Scribd
Upload
27 views

Introduction To PNPKI (Full)

PNPKI provides secure electronic document signing and verification through public key infrastructure (PKI). PKI uses cryptography and digital certificates to authenticate users and ensure document integrity. It allows creating, signing, and sharing documents electronically. PNPKI facilitates paperless workflows for both government and private organizations to reduce costs and improve security compared to traditional paper-based systems. The Electronic Commerce Act and several government policies provide the legal basis for using digital signatures authenticated through PNPKI.

Uploaded by

heidefinition
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views

Introduction To PNPKI (Full)

PNPKI provides secure electronic document signing and verification through public key infrastructure (PKI). PKI uses cryptography and digital certificates to authenticate users and ensure document integrity. It allows creating, signing, and sharing documents electronically. PNPKI facilitates paperless workflows for both government and private organizations to reduce costs and improve security compared to traditional paper-based systems. The Electronic Commerce Act and several government policies provide the legal basis for using digital signatures authenticated through PNPKI.

Uploaded by

heidefinition
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

Introduction to PNPKI

Traditional Workflows

create sign share

print scan
Paperless / Less Paper Workflows

create sign share


???
What is PNPKI?

Public

Key
Infrastructure
What is PKI?
PKI is a system of processes,
technologies, and policies
that allows you to encrypt
and sign data.

Purpose:
To facilitate the secure electronic transfer of information for a
range of network activities such as e-commerce, internet
banking and confidential email.
What is PKI?
PKI enables risks to be properly managed so that electronic
transactions can be performed on open, insecure networks such
as the Internet.

Its main components are:

Cryptography Digital Certificates


What is Cryptography?
❖ Derived from the Greek kryptos, meaning ‘hidden’, is
a method of storing and transmitting data in a
particular form so that only those for whom it is
intended can read and process it.

❖ Uses mathematical science to encrypt and decrypt


data.

❖ Enables you to store sensitive information or


transmit it across unsecure networks (like the
Internet) so that it cannot be read by anyone except
the intended recipient.
What is Public Key Cryptography?
Public-key cryptography, or asymmetric
cryptography, is a cryptographic system that uses pairs
of keys.

Public Key Private Key


What is Public Key Cryptography?

• A public key and its Key Pair


corresponding private key are
mathematically related.

• A public key and its associated


private key are called a key
pair.

• A message encrypted with a


public key can only be
decrypted by the private key.
PUBLIC KEY PRIVATE KEY
• A message encrypted with a
private key can only be
decrypted by the public key.
What is Public Key Cryptography?

SENDER RECEIVER’S RECEIVER’S RECEIVER


PUBLIC KEY PRIVATE KEY

{Hello, world!}

{Srg4%Ry23.}. {Hello, world!}


encrypted decrypted
message message
Caution!
Public Key + Digital Certificate
What is a Digital Certificate?
What is a regular certificate?
Cambridge Dictionary
defines certificate as
an official document
that states that the
information on it is true.

Example: birth/marriage/
death certificate, doctor's/
medical certificate, or
school diploma
What is a Digital Certificate?

❖ A very small file issued by a Certificate Authority


as proof of an individual's (or machine's)
electronic identity

❖ An electronic "passport" that allows a person,


computer or organization to exchange
information securely over the Internet.

❖ Associated with a Public and Private Key.


What is in Digital Certificate?
What is in a digital certificate?
 Info about the individual, organization, or
computer to which the certificate was issued to

 Info about the CA who issued the certificate

 Date issued and expiration

 Serial number of the certificate

 The certificate holder’s public key

 Other certificate information


What is in Digital Certificate?
What is in a digital certificate?
Types of Digital Certificates
❖ Individual
Certificates
▪ Authentication
▪ Signing
Types of Digital Certificates

❖ Agency Certificates

❖ SSL Certificates
What is a Digital Signature?

❖ a type of electronic signature

❖ a mathematical scheme for


verifying the authenticity,
integrity, non-repudiation of
a message

❖ often used to
implement electronic
signatures
E-Signatures
Digital Signature
Digitally signed by
John Doe
Date: 2019.06.13

John Doe
09:00:00 +08’00’
What is PKI used for?
PKI provides mechanism for trusted on-line
relationships by ensuring security of digital data
and transactions by providing:

❖ Authentication
❖ Confidentiality
❖ Integrity
❖ Non-repudiation
Authentication
Confidentiality

{Hello, world!}
{Srg4%Ry23.}.
encrypted
message
Integrity
document
signing

digitally signed
document

email
signing

digitally signed
email
Non-repudiation

digitally signed
document
Legal Basis for E-Signatures
Electronic Commerce Act of 2000
RA 8792
Sec. 7. Legal Recognition of
Electronic Documents

Electronic documents shall have the


legal effect, validity or enforceability
as any other document or legal
writing

For evidentiary purposes, an


electronic document shall be the
functional equivalent of a written
document under existing laws.
Legal Basis for E-Signatures
Electronic Commerce Act of 2000
RA 8792
Sec. 8. Legal Recognition of
Electronic Signatures

Electronic signature on the


electronic document shall be
equivalent to the signature of a
person on a written document.
Legal Basis for PNPKI
Institutionalizing the
E.O. 810 series 2009 Certification Scheme for Digital
Signatures and Directing the
Sec. 4. Application of Digital Application of Digital Signatures
Signatures in E-Government in e-Government Services
Services

All government agencies


and instrumentalities
providing e-government
services to its clients shall
require the use of digital
signatures in their
respective e-government
services...
Supreme Court Rule
A.M. No. 01-7-01-SC.-
Re: Rules on Electronic
Evidence

Rule 6. Section 1

An electronic signature or a
digital signature authenticated
in the manner prescribed
hereunder is admissible in
evidence as the functional
equivalent of the signature of
a person on a written
document.
GPPB Resolution 16 -2019
COA Circular 2020 -009
ARTA M.C. 2020 -06
Financial Benefits
❖ reduces cost of paper, ink, printer
❖ reduces cost of manpower time in servicing forms,
contracts, applications
❖ reduces cost of transportation, handling, freight, postage,
courier services and traffic and customs delays
❖ reduces cost of delays in signing, transmitting, approving,
processing
❖ reduces cost of maintaining physical storage, digitization
and archiving
❖ reduces cost of fraud, encoding errors, tampering,
modification of signed documents
❖ reduces cost of loss of reputation/credibility due to security
leaks and breaches
PNPKI Partners

City Archives and Records Office


City Records Management System

* First LGU to apply as GovRA


PNPKI On-going Coordination
• Department of Health • Philippine Institute for Development Studies
• Department of Justice • Polytechnic University of the Philippines
• Department of Tourism • Credit Information Corporation
• Department of Agriculture • CHED – Region 1
• Department of Transportation • National Book Development Board
• Department of Agrarian Reform • Development Academy of the Philippines
• Department of Public Works and Highways • Government Procurement Policy Board
• Department of Budget and Management • DepEd – Tayabas, Quezon Province
• Department of Social Welfare Development • National Research Council of the Philippines
• Anti-Red Tape Authority • Central Luzon Center for Health Development
• DOST - PCAARRD • Philippine Statistics Authority
• DOST – National Capital Region • Light Rail Transit Authority
• Office of the President – ICTO • Public Private Partnership
• DTI-Bureau of Philippine Standards • PhilHealth
• Department of Education Region 02 • Local Government Units
• Baguio General Hospital and Medical Center • SEC Broker Dealers in Securities
• Presidential Communications Operations
Office
Paper-based Document
Management System
Electronic Document Management
System
PNPKI Team Contact Information
[email protected] (Region 1, 2, & CAR)
[email protected] (Region 3 & 4A )
[email protected] (Region 4B & 5)
[email protected] (Region 6)
[email protected] (Region 7 & 8)
[email protected] (Region 9 & ARMM
except Maguindanao & Lanao Del Sur)
[email protected] (Region 10 & 13)
[email protected] (Region 11, 12,
Maguindanao & Lanao Del Sur)
THANK YOU!

You might also like