Launching Egyptian Root CA and Inaugurating E-Signature

Dr. Sherif Hazem Nour El-Din

Information Security Systems Consultant

Root CA Manager, ITIDA

ITIDA -Jan 2010

Drafting an Electronic Signature Law

• National E-Signature Committee (members):

– Ministry of Communications and Information Technology– Ministry of Justice– Ministry of Economy and Foreign Trade– Ministry of Finance– Ministry of Foreign Affairs– Ministry of Interior– Ministry for Administrative Development– Central Bank of Egypt– Cabinet Information & Decision Support Center

E-Signature Law

- In 2004, law no. 15 was officially released to help enforce the e-Signature in Egypt

and to establish the (Information Technology Industry Development Agency–(ITIDA).

- The Executive Directive of the E-signature law issued in May 2005

- The e-signature law establishes legal recognition of electronically (digitally) signed

documents and contracts as well as (unsigned) electronic documents

- The establishment of ITIDA supports Egypt’s e-commerce industry by securing the

Internet as a legally viable medium for online financial activities.

Continue……

• In 28th, September 2009, Prime Minister Dr. Ahmed Nazif witnessed the

launch of E-Signature services for the public and private sectors and the

inauguration of the Egyptian Root-CA trust center, marking the e-signature

authorization by the Information Technology Industry Development Agency

(ITIDA).

Regulating Digital Certificates

Awareness

and technical

supportLic

ensing

and auditi

ng

Request for digital certificates

Digital Certificates

Information Technology Information Technology Industry Development AgencyIndustry Development Agency

(E-Signature regulator)(E-Signature regulator)

Client OrganizationsClient Organizations Digital Digital CertificateCertificate ProvidersProviders

Egyptian E-Signature Infra- Structure

National ROOT Certification AuthorityCountry XY

Cross recognition

Signature Key Holders ( End Users)

Gov Employees

CSP1 CSP2 CSP3 CSP4 GOV CA

Operates

Certifies

Issues

The Egyptian Root CA

- As one of its primary roles, ITIDA operates the Egyptian Root Certificate

Authority (Root CA) according to the highest security standards offering a

continuous 24hx7 operation (based on the means of a 2nd hot-standby Trust

Center).

- The national Root CA is the trust anchor for all relying parties within that

domain. Furthermore, the national Root CA is the legal and national base upon

which all IT applications, E-commerce and E-business Transactions will be

affected.

Root CA Key Functions• Issues digital certificates for licensed certificate service providers (CSPs) and

publish them to be available 24/7.

• Helps to prove or deny instantaneously the validity of digital certificates of the

licensed CSPs by providing both OCSP Service and LDAP directory.

• Root CA has the rights to stop the operation of any CA in case of security

deficiencies.

• Working as TSA (Time Stamping Authority) for CSPs.

Continue……

• Responsible for interoperability between other countries providing a point of

communication between Egypt and other nations in relations of E-signature.

• Auditing all the PKI technical requirements of CSP’s against the Egyptian

executive directives and all the updated international standards.

• Offers technical consultations to all the community in the field of Information

Security especially in Public key Infrastructure.

Achievements……• Root CA main trust center with 6 IT fortified rooms and more than 40 different

types of servers and security equipments has been implemented to operate 24/7

by 100% highly trained Egyptian staff.

• GOV- CA trust center is implemented and is ready to serve the governmental

organizations.

• Signing an MOU with the German Root CA to facilitate the cross recognition

with the German Root CA.

• Three private CSPs are ISO 27001 certified and one of them passed ITIDA

audit (financial, legal and technical) and are ready to issue digital certificate

private sector under the hood of Egyptian Root CA.

Continue……

• The first deployed private CSP has been securely connected to the Root CA

main trust center to maintain a copy of all the issued digital certificates and

CRLs to maintain client rights in case of disaster.

• Auditing process by ITIDA is to be continued for the remaining CSPs.

• Home made E-signature tools are ready to be used

– (Egyptian Smart Token (with and without Fingerprint).

– E-Signature Applications (Desktop, Web, and Mobile)

Pictures from Reality

ITIDA Cryptography Suite

Smart Token Software

Mobile Phone Application

The Future……

• Finalizing the Root CA disaster recover site at the Ministry of finance premises

30 KM apart from the Root CA main site.

• Doubling the staff to achieve the business continuity.

• Cross recognizing our Egyptian Root CA with other imitates in other countries.

• Collaborating with the Egyptian CERT to maintain the work sustainability.

Questions ???????

Thank You…