Govt plans to implement digital signatures

The government plans to bring digital signatures required for online transactions into full implementation from next year. The Ministry of Science, Technology and Environment is preparing to set up a disaster recovery (DR) site in this regard.

The DR site is an important aspect of the implementation of digital signatures to maintain the data of the Root Certifying Authority (CA), the Office of the Controller of Certification (OCC) under the Technology Ministry. The government introduced digital signatures two years ago, but it is yet to come into practice for secured electronic transaction due to lack of the required infrastructure.

A digital signature is a special government certified identification code which is used to authenticate digital information such as documents, e-mail messages by the sender or the signatory to a document and ensures that the document is unchanged and genuine. The OCC is the main responsible government body to implement digital signatures as the Root CA.

“We are preparing to hire a consultant to study what we need to implement digital signatures,” said Laxmi Prasad Yadav, controller of the OCC. He added that they had a plan to bring digital signatures into full operation from October next year as it was vital for e-governance and giving legality to electronic transactions. The OCC is preparing to sign an agreement with CyberQ Consulting which is one of the two short listed firms to be a responsive bidder. The India company is in joint venture with Cyber International, Nepal.

The main responsibility of the consultant will be to study the existing infrastructure, requirement Analysis of DR for smooth operation of Root CA, identification of hardware, software and other related accessories for full operation of Root CA.

The OCC will use the Government Integrated Data Centre as the main centre for implementation of digital signatures. Based on the study report, the OCC will call tenders for developing the infrastructure of the DR site. Due to delays in bringing digital signatures into practice as per the Electronic Transaction Act, e-transactions have become increasingly vulnerable along with a growth in e-tendering and online banking, the Technology Ministry said.

Currently, many banks and financial institutions are being forced to use digital signatures like VeriSign procured from international firms to make their transactions safe. “An example is that delays in the implementation of digital signatures had badly affected payment gateway service,” said Binod Dhakal, president of CAN. According to him, the main constraint is the hardware part for which the government must give priority for legitimising and making online transaction risk free.

Meanwhile, the OCC on Friday held an interaction on mobile and wireless security. It said that as the trend of making online transactions through mobile devices were also increasing, customers were at risk of theft of information regarding credit and debit and details of the banking transactions of customers. Strong passwords, regular updating of the OS, staying away from unknown networks in free Wi-Fi zones and stopping use of unnecessary mobile apps can help make mobile devices safe, said the OCC.