Mr Khoong Hock Yun, Assistant Chief Executive, Industry Infocomm Development Authority of Singapore Opening Speech - Seminar on "PKI Development in Singapore", Conrad Centennial
Mr Khoong Hock Yun, Assistant Chief Executive, Industry
Infocomm Development Authority of Singapore
Opening Speech - Seminar on "PKI Development in Singapore", Conrad Centennial
Singapore, 10 March 2004
Mr V. Mathivanan, Chairman of PKI Forum Singapore
Delegates of the Asia PKI Forum
Ladies and Gentlemen
1. A good morning to all of you, and to our visitors from Asia, a warm welcome to Singapore.
2. It was a wet period for Singapore for the past few days, and today the weather has turned sunny again. Similarly for the Singapore economy, optimism is rising and recovery should be on the way. Many of the companies have already taken advantage of the rise.
3. We are living in an increasingly globalised world where huge amount of goods and services are being transacted over the internet and also online. With e-commerce, the physical presence of the buyers and sellers at the point of transaction is no longer required. That was the promise of the dot.com. This has definitely brought about great convenience and efficiency for all the parties involved.
4. But the value of IT, its increase in productivity is under scrutiny. The challenge is where do we go and how being online affects us. There is a need to authenticate the identity of the transacting parties to ensure the "validity" of the transactions. In addition, there is also the need to ensure confidentiality, non-repudiation and integrity for each online transaction. Basically, we are therefore looking at how to secure the online world in a more secured and intelligent manner. This is the same problem that we discussed before in the dot.com boom, and now it is being discussed again.
The Key to a More Secured Online World
5. Today, I will just focus on the Public Key Infrastructure or PKI in short since this is the topic of today's seminar, although there is a whole array of efforts that need to be done in this area of furthering trust and online transactions.
6. Given Singapore's open trading environment, and our reliance on external trade, we must link up seamlessly with the global e-commerce infrastructure, be it in interoperability with as many countries as possible so that our businesses can conduct electronic transactions securely and efficiently in these countries. The development and adoption of an interoperable PKI is important as we need to develop a secure, trustworthy and safe environment for e-commerce, and eventually for m-commerce.
7. Several sectors of our industry are already deploying PKI as the key security technology in their applications. Let me share with you a few cases of the deployment of PKI this is on a large scale.
8. Singapore has a fully electronic and paperless system for granting exporters a certificate of origin (COO) for goods exported. We are the first country to have something like this. The COO is developed locally through the joint efforts by the Singapore Confederation of Industries, the Chinese and Indian Chambers of Commerce and Industry, the Singapore International Chamber of Commerce, and CrimsonLogic, a promising local enterprise, of which our Chairman of the Singapore PKI Forum, Mr Mathi is at the helm. The COO solution uses PKI technology to ensure data security and authenticity. Hence users are required to use a smartcard to digitally sign on an application for the trade document to export. As an electronic repository, it allows authorised personnel with the necessary access codes to view the documents online. Unauthorised reproduction of the COO is also prevented through the use of the optical watermarks on the COO which allows for visual authentication of the document.
9. Another large scale deployment of PKI in the Singapore government sector is the GeBIZ (Government Electronic Business), which is our government procurement portal. It is an integrated online business centre where GeBIZ-registered suppliers or trading partners can conduct e-commerce with the Singapore Government. A Netrust smart card is required for authentication when purchase orders are issued in GeBIZ. With this, potential trading partners are exposed to an even wider range of viable e-business opportunities with the government of Singapore.
10. From the private sector, in this case the banking sector, all banks in Singapore that clear SGD and local USD cheques have implemented an online image-based cheque clearing system known as the Cheque Truncation System (CTS) since July last year. This nationwide system for the banking industry in Singapore is protected by comprehensive PKI-based security architecture. For added security, it also incorporates basic security and authentication controls such as dual access control, user ID and passwords with crypto box and smart card interfaces.
11. There are many other examples of PKI deployment in other sectors perhaps in different scale and different element of success. They include projects in the government, Finance and Banking, as well as Logistics. Although most of the examples cited involved sectors that either deals with confidential information, or with high volume of high-value transactions, the potential for PKI is obviously enormous. It is especially so as many multiple industry applications are increasingly using PKI as the key security technology. Large technology players such as IBM and Microsoft have initiated a proposal to adopt PKI through the use of XML signature as the main technology in the security model of Web Services, which by itself is an underlying engine of how different systems is integrated together.
12. While the government will continue in our role to catalyse the development of PKI and its adoption, I would like to urge businesses to consider using PKI in their applications where applicable, and especially when there is a compelling need. You can always start from 'small' say from within the business enterprises. For example, we have the Singapore Technologies Group and Singapore Telecommunications issuing digital certificates to their top management and Board of Directors to authenticate themselves for secure emails and other online applications, while Standard and Chartered Bank Singapore issuing digital certificate to authenticate their corporate users for their corporate banking. Hence PKI can be your key to a more secured online world.
13. Given the growing importance of online security especially with the rise of e-commerce, I am happy to note the progress of the Asia PKI Forum. For those of who may not be so familiar with this Forum, it is an industry-led Forum that plays a leading role in education, harmonising cross border regulation, facilitating interoperability as well as identifying and developing potential PKI applications. And very importantly, it also serves as a platform for closer co-operation between the government and the industry. Singapore is one of the founder members together with Japan and Korea in the year 2001.
14. This morning, I am pleased several of our members in the Forum have agreed to share us with their experiences in PKI development. I am sure it will be an insightful experience for all of us. I read all the presentation slides and they contain a lot of useful information. I wish all of you a fruitful session ahead.
15. Thank you.