By Kim Tong-hyung
The government plans to adopt standard software to enable required security measures on smartphones for mobile banking services.
However, critics claim that the decision to pick a specific technology to control transactions over different mobile platforms is an ill-advised move, as it may eventually expose mobile users to a similar, shaky security environment experienced by computer users in the Microsoft-dominated desktop world.
The Ministry of Public Administration and Security had been working with the Korea Internet and Security Agency (KISA) and other state-run technology agencies to standardize specification for downloading public-key certificates on smartphones.
Banks and credit card companies expect smartphones will allow them to facilitate mobile transactions.
The current law states that all encrypted online communications on computers require the use of electronic signatures based on public-key certificates. And the Financial Supervisory Service (FSS) decided earlier this year that these will be required for smartphone transactions as well.
The standard software unveiled by the government will be used for downloading public-key certificates on smartphones and will be compatible across different mobile operating systems, which include Microsoft’s Window Mobile, the Google-backed Android and Apple’s own operating system for the iPhone.
Smartphones will also have to keep the verification tools in specific locations, such as the ``Key Chain’’ folders in iPhones.
The government will also allow the certificates to be downloaded on the USIM chips of the mobile devices.
Smartphones provide a wealth of data features, including Web browsing, e-mail, video and games, atop of voice.
The number of smartphone users more than tripled to over 1 million in the last three months since local wireless carrier, KT, released the iPhone.
``The smartphone-based public-key certificates, will provide a standard technology that can be used by everybody just as they do on personal computers. It will be important to enable computability between the different mobile operating systems, including Window Mobile, Android and the iPhone OS.’’
Government officials say that the transactions on smartphones should be protected by the same security measures required for computers.
The requirement for public-key certificates was precisely what allowed Microsoft to establish a virtual monopoly in computer operating systems and Web browsers here, which is now blamed for having Korean computer users stuck with outdated technology and exposed to larger security risks.
Since the fall of Netscape in the early 2000s, Microsoft's Active-X controls on its Internet Explorer (IE) Web browsers remain as the only plug-in tool to download public-key certificates to computers.
This has prevented the users of non-Microsoft browsers such as Firefox, Chrome and Opera from banking and buying products online.
There are worries that picking a single software standard to enable financial transactions on smartphones would only expose mobile users to larger security risks, as it could easily be used as a blueprint for cyber criminals to disguise their malicious software, just as they exploit Active-X plug-ins in the desktop computing world.
Users of the iPhone would be less vulnerable, as Apple strictly monitors and controls the programs available on its App Store online applications store.
However, smartphones powered by more open mobile platforms, such as Android, might be exposed to tech theft, according to Kim Kee-chang, a Korea University law professor who has led a series of legal actions against the financial authorities for their insistence on overwhelming Active-X use.
``It would be better to let the banks and credit card companies to simply pick and use their own security methods, as it would be in their best interest to pick the best technology available. Surely, none of them would opt for public-key certificates if they had the freedom.’’