The Philippines’ Department of Information and Communications Technology (DICT) has strengthened its Public Key Infrastructure (PKI), which enables users of public networks such as the Internet to securely exchange private data. This will help to build trust in the government by ensuring secure and reliable online transactions.
Using the PKI makes all government Internet applications better, which makes it easier for the public to get government services. PKI is a collection of technology, software, policies, personnel, and procedures for creating, managing, distributing, using, storing, and revoking digital certificates.
The PKI authenticates the data source and ensures that data has not been altered in transit by using certificates issued and digitally signed by a Certificate Authority (CA). Data such as emails and online transactions can also be encrypted using PKI.
PKI is required when an agency communicates via email or conducts business online. Email, for example, is a simple application to configure and connect with PKI. Users merely need to register and acquire their digital credentials to use these applications.
Complex applications, such as those used for online transactions, would necessitate more time in development. Digital certificates will eventually be granted to private citizens to help them transact with the government and secure their personal electronic communications.
Essential services and benefits of PKI
Some of the PKI services include Services provided by Certificate Authorities and Registration Authorities including application processing, digital certificate issuance, and technical support and help. Another is the service of the Validation Authority in which the Online Certificate Status Protocol (OCSP)/Certificate Revocation List (CRL) is used by programmes to verify the validity of certificates. The third PKI key service is the service for timestamping which the applications use to connect to a reliable time source for the embedded timestamp in a digitally signed document.
These services are available to government agencies and employees, as well as private individuals and government computers, servers, and workstations.
On the other hand, the benefits of PKI are significantly improving the verifiability of an individual’s or entity’s identification. Passwords are used to authorise access to computer systems and applications frequently, if not exclusively. Even a 10-character password only gives 80 bits of protection, therefore users must be subjected to inconvenient discipline for the passwords they construct to be secure.
To further assure user identity, a Digital Certificate issued by the PKI will have at least a 2048-bit system-generated key. This is an oversimplification because the intricate computations present major challenges to those who would undermine a Digital Certificate.
Data is imbued with enough integrity by digital certificates to be accepted as evidence in a court of law. The Philippines, the United States, Canada, Korea, Singapore, and Malaysia already have legislation in place that establishes the legal basis for accepting digitally signed material as proper evidence in court.
This allows signing a digital document as if it were a paper document. Furthermore, the “signing” renders the document tamper-proof because even the tiniest alteration (1-bit) is noticed during verification.
Significantly reduces the risk of unauthorised access to common communications. The government already makes extensive use of Information and Communication Technology (ICT), and this trend is expected to continue. Traditional methods, on the other hand, cannot safeguard ICT due to its very nature. The encryption methods that are utilised are unregulated. Furthermore, because criminals and state opponents use ICT, normal users must use similar, if not better, technology to keep up.
