NEWS RELEASE

ICTA steps up moves to implement Public Key Infrastructure following MoU between ICTA and CCA India

Port Louis: The making of a Public Key Infrastructure (PKI) in Mauritius a reality is gathering momentum with the arrival of a high level delegation from India. The five- member delegation led by Dr N. Vijayaditya, India’s Controller of Certification Authorities (CCA India), Department of Information Technology, Government of India are here at the invitation of the Information and Communication Technologies Authority.

Since Monday officials from the ICTA have held a number of working sessions; stakeholders from other institutions involved in PKI implementation have also been invited to take part.  These sessions will culminate on Friday with the holding of a workshop organised by the ICT Authority to raise awareness about PKI.  

The parameters for implementing the PKI for Mauritius will come under the spotlight during the workshop at Le Sirius, Labourdonnais Waterfront Hotel from 9.15 to 12.00 hrs on Friday 29 May 2009. The workshop will be officially opened by the Honourable Mohammed Asraf Ally Dulull, Minister of Information and Communication Technology. His Excellency, Mr Madhusudan Ganapathi, High Commissioner of India will be among the eminent personalities.

The delegation’s visit follows the signature of a Memorandum of Understanding (MoU) on 11 February 2009 between CCA India and the ICT Authority.  The objective of this MoU is to seek the assistance of CCA India, to set up the Mauritian PKI based on the Indian PKI model.

The major components of a PKI are the CCA, the Certifying Authority (CA) and the Registration Authority (RA). PKI is a framework of policies, services and encryption software that gives users the guarantees that they can transmit sensitive information online be it on the Internet or other networks.

The need for a PKI at this point in time is urgently felt because the Internet is increasingly becoming the primary platform for global commerce and communications. Governments, businesses and individuals will not only expect guarantees and assurances for the integrity of online transactions but also the same level of trust as the more traditional paper transactions. Examples of such transactions are procurement of services and goods online- the so called e-procurement, e-government, i.e. government services which citizens can access online; banking and financial services are other such examples.

Digital Signatures, Public and Private Keys

At the heart of the PKI is that sensitive documents and data are sent between two points using digital signatures, a system of pairs of keys known as a public key and a private key.  Only the signer of a digital signature can initiate and verify it.  PKI is considered the most secure way to send information online as opposed to other methods like user name and password which can be misused to interfere with and tamper with information. The private key must be kept secret.

By using special software called signing software, the sender (Mr A) of a sensitive document will use the public key of (Mr B) to encrypt and send it. Mr B will use his private key to validate or decrypt the document. This private key as its name entails is known only to Mr B and only functions in conjunction with his public key. The public key works in a pair with the corresponding private key. Public keys are published in electronic directories.  If at any point in time the document has been altered the receiver (Mr B) will know it.
The users of digital signatures must obtain digital certificates which are electronic files containing the user’s public key and information to identify the user. A digital signature can be compared with a passport and will be issued by a Certification Authority which certifies that the individuals or firms which obtains a digital certificate are who they claim to be.  In Mauritius, the ICT Authority is mandated by law to issue licenses to the Certification Authority/Authorities granting digital certificates.
For governments, the corporate world and individuals, there are both immediate and long term benefits of being the holders of digital certificates.  One of the most obvious would be the savings on operational costs. By cutting down on paper transactions,  PKI can also add value to endeavours for greener processes.  Small and large enterprises around the world are increasingly adopting PKI to centralize, distribute, manage, renew and revoke certificates.

The workshop will set the stage for what will be an ongoing process to encourage the different stakeholders and interest groups to participate in and promote the wider use of PKI in order to reap the full benefits of the digital revolution and fulfil the destiny of intelligent island that Mauritius is forging for itself.

Editor’s Note

The following PKI implementation topics have been under discussion during the visit of the delegation.

• Meeting the legal, regulatory and statutory provisions of Mauritius
• Easy to implement within a reasonable timeframe
• Minimum expenditure from the Mauritian side
• Suitable agreements between India and Mauritius
• Indian CA selection for Mauritius
• Willingness of Indian CA to provide RA services in Mauritius
• Deployment of potential PKI-based applications in Mauritius
• Capacity building opportunities for Mauritius

The four other members of the Indian delegation are:

• Mr. J.S. Kochar, ED, (n) Code Solutions
• Mr. N. Subramanian, C-DAC, Bangalore
• Ms. Vandana Sethi, DGM(IT)-CA, MTNL
• Mr. R. Jagannathan, MD, 3i Infotech Consumer Services

28  May 2009