Theatre & Films Productions

The Mauritian PKI Model

For our Foundation in IT Law module, we have studied the ICT Laws in the Mauritian Legal Regime. Amongst them is the Electronic Transaction Act 2000 which has the main purpose of  “To provide  for an appropriate legal framework to facilitate electronic transactions and communications by regulating electronic records and electronic signatures thereof.” The key terms encountered are:

  • Public Key Infrastructure (PKI)
  • Core PKI Services: Authenticity, Integrity, Confidentiality and Non-Repudiation
  • Digital Certificate
  • Digital Signature
  • Public Key
  • Private Key
  • Root Certification Authority / Controller of Certification Authority

Information concerning the above can be obtained from ICTA website under the menu item Information Security. The shortcut version of understanding the PKI model can be found here, in the very informative flash animation.

Currently, we read that the Mauritian PKI model will be soon implemented and also ICTA benefits assistance from Indian authorities:

Port Louis: The making of a Public Key Infrastructure (PKI) in Mauritius a reality is gathering momentum with the arrival of a high level delegation from India. The five- member delegation led by Dr N. Vijayaditya, India’s Controller of Certification Authorities (CCA India), Department of Information Technology, Government of India are here at the invitation of the Information and Communication Technologies Authority.

Since Monday officials from the ICTA have held a number of working sessions; stakeholders from other institutions involved in PKI implementation have also been invited to take part.  These sessions will culminate on Friday with the holding of a workshop organised by the ICT Authority to raise awareness about PKI.

The delegation’s visit follows the signature of a Memorandum of Understanding (MoU) on 11 February 2009 between CCA India and the ICT Authority.  The objective of this MoU is to seek the assistance of CCA India, to set up the Mauritian PKI based on the Indian PKI model.

The PKI model seeks to enhance TRUST in the transactions carried electronically. What can we expect if Mauritian PKI is operational?

1) Increased use of E-Filing Centres for filing tax returns electronically.

2) Government bodies providing certified documents assuring Authentication.

3) The Growth of E-Commerce in Mauritius given eSecurity.

Anything else?…

Advertisements

9 responses

  1. Veelasha

    Heya Ashesh,

    Finally ‘mo ti zil’ is implementing something that am currently studying 🙂
    Just to keep your list rolling:

    4) Internet Banking (use of session keys)
    5) Develop Smart Cards to store personal information, such as medical records, social security number,…
    6) Police Force- any electronic collaboration between officers should be digitally signed to avoid non-repudiation

    I got a question:Any idea on who is going to be the trusted authority who will issue the certificates??

    Veelasha

    30 May, 2009 at 4:11 pm

    • Hi Veelasha!
      Thanks for adding to the list.

      euhh, maybe telecommunication companies will be licensed by the ICTA to issue certificates. It involves a lot of setup cost (approximately Rs. 60 million) for the Certifying authority to establish a Trustworthy system which is required as per Part VIII – Obligations of Certification Authorities of the Electronic Transaction Act 2000.

      BTW, what about the Australian PKI model? in which module are you studying it, eCommerce?

      30 May, 2009 at 5:55 pm

  2. Veelasha

    The module is called Public Key Cryptography. The main focus was on the underlying mathematics in cryptosystem. We learned different factoring algorithms that can help you to break RSA systems.

    Hmmm, Australian PKI model is quite well defined..we’ve got different companies issuing certificates.

    I hope that you will keep blogging about the updates on the PKI 🙂

    Veelasha

    31 May, 2009 at 3:33 pm

    • euhh Veelasha, breaking the RSA system means:

      ” the most damaging would be for an attacker to discover the private key corresponding to a given public key; this would enable the attacker both to read all messages encrypted with the public key and to forge signatures. ”

      I just hope that recovering all messages encrypted under a given key was not so easy and not so feasible.

      Here’s something that I read from RSA Laboratories:
      http://www.rsa.com/rsalabs/node.asp?id=2216

      1 June, 2009 at 10:47 am

    • found something interesting on PKI: An Australian Solution
      http://dsns.csie.nctu.edu.tw/iwap/proceedings/proceedings/invited_speeches/Seberry.pdf

      Gatekeeper PKI Framework

      Gatekeeper is the Australian Commonwealth’s strategy for PKI use in government. It was established to assist the development of e-commerce for the exchange of government information and the procurement of services for government. It provides a level of quality assurance through which government can increase confidence in Internet-based transactions. Gatekeeper Strategy was published in 1998.

      1 June, 2009 at 10:55 am

  3. max

    Hi Guys

    A model for the Mauritian PKI with the ICTA as the CCA as per the ETA. Quite interesting, but:
    Has there been a survey carried out in Mauritius concerning the number of users (both privatte and public? Has there been a survey on the applications for the PKI (both public and private)? What about existence of PKI in Mauritius? Has the private organisation been consulted? What about private CA at present in Mauritius?

    1 June, 2009 at 8:57 am

  4. Hi max, welcome to my personal blog!

    Concerning the feasibility of the implementation, I think the survey needs to be carried out by the relevant authorities.

    However we read that there has been sessions on the Mauritian PKI Model:
    http://www.certification.tn/Conference/presentationPKI/Session4/Mr Trilok Dabeesing.ppt

    You have very interesting questions, which I think would be nice if the involved resource persons could answer them.

    1 June, 2009 at 10:42 am

  5. ajit joyekurrun

    Hi there

    Just wanted to know if the Mauritian PKI IS operational or not?

    15 August, 2009 at 3:12 am

  6. ajit joyekurrun

    I am doing my Masters, I am doing a comparative study of uk and Mauritian Law on ecommerce.

    I have found the ICTA helpful and had several issues with regards to when they are implementing the Certification authority

    Do you think the Eectronic transactions Act 2000 is satisfactory?

    Any suggestions for amendments?

    AJIT

    15 August, 2009 at 3:15 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s