A Public Key Infrastructure (PKI) refers to a system for the creation, storage and distribution of digital certificates, which are used to verify that a particular public key (online identity) belongs to a certain entity. A PKI is a technical infrastructure that comprises of a Root Certification Authority (RCA) and a Certification Authority (CA), referred to as an Electronic Certification Service Provider (E-CSP) in Kenya’s legal and regulatory framework.
The PKI creates a framework for protecting communications and stored information from unauthorized access and disclosure by addressing the fundamentals of cyber security – confidentiality, integrity, authentication and non-repudiation. A PKI is key to the rollout of e-transaction services.
The Authority is mandated under the Kenya Information and Communications Act of 1998 to license and regulate Electronic Certification Service Providers (E-CSPs). Kenya’s National PKI comprises of a Root Certification Authority (RCA), which is managed by the Authority as a regulatory function, and the Government Certification Authority (GCA), an E-CSP that is managed by the ICT Authority (ICTA).
The technical infrastructure for both components are hosted by the Authority. The NPKI is instrumental towards the effectiveness of the licensing of Electronic Certification Service Providers (E-CSPs) by the Authority since a licensed E-CSP must be accredited by the RCA for its digital certificates to be globally recognized and trusted.
Digital certification services will support the rollout of e-Government services by enhancing the security of online transactions. Some of the e-Government services include submission of tax returns, company registration, renewal of driver’s licence, tracking status of passport/ID/job applications, among others.