18. Disclaimer
• I
am
not
a
legal
pracPPoner
• I’m
just
a
guy
with
experience
in
the
PKI
industry
and
is
passionate
enough
about
PKI
to
have
researched
on
the
Electronic
commerce
and
Digital
Signature
Acts
of
a
few
countries.
Do
not
take
what
I
say
as
legal
advice!
20. Electronic
Commerce
Act
2000
• “Electronic”
Signatures
becomes
acceptable
in
court
(Sect
8-‐11).
• Sec
5.E
“Electronic
signature”
refers
to
any
disPncPve
mark,
characterisPc
and/or
sound
in
electronic
form,
represenPng
the
idenPty
of
a
person
and
a_ached
to
or
logically
associated
with
the
electronic
data
message
or
electronic
document
or
any
methodology
or
procedures
employed
or
adopted
by
a
person
and
executed
or
adopted
by
such
person
with
the
intenPon
of
authenPcaPng
or
approving
an
electronic
data
message
or
electronic
document.
21. “Electronic
Signature”
Sec.
8.
Legal
Recogni/on
of
Electronic
Signatures.
An
electronic
signature
on
the
electronic
document
shall
be
equivalent
to
the
signature
of
a
person
on
a
wri_en
document
if
that
signature
is
proved
by
showing
that
a
prescribed
procedure,
not
alterable
by
the
parPes
interested
in
the
electronic
document
Rules
on
Electronic
Evidence
issued
by
the
Supreme
court
in
2001
men/ons
specifically
Asymmetric
or
Public
Cryptosystem
(PKI).
22. Electronic
Commerce
Act
2000
SEC.
27.
Government
Use
of
Electronic
Data
Messages,
Electronic
Documents
and
Electronic
Signatures.
All
departments,
bureaus,
offices
and
agencies
of
the
government,
as
well
as
all
government-‐owned
and-‐controlled
corporaPons
shall
within
2
years,
accept
electronic
documents
signed
with
“Electronic”
Signatures.
h?p://i.gov.ph/e-‐government-‐where-‐are-‐we-‐now/
23. Electronic
Commerce
Act
2000
SEC.
31.
Lawful
Access.
-‐
Access
to
an
electronic
file,
or
an
electronic
signature
of
an
electronic
data
message
or
electronic
document
shall
only
be
authorized
and
enforced
in
favor
of
the
individual
or
enPty
having
a
legal
right
to
the
possession
or
the
use
of
the
plaintext,
electronic
signature
or
file
and
solely
for
the
authorized
purposes.
The
electronic
key
for
idenPty
or
integrity
shall
not
be
made
available
to
any
person
or
party
without
the
consent
of
the
individual
or
enPty
in
lawful
possession
of
that
electronic
key.
24. • AdopPon
of
a
naPonal
level
Public
Key
Infrastructure.
• IdenPficaPon
of
Agencies
responsible.
• Secng
up
of
framework
for
AccreditaPon.
• Funding
and
resources.
• DirecPves
for
the
Private
sector.
• Fees.
• CerPficate
Authority
hierarchy.
ExecuPve
Order
810
(2009)
25. • Philippine
AccreditaPon
Office
(PAO)
is
put
in-‐charged
of
AccreditaPon
of
CerPficate
authoriPes
(CA)
including
private
sector
CAs.
ExecuPve
Order
810
(2009)
26. • InformaPon
and
CommunicaPon
Technology
Office
(ICTO)
under
DOST
is
put
in-‐charged
of
the
IT
infrastructure
and
operaPons
for
the
NaPonal
CerPficate
authority
(CA).
ExecuPve
Order
810
(2009)
Department
of
Science
and
Technology
(DOST)
27. • Advanced
Science
and
Technology
InsPtute
(ASTI)
under
DOST
is
put
in-‐charged
of
Technology
and
project
management
of
the
NaPonal
PKI
iniPaPve.
ExecuPve
Order
810
(2009)
Advanced
Science
and
Technology
InsMtute
(ASTI)
28. Roles
• CA=
CerPficate
Authority
• RA=
RegistraPon
Authority
ExecuPve
Order
810
(2009)
CA
RA
RA
RA
Policy
Procedures
LegislaPon
29.
30. Philippines
NaPonal
PKI
Technology
EncrypPon
AuthenPcaPon
LegislaPon
Digital
Signature
In Conclusion…
52. The
Security
of
ZiaPay
• Each
ZiaPay
terminal
is
equipped
with
a
digital
cerPficate
• Each
transacPon
is
signed
to
ensure
authenPcity
• Each
transacPon
is
encrypPon
to
ensure
privacy
• ConnecPon
between
each
Ziapay
terminal
and
the
servers
are
secured
using
SSL