With cybercrime on the rise, new approaches to security are emerging. One of them is Zero Trust. It is based on the premise of “trust no one” and provides thorough identity verification and minimal permissions when someone tries to access the system network and internal data. Leading organizations such as Coca-Cola, Netflix, and Google have fully adopted the Zero Trust model as a core part of their security strategy, with positive results. This is largely due to the U.S. government establishing security policies based on Zero Trust, including multi-factor authentication and user monitoring. The Yoon administration has also begun to take the first steps to build a solid system by actively embracing advanced technologies under the banner of “Digital Platform Government.

Conservative finance sector dreams of strong security

Strengthened role of TrustKey

The technology at the center of the Digital Platform Government is Fast Identity Online (FIDO). The original technology company of FIDO in Korea is eWBM, a secure fabless semiconductor company, and its subsidiary TrustKey. This year, TrustKey expressed its opinion on the Financial Supervisory Service’s mandate to build a biometric infrastructure to this newspaper, solidifying its commitment. “Recently, there has been a rush of inquiries about FIDO authentication methods equipped with biometric technology, mainly in the highstreet banks,” said Jinseo Lee, CEO of TrustKey. “This is interpreted as an impact of the mandatory introduction of bank card biometrics in addition to the activation of non-face-to-face authentication using biometric information in the first half of last year.” adding, “We are looking forward to seeing FIDO adoption in the domestic banking sector as well. In fact, in the U.S., Europe, and Southeast Asia, big tech companies and financial institutions are rapidly adopting FIDO under the guise of Zero Trust. We believe that Korea is also sensing this trend and is promoting the adoption of biometrics in various industries, especially in the financial sector, where internal control and security are most urgent.”

Since last year, eWBM’s TrustKey solution has already started business with domestic commercial banks that have either finalized the adoption of FIDO security keys or have begun to adopt them. The adoption of the TrustKeys login solution as a government technology is a good match for commercial banks’ need for a “one-key, one-pass” way to apply certificates to FIDO keys. “This year, we organized a series of briefings on FIDO biometrics for second-tier banks. This is very encouraging. We believe that it can spread more rapidly in the industrial and public sectors as well.” said an official of TrustKey, adding, “What we’ve been focusing on is FIDO. Compared to the U.S. market, where Zero Trust has been front and center, Korea has unfortunately been slower to catch on, but I think it’s very meaningful that the financial sector recognizes strong security and is at the forefront of the spread.” CEO Lee says “The financial sector biometric authentication and management guide published by the Financial Security Service in March explains the advantages and disadvantages of the FIDO and the centralized storage for financial companies to refer to when building a biometric authentication system. In other words, it is a directive to adopt the FIDO method, at least in the financial sector that handles sensitive information. I felt that the environment was being created to focus on building a Zero Trust system. With FIDO already adopted by the financial sector, we were able to generate a more favorable response to TrustKey solutions among other solutions such as biometrics. Aside from strong authentication, enterprises can’t ignore the cost. This is where the TrustKey solution comes in, because it’s a simple addition to a more lightly utilized security key without changing the entire system.”

KTL solutions are expected to build a secure education system

In addition to the financial sector, TrustKey’s solution is also expected to be used in education. In the past few years, examination papers have been leaked by young students who learned how to hack online, gained direct access to the papers, and illegally obtained and leaked them. “Since the Daedong High School exam paper leak last year, we have received many requests from education authorities and institutions across the country,” said Heesik Yang, Doctor of TrustKey. The leaking student reportedly planted malware on a teacher’s laptop to steal test papers. Yang said “After this incident, there was a heightened sense of urgency and the school board was looking for a solid solution. I demonstrated the same hacking method that was circulating on the Internet (which was the source of the examination paper leak), and everyone was surprised that security could be breached so easily. To prevent incidents like the examination paper leak, a thorough security and monitoring system should be introduced. Security keys should be applied to prevent hacking attempts in advance.” The reality is that most security incidents are caused by the use of passwords. Yang said “Educators often post post-it notes with passwords on them, which often leads to hacking. Many education authorities have already recognized this, and we have actually proposed the TrustKey and system to several organizations as a countermeasure. We are currently conducting demonstrations and exchanges on security keys and security systems in Busan, Jeolla Province, Gyeongsangnam-do Province, and Sejong City.” He added “The Ministry of Education has been focusing on strengthening OTPs and passwords, but strengthening passwords blindly leads to vulnerabilities. If we use a secure key solution, we will experience the strongest security firsthand. It fulfills the need for monitoring while also being convenient and effective. We will proactively introduce the security solution to educational institutions with IDC colocation environments first, and we plan to include one or two more within the year. We will rapidly expand TrustKey’s security solutions to Korean education to create a more secure education system.”

The company that implements, understands, and does FIDO best

TrustKey received high praise at the FIDO APAC 2023 Summit in Vietnam in late August. YubiKey, a US-based company known for its simple touch authentication tokens, has said that TrustKey is the only company that can compete with it when it comes to security keys. As a result, it has been recognized as a competitive and preferred security key solution among global security companies. Dr. Yang, who is in charge of FIDO’s external relations, said “I would emphasize the flexibility of TKL’s solution above all else. The financial sector, where security is very important, uses authentication solutions, but they are very large and expensive, so we are getting inquiries. I think that’s why they’re interested in security keys that can be used more lightly than before. After all, even if you exclude strong authentication, the cost is not negligible. Even if you are using an existing password authentication solution, it is possible to collaborate with TrustKey. It can also be utilized as an add-on, which means that even if you don’t have to overhaul your entire system, you can still enhance security by utilizing simple methods.” CEO Lee said “What I took away from the FIDO APAC 2023 Summit is that it’s not just about safety, it’s about convenience and safety going hand in hand. YubiKey sold more than 10 million security keys last year alone. YubiKey is gaining a lot of traction in a country that is moving toward password-less across the board. In neighboring Southeast Asia, the region is already moving toward Zero Trust in partnership with global companies. The South Korean government has announced that it will respond immediately if cybersecurity is threatened, as it could cause serious disruptions to the economy and finance, but the road to Zero Trust is still long. I would like to see more national attention and support for advanced technologies in the Korean security industry. In order for Korean security solutions to gain more traction in the global market, there should be more activities to push local security brands. At least in Korea, TrustKey is developing into a company that implements and understands FIDO the best. We will continue to work with great responsibility in popularizing security keys and building systems.” Meanwhile, amid high interest in K-defense, TrustKey has partnered with a national research institute since the end of last year to carry out a series of defense security projects. The company plans to complete the procurement registration of security certification products for delivery to the Ministry of Defense as early as the second half of this year. Trustkey, which has also entered the U.S. smart farm solution market with its LoRa-based technology, plans to finalize its UL certification, which is expected to be completed next month, and begin placing orders in earnest, with initial volumes expected to be not a small number.