| 08 Apr 2009 |
|
Under patronage of His Excellency Engineer Mohamed Jamil Bin Ahmed Mulla, Minister of Communications and Information Technology, Public Key Infrastructure (PKI) gets launched in Saudi
- Text size
Under tight security procedures, the Saudi Public Key Infrastructure was launched following what's known as Key Generation Ceremony, a set of strict steps carried out under tight security and meticulous scrutiny by an international auditor, which culminated in the issuance of the digital public certificate of the Root Certification Authority (RCA) of the National Center for Digital Certification (NCDC). The security spectacle was executed in the presence of the minister of Communications and Information Technology, Eng. Mohammed Jameel bin Ahmad Mulla, and the governor of the Communications and Information Technology Commission, Dr. Abdulrahman Al Jaffary.
The ceremony was witnessed by members of the PKI National Policy Authority, and members of the e-government steering committee, in addition to others attending for supervision, quality control, and assistance in adhering to international standards and best practices. Those attending included Mr. Neill Duff, senior VP of Entrust Company, the main vendor for the PKI Solution, and Eng. Parag Parikh, senior Information Security Consultant of Al-Moammar Information Systems (MIS), representing the local company who was awarded the contract for implementing this turnkey project.
Following general guidelines and best practices, an external auditor was appointed to review documented policies, standards, and, procedures and ensure that the generation of the National Root Certificate Authority (CA) Keys adhere to the strictest controls specified for similar environments in International standards. Devoteam DaVinci of Norway was appointed as the external auditor to vouch for the proper and secure execution of the key generation ceremony. The auditor followed strict auditing standards to check compliance, including physical access to the center, inspection of equipment used for generating, storing and handling of the Root CA Cryptographic keys, and inspection of operational routines. Notes were taken for the entire ceremony, allowing the auditor to assure transparency and appropriately reporting proper compliance to environmental, operational, and technical controls.
The NCDC Key generation Ceremony went through three sets of rehearsals in the past months, each lasting for about 12-hours, in order to simulate and fine tune the final procedures.
Dr. Fahad Al-Hoymany, senior advisor and general director of NCDC welcomed the attendees to the ceremony and delivered a brief presentation on the objectives, functionality, and the work methodology for NCDC. He also talked about the main components involved in the center, the security measures applied, and queries raised by the attendees, after which he accompanied the attendees to the highly secure data center in order to witness the Root CA Cryptographic Keys Generation. The attendees watched the event from their assigned location in the operations area and saw the key generation tasks being performed by NCDC management and operations team, which consisted of 15 members. The most critical tasks of creating the master users for the cryptographic systems which were used to generate and store the Root CA private Key and certificate were observed by the witnesses and directly monitored by the external auditor. Upon finishing the key generation tasks, Project Manager and assistant director of NCDC, Eng. Mohammed Edan Al-Ghamdi announced the successful and secure generation of Saudi National Root CA Keys and the issuance of the Root CA digital certificate. This announcement was greeted by all participants and witnesses with a big round of applause.
It is worth noting that prior to conducting the key generation ceremony, preparation of two important documents, the Certificate Policies (CP) and Certificate Practices statement (CPS), was completed and documents approved, along with the development of Security policies, operational procedures, routines, support and other documentation. Subscriber Agreements have also been developed to allow end-users to obtain digital certificates from this National PKI Framework . The Root CA Key Generation Ceremony is one of the most important milestones of the second phase of the project to issue digital certificates from NCDC. This is in alignment with the National Plan for Communications and Information Technology, which is overseen by MCIT. Following this key milestone in the project, the center will be ready to implement the final tasks in the second phase by planning for the key generation ceremony for the Government CA, which will issue digital certificates to government agencies, to be followed by issuing digital certificates for businesses and individuals.
-Ends-
About NCDC
The National Center for Digital Certification (NCDC) applies 'Public Key Infrastructure (PKI)' technology, which is a complete solution to manage the digital keys which are used for providing the mechanisms for securing the electronic transactions and to securing the exchange of information in public networks. Public Key Infrastructure provides Confidentiality and Integrity of information, along with identity authentication by performing digital signatures and other cryptographic functions, combined with the registration and verification processes. NCDC manages and hosts the Saudi National Root CA along with other certification systems in order to provide a highly secure and trusted environment to allow different entities to participate in e-government transactions and rest assured that these transactions are highly secure and reliable.
NCDC, in the past few months developed the security policies, procedures and standards for the Saudi PKI after thoroughly studying the various aspects associated with digital certificates like legality, control of usage, issuing the certificate policy, issuing the Saudi National PKI Policy and the various procedures to direct the entities who will provide the services of issuing digital certificates. These also include defining the applicable rules, terms and conditions for registering or licensing Certificate Service Providers (CSPs) and the associated mechanisms, such as, supervision of such CSPs by ways of auditing and performing compliance checks.
For more information:
Mohammed T. Al Dugailbi,
The e-Government Program - Yesser,
Riyadh,
Saudi Arabia,
Tel.:+ 966 1 4522128,
Fax: + 966 1 4522353,
Mobile: + 966 504992709,
email: mtdugailbi@yesser.gov.sa
© Press Release 2009
Zawya is a distributor (and not a publisher) of content supplied by third parties and subscribers. Any opinions, advice, statements, services, offers, or other information or content expressed or made available by those third parties, including information providers, subscribers or other users of the Service, are those of the respective author(s) or distributor(s) and not of the Company. The Company neither endorses nor is responsible for the accuracy or reliability of any opinion, advice or statement made on the Service by anyone other than authorized Service employee spokespersons while acting in their official capacities. The Company is not responsible for any infringement of intellectual property rights or breach of any applicable law or regulation, including regulation in relation to financial services or the distribution of financial products, defamation, data protection, telecommunications (including regulations relating to excessive use, spamming or other abusive activities) or obscene, offensive or illegal content). Under no circumstances will the Company be liable for any loss or damage caused by a member's reliance on information obtained through the Service. It is the responsibility of member to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content available through the Service. Please seek the advice of professionals, as appropriate, regarding the evaluation of any specific information, opinion, advice or other content.
Read the full Member Agreement
http://www.zawya.com/legal/NewsLetter.cfm?name=disclaimer
Post a Comment
Community Comments (1)
the picture appearing with the news is not related to the subject !!l.com
1.1 Contain any material which is libelous or defamatory of any person, is obscene, offensive, hateful or inflammatory or causes damage to the reputation of any person or organisation.
1.2 Promote sexually explicit material, violence, discrimination based on race, sex, religion, nationality, disability, sexual orientation or age or any illegal activity.
1.3 Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
1.4 Be threatening, abuse or invade another's privacy, or cause annoyance, inconvenience or needless anxiety.
1.5 Be used to impersonate any person, to misrepresent your identity or affiliation with any person, or be likely to deceive any person.
1.6 Give the impression that they represent Zawya.
1.7 Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.