The Department of Information and Communications Technology (DICT) Philippine National Public Key Infrastructure (PNPKI) service is being pushed to be adopted by government agencies to secure online transactions and communications.
Public Key Infrastructure (PKI) allows users of public networks like the internet to exchange private data securely. PKI is essentially a set of hardware, software, policies, personnel, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. PKI is one of the core services offered by DICT.
Using certificates issued and digitally signed by a certificate authority (CA), PKI authenticates the data source and ensures data has not been tampered with in transit. PKI can also be used to encrypt data such as email or online transactions.
In a memorandum circular released in August, the Anti-Red Tape Authority (ARTA) directed government agencies to avail of and recognise the use of the PNPKI. The service ensures confidentiality, authenticity, integrity, and non-repudiation of electronic transactions and documents.
Some of PNPKI services include:
- Certificate authority and registration authority services: the processing of applications, issuance of digital certificates, and provision of technical support and assistance.
- Validation authority service: used by applications to check the validity of certificates through an online certificate status protocol (OCSP) or certificate revocation list (CRL).
- Timestamping service: used by applications to connect to an authoritative time source for the embedded timestamp in a digitally-signed document.
On 6 April, DICT released Department Circular No. 006 or the ‘Guidelines on the Application and Issuance of PNPKI Digital Certificates for External Clients during the State of Public Health Emergency’.
According to an official press release, DICT appreciates ARTA’s efforts in promoting the use of PNPKI to ensure reduced contact between employees of government agencies and their external clients. DICT had earlier offered its PNPKI services to various agencies to help them adapt to new work arrangements and the new normal in public service delivery.
With ARTA’s help, the department expects more government agencies to use the digital signing of documents and avail of PNPKI services, the DICT Secretary, Gregorio B. Honasan II, stated. As the threat of virus transmission still looms, utilising ICT and PNPKI for online transactions are a way of helping prevent the further transmission of COVID-19.
The Philippines, United States, Canada, Korea, Singapore, and Malaysia already have laws that provide the legal framework for formally recognising digitally signed data as proper evidence for courts.
This allows a document in digital form to be signed as if it were a paper document. Moreover, the “signing” also makes the document tamper-proof since the smallest change (1-bit) will be detected upon verification.
As per a recent report, 97% of the Office of the Solicitor General’s workforce is already using DICT’s PNPKI services. The memorandum circular was electronically signed by signatories from ARTA using digital certificates. An issued joint memorandum circular to streamline requirements and reduce procedural delays in securing the necessary permits, licenses, clearances, certificates, and other requirements in the construction of Shared Passive Telecommunications Tower Infrastructures (PTTI) between ARTA, DICT, and other concerned Agencies was signed using DICT’s PNPKI.