Public key infrastructure to link Asean nations
A complex technology known as public key infrastructure (PKI) is soon to become vital in securing digital transactions between Thailand and other countries of the Asean region, in terms of confidentiality, integrity and authentication.
PKI is a formal structure that enables the user of an inherently insecure public network, such as the Internet, to electronically transfer information, funds, and other sensitive materials by using encryption key pairs obtained from and shared through a trusted entity called a certification authority (CA).
The certification authority (CA) will issue and verify digital certificates that contain an encryption key and attest to the authenticity of the transaction party. A registration authority (RA) will verify the CA prior to the issuance of a digital certificate to the requesting party.
The Information and Communications Technology Ministry has begun the task of preparing a framework within which PKI certification authorities (CAs) in the Asean region will achieve interoperability before the region becomes a free-trading economic community in 2015.
The ministry is the host of the Asean CA Interoperability Project, developing a model to provide interoperability among the CAs of Asean member countries. Last year, it conducted a successful CA interoperability pilot with Singapore, and it is currently working on a similar project with Hong Kong before expanding to other parts of the region.
The director of the ministry's Electronic Transaction Bureau, Ladda Jaengkasemsuk, said the ministry was Thailand's National Root CA, operated by Government Information Technology Services and using PKI to allow individuals and organisations to identify each other for the principal purpose of doing business electronically.
"The ministry will test CA Interoperability with Hong Kong as the National Root CA, using CA interoperability for e-logistics. It is now studying the trust model that will provide interoperability. The pilot will work between Thailand's National Root CA and Hong Kong Post, to support electronics transactions among businesses and government agencies," Ladda said.
Within this year, the ministry expects to complete the Hong Kong pilot so that it will have proven both its role as National Root CA and the trust model upon which interoperability is based. The next step is to achieve interoperability with other countries to support the secure spread of e-commerce and e-transactions between both government agencies and private-sector organisations.
As well, a draft of Royal Decree related to regulating Certification Authorities is currently being considered by the Council of State. When it has Cabinet approval, it is expected that the draft will become official by the end of this year.
"The PKI will become an important technology to secure transactions in terms of confidentiality, integrity and authentication," Ladda said. "CA interoperability will enable businesses and government agencies in the Asean region to conduct paperless business transactions and pursue business processes in an atmosphere of confidence, security, productivity and capability."
Meanwhile, the ministry is developing regulations governing the processes by which sub-certification authorities in Thailand will issue and verify digital certificates. The three sub-CAs will be TOT, CAT and Thai Digital ID (TDID). The ministry will test CA-related e-mail with the three sub-CAs in order to ensure that they provide high-quality services.