An Australian company is bringing its public key infrastructure (PKI) services to New Zealand even as local firms are barred from exporting in the reverse direction.
The Australian federal government has mandated that PKI services for government agencies should only be acceptable from companies with an Australian base for crucial parts of their operations, including storage and maintenance of the digital signatures of local users. PKI technologies authenticate senders and receivers of electronic transmissions and public and private keys for encrypting transmissions.
Sydney-based eSign Australia, which is seeking representation in New Zealand through two local partners, has a particular eye on government and large corporates in this country. The company is a partner of US PKI market leader Verisign, which owns just under 20% of the Australian company. ESign helped implement the Australian government’s Gatekeeper PKI system.
Interim guidelines on the e-government unit’s See (secure electronic environment) project for email and file-sharing among government agencies indicate that Australian PKI solutions will be acceptable for its purposes.
The New Zealand government “seems comfortable with an Australian contribution to their PKI effort”, says eSign managing director Gregg Rowley.
ESign is both a certifying authority (a creator and provider of digital certificates) and a registration authority (establishing a person’s or organisation’s identity to enable them to receive a certificate).
“With the e-government project and See, the goalposts have been put in place in terms of the critera for establishing a registration service in New Zealand,” Rowley says. Detailed accreditation criteria for registering and certifying authorities are still to be fleshed out for See, he says, “but we’re close to what we need”.
“We see the registration process as key,” he says, suggesting that it has perhaps received less than its fair share of emphasis from users and media. Registration is the part of digital certification that the customer sees, and hence crucial for a successful operation, and for the reputation of a PKI-using organisation having certificates issued to its customers or staff. By comparison, actual certificate generation is “a back-office task”.
Australia and New Zealand are more or less level with each other in their implementation of PKI, he says, and the tendency is to adopt a somewhat lighter-handed regime in both countries than, for example, in Europe.
The names of eSign’s local partners were not announced at time of writing, but Auckland-based EMS Global marketing manager David Cole-Baker confirms the firm is a “preferred integrator”.