Introduction to PNPKI

Cybersecurity Bureau

NCERT DCD CIECSMD

National Digital Critical
Computer Certificate Infostructure
Emergency Division Evaluation &
Response Cybersecurity
Team Standards
Monitoring
Division
PNPKI Team Nationwide

NCR - 1
Luzon - 3
Visayas - 2
Mindanao - 3
???
Points of Discussion:
v What is PKI and PNPKI?
v Components of PKI
v Digital Certificates
v Digital Signatures
v Benefits of PNPKI
v Legal Basis of eSignature and PNPKI
v Application Requirements and Process
What is PNPKI?

Public

Key
Infrastructure
Scenario #1 –
Long lines
Solution #1
Scenario #2 – Fraud
Solution #2
&
Barcode OCR
QR Code

Digital Signature
Scenario #3
– WFH
DIC T Department Circular No. 006

https://dict.gov.ph/
dict-provides-
secure-digital-
certificates-to-the-
public/
 What is PKI?
PKI is a system of processes,
technologies, and policies
that allows you to encrypt
and sign data.

Purpose:
To facilitate the secure electronic transfer of information for a
range of network activities such as e-commerce, internet
banking and confidential email.
What is PKI?
PKI enables risks to be properly managed so that
electronic transactions can be performed on open, insecure
networks such as the Internet.

Its main components are:

Cryptography Digital Certificates

What is Cryptography?
v Derived from the Greek kryptos, meaning ‘hidden’, is
a method of storing and transmitting data in a
particular form so that only those for whom it is
intended can read and process it.

v Uses mathematical science to encrypt and decrypt

data.

v Enables you to store sensitive information or

transmit it across unsecure networks (like the
Internet) so that it cannot be read by anyone except
the intended recipient.
What is Public Key Cryptography?
Public-key cryptography, or asymmetric cryptography,
is a cryptographic system that uses pairs of keys.

Public Key Private Key

What is Public Key Cryptography?
• A public key and its
corresponding private key are Key Pair
mathematically related.

• A public key and its associated

private key are called a key pair.

• A message encrypted with a

public key can only be decrypted
by the private key.

• A message encrypted with a

private key can only be PUBLIC KEY PRIVATE KEY
decrypted by the public key.
 What is Public Key Cryptography?

SENDER RECEIVER’S RECEIVER’S RECEIVER

PUBLIC KEY PRIVATE KEY

{Hello, world!}

{Srg4%Ry23.}. {Hello, world!}

encrypted decrypted
message message
Caution!
Public Key + Digital Certificate
 What is a Certificate?
What is a regular certificate?
Cambridge Dictionary
defines certificate as
an official document
that states that the
information on it is true.

Example: birth/marriage/
death certificate, doctor's/
medical certificate, or
school diploma
 What is a Digital Certificate?

v A very small file issued by a Certificate Authority as

proof of an individual's (or machine's) electronic
identity

v An electronic "passport" that allows a person,

computer or organization to exchange information
securely over the Internet.

v Associated with a Public and Private Key.

 What is in a Digital Certificate?
What is in a digital certificate?
þ Info about the individual, organization, or
computer to which the certificate was issued to

þ Info about the CA who issued the certificate

þ Date issued and expiration

þ Serial number of the certificate

þ The certificate holder’s public key

þ Other certificate information

What is in a digital certificate?
 Types of Digital Certificates
v Individual Certificates v Agency Certificates
§ Authentication
§ Signing
What is a Digital Signature?

a type of electronic signature

a mathematical scheme for verifying the

authenticity, integrity, non-repudiation
of a message

often used to implement electronic

signatures
 E-Signatures
Digital Signature
Digitally signed by
John Doe
Date: 2019.06.13

John Doe
09:00:00 +08’00’
 Digital signing
Application x

hashing encryption
110100000
1101000
hash sender’s
00
document private key digitally-signed
document
signer

internet

Application x
hashing 110100000 VERIFIER
hash
Signature is valid* if
decryption
the hash values
1101000
110100000 match
00
digitally-signed
sender’s
document public key
decrypted hash *assuming digital
certificate is valid

https://www.docusign.com/how-it-works/electronic-signature/digital-signature/digital-signature-faq
DIGITAL
SIGNING
DEMO
What is PKI used for?
PKI provides mechanism for trusted on-line
relationships by ensuring security of digital data and
transactions by providing:

v Authentication
v Confidentiality
v Integrity
v Non-repudiation
Authentication
Confidentiality

{Hello, world!}
{Srg4%Ry23.}.
encrypted
message
Integrity
document
signing

digitally signed
document

email
signing

digitally signed
email
Non-repudiation

digitally signed
document
Legal Basis for E-Signatures
Electronic Commerce Act of 2000
RA 8792

Sec. 7. Legal Recognition of

Electronic Documents

Electronic documents shall have the

legal effect, validity or enforceability
as any other document or legal
writing

For evidentiary purposes, an

electronic document shall be the
functional equivalent of a written
document under existing laws.
Legal Basis for E-Signatures
Electronic Commerce Act of 2000
RA 8792

Sec. 8. Legal Recognition of

Electronic Signatures

Electronic signature on the

electronic document shall be
equivalent to the signature of a
person on a written document.
Legal Basis for PNPKI
E.O. 810 series 2009 Institutionalizing the Certification
Scheme for Digital Signatures and
Directing the Application of Digital
Sec. 4. Application of Signatures in e-Government Services
Digital Signatures in E-
Government Services

All government agencies

and instrumentalities
providing e-government
services to its clients shall
require the use of digital
signatures in their
respective e-government
services...
PNPKI Structure
Per E.O. 810 series of 2009
DTI-PAO
now DTI-PAB

NCC
now DICT

NCC *Government
employees/entities-
certificates for all
now DICT government transactions
Non-government
individuals/entities-
certificates specific to a
government transaction
(specific purpose
certificate)

**Private individuals/entities
and government
employees
Supreme Court Rule
A . M . N o . 0 1 - 7 - 0 1 - S C .-
Re: Rules on Electronic
Evidence

Rule 6. Section 1

An electronic signature or a
digital signature
authenticated in the manner
prescribed hereunder is
admissible in evidence as the
functional equivalent of the
signature of a person on a
written document.
GPPB
Resolution
16-2019
ARTA
M.C.
2020-06
COA
Circular
2021-006
Traditional Workflows

create sign share

print scan
Paperless / Less Paper Workflows

create sign share

 Financial Benefits
v reduces cost of paper, ink, printer
v reduces cost of manpower time in servicing forms, contracts,
applications
v reduces cost of transportation, handling, freight, postage, courier
services and traffic and customs delays
v reduces cost of delays in signing, transmitting, approving,
processing
v reduces cost of maintaining physical storage, digitization and
archiving
v reduces cost of fraud, encoding errors, tampering, modification of
signed documents
v reduces cost of loss of reputation/credibility due to security leaks
and breaches
SOFTWARE applications TO BE USED

For requesting & download of certificates:

Firefox or Google Chrome

For document signing (recommended):

Adobe Reader, DigiSigner, Foxit Reader

For batch document signing (recommended):

DigiSigner, Foxit Reader, etc.

For signing & encrypting emails (recommended):

Thunderbird, Outlook, MacOS/iOS Mail app, etc.
PNPKI Team Contact Information
[email protected] (Region 1, 2, & CAR)
[email protected] (Region 3 & 4A )
[email protected] (Region 4B & 5)
[email protected] (Region 6)
[email protected] (Region 7 & 8)
[email protected] (Region 9 & ARMM
except Maguindanao & Lanao Del Sur)
[email protected] (Region 10 & 13)
[email protected] (Region 11, 12,
Maguindanao & Lanao Del Sur)
Contact Us
THANK YOU!

Training/Orientation Evaluation:
https://bit.ly/EvaluatePNPKI