Authentication technologies: More crucial than ever
According to SecureMetric’s CEO, Edward Law, Public Key Infrastructure or PKI solutions, are more widely used than we think. It is the authentication and authorisation technology that works in the background to allow use of chip-based passports, debit and credit cards, as well as secure logging in of online payment services, among others.
But how exactly does it work? A Securemetrics’ video explains this, and during our interview Law described PKI as “.. the only security solution in the world today, to help customers achieve non-repudiation.”
This is a critical digital security quality that provides proof of the integrity and origin of data.
That’s because there is a trusted neutral party, that has the mechanism to prove without a doubt that an authenticated individual has conducted a transaction that they have the authorisation to conduct.
With Malaysia’s Digital Signature Act 1997, a qualified digital signature with a qualified digital certificate that is disputed can be brought to court, and a neutral party can be brought in as a forensic expert. This is because the Act recognises digital signatures as having the same legal value as physical signatures, for electronic transactions.
“Whatever security ecosystem there is, the very important element is the key, called a private-public key or a cryptographic key.”
“The best practice way to keep it safe, is to store it in a very secure hardware. This is why I say most of our projects deployed, combines both software and hardware together.”
To secure applications, digital identity and digital transactions, PKI is a very popular method, and even governments recognise this, and utilise it.
In Malaysia, MCMC, offers licenses for companies to issue digital certificates. The license validates companies like Trustgate, Telekom Applied Business, and Digicert, as public certificate authorities and allows them to operate as trusted entities to supply digital certificates to citizens.
“We also help these companies to set up the required infrastructure to run this as a business,” Law said.
Law said, Securemetrics covers quite a wide range of solutions and these reach a wide range of industries. “But the two main areas we are good at, is PKI and authentication.”
Demand for PKI has also increased, he observed. “In most of our day-to-day living, there is use of PKI without us knowing it.” For example, the security mechanism of our payment cards, use PKI solutions.
In telecommunications, small node base stations at the edge of the network, also need to authenticate themselves before they are allowed to connect to the larger telecommunications network. Because there are more of these small nodes at the edge, the bad guys could try to make themselves appear as one, and try to connect to the network with the purpose of hijacking it.
The same could be said for the Internet of Things (IoT) deployments as well, with so many sensor devices out there transmitting back data to processing hubs; are all these endpoints really who they say they are?
With so much emphasis placed upon transforming into a digital economy, as well as Industry4.0 (IR4.0) with heavy use of IoT and automation, Law sees the use of PKI in Malaysia and the region actually increasing. “The first step is to have a secure digital identity ecosystem, and PKI is the backbone for this kind of implementation.”
Securemetrics has helped governments in Southeast Asia like Indonesia, Vietnam and Philippines, and also governments in the Middle East region, to set up their respective national PKI projects, entire systems required for issuing digital certificates to their respective public sector civil servants.
This is a crucial foundation to have before implementing e-government initiatives, or digitalising services for the citizens.
Banks in the region, as well as e-commerce websites like Lazada, are also Securemetrics’ customers.
But, it isn’t all just large, nation-scale implementations that Securemetrics is involved in.
On the other end of the spectrum, Law noted that mobile app stores are facing a challenge in ensuring that the apps they sell are genuine. “Last June, there were over one million downloads of a fake Whatsapp application, in just two weeks.
“Many overlook the importance of securing the endpoints, but we are offering a method to shield the app.”
The PKI and authentication specialist works with Cybersecurity Malaysia (CSM), in areas like being certified, as well as market awareness.