Digital Certification

Digital Certification

The Brazilian Federal Government has the ambition of using Digital Certification to speed up the interchange of documents, mainly among its institutions. The intention is to replace, with juridical validity, nowadays documents by their equivalents in digital format.

Embrapa, being a research corporation, has information as its main asset. The quality of information imposes that it be relevant, complete, precise and opportune. Information has also to assure the principles of confidentiality and integrity. These two principles are completely satisfied by the use of certification, which provides the means for authentication, cryptography and authenticity control.

There are several possible scenarios for integration with the Brazilian Public-Key Infrastructure - ICP-Brasil, which gives support to digital certification. An enterprise being integrated to ICP-Brasil can either be a Certification Authority (CA), a Registration Authority (RA) or a user of the system. Considering the high investment cost, business activity and personnel training, the indicated scenario is that Embrapa should be a user of ICP-Brasil.

In the context of digital certification, Embrapa will focus on the following applications:

Secure Electronic Mails

Digital Certification can be used with two purposes: authentication of the sender and encryption of a message. To do so, it will be used the S/MIME protocol, supported by the main electronic mailers existing in the market. This modality of electronic mail will be used, in principle, by the president's office, directors' offices and heads of research units. Later, the system will be extended to all employees.

Access to Secure Servers

The use of secure servers, via SSL/TLS (https), for example, is very important when the access to confidential information (passwords, personal data, classified) is made through non-reliable communication channels, such as Internet. To enable the communication via secure channel, the servers must be configured with a Server Digital Certificate. This certificate is presented to the client computer whenever it connects to a secure server via SSL/TLS (RFC 2246).

Access to Secure Corporate Intranet

Embrapa should assure the access of its employees to its Intranet, regardless of their location. To accomplish that safely, it is necessary to use digital certificates. The type of technology to be used depends on employees' needs and can be completely satisfied by the use of digital certificates. In its simplest form, security is restricted to the use of Web technology via SSL/TTL. More elaborate forms include virtual private networks (VPN) via IPSec (Internet Protocol Security).

The deployment of Digital Certification in Embrapa is scheduled for 2005 and 2006.