Of digital identification

Digital certificates are germane to the process of transition to a knowledge economy in any country. To define it in simple terms, a digital certificate is a secure and reliable means of confirming individual and institutional identities in electronic environments. It is a digital file that certifies the identity of an individual or institution seeking access to computer-based information. It serves the same purpose that an identity card does – that is to confirm the user’s identity – but the difference is that it is impervious to tampering. Digital certificates bind the identity of an individual or institution to a digital public key that can be used to encrypt and sign digital information. The combination of standards, protocols, and software that support digital certificates is called a public key infrastructure, or PKI.

The UAE integrated public key infrastructure (PKI) technology into its identity management system in 2003. The use of digital certificates is crucially important for two reasons: Firstly, the transition to a knowledge economy requires taking full advantage of the revolutionary potential of information technologies. Secondly, the question of cyber security is integrally linked to all aspects of the success of a knowledge economy. In the absence of an advanced and tamper-proof method of identity verification and content protection in the virtual world, all the gains we have consolidated in the current digital era will go waste.

Let us understand the context in which we are discussing this. It is now a fact of life that all service channels are fast becoming electronic, freeing the customers from the constraints of time, place and digital divide. Even as our dependence on electronic transactions increase exponentially in all spheres of life, concerns about privacy and security remain strong. Encryption was thought to address these concerns effectively, but it was soon found inadequate because it offered no way of ascertaining the identity of the sender of the encrypted information. It is against this backdrop that digital certificates emerged as a game-changer for they guaranteed high levels of security while helping in foolproof validation of identities and in maintaining the integrity of the content. Used in tandem with encryption, digital certificates provide a more comprehensive security solution, assuring the identity of all parties involved in a transaction. A digital certificate is issued by a Certification Authority (CA) and signed with the CA’s private key. A digital certificate typically contains the following elements: (1) owner’s public key, (2) owner’s name, (3) expiration date of the public key, (4) name of the issuer (the CA that issued the digital certificate), (5) serial number of the digital certificate, and (6) digital signature of the issuer.

In 2003, the UAE government began the process of issuing digital certificates in the form of smart identity cards, which was integrated into the program for developing a national identity management and population register infrastructure. Individual identity is bound to a digital certificate and is securely stored in the smart card. The main strategic objective behind this massive project was to support e-government and e-commerce initiatives in the country in such a way that the UAE’s track record becomes second to none. This emerged from the UAE’s understanding that in a ‘connected government’ context, public service agencies should act as a single enterprise so that the citizens felt they were being served by one organisation rather than a number of different public authorities. Identity management is considered here a fundamental pillar to enable such operating models and support single sign-on (SSO) & online identity validation capabilities for e-government & e-commerce environments. This was truly a historic rupture from bureaucratic obstructionism so characteristic of conventional governmental work anywhere in the world and a quantum leap towards a citizen-centric model of governance. 

The fact that the UAE’s efforts in this respect came in for praise from the United Nations and several other international bodies testifies to the perspicacity of the country’s prudent leadership. The UAE knew well that as and when more transactions were based on the smart identity card, more services were bound to be rolled out using its advanced features, such as biometrics, digital signatures and time-stamps, transforming government service providers into 24-hour authorities. In taking advantage of the digital revolution for purposes of governance through the effective utilisation of digital certificates and smart identity cards, the UAE is internationally recognised as one of the pioneers. Over the last decade, Belgium, Finland, and Norway have led the digital revolution. These countries have transformed their government transactions and enabled many secure G2C internet-based service-modelled transactions. Digital certificates issued to the citizens are key characteristics of these systems. The USA, under the Office of the CIO, has developed a comprehensive Identity and Credential Management Framework and is spearheading the unified National ID card implementation.

It is, therefore, no small achievement that the UAE is now reckoned along with global giants for its efforts at transforming the mechanism and delivery of government services from the conventional to the new age. The mission statement of the UAE Federal e-Government Plan 2012 – 2014 reads as follows: “Innovative e-Government, committed to enhancing the competitiveness of the UAE and providing world-class multi-channel services based on the wishes of customers through a coherent and efficient government; taking advantage of an advanced digital infrastructure and highly qualified human resources within a smart framework of governance.”

 

Abdullah Al Kendi is the Director of Information Technology, the Emirates Identity Authority