preload image
  • Project to build Public Key Infrastructure(PKI) in Djibouti

    Korea Information Certificate Authority Inc. (KICA, SangJun Kim) announced that it has signed a contract with the Djibouti government for the establishment of Certification Authority project worth 1.2 million U.S. dollars.

    July, 2019

  • Korea Information Certificate Authority provides its bio-authentication service to the National Health Insurance Service

    -Provides bio-authentication (fingerprint and facial recognition) service for the M Health Insurance app-

    February, 2019

  • Global No.1 SSL Certificate COMODO, changes its name to “SECTIGO”

    -Korea Information Certificate Authority now expands its business overseas with a new brand-

    November, 2018

  • Korea Information Certificate Authority expedites entry into the IT markets in Vietnam and Indonesia.

    -Establishes a local subsidiary and enters into contracts with SSL partners-

    October, 2018

  • Korea Information Certificate Authority signed an agreement with Comodo CA for sole distributor of Comodo SSL certificate for Indonesia and Vietnam.

    -Expansion of regional distribution to Vietnam and Indonesia-

    September, 2018

  • Korea Information Certificate Authority signed MoU to establish a certification system with Indonesian Certificate Authority.

    - Indonesian government has begun to build certification systems according to the global trend -

    August, 2018

  • Electronic Signature Market Prepared after..

    [Digital Daily] The government is abolishing the accredited certification system and amending the electronic signature law. A new electronic signature service market is being changed, replacing existing authorized authentication services.

    August, 2018

  • Korea Information Certificate Authority has launched Block-Chain-Based Digital Signature Service

    -Korea Information Certificate Authority initiates block-chain-based digital signature service ‘SignOkay’.

    April, 2018

  • Obtained National Research Projects Related to Autonomous Vehicle Security in Korea

    -Study on establishment and operation of next generation ITS security certificate management system-

    October, 2017

  • SSL certificate market change

    [ITDaily] the market for SSL certificates is expected to change. “We do not trust Symantec certificates issued before June 1, 2016, starting with Chrome 66, which is scheduled for release in April 2018 and do not trust all certificates issued by Symantec from the 70 version of Chrome, which will be released in the second half of 2018.” Said Darin Fisher, Google vice president.

    September, 2017

  • Korea Information Certificate Authority provides fingerprint authentication service to Woori Bank for iPhone users.

    -Transfer money without passwords and OTP-

    February, 2017

  • Korea Information Certificate Authority, launched Cloud-based biometric authentication services

    - FIDO provides cloud-based biometric authentication, digital signatures, and time stamp services -

    December, 2016

  • ‘Beyond of certification business, advance to biometric authentication and autonomous vehicle authentication’

    -The anonymous authentication technology possessed by KICA is expected to be a key technology for anonymous certificates issued by autonomous vehicles, which will be the basis for the advancement of autonomous vehicles in the security industry.-

    December, 2016

  • Korea Information Certificate Authority and UK Certificate Authority promote mutual authentication of certificates"

    -KICA signed MoU with British Business Federation Authority to establish PKI alliance-

    October, 2016

  • Samsung to launch fingerprint mobile payment service

    -Samsung plans to launch a fingerprint authentication mobile payment service in South Korea this month, with the aim to later expand it globally, the company has said.-

    April, 2015

Privacy Policy

Korea Information Certificate Authority Inc. (hereinafter “KICA”) abides by relevant laws such as the Electronic Signature Act, Personal Information Protection Act, etc. for the protection of personal information submitted by the customer to the public certification service and other services (provided by KICA such as security server certification service, domain registration agency service, mobile key services, transaction certification service, etc.), and hereby notifies that the Privacy Policy has been established and executed as follow.


1. Personal information collection and collection method

KICA collects the personal information listed hereinafter when a customer is going to use the public certification service and may also request additional information from the customer

1) Personal information collected

A. Public certification service
① Legal information and essential information collection under the Electronic Signature Act
  • Individual: Name, Resident registration number, Email, Phone # (home/work, mobile #)
  • Corporate: Business name / Company name, Business registration number, President name, Resident registration number of the president, Name of representative, Resident registration number, Employment period, Information of the person-in-charge of certificate (department, phone #, fax #, email), Phone # of the representative Tax bill issuing information: Address of the business site, Category of business, Type of business
② Optional information
  • Individual: Address
B. Security server certification service (SSL)
① Essential information
  • Corporate: Business name / Company name, Business registration number, President name, Name of representative, Address
② Optional information
  • Business: Information of the person-in-charge of certificate (department, phone #, fax #, email), Phone # of the representative
C. Domain registration agency service
① Information collected when subscribing to a general membership
  • Essential information: ID, Password, Name/Company name, Resident registration number / Business registration number, Name of person-in-charge (in case of corporate member), Email address, Address, Phone #, Mobile #, Legal representative information if under 14 years old
  • Optional information: Fax #, Name/Address in English (to secure the essential information under the domain’s management regulations
  • Payment method for use of paid information and services: Bank details, Credit card details
② Information collected when subscribing to i-PIN membership
  • Essential information: ID, Password, Name/Company name, Name of person in charge (if corporate member), Email address, Address, Phone #, Mobile #, Legal representative information if under 14 years old
  • Optional information: Fax #, Name/Address in English (to secure the essential information under the domain’s management regulations)
  • Payment method for use of paid information and services: Bank details, Credit card details
③ The following information can be created and collected in the service using process and business process treatment
  • Service use log, connection log, cookie, connection IP information, payment record, Delinquent use record
  • Corporate: Information on the person-in-charge of certification (department, phone #, fax #, email), Phone # of the representative
D. Mobile key service
① Essential information
  • Individual: Name, Resident registration number, Mobile #, Mobile key password, Mobile service company name
② Optional information
  • Individual: Email
E. Certified email service (#mail)
① KICA may collect and use personal information as provided below that is required for registration of certified email address as an registration agency pursuant to Act. 18 para. 4 and Art. 1 para. 3 of the Framework Act on Electronic Documents and Transactions.
  • Individual: name, address, ID/password, phone number, mobile phone number, email Privately owned business: business name, name, place of business, business registration number, business registration number, ID/password, phone number, mobile phone number, email Corporate: company name (entity name), representative name, business registration number (unique number), place of business, ID/password, phone number, mobile phone number, email, person-in-charge information(name, phone number, mobile phone number, email, address) Government organization (local government, local government association): corporate name (entity name), representative name, business registration number (unique number), place of business, ID/password, phone number, mobile phone number, email, person-in-charge information(name, phone number, mobile phone number, email, address) Aged under 14: (information of legal representative) name, relationship with an applicant, mobile phone number, subscription certification information
② Information of public certificate, records of service usage, access records, log, cookies, information of access IP and records of bad use may be automatically generated and collected in the course of serve usage or in the middle of business process.

F. Bid information service (KICABID)

KICA collects and uses the following personal information to provide bid information service:

① Mandatory information.
  • Individual: ID, password, name, email address, contact information (select one from home/workplace/mobile phone), subscription authentication information Business: mailing address, information of person in charge of bid information (name, department, phone number, email) Members subscribing fee-based service - Payment by credit card : name of credit card company, credit card number, etc.- Payment by mobile phone: mobile phone number, telecommunication company, payment approval number, etc. - Account transfer : Bank name, bank account number, etc. - Information collected to issue a tax invoice : address of business location, business type, business condition, email address, etc. - Information collected to issue a cash receipt: name, resident registration number
② Optional information
  • Individual: ID, password, name, email address, contact information (select one from home/workplace/mobile phone), subscription authentication information Business: mailing address, information of person in charge of bid information (name, department, phone number, email) Members subscribing fee-based service - Payment by credit card : name of credit card company, credit card number, etc.- Payment by mobile phone: mobile phone number, telecommunication company, payment approval number, etc. - Account transfer : Bank name, bank account number, etc. - Information collected to issue a tax invoice : address of business location, business type, business condition, email address, etc. - Information collected to issue a cash receipt: name, resident registration number
③ Records of service usage, access log, cookies, information of access IP and records of bad use may be automatically generated and collected in the course of serve usage or in the middle of business process.

2) Personal information collection method

A. Public certification service

Service home page (including the bulletin board, etc.), document submitted by the customer who visited KICA, a registration agency institution, etc.

B. Other services

Service homepage (including bulletin board, etc.), document submitted to KICA, etc.


2. Purpose of personal information processing

KICA processes collected personal information for the following purposes.

1) Contract execution and charge settlement

Service provision, purchasing and payment of charges, delivery of information required tor use the service, etc.

2) Customer management

Personal verification of customer, personal identification, prevention of delinquent use by corrupt customers and prevention of unauthorized use, age verification, civil affair processing such as complaint processing, customer response and consultation, delivery of notification, etc.

3) Marketing and advertisement (publicity)

Provision of advertising information for an event, etc., publicity and marketing of the public certification service and other services, use for connection frequency or statistics of customer’s service usage, etc.


3. Installation, operation and refusal of a mechanism (a cookie) that automatically collects personal information

1) What is a cookie?

① KICA uses cookies that can store and retrieve personal information of customer to provide services tailored to and customized for an individual.

② A cookie is a small text file sent from a website server to a user‘s web browser and stored in the hard disc of the user‘s computer. Every time the user loads the website, the website server reads the cookie information saved in the user‘s hard disc, maintains the user‘s configuration setup and provides tailored service.

③ Cookies do not collect person identifiable information automatically/dynamically and a user may refuse to save cookies or delete cookies at any time.

2) Purpose of using cookies

Cookies are used to provide service tailored to a user by identifying the user’s login status, change of ID, records of website visit, a legal representative’s approval for a minor, shipping information of an ordered product, etc.

3) Installation, operation and refusal of a cookie

① A user may or may not install a cookie. That is, a user can allow all cookies by setting up options in the web browser or configure the browser to require the user’s confirmation everytime a cooke is saved, or refuse the saving of all cookies. In the event a user refuses the saving of cookies, the user may encounter difficulties to use part of the services of the website that requires a user login.

② How a user can allow cookies (in the case of Internet Explorer) is provided below. In the [Tools] menu, select [Internet option]Click [personal information] tab Configure whether or not to allow cookies in the [personal information handling level]


4. Provision of personal information to a 3rd party

1) KICA does not provide or reveal customer personal information to a 3rd party without the subscribers’ consent. However, personal information can be provided without a subscriber’s consent in accordance with relevant laws when requested by government institutions, the Information & Communication Ethics Committee for criminal investigations, and when required to settle charges, and provided after processing so that a specific individual may remain anonymous.

KICA may share the customer’s personal information with business partners or cooperative companies to provide better services, but it will pass by the member consent request procedure after informing them of the purpose, content, reason, etc., and is the information is not shared when the subscriber does not consent. Also, it passes by separate consent request procedures when the provision of personal information exceeds the previous consent’s scope. In case the provision of personal information is subsequently cancelled, KICA requests the relevant company to delete the corresponding personal information.

2) Public certification service

KICA provides SG Service Co. Ltd., KICA’s customer satisfaction center, to survey customer satisfaction by optimizing customer consultation work relating to the public certification service. It may cause difficulty in public certificate fee payment, unless consent for the provision of personal information has been obtained, and it may cause inconvenience in using the service as the consultant is not able to verify the customer’s personal information when counseling. Also, public certificate renewal and event information services cannot be provided, which may result in criminal exposure. Receivers Purpose Information provision Retention and use period SG Service, the KICA Customer Satisfaction Center Customer response work such as customer consultant, telemarketing, etc. All information collected for the public certification service Partnership term Koscom, KFTC, CrossCert, Ktnet Emergency deletion when illegal issuance, abuse, etc. is reported Name, resident registration number, DN information, etc. Immediate deletion if not a KICA customer Terminate public certificate validity and store for 10 years if a KICA customer

3) Mobile key service

KICA notifies the following list of personal information provided by SG Service Co. Ltd. partnership work for KICA’s public certificate, customer consultation, marketing, etc. registration agency work for customer consent. Customers can refuse the provision of personal information, but mobile key services using information, event information, event winning information, etc. services cannot be provided for those customers.
Receivers Purpose Information provision Retention and use period SG Service, the KICA Customer Satisfaction Center Customer response work such as consultation, etc. Mobile #, Mobile communication company name Service use period Mobile communication companies (SKT, KTF, LGT) Verification of mobile phone owners Resident registration number, Mobile # Service use period

4) Security server certification service

KICA notifies the following list of personal information required to issue certificates under the relevant laws for customer consent. If the customer does not consent to the provision of personal information they cannot obtain membership, certificate issuance and renewal services, and any other additional services.

A. Company names: Korea Internet & Security Agency, VeriSign, Comodo, Thawte, and Inicis

B. Purpose: Provision of certificate issuance information

C. Information Provision: All information provided by the owner and person-in-charge of certification (Refer to the personal information collection)

D. Retention and use period

It is being retained for the duration of the effective period for the customer’s certificate’s use and is automatically deleted upon termination.

5) Domain registration agency service

KICA notifies the following list of personal information for domain registration in accordance with the relevant laws for customer consent. If a customer does not consent, they cannot receive membership subscription, registration and domain extension services nor any other additional services.

A. Company names: Korea Internet & Security Agency, VeriSign, PIR, ASIA, and Inicis

B. Purpose: Provision of the information for domain registration

C. Providing information: All information provided by the owner and management person-in-charge of the domain

D. Retention and use period

It is retained for the duration of the customer’s certificate’s effective use period and is automatically deleted upon termination.

6) Certified email address service (#mail)

KICA provides personal information as provided below with a customer’s consent to register and manage certified email addresses. A customer may not agree to the offering of personal information, but if so, the customer is denied the certified email address service.

a. Business name: National IT Industry Promotion Agency (NIPA)

b. Purpose: information offering for certified email address registration and management

c. Provided information: name, business registration number, address, email address

d. Preservation and usage period: personal information is preserved until the validity of a customer’s certified email address registration period expires and thereafter, discarded automatically


5. 3rd party personal information commissioning

1) KICA does not provide or reveal customer personal information to a 3rd party without the subscribers’ consent. However, personal information can be provided without a subscriber’s consent in accordance with relevant laws when requested by government institutions, the Information & Communication Ethics Committee for criminal investigations, and when required to settle charges, and provided after processing so that a specific individual may remain anonymous. KICA may share the customer’s personal information with business partners or cooperative companies to provide better services, but it will pass by the member consent request procedure after informing them of the purpose, content, reason, etc., and is the information is not shared when the subscriber does not consent. Also, it passes by separate consent request procedures when the provision of personal information exceeds the previous consent’s scope. In case the provision of personal information is subsequently cancelled, KICA requests the relevant company to delete the corresponding personal information.

2) Public certification service

To provide public certification services and to improve customer access and convenience, KICA has signed a consignment agreement with 3rd party businesses for registration agency work to secure face-to-face confirmation windows for public certificate issuing. The face-to-face confirmation windows (registration agency institutions) visited by customers are therefore commissioned to collect and manage customer information before dispatch to KICA. Registration agency institutions do not use or store the customer information for any other purpose than those for public certificate registration agency work unless the customer has expressly consented to this or it is defined in other laws. To consult KICA registration agency institutions, click here.

Go to consult registration agency institutions ? Click here!

In addition, personal information is consigned as provided below to confirm a person’s identity at the time of offering the public certification service

Receiver Purpose Offered information Preservation and usage period
Korea Credit Bureau confirm identify name, date of birth, gender, mobile phone number, telecommunication company alliance period
Dream Security Co., Ltd confirm identify name, date of birth, gender, mobile phone number, telecommunication company alliance period

3) Domain registration agency service

In the case of international domains, KICA consigns the personal information data of a registrant to a foreign escrow company for preservation pursuant to the agreement with ICANN. The consignment of personal information is intended to protect a registrant’s rights and interests in preparation for an bankruptcy of an international domain registration company and the personal information is not used for profit-taking.

4) Certified email address service (#mail)

KICA consigns personal information as below to provide certified email address service (#mail).

Receiver Purpose Offered information Preservation and usage period
Korea Credit Bureau confirm identify name, date of birth, gender, mobile phone number, telecommunication company alliance period
Dream Security Co., Ltd confirm identify name, date of birth, gender, mobile phone number, telecommunication company alliance period
Daou Technology Inc. payment for service usage name, resident registration number, credit card number, account number, mobile phone number, telecommunication company alliance period

5) Bid information service (KICABID)

KICA consigns personal information as provided below to provide bid information service.

Receiver Purpose Offered information Preservation and usage period
Hankook Gunsul provide bid information service entire personal information alliance period

6. Right/Obligation of information subject and its exercise method

1) Public certificate service

KICA is doing its utmost to protect customer personal information. It strictly observes the individual’s authority for personal information, and their personal information can be read and corrected at any time on the homepage menu. In accordance the Electronic Signature Act (Article 22 of the Electronic Signature Act), the customer’s public certificate and records of its termination and deletion must be stored safely for 10 years from the public certificate’s expiry date.

2) Other services

KICA is doing its utmost to protect customer personal information. It strictly observes the individual’s authority for personal information, and their personal information can be read and corrected at any time on the homepage menu. The customer can withdraw their consent for the use of personal information by KICA, when cancelling membership achieved through the application menu.


7. Deletion of personal information

1) Public certification service

KICA immediately deletes corresponding information at the end of the 10 year retention period. The deletion procedure and method are as follows.

A. Deletion procedure: Documents submitted by the customer to use the service are deleted after being retained for 10 years from the public certificate’s expiry date under the Electronic Signature Act.

B. Deletion method: Documents such as applications stored in a physical area are destroyed using a shredder, etc. by an authorized person in a controlled area. Personal information stored as an electronic file is deleted using a technical method that makes it impossible to restore the record.

2) Other services

KICA immediately deletes the corresponding information in principle when the purpose of collecting and using the personal information has been achieved. The deletion procedure and method are as follows.

A. Deletion procedure

The information provided by the customer for membership subscription, etc. is moved to a separate DB (to a separate file, in case of paper) when its purpose has been achieved, and deleted after having been stored for a certain period of time (refer to the retention and use period) according to internal policy and any other relevant legal information protection measures. The personal information moved to the separate DB is not used for any other purposes unless it is legally required.

B. Deletion method

The personal information saved as an electronic file is deleted using a technical method making it impossible to cannot restore the record.


8. Personal information securing measures

1) Public certification service, Mobile key service

KICA uses a firewall (invasion quarantine system) to block the theft, leak, forgery, deformation of personal information by cracking (malicious hacking) and so on. The firewall is installed on each server to track illegal invasions. We also regularly back up the customer’s personal information to prepare against any possible accidents.

2) Other services

KICA does its utmost to take technical and administrative measures to prevent customers’ personal information from leaking. The subscriber can access their personal information using their password and can modify their own personal information using the membership ID and password. Therefore, the customer must ensure that this password is not revealed to other persons. The customer is liable for membership ID, password, and personal information leaks. Therefore, KICA does not take any responsibility unless there is liability attributable. To protect the membership ID and password, when using in the public areas such as an internet cafe or when sharing the computer with other persons, pay particular attention to not revealing personal information by always log out after using the service and close the browser window that has been used. Also, create an ID and password by combining characters and digits, and change the password frequently to prevent accidental leaking of ID and password. KICA uses a firewall (invasion quarantine system) to block the theft, leak, forgery, deformation of personal information by cracking (malicious hacking) and so on. The firewall is installed on each server to track illegal invasions 24 hours a day. We regularly back up the subscriber’s personal information to prepare against any possible accidents. In addition, KICA has minimized and controls staff handling personal information, and takes corrective actions immediately when any problem is found.


9. User and legal representative rights and exercise method

The subscriber or legal representative (for children under 14) can inquire about and correct the subscriber’s personal information or request the service’s cancellation. Inquiries about or correction of personal information can be performed using the ‘Correct subscriber information’ menu. When contacting the person-in-charge of personal information management to cancel the service by letter, telephone, or email, we will immediately process the cancellation request after processing the personal identification procedure.


10. Privacy Policy Amendment

The contents of this Privacy Policy can be read at any time on the homepage and as they may be amended according to the changing in relative laws or for the provision of better service, visit the homepage periodically to check the contents. When the Privacy Policy is amended, KICA notifies it on the each service’s homepage.


11. Person-in-charge of personal information management

Personal information inquiries should be sent to the following contact points and we will respond promptly.

  • Person-in-charge of the personal information protection
  • Name : Kapsang Kwon
  • Department : Chief of Technology Research Institute
  • Phone # : +82-1577-8787
  • Address : (13487) 5th Floor, Pangyo Digital Center 242, Pangyo-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Korea
  • Email : privacy@signgate.com

[Service information phone numbers]

  • Public certification service : +82-1577-8787
  • Security server certification service (SSL) : +82-2-360-3065
  • Domain registration agency service : +82-2-360-3093
  • Mobile key service, Transaction certification service : +82-2-360-3097
  • Bid information service: +82-2-360-3072

12. Notification obligation

When the Privacy Policy contents are amended, KICA notifies it on its homepage at least 7 days prior to the amendment’s execution.

  • Notification date: Dec. 15, 2014
  • Effective date: Dec. 22, 2014