Revista Brasileira de Políticas Públicas

In the rise of the new Information and Communication Technologies (ICT), governments worldwide as well companies go through a transition, trying to adapt themselves to the Knowledge Society demands. Such innovative technologies enable the improvement of relations between society and their governments, and between companies and their partners, providing improvements in quality and efficiency of public and private sectors. At the same time that these interfaces provide unprecedented opportunities, the growth of the digital universe reveals threats regarding the vulnerability of electronic information. The digital certificate may be the answer that governments and businesses need to operate in this new environment of uncertainty. This article aims to present a current overview of the technology involved in digital certification and a list of the most important applications currently available in Brazil. Therefore, it starts with a series of concepts related with the beginning of encryption, explains the specific aspects of certification and digital signature, and discusses the organizational and legal aspects of the Infrastructure for the Brazilian Public Key Infrastructure. Finally, we present the main applications of this technology in Brazil at this moment. The conclusion we reach is that there is great potential for the use of digital certification in the country that can be the basis for the safe development of electronic government and commerce within confidence and tranquillity to their users.

Electronic Government, Electronic Commerce; Public Key Infrastructure; Digital Certification; Encryption; Brazil.

Adams, C. and Lloyd, S. (2003) Understanding PKI: concepts, standards, and deployment considerations. 2nd edition, New Jersey: Addison Wesley.

Atreya, M., Hammond, B., Wu, S., Starrett, P., and Paine, S. (2002) Digital Signatures. Berkeley: McGraw-Hill.

Beldad, A., Jong, M., and Steehouder, M. (2011) ‘I trust not therefore it must be risky: Determinants of the perceived risks of disclosing personal data for e-government transactions’. Computers in Human Behavior, vol. 27, no. 6, pp. 2233-2242.

Brazilian Association of Technical Standards (2005) NBR ISO/IEC 17799: código de prática para a gestão da segurança da informação. 2nd edition. Rio de Janeiro: Associação Brasileira de Normas Técnicas - ABNT, 2005.

Bromby, M. (2010) ‘Identification, trust and privacy: How biometrics can aid certification of digital signatures’. International Review of Law, Computers & Technology, vol. 24, no. 1, p. 133-141.

Burnett, S. and Paine, S. (2002) RSA Security's Official Guide to Cryptography. Berkeley: Osborne/McGraw-Hill.

Choudhury, S., Bhatnagar, K., and Haque, W. (2002) Public key infrastructure: implementation and design. New York: M&T Books.

Diffie, W. and Hellman, M. E. (1976) ‘New directions in cryptography’. IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644-654.

Feghhi, J. and Williams, P. (1999) Digital certificates: applied internet security. New Jersey: Addison Wesley.

Gerdes, J. H., Kalvenes, J., and Huang, C. (2009) ‘Multi-dimensional credentialing using veiled certificates: Protecting privacy in the face of regulatory reporting requirements’. Computers & Security, vol. 28, no. 5, pp. 248-259.

Harn, L. and Ren, J. (2011) ‘Generalized digital certificate for user authentication and key establishment for secure communications’.

IEEE Transactions on Wireless Communications, vol. 10, no. 7, pp. 2372-2379.

Hunt, R. (2001) ‘Technological infrastructure for PKI and digital certification’. Computer Communications, vol. 24, no. 14, pp. 1460-1471.

Infra-Estrutura de Chaves Públicas Brasileira (2007) Glossário ICP - Brasil. Versão 1.2. Brasília: ICP.

International Data Corporation (2012) The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in the Far East. IDC White Paper. Framingham: IDC.

Kahn, D. (1996) The codebreakers: the comprehensive history of secret communication from ancient times to the internet. New York: Scribner.

Laih, C., Jen, S., and Lu, C. (2012) ‘Long-term confidentiality of PKI’. Communications of the ACM, vol. 55, no. 1, pp. 91-95.

Li, H. and Wu, C. (2013) ‘Study on the application of digital certificates in the protection of network information security and data integrity’. Journal of Networks, vol. 8, no. 11, pp. 2592-2598.

Ming, Z. (2013) ‘Secure digital certificate design based on the public key cryptography algorithm’. Telkomnika, vol. 11, no. 12, pp. 7366-7372.

Ortega, M. and Sánchez, S. (2012) ‘University authentication system based on java card and digital X.509 certificate’. International Journal of Computer Science Issues, vol. 9, no. 4, pp. 23-29.

Rivest, R., Shamir, A., and Adleman, L. (1978) ‘A method for obtaining digital signatures and public key cryptosystems’. Communications of the ACM, vol. 21, no. 2, pp. 120-126.

Sharma, A., Goyat, N., and Saroha, V. (2013) ‘Public-Key Infrastructure (PKI)’. International Journal of Advanced Research in Computer Engineering & Technology, vol. 2, no. 7, pp. 2307-2310.

Silva, L. S. da (2004) Public key infrastructure – PKI: conheça a infraestrutura de chaves públicas e a certificação digital. São Paulo: Novatec.

Singh, S. (1999) The code book: the science of secrecy from ancient Egypt to quantum cryptography. New York: Anchor Books.

Stallings, W. (2007) Data and computer communications. 8th edition, New Jersey: Pearson Prentice Hall.

Toma, C. (2009) ‘Security issues of the digital certificates within public key infrastructures’. Informatica Economică, vol. 13, no. 1, pp. 16-28.

Zhang, J., Hu, N., and Raja, M. K. (2014) ‘Digital certificate management: Optimal pricing and CRL releasing strategies’. Decision Support Systems, vol. 58, no. 1, pp. 74-78.