ITU Home Page International Telecommunication Union Français  Español 
Print Version 
ITU Home Page
About

Activities

ITU's Role

Partners

Contacts

News

Events

Links
Home : ITU-D : EC-DC
Introduction

Within the framework of the ITU-WISeKey-WTC Geneva Partnership Agreement, WISeKey is assisting the ITU in expanding the Electronic Commerce for Developing Countries (EC-DC) project in more than 100 developing countries. This framework will soon enable developing and least developed countries to acquire and use secure e-services solutions through non-exclusive partnerships with the industry as described in this document. As part of this cooperation, a Registration Authority deployment in over 100 developing and least developed countries worldwide has become a reality. In May 2001, the ITU and WISeKey launched a secure Portal including a secure B2B e-marketplace based on PKI and announced a technology neutral approach for the deployment of this global PKI.

Under this cooperation, participating countries will benefit from first-class security and trust services for e-transactions under affordable conditions by pooling and sharing available resources. In addition to the potential economic advantages, the project is creating an environment to stimulate investments & development of the ICT infrastructure, providing an easy start-up solution to entrepreneurs and bridging the digital divide.

This document allows you to understand the various levels of participation within the WISeKey PKI infrastructure; the functions of an Affiliate Registration Authorities; the content of the package; the requirements to operate an Affiliate Registration Authorities; and the Deployment steps.


Hierarchy of the WISeKey Public Key Infrastructure

There are four levels of infrastructure available under the WISeKey Public Key Infrastructure (PKI), they are the Bronze, Silver, Gold and Platinum levels. Both the Bronze (Affiliate Registration Organisations) and Silver (Affiliate Registration Authorities) levels provide Registration Authority services which include face to face identification of certificate applicants and input of authentication data to enable the Gold and Platinum levels – the actual Certification Authorities – to generate, suspend, revoke and, in general, manage the life-cycle of digital certificates. The following diagram illustrates the WISeKey PKI infrastructure and the corresponding levels and possible links between them.

The differences between Affiliate Registration Organisations and Affiliate Registration Authorities are primarily their position within the WISeKey PKI and the infrastructure required to operate them. Affiliate Registration Organisations provide the Registration functions for End Users as they identify certificate applicants, process certificate issuance, suspension, and revocation requests as well as maintain an archive of their provision of such certification services. Because of the basic infrastructure they are required to maintain, they have less autonomy than Affiliate Registration Authorities for localising and tailoring their certification services to specific needs.

The functional advantage of the Affiliate Registration Authority is that an organisation can manage its certification services at a central location, with many Affiliate Registration Organisations in different geographical locations providing certification services. For example, where the cost of an Affiliate Certification Authority are not justified, an Affiliate Registration Authority can be established at the national level having offices in several cities and towns, each of which are connected to the PKI as Affiliate Registration Organisations.

In addition, Affiliate Registration Authorities can:

  • Determine which certificate policies they will support from those available from their super ordinate Affiliate Certification Authority that issued its ARA certificate;

  • Customize the Affiliate Registration Organisation user interface to their local needs, e.g. local language support, localised presentation format etc.;

  • Negotiate with their Affiliate Certification Authority, that issued their ARA certificate, to have Certificate Policies adopted to local requirements;

  • Use a dedicated infrastructure for the provision of certification services requested by its Affiliate Registration Organisations and End Users.

WISeKey Affiliate Certification Authorities (Platinum or Gold level) are organizations that have many members (certificate holders) and are widely recognized in their community as a Trusted Third Party. The level of investment and technical staffing required for Affiliate Certification Authorities is significantly different to the Affiliate Registration Organisation and Affiliate Registration Authority levels. Typically Affiliate Certification Authorities are either specifically set-up as a separate organisation, or as a department or subsidiary of an organisation. Normally, the decision to become an Affiliate Certification Authority is based upon the organisations internal need for such an infrastructure, their capacity to make the necessary investment and their ability to mass-market certification services. An Affiliate Certification Authority can brand its certification services and develop its own Certificate Policies and procedures, according to the requirements and needs of its market.

Top - Feedback - Contact Us - Copyright © ITU 2002 All Rights Reserved
Contact for this page : E-Strategy Unit
Updated : 2001-08-14