Monday, November 20, 2017

This report covers few major government applications that are computerized in Nepal, provides details on their current status, and also looks into security measures applied and electronic authentication in practice in general. Electronic authentication is an essential component of the verification and management of identities online, and therefore, is an important element in different governmental, social and wide range of individual activities in the modern age. The report then lists Digital Signature, eSignature and some other hardware based Authentication technologies, but feels the need for establishing technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities.

This document recalls the provision of Public Key Infrastructure (PKI) for issuing and security key management in IT Policy and Electronic Transaction Act 2006 of Nepal, but still the Infrastructure is not in place to date. The document refers to OECD (Organization for Economic Co-operation and Development) guidelines on electronic authentication, and recommends following the guidelines instead of devising our own separate guidelines through a duplication of work.

The report emphasizes on the aspects of Privacy, Authenticity, Integrity, and Non-repudiation in order to ensure confidence and safety of doing business electronically. Hence it states that the government applications must ensure Cyber Security, Personal Data Security and Content Safeguards through a legal authentication system. Finally, the report also tries to conceive a noble method of authentication by assigning dedicated IP address to devices based on their unique hardware ID once IPv6 is introduced.