On 30 April the Cabinet Secretariat, the Information, Communications Technology and Postal Authority (ICTPA), and the project sponsored a presentation on ‘e-Signature: Legal and PKI Security Concepts.’ Twenty-six participants attended from the Cabinet Secretariat, ICTPA, General Department of Taxation (GDT), Communications Regulatory Commission (CRC), Ministry of Finance, Ministry of Justice and Home Affairs, State Property Committee (SPC), Parliament Administration Office, National Data Center, members of the working group drafting the Law on Digital Signature, and other stakeholders.
Mr. Larry Marchese, an international expert on electronic signature and e-commerce brought by the project in response to GDT’s request, led the presentation; the first of a planned series of four briefings designed to provide a common understanding of current technologies and global best practices. Laws based on global best practices must provide clear definitions that embody four key principles:
- Identification
- Authentication
- Confidentiality
- Non-repudiation
Public Key Infrastructure (PKI) technology satisfies all of these legal requirements in a controlled and auditable environment providing Secure Socket Layer (SSL) technology, the worldwide standard for e-security. EU Directive 2000, UNCITRAL & WTO regulations also incorporate PKI-SSL technology. PKI is the technology behind digital signatures enabling the user to encrypt data, digitally sign electronic documents, and authenticate user identity.
All PKI systems, regardless of final architecture, business purpose, or country contain these components in various forms:
- Certificate Authority (CA)
- Registration Authority (RA)
- Certificate Revocation List (CRL)
- Required Documentation (security plan, registry records)
- Database support
A digital signature is a specific form of electronic signature based on Public-Key Infrastructure (PKI) that
- Complies with global standards and best practices such as those embodied in the UNCITRAL Model Law 2001
- Is nearly impossible to forge if properly implemented
- Once signed and sealed, protects and keeps the protection of a digital object whether in transit or in storage.
Working closely with ICTPA, the Cabinet Secretariat, and stakeholders, the project plans three more presentations to be held in May to develop a common understanding on the technology behind digital signatures and global best practices to inform the Mongolian draft law on digital signatures. The presentation is available on the project webpage, www.eprc-chemonics.biz.