TEXT: The world has gone digital and like many other countries, Pakistan is also on a journey of Digital Transformation, as can be witnessed through several government policy initiatives. Digital transformation offers business efficiencies, improved user experiences, cost reductions, better security, and importantly it’s better for the environment. The digital transformation benefits for Pakistan are widespread and across every sector, including:
E-Government: for citizens and businesses accessing e-government services
E-Business: whether its Business-to-Business (B2B) or Business-to-Consumer (B2C) or Business-to-Employee (B2E)
E-Commerce: online retailing, virtual marketplaces, placing orders and making payments online
Other industry or sector specific digitization initiatives include Health, Justice, Procurement, Invoicing, billing, statements etc. Any analog process which requires an in-person meeting or ink-signature on paper can be replaced with a more secure and efficient digital process.
To be successful, digital processes must be Trustworthy. This means:
1) You know who you are dealing with electronically, whether it’s a user, a business, or a device.
2) Any information, e.g., an e-Contract, sent electronically remains authentic i.e., unchanged, and if signed the sender can’t later deny having signed it. Conversely a fraudster must not be able to copy or fake anyone’s e-signature.
The world-wide standard for delivering digital trust is PKI (public key infrastructure). PKI is a complete system consisting of physical, procedural, personnel and technical components which work together to issue trusted digital certificates to end-users, businesses or devices which contain the holder’s identity information. These digital certificates and linked cryptographic keys can then be used to authenticate the holder and allows them to create verifiable digital signatures. A digital certificate is only issued after thorough verification of the owner’s real-world identity. The important task of issuing digital certificate can’t be undertaken by just anyone, instead only trusted authorities known as Certificate Authorities (CAs) or Trust Service Providers (TSPs) can provide this service.
From a legal perspective it is important that electronic transactions are admissible in a court as evidence, and this is exactly why in Pakistan the Electronic Transaction Ordinance (ETO 2002) was enacted. It is important that all TSPs issuing digital certificates in Pakistan are operating at the same high-level of security and trustworthiness. To serve this purpose the ETO created a role for Electronic Certification Accreditation Council (ECAC) as an autonomous body to audit TSPs against defined security guidelines as part of a formal accreditation process. Multiple TSPs can exist within Pakistan to serve different government and commercial markets and specific use cases e.g., banking, healthcare etc.
To aid Interoperability of trusted electronic transactions throughout Pakistan and even Internationally, ECAC has established a hierarchical PKI which will connect accredited TSPs together under a National Root CA. The National Root CA acts as the final point of trust and is audited against the internationally recognized CA-audit scheme called WebTrust. This allows popular browsers and applications like Adobe Reader to trust the National Root CA automatically. The National Root CA is the responsibility of ECAC and used as part of its accreditation scheme. ECAC will use the National Root CA to issue digital certificates to those TSPs which have successfully been accredited in both the government and commercial sectors. The TSPs are then responsible for issuing certificates to the actual end-users for specific purposes e.g., signing of documents, signing of software code, server authentication, etc. Anyone with access to the Pakistan National Root CA certificate will be able to verify the certificate of any end-user in the system and thereby be able to trust their digital identity and signatures. The ETO will ensure that digital signatures backed by Accredited TSPs and ultimately by the National Root CA are automatically recognized as equivalent to hand-written signature and presumed trusted by default!
As part of National Telecommunication Corporation (NTC) mandate to facilitate Federal Government, Provincial Governments, and all other State-run establishments, NTC hosts and operates the Pakistan National PKI systems for Electronic Certification Accreditation Council (ECAC). Importantly, NTC is also the first official Accredited TSP for the Government of Pakistan and will issue certificates to government sector users. Other government entities, banks, telcos, and commercial enterprises will also become accredited TSPs for enabling high trust in their business applications and market sectors where needed.
Ascertia is a world leader in PKI solutions and is providing a complete turnkey implementation for the Pakistan National PKI.
Faisal Bashir
GM IT – NTC
Copyright Business Recorder, 2022
Comments
Comments are closed.