- CHAPTER I- GENERAL PROVISIONS
- CHAPTER II- LICENSED CERTIFICATION AUTHORITY
- CHAPTER III- AUTHORIZED CERTIFICATE
- CHAPTER IV- SECURING OF SAFETY AND RELIABILITY OF CERTIFICATION WORK
- CHAPTER V- ADOPTION, ETC. OF DIGITAL SIGNATURE CERTIFICATION POLICY
- CHAPTER VI- SUPPLEMENTARY PROVISIONS
- CHAPTER VII- PENAL PROVISIONS
CHAPTER III AUTHORIZED CERTIFICATE
Article 15 (Issuance of Authorized Certificate)
Article 16 (Termination, etc. of Validity of Authorized Certificate)
Article 17 (Suspension, etc. of Validity of Authorized Certificate)
Article 18 (Revocation of Authorized Certificate)
Article 18-2 (Personal Identification by Authorized Certificate)
CHAPTER III - AUTHORIZED CERTIFICATE
Article 15 (Issuance of Authorized Certificate)
(1) A licensed certification authority shall issue an authorized certificate to the person who applies for the issuance of an authorized certificate. In such cases, the licensed certification authority shall verify the identity of the applicant. <Amended by Act No. 6585, Dec. 31, 2001>
(2) An authorized certificate issued by a licensed certification authority shall contain such particulars as set forth in the following subparagraphs: <Amended by Act No. 6585, Dec. 31, 2001>
- 1. Subscriber's name (in cases of a corporation, its name or trade name);
- 2. Subscriber's digital signature verifying key;
- 3. Description of algorithm used by the subscriber and the licensed certification authority to sign the authorized certificate;
- 4. Serial number of the authorized certificate;
- 5. Effective period of the authorized certificate;
- 6. Name of the licensed certification authority and other information that can serve to verify the identity of the licensed certification authority;
- 7. If there is any limit imposed on the scope or purposes of the use of the authorized certificate, matters pertaining thereto;
- 8. If the subscriber has the proxy, etc. to act for another or if he/she asks his/her professional title, etc. to be entered, matters pertaining thereto; and
- 9. A mark verifying the authorized certificate.
(3) Deleted. <by Act No. 6585, Dec. 31, 2001>
(4) If a person applies for the issuance of an authorized certificate, a licensed certification authority may issue an authorized certificate having limits on the scope or purposes of its use. <Amended by Act No. 6585, Dec. 31, 2001>
(5) A licensed certification authority shall give an appropriate period of validity to an authorized certificate, taking into account the scope or purposes of its use as well as the safety and reliability of the computing techniques used for its issuance. <Amended by Act No. 6585, Dec. 31, 2001>
(6) Necessary matters concerning the procedures and methods of verifying the identity of an applicant for the issuance of an authorized certificate shall be prescribed by Ordinance of the Ministry of Science, ICT and Future Planning. <Newly Inserted by Act No. 6585, Dec. 31, 2001; Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013>
Article 16 (Termination, etc. of Validity of Authorized Certificate)
(1) Where there arise circumstances falling under any of the following subparagraphs, with respect to an authorized certificate issued by a licensed certification authority, the validity of that authorized certificate shall terminate at the time of the occurrence of such circumstances: <Amended by Act No. 6360, Jan. 16, 2001; Act No. 6585, Dec. 31, 2001>
- 1. Where the period of validity of an authorized certificate expires;
- 2. Where the designation of a licensed certification authority is revoked pursuant to Article 12 (1);
- 3. Where the validity of an authorized certificate is suspended pursuant to Article 17;
- 4. Where an authorized certificate is revoked pursuant to Article 18; and
- 5. Deleted. <by Act No. 6585, Dec. 31, 2001>
(2) Where the digital signature creating key of a licensed certification authority, whose certification work was ceased or closed under the provisions of Article 10 or suspended under the provisions of Article 12, has been lost, damaged, or stolen and outflowed, etc., the Minister of Science, ICT and Future Planning may, for securing the safety and reliability of certification work, suspend the validity of all authorized certificates issued by the relevant licensed certification authority. <Amended by Act No. 7813, Dec. 30, 2005; Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013>
(3) When the Minister of Science, ICT and Future Planning has suspended the validity of authorized certificates pursuant to paragraph (2), he/she shall instruct the Internet Security Agency to take without delay such measures as may be necessary for this information to be at all times accessible to the public. The same shall also apply to cases where the validity of authorized certificates terminates pursuant to paragraph (1) 2. <Amended by Act No. 6585, Dec. 31, 2001; Act No. 8852, Feb. 29, 2008; Act No. 11690, Mar. 23, 2013>
Article 17 (Suspension, etc. of Validity of Authorized Certificate)
(1) If there is a request on the part of a subscriber or his/her agent, a licensed certification authority shall suspend the validity of an authorized certificate or restore it by terminating the suspension. In such cases, the request for the restoration of its validity shall be made within 6 months from the date on which the validity of the authorized certificate was suspended. <Amended by Act No. 6585, Dec. 31, 2001>
(2) In cases where a licensed certification authority has suspended or restored the validity of an authorized certificate under paragraph (1), it shall, without delay, adopt such measures as may be necessary for this information to be at all times accessible to the public. <Amended by Act No. 6585, Dec. 31, 2001>
Article 18 (Revocation of Authorized Certificate)
(1) In cases where there arise circumstances falling under any of the following subparagraphs with respect to an authorized certificate, the licensed certification authority shall revoke this certificate: <Amended by Act No. 6585, Dec. 31, 2001>
- 1. Where a subscriber or his/her agent requests the revocation of an authorized certificate;
- 2. Where the licensed certification authority becomes aware that a subscriber has been issued an authorized certificate by fraud or other wrongful methods;
- 3. Where the licensed certification authority becomes aware that a subscriber has died or has been in disappearance as declared by a court, or that a subscriber as a corporation has been dissolved; or
- 4. Where the licensed certification authority becomes aware that a subscriber's digital signature creating key has been lost, hacked, stolen or disclosed to a third party.
(2) In cases where a licensed certification authority has revoked an authorized certificate pursuant to paragraph (1), it shall, without delay, take such measures as may be necessary for this information to be at all times accessible to the public. <Amended by Act No. 6585, Dec. 31, 2001>
Article 18-2 (Personal Identification by Authorized Certificate)
A person may identify himself/herself by means of an authorized certificate issued by a licensed certification authority under this Act unless the act of identifying a person himself/herself by such means is restricted or precluded by any other Act.
[This Article Newly Inserted by Act No. 6585, Dec. 31, 2001]