, deemed to be
capable of carrying out the certification practice in a secure and reliable manner,
as a licensed
certification authority.
(2) The entity that can be licensed as a certification authority
shall be limited to government
agencies, local self-governing bodies and juridical persons.
(3) The entity that desires to be licensed
as a certification authority must possess the technical
and financial capabilities, facilities and equipment prescribed by Presidential
Decree and
satisfy other requirements thereunder.
(4) Licensing procedures and other necessary provisions shall
be established by Presidential
Decree.
Article 5. Disqualification
Any entity that falls under any of the following Subparagraphs shall not be licensed
as a
certification authority:
1. Juridical persons any of whose officers falls under any of
the following categories:
a. Person who is judicially declared incompetent, quasi-incompetent, or who is
bankrupt, and is not yet rehabilitated.
b. Person who has received a sentence not lighter than imprisonment, and for
whom two
years have not elapsed after termination of such sentence (including the case
where
the sentence is deemed to have been terminated) or exemption therefrom.
c. Person who received a suspended sentence of a punishment not lighter than
imprisonment, and who continues to remain in the suspended sentence period.
d. Person whose qualification has been deprived or suspended under a court judgment
or other law.
e. Person who was an officer of a juridical person whose license was revoked
pursuant
to Article 12 (limited to the case where two years have not elapsed after such
revocation).
2. Juridical person whose license was revoked
in pursuant to Article 12, and for which two
years have not elapsed thereafter.
Article 6. Certification Practice Statement
(1) Prior to the commencement of certification practice, a
licensed certification authority
shall file its certification practice statement which contains each of the following
with the
Minister of Information and Communication. Any changes thereto shall also be
filed in the
same manner.
1. Categories of certification practices
2. Working rules and procedures of certification practices
3. Terms and fee charged for certification services
4. Other necessary matters in carrying out the certification practice
(2) In the event the Minister of Information and Communication
determines that the contents
of the certification practice statement filed pursuant to Paragraph (1) hereof
interfere with
the achievement of security and reliability of the certification practice or
is likely to harm the
interests of subscribers, the Minister may order the respective licensed certification
authority
to amend such certification practice statement within a specific period of time.
Article 7. Provision of Certification Services
(1) A licensed certification authority may not refuse to provide
certification services without
a valid reason.
(2) A licensed certification authority may not unjustly discriminate
against a subscriber or
certification service user.
Article 8. Undertaking by Licensed Certification Authorities
(1) Prior to commencement of certification practice, a licensed
certification authority shall
have its own public key certified by the Korea Information Security Agency (hereinafter,
the
¡°KISA¡±) under Article 14-2 of the Basic Act on Promotion of Informationization.
(2) A licensed certification authority shall carry out its
certification practice by means of a
private key corresponding to the public key certified in accordance with Paragraph
(1) hereof.
Article 9. Acquisition
(1) A licensed certification authority that intends to acquire
the certification practice of
another licensed certification authority or to merge with another licensed certification
authority that is a juridical person shall file a report with the Minister of
Information and
Communication in accordance with the Decree issued by the Ministry of Information
and
Communication.
(2) The licensed certification authority which acquired a certification
practice or which is the
surviving juridical person or the newly established juridical person after the
merger pursuant
to Paragraph (1) hereof shall assume the status of the former licensed certification
authority.
Article 10. Suspension and Termination of Certification Practice
(1) A licensed certification authority that intends to suspend
all or part of its certification
practice shall notify the subscribers of the suspension period no later than
30 days before the
such intended suspension, and file a report with the Minister of Information
and
Communication. Such suspension period shall not exceed 6 months.
(2) A licensed certification authority that intends to terminate
its certification practice shall
notify the subscribers thereof no later than 60 days before the such termination
date, and file a
report with the Minister of Information and Communication.
(3) A licensed certification authority that filed a report pursuant
to Paragraph (2) hereof shall
assign to another licensed certification authority the subscribers' certificates
and records of
the suspension and termination of the certificates (hereinafter, the ¡°subscriber
certificates
etc.¡±). Provided, however, that if the subscriber certificates etc. cannot be
assigned owing to
unavoidable circumstances, the licensed certification authority shall make a
report to the
Minister of Information and Communication without delay.
(4) Upon receiving the report pursuant to the proviso of Paragraph
(3) hereof, the Minister of
Information and Communication may order the KISA to take over the subscriber
certificates,
etc. from such licensed certification authority.
(5) Matters necessary for reporting the suspension or termination
of certification practice and
assignment and take-over of the subscriber certificates, etc. pursuant to Paragraphs
(1) through
(4) hereof shall be established by Decree of the Ministry of Information and
Communication.
Article 11. Corrective Order
The Minister of Information and Communication may order a licensed certification
authority
to take corrective actions within a specified period of time in any one of the
following cases:
1. When the certification method used is inappropriate such
that it is likely to interfere
with the achievement of security and reliability of digital signatures.
2. When the requirements of a licensed certification authority
under Subparagraph 3 of
Article 4 has not been satisfied after being designated as licensed certification
authority.
3. When any director or officer of a licensed certification
authority falls under any of the
categories under SubParagraph 1 of Article 5.
4. When a filing or amended filing pursuant to Article 6 is
not made or when the filed
certification practice statement is not complied.
5. When a licensed certification authority, in violation of
Article 7, refuses to provide
certification service or unjustly discriminates against subscribers or certification
service users.
6. When the filing of an acquisition of a certification practice
or a merger between
licensed certification authorities is not made, in violation of Paragraph (1)
of Article 9.
7. When notification or filing of a suspension or termination
of the certification practice
is not made or when subscriber certificates, etc. is not assigned upon termination
of the
certification practice, in violation of Article 10.
8. When subscriber certificates, etc. is not assigned by a
licensed certification authority
whose license is revoked or a filing of a report is not made, in violation of
Paragraph
(2) of Article 12.
9. When records under Paragraph (1) of Article 14 are not submitted.
10. When a certificate is not suspended or restored or when
measures are not taken to
confirm such fact, in violation of Article 17.
11. When a certificate is not revoked or when measures are
not taken to confirm such fact,
in violation of Article 18.
12. When necessary measures to allow access to subscriber's
personal information or
correction of errors therein are not taken, in violation of Paragraph (3) of
Article 24.
Article 12. Suspension of Certification Practice or Revocation of License
(1) The Minister of Information and Communication may suspend
for a specified period, not
exceeding 6 months, or revoke all or part of the license of certification practice
if a licensed
certification authority falls under any of the following Subparagraphs, provided,
however, that
in case of Subparagraph (1) and (2), license shall be revoked:
1. When a license under Article 4 was obtained through fraud or any other wrongful
means.
2. When a person ordered to suspend its certification practice fails to suspend
the
certification practice in violation of such order.
3. When certification practice is not commenced within 6 months after the grant
of
license under Article 4 or when certification practice continues suspended for
a period
of more than 6 months.
4. When an order to amend the certification practice statement under Paragraph
(2) of
Article 6 is violated.
5. When a corrective order under Article 11 is not complied without a valid reason.
(2) A licensed certification authority whose license is revoked
pursuant to Paragraph (1)
hereof shall assign its subscriber certificates, etc. to another licensed certification
authority.
However, if the subscriber certificates, etc. cannot be assigned due to an unavoidable
reason, it
shall make a report to the Minister of Information and Communication without
any delay.
(3) Paragraph (4) of Article 10 shall be applied mutatis mutandis
to a licensed certification
authority whose license is revoked.
(4) Any necessary matters pertaining to standards and procedures
for the actions under
Paragraph (1) hereof and assignment and acquisition under Paragraphs (2) and
(3) hereof shall
be established pursuant to the Decree of the Ministry of Information and Communication.
Article 13. Imposition of Administrative Fines
(1) When a suspension of the respective certification practice
results in serious
inconvenience to Subscribers or is likely to cause harm to any other public interest,
the
Minister of Information and Communication may impose an administrative fine in
the amount
of up to 20,000,000 Won, in lieu of suspension of license, for any act that falls
under any of
Subparagraphs in Paragraph (1) of Article 12.
(2) All matters including applicable amount of the administrative
fine according to the type
and severity of the violation subject to administrative fine under Paragraph
(1) hereof shall be
established by Decree of the Ministry of Information and Communication.
(3) In the event the administrative fine under Paragraph (1)
hereof is not paid by the due date,
the Minister of Information and Communication shall collect such administrative
fine in
accordance with the established procedures for collecting national taxes in arrears.
Article 14. Investigation, etc.
(1) Whenever deemed necessary to achieve security and reliability
of certification practice, to
protect subscribers, or otherwise, the Minister of Information and Communication
may order
a licensed certification authority to submit relevant records, and have relevant
public officials
enter the offices, work sites or any other necessary premises and examine the
certification
practice system, books, records and other items.
(2) The public officials who enter and conduct the inspection
pursuant to Paragraph (1) hereof
shall show proof of their authority to relevant persons.
