Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ITIDA
By:
Hisham Mohamed Abdel Wahab Head of the E-Signature CA Licensing ITIDA- MCIT EGYPT Email: hwahab@mcit.gov.eg
Agenda
Egypts PKI Model
Background : ITIDA
Established in 2004 by law 15, financially supported by IT cos. E-Signature regulator, promoter, and root CA. IPR protector for software and databases (Copy Right Office). Empowers IT companies.
Supports R&D.
KSA KSA15-16 15-16Dec. Dec 2009 2009
Therefore the Root CA & Gov CA tendered in 2006 Root CA started work in Sep 2009
1st CSP got the official permission to work from ITIDA in Oct.
2009
KSA KSA15-16 15-16Dec. Dec 2009 2009
Hong Kong
ITIDA
Licensing Root CA
CSP
CSP
CSP
CSP
GOV. CA
Public Use
Gov. employees
Digital Certificates
Client Organizations
Licensing Requirements
Licensing
Auditing
Awareness
Customer services
Sub CA
12
Issue certificates to Gov. employees only for internal gov use only & SSCD.
13
2- Providers are allowed to provide SSL certificate for example with no obligations.
3- Providers can provide any other security services, but when comes to e-signature this must be regulated by ITIDA.
Why??
E-Signature is the most critical application when you come to E-Gov. E-Signature will replace current and traditional signature, so must be working under very trustable conditions
2- Another types, transactions and e-documents are considered just e-document or ewriting
3- Using third level smart card / token as SSCD is must . 4- Physical identification is must.
Why??
Avoid conflict, because if one type of e-signature is compromised then the market will think that strong types are compromised too! Strengthen the working environment
IS E-Signature
Digital Certificate
Or ISO 7816
Cryptographic algorithms must include RSA, SHA-1 Microsoft PC/SC Recommended : PKCS #11 (interface) Recommended: CAPI Microsoft Cryptographic Recommended : PKCS #15 (syntax standard)
KSA 15-16 Dec KSA 15-16 Dec. 2009 Syria 1-2 July 2008
Why??
To secure the sensitive transactions . To encourage the private investment according to the national strategy.
Why??
Ensure interoperable environment trust originate from a common Root CA (strict hierarchy model) A subordinate CA will have one superior, and only one Strict hierarchies are appropriate for many enterprises, especially where policy controls are to be enforced in a top-down fashion.
Why??
Based on companies suggestions and market studies To encourage this new industry
2- ITIDA must approve the price list or any modifications prior to publish.
3- ITIDA is responsible for control the pricing competition.
Why??
Based on most companies suggestions. Comply with the current Egyptian market.
2- E-Tax
3- E-Money (money orders will be collected electronically). 4- E-Banking applications. 5- Stock market .
6- Mobile applications.
7-E-Commerce/Payment. 8- E-education. 9- E-Civil applications.
KSA 15-16 2009 KSA 15-16 Dec Syria 1-2 Dec. July2009 2008
KSA KSA 15-16 15-16 Dec 2009 Syria 1-2 Dec. July2009 2008
Agenda
Egypts PKI Model
www.e-signature.gov.eg/materials/License-July-2006.doc
(Arabic Language ) - More than 60 Page. - More than 250 item to be satisfied before getting the license - Categorized to financial , operational, technical and administrative. - References: The Law 15, Its Directive, NTRA license, ETSI TS 101 456
KSA KSA15-16 15-16Dec. Dec 2009 2009
License Sections
Operational
Financial
Technical
Legal
Financial Requirements
Insurance of $ 1.5 Million Licensing fee $ 85,000 for 5 years Insurance per certificate $ 200 3% of revenue of licensed services
34
Technical Requirements
Complete PKI infrastructure. Disaster Recovery site (DR).
35
www.e-signature.gov.eg/materials/License-July-2006.doc
(Arabic Language )
Agenda
Egypts PKI Model
Data
CONFIDENTIALITY
Protecting sensitive information from unauthorised disclosure or intelligible interception
INTEGRITY
Safeguarding the accuracy and completeness of information and computer software
AVAILABILITY
Ensuring that information and vital services are available to users when required
MISUSE OF DATA
FRAUD VANDALISM ESPIONAGE NATURAL DISASTER ERROR
KSA 15-16 Dec. 2009
Forum
EA 7/02
Company
Company 2
Company 3
Agenda
Egypts PKI Model
Preparing , approving & Contact the auditee distributing the audit report
Preparing , approving Prepare & work documents distributing the audit report
Assign audit team
Closing meeting
A comprehensive IPR Law (Law No. 82/2002) A comprehensive Communications Act (Law No. 10/2003) An E-Signature law ( Law No. 15/2004) Children Protection Law (2008) Drafts:
A Data Protection, Privacy, and Cyber Security law A Cyber Crime law Access to Information Law