The government through the Kenya ICT Board, Communications Commission of Kenya (CCK) and Directorate of E-government, is set to establish the country’s Public Key Infrastructure (PKI) to secure online transactions.
The Kenya PKI, to be set up at cost of US $ 8 million by October 2013, is the national system that the government is implementing to provide digital certification services.
Techopedia defines Public Key Infrastructure (PKI) as a system that allows users of the Internet and other public networks to engage in secure communication, data exchange and money exchange. This is done through public and private cryptographic key pairs provided by a certificate authority.
Techopedia adds that “a certificate authority (CA) is the entity providing the keys. The private key will be given to the person requesting the key. The public key is made public in a directory for users. No one can ever find out what someone’s private key is, never being available on the Internet. The private key is used for proving user identity and encrypting the digital certificate. The digital certificate will be decrypted by the public key, which is used by the message receiver.”
Through the PKI, the government will set up an online identity and verification system where each citizen will be issued with a unique online identity (digital certificate) that will be required whenever they take part in online transactions. The project is being implemented by Korea technology company Samsung SDS.
“Electronic signing is the most ensuring method to help solve a lot of the on-line crimes we see such as hacking, identity theft and forgery of sensitive information. Interested individuals will apply for a digital certificate using their name and ID number and later called in for a face-to-face authentication process by the Accredited Certificate Authority. Following the verification process, the applicants will then be authorized to download the digital certificate to the PC or USB (HSM token),” explained Evans Kahuthu, Kenya ICT Board’s project manager in charge of Information Security during a recent stakeholder forum.
The online certificate will be a unique Internet ID (a cryptographic key) that will facilitate access to on-line government services leading to increased online business.
“Going forward, we will be getting into complex, sophisticated and very hard to investigate organized cybercrime. It is therefore prudent that the government readies itself to tackle these new challenges,” said Francis Mwaura, Senior Assistant Director at the Directorate of e-Government.
“As the government moves to automate and digitize its records, e-government will handle a lot of sensitive data, and this calls for security of these records,” added Mwaura.
The project will be piloted at the Kenya Revenue Authority (KRA) before a roll-out to other government agencies and ministries. This will mean that those applying for KRA online services – like tax returns and pin certificates – will have to apply for digital certificates before they are allowed to transact.
“Internet users have to struggle with a trade-off between convenience and security. As countries all over the world are making progress in e-government, all offline activities are being changed into online ones like e-commerce, e-banking, e-procurement and e-bidding through the internet. That’s why PKI is so crucial at this time,” said Samsung SDS Vice President, Sungwon Han.
CCK will be the root certification authority (CA) and will also accredit private companies who will issue certification to online users on their behalf. Full details of who qualifies to be an accreditter will be published on the CCK website.
Immediate beneficiaries of PKI are those that rely heavily on e-transactions among them; Banks, Tax bodies (KRA), online businesses and those that hold sensitive information like Medical service providers, legal entities and government ministries like the Immigration and Lands.