What is PKI

Public Key Infrastructure – definition and trends in Hong Kong

Public Key Infrastructure (“PKI”) is a universally adopted technology that works on asymmetric cryptography to digitally establish the identity of an individual, device, or server in a fool-proof manner. Powered by Public Key Cryptography, a technology used by most of the modern security systems, PKI provides assurance on the user’s identity in the digital world.
 
Public Key Infrastructure is the set of software, hardware, procedure, processes and policies required for the creation, management, distribution, storage and usage of digital certificates and public-keys. The technology delivers the building-blocks essential for creating a secure and trusted business environment and is the driving force behind technologies such as digital signatures and encryption.
 
PKI covers the use of public key cryptography and digital certificates as the accepted means of authentication and access control over untrusted networks, such as the Internet. While public key cryptography addresses issues of data integrity and transaction privacy, certificates address concerns in authentication and access control.
 
Public key cryptography involves the use of a pair of different, but related, keys, which enables the conduct of electronic commerce securely on the open telecommunications network or the Internet. Each user has a private key and a public key. The private key is kept secret, known only to the user; the other key is made public by placing it in the Public Directory maintained by Hongkong Post in case of Hong Kong, or recognized certification authorities (CAs) in other countries. CAs play an important role on the effective operation of the PKI and as a credible third party to proof of identity of the parties involved in an electronic transaction.
 
PKI essentially helps set legal framework and establish the identity of people, devices, and services, thereby facilitating controlled access to systems and resources, and providing high-end data security and accountability of transactions. As a result of this, next generation business applications are becoming more reliant on Public Key Infrastructure technology to guarantee high assurance.
 

PKI supported by the Hong Kong Government 

- With launch of iAM Smart (formerly known as Electronic Identity; eID)

 

The Government put forward in the Policy Address released in 2017 to provide an electronic identity (eID) for Hong Kong residents.  The plans in place are to promote the adoption of eID authentication for the online services of public organisations and private enterprises.
 
The Government is launching the electronic identity (eID) system in 2020, with iAM Smart account, firstly introduced in 2019, will be provided for all Hong Kong residents free of charge, enabling them to use a single digital identity and authentication to conduct government and commercial transactions online. In collaboration with Cyberport, the Office of the Government Chief Information Officer (“OGCIO”) is conducting an iAM Smart pilot sandbox programme for private sector to conduct mock-up tests on API functions in order to get better prepared for the adoption of iAM Smart in the future.
 
Upon successful registration, iAM Smart account will be bound to the personal mobile device of the applicant. Users can make use of the biometric functions (including facial recognition, fingerprint identification, etc.) provided by their personal mobile devices to authenticate their identities and log in online services. iAM Smart will also support digital signing with legal backing under the Electronic Transactions Ordinance (Cap. 553) for handling statutory documents and procedures.

Resources: