a. KICA ensures that subscribers and users may verify the reliability and validity of certificates by announcing the following information promptly:

1. 1) Information on KICA:
   1. ① Designation and cancellation as licensed certification authority.
   2. ② Recess, suspension, or revocation of certification services.
   3. ③ Transfer, takeover, or merger of certification services.
2. 2) Information concerning subscriber certificates:
   1. ① Subscriber certificates.
   2. ② Certificate Revocation List(CRL).
3. 3) Certification Practice Statement of KICA.
4. 4) Other information related to certification services.

1 copy (Should bring the original).

KICA generates Key pair in a secure manner utilizing reliable software or hardware. KICA should securely manage the private key to prevent their loss, damage, theft, or leakage.

a. KICA informs KISA and a subscriber when KICA discovers any events that may affect reliability or validity of certificates, including loss, damage, theft, or leakage of Private key, or discovers any weaknesses in Key pair or in the algorithms, through communication networks immediately. And also, KICA may revoke subscriber certificates issued using the corresponding Private keys.

b. KICA generates new Private keys, has its Public key certified from KISA, and uses Private keys to re-issue subscriber certificates. KICA then notifies and distributes the corresponding facts through e-mail or communication networks.

c. Further, KICA publicly announces the corresponding facts so that anyone concerned can check them at any time through certification management systems, and can also take measures to secure the reliability and validity of its certification services.

KICA also provides directory service so that subscribers and users relying on a certificate may search certificate of KICA, subscriber certificates, and Certificate Revocation List (CRL) at any time through on-line communication networks.

a. With regard to the information pertaining to subscribers obtained in performing certification procedures and the following data generated in operating certification authority, KICA does not use or disclose such private information for purposes other than that for certification service, unless otherwise stipulated by other laws, court order, or consent of the corresponding subscriber.

1. ① Records related to certification application (other than what is recorded in the certificate or information already disclosed).
2. ② Data related to audit and certification services.

b. With regard to one's own private information, subscribers are allowed access to certification management systems through which they may inspect or correct any relevant information.

KICA issues certificates pursuant to the certificate specification under ITU-T X.509 Version 3.

a. KICA generates and announces Certificate Revocation List (CRL) pursuant to the specifications of the list of revoked certificates under ITU-T X.509 Version 2.

b. When suspending certificates, KICA displays suspended certificates using the Reason Code in the extension field of Certificate Revocation List (CRL).

KICA compensates for damages inflicted on subscribers while providing certification service in violation of the Act, its enforcement decrees, regulations, or provisions of these Rules.

a. With regard to damages caused in connection with its certification service, KICA is not responsible for damages exceeding the given limits even though the total amount of liability for damages incurred on subscribers, both directly or indirectly, exceed the limit of liability for KICA.

b. In case the damage where exceeds the limit of liability, and is accompanied by a judgment of a legal court, KICA shall be responsible only within the above limits and only for cases officially resolved.

KICA does not assume responsibility for damages caused by the following reasons:

a. Damages that are caused by using the certificates beyond specific restrictions imposed by KICA on the scope of their application or use.

b. Damages that resulted from causes not attributable to KICA, including communication failures in providing such certification services as issuance, re-issuance, and renewal of certificates or in announcing lists of suspended or revoked certificates, or failures of subscribers' system.

c. Damages caused by not checking and verifying on the part of user relying on a certificate, as required under "5.5.2 Responsibilities of user relying on a certificate" of these Rules.

d. Damages other than those that are direct and compensatory caused in connection with KICA's certificates and certification services.

e. Damages caused by fraudulent information provided by subscribers or other illegal means.

f. Damages caused by revised information that subscribers failed

to provide due to negligence or intention.
Damages caused by careless management of Private keys on the part of subscribers.
Damages caused by reasons other than those stipulated in the Act or in the Certification Practice Statement.

KICA does not warrant the matters such as subscribers' credit or the integrity of information related to subscribers that are not provided under the Act and these Rules.

As a security for its Liability for Damages, KICA is carrying a policy of public liability insurance.

In providing licensed certification services, Registration Authorities observe these Rules and (pursuant to 5.3.1 of these Rules) carry out registration functions faithfully.

a. With regard to issuance of certificates, Registration Authorities accept only those applications with accurate information based on facts, and until verifications are completed applications are not treated as "accepted". For personal identification, Registration Authorities observe specific guidelines set by KICA.

b. When the reception process is completed, Registration Authorities issue receipt slips prepared by KICA or by the RAs themselves.

c. Registration Authorities are prohibited from refusing receipt of applications for certificate issuance, suspension, revocation, reinstatement, etc. without good reasons. Accordingly, when refusing Registration Authorities should clearly state the reasons why the applications in question cannot be received.

Registration Authorities, as befitting their role as reliable managers of registration, carry out their responsibilities quickly, accurately, and securely.

Pursuant to 5.2.2.5 of these Rules, Registration Authorities protect the private information obtained in performing certification and safeguard the security of data.

In performing certification services, Registration Authorities observe security guidelines for facilities and personnel as set by KICA.

Information that subscribers provide, including changes subscribers make subsequently to them, in the following cases, shall always be accurate and based on facts:

1. a. Information provided for certificate application (issuance, re-issuance, and renewal).
2. b. Information provided when applying for suspension of certificates.
3. c. Information provided when applying for reinstatement of certificates.
4. d. Information provided when applying for revocation of certificates.
5. e. Changes made to subscribers' identity as recorded in the certificates.

Pursuant to 3.1.2 of these Rules, subscribers can generate Key pair.

a. Of the generated Key pair, subscribers are responsible for safekeeping of Private keys to prevent their loss, damage, theft, or leakage.

b. On recognizing that the Private keys belonging to them have been lost, damaged, stolen, or leaked, subscribers should immediately notify KICA of the corresponding fact through on-line communication networks, etc.

c. Upon recognition that the Private keys belonging to them have been lost, damaged, stolen, or leaked, subscribers should exert themselves to reduce or confine the damage.

To generate key pair having legal validity, subscribers should use the Private key that matches the Public key contained in the KICA-issued certificate.

On receiving new certificates, subscribers should confirm their validity, issuing body, their types, and services before using them.