Certification Authorities in Central America and Caribbean (Part I)

The digital transformation is a trend that is booming in the governments of most countries and Latin America is no exception. Thanks to this trend, authentication mechanisms gain importance, and with it the electronic certificates and the entities responsible for issuing them, the Certification Authorities. Today we will talk about these Certification Authorities in Central America and the Caribbean.

At present there is a boom on the demand for authentication solutions and therefore digital certificates, due to the proliferation of the trend of digitization. As an example, we can talk about the evolution of electronic government in the Dominican Republic, which has been very fast.

Particularly, Central America and the Caribbean are heavily investing on this area to achieve a competitive digital processing within the framework of the information society and knowledge (SIC).

One of the biggest advantages of using electronic processing is removing the barriers of space and time, ie: citizens can access online services from anywhere, anytime, no waiting, so it produces a democratization of bureaucratic processes.

But first, let’s start at the beginning, let’s see what a Certification Authority.

What are the Certification Authorities

certification authorities

A Certification Authority (CA) is a secure entity that guarantees the issuance and revocation of digital certificates. Thanks to the progressive introduction of e-government or e-Gov, the Certification Authorities in Central America and the Caribbean are configured as a key element for the proper verification of physical and legal persons.

A Certification Authority certifies the link between a specific key and its real owner, ensuring its integrity and certifying the relationship between them. In other words, a digital certificate is an electronic file created by a CA that associates a data identity to a natural or legal person, so the electronic processing and electronic signature solutions are configured as a key vehicle on the way to the digitization and technological progress.

In addition, a digital certificate is used to identify the signer unequivocally ensuring the overall integrity of the signed document and providing the same to the same legal validity as a handwritten signature.

Certification Authorities in Central America and Caribbean

certification authorities

Certification Authorities in Central America and the Caribbean are modeled on the instructions of the Latin American Center for Development Administration (CLAD), which is a public international intergovernmental organization that aims to modernize public administrations to promote the development process socioeconomic through e-government.

As explained in Ibero-American Charter on Electronic Government (2007), the Certification Authorities Central American and Caribbean mainly the following functions (Article 32):

  • Issue certificates as provided to the subscriber:

This process involves the user to complete a form and send it to the certification authority, requesting a certificate. This verifies the identity of the subject and generates the corresponding certificate.

  • Implement security systems to ensure proper issuance and creation of digital signatures, preservation and archiving of certificates and documents in support of a data message:

Certification Authorities are responsible for ensuring the security of digital signatures (eg its encryption, conservation …)

  • Ensure the protection, confidentiality and proper use of the information provided by the subscriber:

Certification Authorities must refrain disclose information of digital certificates and their subscribers.

  • Ensure the continued provision of certification;

Natural or legal persons have the right to use the service whenever they need.

  • Timely respond to requests and complaints made by subscribers:

Users have the right to be informed in a clear and concise manner (eg on the use of the certificate or the price of certification services), and to make claims and that they are treated properly.

  • Permit and facilitate the conduct of audits by the Superintendency of Industry and Commerce:

To check the correct operation of certification authorities sometimes they take place some external audits, to which should pay the Certification Authorities.

  • Make announcements and publications in accordance with the law:

Certification Authorities are required to publish certificates in the certificate repository and directory give notice if the situation changes certificates, for example should give warning about certificate revocation subscribers.

  • Provide the information you require competent judicial or administrative entities in connection with digital signatures and certificates issued and generally any message data in their custody and administration

As well it follows in this paragraph, the certification authorities are obliged to provide the data necessary from prosecution or to the relevant authorities.

  • Developing regulations that define relations with the subscriber and the form of service delivery:

Through regulation or rules provided by the CA, subscribers will be able to know all the terms of service.

  • Certificate renewal and revocation of certificates that are no longer valid:

Certification Authorities are required to renew certificates and revoke the duty. For example, in case of death certificate would be revoked, just as in cases of loss thereof or, for example, in the case of certificates of no criminal record would also be revoked if the situation changes.

certification authorities

As has been seen above, standardization of certification authorities dates back to 2007, which is why it is important to highlight the role of those Certification Authorities  that has been working for at least ten years providing these services, as AVANSI, the First Entity certifier Dominican Republic.

Certification Authorities made pioneering theorizing or willingness to implement electronic processing becomes a workable proposal, which today is a reality.

So far we have analyzed what a Certification Authority is and the role of them in Central America. Finally it is important to highlight their role as a tool to allow authentication in the digital environment, ensuring the identity of individuals and legal entities.

Related to Central America and the Caribbean, highlight that although they began to regulate in 2007, their evolution predicts a continuous growth, proliferating in the coming years to enable citizens to be part of the information society and its global synergies of progress. Next week, in the second part of this article we will bring you the evolution of  the Certification Authorities in each of the countries of Central America and the Caribbean.

 

See you next week!