Mauritian Public Key Infrastructure for secure electronic transactions

Mauritius has its own Public Key Infrastructure (PKI) since 6 December. The launching of the PKI at the Swami Vivekananda International Convention Centre, Les Pailles, by the Minister of Information and Communication Technology, Mr. T. Pillay Chedumbrum, is deemed an important step in providing for safe, trusted and secure electronic transactions and establishing Mauritius as a trusted hub for e-commerce by providing a wide range of security products and services.

The PKI is an architecture that proves the identity of people, web sites and computer programme, among others. PKI has been recognised to be the key element for supporting secure and reliable electronic communications in the framework of e-Government and e-service delivery as well as being a trusted technology that ensures the trustworthiness of identity credentials in national identity programs, and e-passport programs. Through its mix of authentication, encryption, and digital signatures, the PKI maintains strong security, streamlines administration, and contains operational costs.

It is to be recalled that in February 2009, the Information and Communications Technologies Authority (ICTA) signed a Memorandum of Understanding with the Controller of Certifying Authority of India for the implementation of the PKI in Mauritius. Hence, to enable a secure electronic transactions operating environment, the Electronic Transactions Act was amended and the Electronic Transactions (Certification Authorities) Regulations 2010 came into effect on 1 December 2010 providing for the licensing framework as well as the regulation of Certification Authorities (CA) activities in Mauritius. Parts of the Electronic Transactions Act have also been proclaimed to enable ICTA to exercise the powers of the Controller of Certification Authorities (CCA) and make the PKI operational.

The role of the CCA includes the certification of the technologies, infrastructure and practices of all CAs duly licensed, recognised, or approved to issue Digital Certificates. The Digital Certificate is the vehicle that guarantees the required level of trust as it contains information about the person holding the certificate. It aims at ensuring, through the use of Digital and Electronic Signatures, confidentiality, authenticity, integrity and non-repudiation for online transactions.

According to the Minister of Information and Communication Technology, the adoption of the PKI will reduce very considerably the risk of forgery, theft, or abuse of identification credentials. He said that the implementation of the national ID card project will include the use of PKI to improve the security of the data stored on the card. Mr. Pillay Chedumbrum also stated that the next step is to ensure the widest adoption of the PKI technology for online transactions to enable secured online transactions that have the required legal sanctity and be receivable in a court of law as evidence in cases of disputes.