The ceremony was conducted on Tuesday 10th of March 2009 ( 13th Rabi Al Awwal 1430 H), and was witnessed by members of the PKI National Policy Authority, and members of the e-government steering committee, in addition to others attending for supervision, quality control, and assistance in adhering to international standards and best practices. Those attending included Mr. Neill Duff, senior VP of Entrust Company, the main vendor for the PKI Solution, and Eng. Parag Parikh, senior Information Security Consultant of Al-Moammar Information Systems (MIS), representing the local company who was awarded the contract for implementing this turnkey project.
Following general guidelines and best practices, an external auditor was appointed to review documented policies, standards, and, procedures and ensure that the generation of the National Root Certificate Authority (CA) Keys adhere to the strictest controls specified for similar environments in International standards. Devoteam DaVinci of Norway was appointed as the external auditor to vouch for the proper and secure execution of the key generation ceremony. The auditor followed strict auditing standards to check compliance, including physical access to the center, inspection of equipment used for generating, storing and handling of the Root CA Cryptographic keys, and inspection of operational routines. Notes were taken for the entire ceremony, allowing the auditor to assure transparency and appropriately reporting proper compliance to environmental, operational, and technical controls.
The NCDC Key generation Ceremony went through three sets of rehearsals in the past months, each lasting for about 12-hours, in order to simulate and fine tune the final procedures.
Dr. Fahad Al-Hoymany, senior advisor and general director of NCDC welcomed the attendees to the ceremony and delivered a brief presentation on the objectives, functionality, and the work methodology for NCDC. He also talked about the main components involved in the center, the security measures applied, and queries raised by the attendees, after which he accompanied the attendees to the highly secure data center in order to witness the Root CA Cryptographic Keys Generation. The attendees watched the event from their assigned location in the operations area and saw the key generation tasks being performed by NCDC management and operations team, which consisted of 15 members. The most critical tasks of creating the master users for the cryptographic systems which were used to generate and store the Root CA private Key and certificate were observed by the witnesses and directly monitored by the external auditor. Upon finishing the key generation tasks, Project Manager and assistant director of NCDC, Eng. Mohammed Edan Al-Ghamdi announced the successful and secure generation of Saudi National Root CA Keys and the issuance of the Root CA digital certificate.
It is worth noting that prior to conducting the key generation ceremony, preparation of two important documents, the Certificate Policies (CP) and Certificate Practices statement (CPS), was completed and documents approved, along with the development of Security policies, operational procedures, routines, support and other documentation. Subscriber Agreements have also been developed to allow end-users to obtain digital certificates from this National PKI Framework. The Root CA Key Generation Ceremony is one of the most important milestones of the second phase of the project to issue digital certificates from NCDC. This is in alignment with the National Plan for Communications and Information Technology, which is overseen by MCIT. Following this key milestone in the project, the center will be ready to implement the final tasks in the second phase by planning for the key generation ceremony for the Government CA, which will issue digital certificates to government agencies, to be followed by issuing digital certificates for businesses and individuals.
The National Center for Digital Certification (NCDC) applies ‘Public Key Infrastructure (PKI)’ technology in Saudia Arabia, which is a complete solution to manage the digital keys which are used for providing the mechanisms for securing the electronic transactions and to securing the exchange of information in public networks. Public Key Infrastructure provides Confidentiality and Integrity of information, along with identity authentication by performing digital signatures and other cryptographic functions, combined with the registration and verification processes. NCDC manages and hosts the Saudi National Root CA along with other certification systems in order to provide a highly secure and trusted environment to allow different entities to participate in e-government transactions and rest assured that these transactions are highly secure and reliable.
NCDC, in the past few months developed the security policies, procedures and standards for the Saudi PKI after thoroughly studying the various aspects associated with digital certificates like legality, control of usage, issuing the certificate policy, issuing the Saudi National PKI Policy and the various procedures to direct the entities who will provide the services of issuing digital certificates. These also include defining the applicable rules, terms and conditions for registering or licensing Certificate Service Providers (CSPs) and the associated mechanisms, such as, supervision of such CSPs by ways of auditing and performing compliance checks.
---
Autor(en)/Author(s): Mohammed E. Alghamdi
Quelle/Source: Arabian Business, 15.04.2009
Bitte besuchen Sie/Please visit:
