- 1. Objectives
- 2. Certificate Class and Issuance Policy
- 3. Applications and Procedure for Certificates
- 4. Personal Identification
- 5. Responsibilities and Liabilities of Related Parties
- 6. Operation of Certification System and Security Control
- 7. Management of Certification Practice
- 8. Definition of Terms
3. Applications and Procedure for Certificates
3.1 Application for Certificates
3.1.1 Registration for Certificates
Subscribers should personally visit KICA offices for registration or access KICA website for registration forms depending on the class of KICA certificates being sought. They should also undergo personal identification following personal identification procedures stipulated by "4.1 Personal Identification for Issuance of Certificates" of these Rules.
3.1.2 Application for Issuance of Certificates
When registration and personal identification are completed, subscribers generate Key pair using software provided by KICA or personal software and transmit certificate application message to KICA using their user identification number, assigned to them at the time of registration, to guarantee security.
3.2 Issuance of Certificates
3.2.1 Issuance of Certificates
a. Before issuing certificates, KICA performs the following points of verification:
- ① Personal identification of applicants, as described in "4.1 Personal Identification for issuance of Certificates" of these Rules.
- ② Uniqueness of public key submitted by an applicant.
- ③ Whether the Public key submitted by an applicant matches private key that the applicant owns.
- ④ The uniqueness of DN (Distinguished Name) submitted by the subscriber.
b. A certificate issued by KICA contains the following details:
- ① Applicant 's name.
- ② Applicant 's private key.
- ③ Method of digital signature used by an applicant and KICA.
- ④ Serial number of the certificate.
- ⑤ Validity of the certificate.
- ⑥ Name of KICA as an issuer of a certificate.
- ⑦ Scope of certificate's use and restrictions to its application
- ⑧ Information on representation in case subscriber holds representation rights for a third party.
c. In general, certificates are issued within 1 to 3 days from the date of application for issuance of certificates using the key pair by an applicant. This is provided that the subscriber has filed application forms and other supporting documents, has paid required fees stipulated by these Rules and completed personal identification process stipulated by "4.1 Personal Identification for Issuance of Certificates" and "5.3 Registration Authority".
However, issuance of certificates may be delayed or rejected if the information presented by the subscriber is inaccurate or the subscriber fails to pay the required fees. Issuance of certificates may also be delayed when the number of subscribers is unusually large as in the case of a group subscription.
3.2.2 Re-issuance of Certificates
3.2.2.1 Reasons for re-issuance of certificates
Re-issuance of certificates refers to issuance of a new certificate by KICA under special conditions. Registration for re-issuance is done using the same DN (Distinguished Name) but with a new Private key. The reissued certificate is valid for the remainder of the original certificate's validity period. The conditions for re-issuance of certificate are;
a. When subscriber applies for re-issuance of certificate, fearing that his Private key was lost, damaged, stolen, or leaked.
b. When KICA realizes that its Private key has been lost, damaged, stolen, or leaked.
c. When KICA discovers weaknesses in its digital signature algorithm.
3.2.2.2 Application for re-issuance of certificates and re-issuance procedure
Procedures under "3.2.1 Issuance of Certificates" are applied to re-issuance of certificates, as applicable. The certificate originally issued before registration for re-issuance will be revoked. Before reissuing certificates, however, KICA should verify the following points:
a. Personal identification, stipulated by "4.2 Personal Identification for Re-issuance of a Certificate" of these Rules.
b. The uniqueness of Public key submitted by the applicant who applied for re-registration.
c. Whether the new Public key submitted by the subscriber who applied for re-registration matches the Private key owned by the subscriber.
d. An Identity of DN (Distinguished Name) submitted by the subscriber who applied for re-registration.
3.2.3 Renewal of Certificates
3.2.3.1 Reasons for renewal of certificates
Re-issuance of certificates refers to issuance of a new certificate by KICA under special conditions. Registration for re-issuance is done using the same DN (Distinguished Name) but with a new Private key. The reissued certificate is valid for the remainder of the original certificate's validity period. The conditions for re-issuance of certificate are;
a. Renewal of certificates refers to issuance of a new certificate intended to extend the validity of the original certificate using the same Public key and the same DN (Distinguished Name). Subscribers who want their certificates renewed should apply 30 days prior to the expiration of their original certificate. For new certificates, subscribers are allowed to change information except for the Public key and DN.
b. KICA provides guidance service for renewal of certificates from 60 days prior to the expiration of the existing certificates.
3.2.3.2 Application for renewal of certificates and renewal procedure
Procedures under "3.2.1 Issuance of Certificates" are applied to renewal of certificates, as applicable. The certificate originally issued before registration for renewal will be revoked. Before renewing certificates, however, KICA will verify the following points:
a. Personal identification, stipulated by "4.3 Personal Identification for Renewal of a Certificate" of these Rules.
The identity of the Public key submitted by the subscriber who applied for renewal with the Public key recorded in the existing certificate.
The identity of DN submitted by the subscriber who applied for renewal with the DN recorded in the existing certificate.
3.3 Validity of Certificates
In consideration of the scope of an application, use of the certificates , security and reliability of the technology employed, etc., KICA determines the validity of certificates as follows:
| Class I | Class II | Class III | |||
|---|---|---|---|---|---|
| Individual | Corporation/Organization | Server Operator | Individual | Individual | Corporation/Organization |
| 1 Year | 1 Year | 1 Year | 1 Year | Less than1 Year | Less than1 Year |
3.4 Suspension of Certificate Validity
3.4.1 Reasons for Suspension of a Certificate
Reasons for suspension of a certificate are as follows:
a. When the subscriber or his representative applies the suspension of a certificate.
b. When the subscriber violates any of these Rules.
c. When the Minister of Information & Communications deems it necessary to safeguard security and reliability of certification services.
3.4.2 Applicant for Suspension of a Certificate
Only the subscriber or his representative can apply for suspension of a certificate.
3.4.3 Application Procedure for Suspension
3.4.3.1 Application for suspension of a certificate
On completion of the application form for suspension of a certificate, the subscriber can pay personal visit to one of the KICA offices to file the application, or transmit the application signed by his private key through on-line communication networks.
3.4.3.2 Personal identification
ICA verifies the subscriber's personal identification pursuant to "4.4 Personal Identification for Suspension and Revocation of a Certificate" of the Rules.
3.4.3.3 Renewal and announcement of the list of suspended certificates
KICA renews and announces the list of suspended certificates immediately, so that anybody can search the list at any time through certification practice systems. The announcement will be posted on a directory service, as shown under "5.2.2.4 Provision of directory service" of these Rules, and the time when it is posted on directory service will be construed as the time of announcement.
3.5 Reinstatement of Certificate Validity
3.5.1 Applicant for Reinstatement of a Certificate
Only a subscriber or his representative can apply for reinstatement of a certificate.
3.5.2 Application Procedure for Reinstatement
3.5.2.1 Application for reinstatement of a certificate
KICA verifies the subscriber's personal identification pursuant to "4.5 Personal Identification for Reinstatement of a Certificate" of these Rules.
3.5.2.2 Personal identification
KICA verifies the subscriber's personal identification pursuant to "4.5 Personal Identification for Reinstatement of a Certificate" of these Rules.
3.5.2.3 Measures of reinstatement of a certificate
KICA takes measures so that anybody can verify the reinstatement of certificates at any time through Certification practice systems by deleting the corresponding certificates from the list of revoked certificates.
3.5.3 Restrictions on Application for Reinstatement of a Certificate
Application for reinstatement of a certificate should be filed within 6 months from the date of suspension. Unless application for reinstatement is filed within the specified time limit, the corresponding certificate will be automatically revoked.
3.6 Revocation of Certificates
3.6.1 Reasons for Revocation of a Certificate
a. KICA revokes the corresponding certificate when any of the following reasons arise:
- ① When subscriber or his representative applied to KICA for revocation.
- ② When KICA discovers that the subscriber obtained his certificate by fraud, forgery, or other illegal means.
- ③ When KICA discovers the death, missing, or dissolution of the subscriber or his organization.
- ④ When KICA discovers the subscriber's Private key has been lost, damaged, stolen, or leaked.
- ⑤ When the subscriber violates any of these Rules.
b. When the designation of KICA as licensed Certification Authority is cancelled, the corresponding certificates are revoked.
c. When notified by the subscriber that his Private key has weaknesses, or when he discovers that his Private key is lost, damaged, stolen or leaked for other reasons, or if he discovers that there are weaknesses in his Key pair or algorithm, KICA revokes the corresponding subscriber's certificate pursuant to 5.2.2.3 of these Rules.
3.6.2 Applicant for Revocation of a Certificate
The subscriber or his representative (including testamentary executor or legal guardian) can apply for revocation of a certificate.
3.6.3 Application Procedure for Revocation
3.6.3.1 Application for revocation of a certificate
On completion of the application form for revocation of a certificate, the subscriber should personally visit one of the KICA offices to file the application form or transmit the application form that signed with Private key by subscriber through Communication networks.
3.6.3.2 Personal identification
KICA verifies the subscriber's personal identification pursuant to "4.4 Personal Identification for Suspension and Revocation of a Certificate" of the Rules.
3.6.3.3 Renewal and announcement of the list of revoked certificates
KICA renews and announces the list of revoked certificates promptly, so that anybody can verify the list at any time through certification practice systems. Provision on the time of announcement would be the same as in 3.4.3.3 "Renewal and announcement of the list of suspended certificates" of these Rules.
3.6.4 Time Required for Processing Revoked Certificates
If reasons for revocation of certificates and the identity of the subscriber who applied for revocation are confirmed, then KICA will revoke the corresponding certificates promptly, as there is no grace period for processing revoked certificates at KICA.
3.7 Frequency of Renewal for Certificate Revocation List (CRL)
KICA renews and announces CRL at least every 24 hours.
3.8 Termination of Certificate Validity
Validity of certificates issued by KICA will be terminated when the following causes arise:
- a. When the term of the certificate's validity elapses.
- b. When the designation of KICA as licensed Certification Authority is cancelled.
- c. When the certificate issued by KICA is suspended.
- d. When the certificate issued by KICA is revoked.
- e. When the CA certificate issued by KISA to KICA is revoked.
- 2.2.2 Request and Payment of Fees
3.9 Formulation of "Agreement on Use" and Notification to Subscribers
To inform subscribers of important matters concerning application for certification services, KICA reserves the right to formulate and notify an "Agreement on Use of Licensed Certification Services", a major provision contained in this Certification Practice Statement.
