PKI TECHNOLOGY: A GOVERNMENT EXPERIENCE: INTRODUCTION

INTRODUCTION

Many governments in the past decade have initiated advanced identity management systems that incorporated PKI technology. This global interest in the technology is based on the need to meet the requirements for higher levels of authentication, confidentiality, access control, non-repudiation, and data integrity. Perceptibly, governments have been under tremendous pressure to deliver internet-based electronic services in light of increasing citizens’ demands for improved and more convenient interaction with their governments.

Many researchers argue that PKI is a key pillar for e-government transformation and e-commerce enablement. Although the concept of PKI may sound simple, many deployment experiences have shown catastrophic results from both technical and operational standpoints (GAO, 2001; Judge, 2002; Pluswich and Hartman, 2001; Rothke, 2001; Schwemmer, 2001). The major deficiency in the existing literature is related to the lack of reported experiences from governments’ projects. There are still ruthless attempts by government-backed projects to push the introduction of PKI in identity systems. This outlines the need for sharing knowledge of implementation experiences from various government projects. This is article is written with this scope of need.

The government of the United Arab Emirates initiated its major PKI initiative as part of its national identity management infrastructure development program in 2003. This project is considered to be one of the early systems in the Middle East region, and with the objective to issue 10 million digital identities by the year 2013. This article discusses key components of the PKI project related to private key activation, certificate validation, and encryption, in the context of e-government applications. This article is primarily structured into two sections. The first section provides an overview of PKI technology, describing its key components and how it provides security. The second section discusses the cryptographic components of PKI in the UAE project in light of e-government and e-commerce future requirements.