Oman PKI Initiative
Oman Public Key Infrastructure (PKI) is a national initiative that sets the infrastructure needed for all government entities to provide eServices in Oman. It is employed in order to enable online transactions for citizens and to raise the level of security and authenticity of electronic paperwork. It allows exchanging information securely as it provides a high level of confidentiality by using eID, mobile ID or USB Token.
Oman PKI aims at providing a secure technology for information documentation, electronic credibility and identification and authentication of users as well as signing all transactions online by using electronic ID.
PKI is responsible for:
- Delivering certification services on behalf of ITA in accordance with ITA approved policies, requirements and agreements.
- Providing the possibility to join Oman National PKI at Registration Authority (RA) or Sub Certificate Authority (Sub CA).
- Securing the communications between servers to servers or clients to servers by utilizing server/client.
PKI provides five main services:
- Authentication: The traditional way of authenticating on websites was to sign in by entering the user name and the password. However, this way is not secure as anyone can hack them and use them illegally. Whereas, PKI uses an alternative method whereby an electronic ID, mobile ID or Token is required to authenticate the identity of the user.
- Electronic Signature: Any citizen can use this feature to sign any certificate online at any time without the need to go to the concerned premises. S/he can use eID, mobile ID or Token to do so.
- Encryption: It is the process of encoding information in such a way that only authorized parties can read it. PKI activated this feature so that information is saved securely.
- Email Encryption: By utilizing PKI, persons can send files through emails safely in which USB Token is used only.
- Email signature: another way of ensuring the confidentiality of data sent by emails is through signature which can be obtained from using USB Token only.
HR department at ITA was the first governmental body to use PKI for all ITA’s employment documents such as job contracts, offer letters, signatures of all concerned parties, etc. Any entity in the Sultanate can set up its own PKI so that it facilitates signing, authenticating and encrypting certificates electronically.
It is worth mentioning that Ministry of Commerce and Industry, Ministry of ManPower, Public Prosecution and Muscat Municipality have started using this service. Whereas, other entities such as al Rrafd Fund and the Public Authority for Social Insurance will work on it in the coming few years.
Oman National PKI center will set up a "Registration Authority" accreditation for CBO "Central Bank of Oman. It will also be working on “The Internet Web Trust Accreditation" project which will make the SSL "Secure Socket Layer" Certificate recognized by Web Trust and can be part of any web browser. A Number of government entities as well are currently working to integrate with identity management portal to utilize the eID certificate for authentication and signing services.
Source: Information Technology Authority