The Certification Innovation

Welcome to this week’s edition of RHIZOME Wire!

A new standard

Once again, this week brought some exciting news to the ICON project:

Here is an excerpt from the Naver article explaining the change (my apologies for the rough translation):

When this law came into effect, the certificate system that was introduced in 1999 and inhibited service innovation through market monopoly and created user inconvenience, disappeared into history.

Instead, it is expected that other digital signature means such as blockchain will be activated by introducing an evaluation and recognition system for electronic signature authentication in consideration of international standards.

For a bit of history and context regarding Korea’s now-former certification system, I encourage you to read the entirety of this (RHIZOME team-member) Brian Li post, presciently written exactly two years ago as of today. The post goes into the difficulties of the certification system as it existed, and also speculates on how ICONLOOP may play a role in future certification.

It is hard to correct any of the predictions that Brian made in his post, as the majority (if not all) of them are still on track; however, I would like to add some additional context, seeing as there have been two years of developments since it was written.

First, to get a true sense of how widespread (and unique) this sort of certification process is, here is a quote from Keechang Kim, Professor at Korea University Law School:

Almost all internet banking, e-commerce providers and e-government agencies in Korea require users to present user certificates (issued by an NPKI accredited CA) for authentication purpose and to ensure integrity of transaction records (transaction confirmation). No other countries that I know of have achieved this level of adoption of PKI technology at the client side.

(NPKI refers to “National Public Key Infrastructure” while CA refers to “certification authorities.”)

[The 1999 Digital Signature Act] stipulates that where signature is required by law, in order to satisfy such a legal requirement electronically, one has to use the certificate issued by an NPKI accredited CA. No other electronic signatures, no matter how secure, reliable or appropriate, can meet the legal requirement for a signature under the Korean law.

In other words, there has essentially been a government-monopoly of sorts on certification; ultimately, if your signature hadn’t been accredited, it was essentially invalid. This is in contrast to similar digital-signature laws in other areas. For instance, in both the EU and the United States, a digital signature is still viewed as legitimate, even if it doesn’t have a “reliability” stamp of approval from a government agency.

While this form of “signature discrimination” didn’t really have much of an impact on Korean citizens who had accredited signatures, it did have an effect on foreigners attempting to conduct business in Korea:

Inside Korea, the Korean NPKI certification service has become ubiquitous and it certainly feels like a “standard” technology. But once you leave Korea, the technology and the services are hardly known. They are, for all practical purposes, un-workable for non-Koreans and even for Koreans outside Korea. Indeed, this piece of technology (as it is used for user authentication and transaction confirmation) is the one which isolates Korean e-commerce from the rest of the world as it prevents Korean e-commerce providers from reaching out to customers in the rest of the world.

If that weren’t enough, the systems security was also lacking:

But most of all, there are serious security vulnerabilities of the Korean NPKI implementation of user authentication and transaction confirmation. As the accredited CAs routinely “re-issue” user certificates online without face-to-face verification of the applicant’s identity, phishing attacks to obtain user credentials needed to obtain user certificates through online application/issuance became rampant.

Accordingly, it makes sense why the national government would finally see a need to break away from this economically discriminatory and vulnerable certification system.

Of course, this didn’t happen overnight; the government had been laying the groundwork for this move for some time (this quote is from January 2018):

The government said it plans to gradually revise related laws, including the Electronic Commercial Act and Digital Signature act, which make certificate verification mandatory. It hopes various authentication methods such as blockchain and biometric authentication will replace the old verification method.

Here’s another one, also from 2018:

After the government announced in March to enact a revised electronics signature law, including the abolition of authorization certificate, a discussion about setting up a platform that can replace the electronic signature for financial transactions has been in progress.

So, now the question becomes: who will be the biggest beneficiary of this change, and who is most likely to become the new standard (assuming a unified standard emerges)?

Here is a section from ICON Newsletter #9, titled “How does MyID compare to other digital identity projects in Korea?”

There are several identity consortiums in Korea including:

  • MyID Alliance: currently has 52 organizations including Samsung, Kyobo, Shinhan and IBK and various other companies across industries such as security firms, e-commerce companies, and manufacturing companies.

  • Initial DID Association: the group includes Samsung, financial services firms like KEB Hana Bank, Woori Bank, KOSCOM, as well as mobile carriers SK Telecom, KT, and LG UPlus.

  • DID Alliance: includes 60 member firms and is focused primarily on the RoboAdvisor industry.

Of course, we are all familiar with MyID Alliance (which, according to their website, now has 62 members).

Here is the graphic ICON provided to compare the various consortiums:

Korean DID consortium comparison

While this is obviously going to be biased in favor of MyID, I do believe there is a clear edge above the competition.

I believe the most important evidence of this edge is the regulatory support. A company can have the best technology in the world, but if they don’t have the approval or favor of regulators for it’s use, it doesn’t matter. MyID has already checked that box, while the others either haven’t, or only partially have.

In addition, ICONLOOP’s DID solution has already received the “blessing” of sorts from the financial industry participants:

In October 2017, the Korea Financial Investment Association (KOFIA) — a self-regulating organization of the Korean financial investment industry — announced that:

“Korea Financial Investment Association, KOFIA, introduced the world’s first blockchain- based joint authentication service for the financial industry dubbed “Chain ID” on October 31, 2017.

The consortium is hoping to widen the adoption of the Chain ID across the entire financial investment industry within this year, and introduce it to other financial industries such as banking, insurance and credit card next year.”

Several months later, ICON announced the following:

“Answering to the needs of a new method of personal authentication, theloop has joined the Korea Financial Investment Blockchain Consortium as a technical partner to develop CHAIN ID.”

In other words, the organization that essentially all financial investment institutions are a member of essentially hired ICONLOOP to build their DID platform.

Meanwhile, here is another graphic from ICON showing the “evolution of our digital identity products”.

Evolution of our digital identity products

While it’s not clear if these three platforms are technically separate products, or if this image is showing the evolution of one product, I think it’s reasonable to conclude that a substantial portion of the technology used to build ChainID has been incorporated into My-ID; accordingly, the members of KOFIA likely have a strong attachment to My-ID, and the evidence of this shows in the number of KOFIA members that have joined the My-ID Alliance.

So what’s the grand conclusion?

  • For a while, Korea has eyed the overhaul of their identification laws and standards, and began laying the groundwork to do so.

  • This week, Korea finally pulled the plug on the prior certification regime.

  • The DID solution built and organized by My-ID appears to be at the forefront of filling the vacuum and providing a standard DID certification.

That, of course, is all good news.

But I have just one more thing to add.

It’s clear that Korea has been working “behind the scenes” for a while now to move on from their prior certification/identity laws. They couldn’t just revoke them one day without a clear path forward.

The fact the government finally moved on from the prior set of laws indicates to me that they felt a DID system was on the verge of implementation. It’s clear that My-ID is the platform that’s most ready for “primetime” based on regulatory approval, technical development, and business participation.

From my perspective, this all means that the gap between “speculation” and “implementation” is closing very rapidly.

News from ICON World

The latest episode of the RHIZOME Report has been released!

RHIZOME hosted a live giveaway as part of their video review of Reliant Node’s upcoming MyICONWallet mobile app release.

Be sure to check out the full episode!

UBIK Capital has developed a new tracker for ICON

Somesing has signed an MoU with SL Studio and partnered with JYPNation

The next P-Rep Governance Meeting will take place on May 29th!

UBIK Capital has released a new tutorial series for building on ICON with Swift programming language

Ricky Dodds has an AMA with!

Recently, Ricky Dodds had an AMA with the - much to those participating within the AMA’s surprise, some exciting announcements were revealed which have now been publicly announced.

BTP is coming!

ICONex android wallet has been updated to include a randomized P-Rep voting list

Recently, ICONex put up a surprise update with no formal announcement. For Android users of ICONex, there now lies the ability to have a randomized P-Rep voting list.

Props to VELIC for listening to the community and implementing the changes. For iOS users, the same changes can be expected to likely update soon.

Blockchain Industry News

Tokensoft Distributes $4M in Equity to Investors Using Ethereum - CoinDesk

The investors receive a digital representation of their investments (based on a Simple Agreement for Future Equity, or SAFE, model) on the Ethereum blockchain using the ERC-1404 tokens to ensure the SAFE agreements will be enforced on-chain. The ERC-1404 standard is used for accounting and compliance purposes.

Coinbase says employees can work from home permanently - Decrypt

There were practical considerations to the matter. Even as many states begin the process of reopening, businesses still have to take precautions. Armstrong stated that maintaining six feet of separation in the office would be challenging. He added that “even if we moved into every floor of our SF HQ, we wouldn’t have enough space to bring all current SF employees back, let alone hire more.” 

Bittrex Is Puzzled Over 24M Stolen STEEM Tokens on Its Holding Account - Cointelegraph

The Bittrex co-founder continued that the exchange will carefully “review the facts of this transfer” in order to return the funds to the original wallet owner. But in order to get these funds returned, the owners will have to prove that funds belong to them, Lai elaborated. According to Bittrex, the transaction was sent “without the proper identifying memo,” which makes it hard to identify the ownership of the funds.

Finance and the Real Economy Can't Stay Out of Sync Forever - CoinDesk

The COVID-19 pandemic has accelerated many trends. It has sped up the rise of telemedicine and remote work. It has expedited the demise of shopping malls and handshakes. It has forced the collapse of companies that were always destined to fail and served as rocket fuel for those corporations already headed for the moon. Even at personal levels, the pandemic has served as an accelerant. Budding relationships are forced to move faster in quarantine. And all of this is not to mention the horrifying mortality rate among the already-vulnerable and elderly.