Online Transactions – Public Key ICT Infrastructure for Kenya

The government through the Kenya ICT board, Communications Commission of Kenya (CCK) and Directorate of E-government, held a forum with stakeholders to sensitise them on what it will take to secure online transactions. Public Key Infrastructure (PKI), is the national system that the government is implementing to provide digital certification services.

Through the Public Key Infrastructure (PKI), the government will set up an online identity and verification system where each citizen will be issued with a unique online identity (digital certificate) that will be required whenever they take part in online transactions. The project is being implemented by Korea technology company Samsung SDS.

“Electronic signing is the most ensuring method to help solve a lot of the on-line crimes we see such as hacking, identity theft and forgery of sensitive information. Interested individuals will apply for a digital certificate using their name and ID number and later called in for a face-to-face authentication process by the Accredited Certificate Authority. Following the verification process, the applicants will then be authorized to download the digital certificate to the PC or USB (HSM token),” explained Evans Kahuthu, Project Manager Information Security at the Kenya ICT Board.

The online certificate will be a unique Internet ID (a cryptographic key) that will facilitate access to on-line government services leading to increased online business.

“Going forward, we will be getting into complex, sophisticated and very hard to investigate organized cybercrime. It is therefore prudent that the government readies itself to tackle these new challenges,” said Francis Mwaura, Senior Assistant Director, and Directorate of E-Government.

“As the government moves to automate and digitize its records, e-government will handle a lot of sensitive data, and this calls for security of these records,” added Francis Mwaura

The project expected date of completion is October and it will be piloted at the Kenya Revenue Authority before a roll-out to other government agencies and ministries. This will mean that those applying for KRA online services e.g tax returns and pin certificates will have to apply for digital certificates before they are allowed to transact.

“Internet users have to struggle with a trade-off between convenience and security. As countries all over the world are making progress in e-government, all offline activities are being changed into online ones like e-commerce, e-banking, e-procurement and e-bidding through the internet. That’s why PKI is so crucial at this time,” said Samsung SDS Vice President, Sungwon Han

“Kenya is taking the lead in East Africa,” said Michael Katundu, Director Information Technology at CCK, who also chairs the Cyber Security Steering Committee in the region. CCK will be the root certification authority and will also accredit private companies who will issue certification to online users on their behalf.

Immediate beneficiaries of PKI are those that rely heavily on e-transactions among them; Banks, Tax bodies (KRA), online businesses and those that hold sensitive information like Medical service providers, legal entities and government ministries like the Immigration and Lands.

In 2009, Kenya passed the amendment legislation introducing the regulation of Electronic Signatures (E-Signature) into the Kenya Information and Communications Act, Cap 411A (as part of e-transactions).

Subsequent subsidiary legislation to operationalise this framework was designed in 2010 in the form of Kenya Information and Communications (Electronic Certification and Domain Name Administration) Regulations, 2010.

You may also like

Popular News