The Brazilian Federal Government has the ambition of using Digital
Certification to speed up the interchange of documents, mainly among its
institutions. The intention is to replace, with juridical validity,
nowadays documents by their equivalents in digital format.
Embrapa, being a research corporation, has information as its main
asset. The quality of information imposes that it be relevant, complete,
precise and opportune. Information has also to assure the principles of
confidentiality and integrity. These two principles are completely
satisfied by the use of certification, which provides the means for
authentication, cryptography and authenticity control.
There are several possible scenarios for integration with the Brazilian Public-Key Infrastructure -
ICP-Brasil, which gives support to digital certification. An
enterprise being integrated to ICP-Brasil can either be a Certification
Authority (CA), a Registration Authority (RA) or a user of the system.
Considering the high investment cost, business activity and personnel
training, the indicated scenario is that Embrapa should be a user of
ICP-Brasil.
In the context of digital certification, Embrapa will focus on the
following applications:
Digital Certification can be used with two purposes: authentication of
the sender and encryption of a message. To do so, it will be used the
S/MIME protocol, supported by the main electronic mailers existing in
the market. This modality of electronic mail will be used, in principle,
by the president's office, directors' offices and heads of research
units. Later, the system will be extended to all employees.
The use of secure servers, via SSL/TLS (https), for example, is very
important when the access to confidential information (passwords,
personal data, classified) is made through non-reliable communication
channels, such as Internet. To enable the communication via secure
channel, the servers must be configured with a Server Digital
Certificate. This certificate is presented to the client computer
whenever it connects to a secure server via SSL/TLS (RFC 2246).
Embrapa should assure the access of its employees to its Intranet, regardless of their location. To accomplish that safely, it is necessary to use digital certificates. The type of technology to be used depends on employees' needs and can be completely satisfied by the use of digital certificates. In its simplest form, security is restricted to the use of Web technology via SSL/TTL. More elaborate forms include virtual private networks (VPN) via IPSec (Internet Protocol Security).
The deployment of Digital Certification in Embrapa is scheduled for 2005 and 2006.