In my last article, I wrote about the fundamental Public Key Infrastructure (PKI) concept. If you are unsure about PKI, I highly recommend reading the first article here. PKI is primarily used to ensure the authenticity and integrity of Digital Information. With that in mind, I believe that there is a great potential in the application of PKI in National Identity, Healthcare and Finance.
National Identity
A National Identity Card (NID) is often necessary for availing various government and non-government services in Bangladesh. It is mostly used as a verification utility for an individual’s identity. However, the NID system has faced accusations of data breaches and selling citizen data to foreign entities in recent years. There’s a clear issue of data security here. PKI can help strengthen the information security of citizen data. A RSA key pair can be bound to each citizen. The private key can be distributed to an individual through a smart ID card or a crypto dongle. The public key can be stored in the National Database. This way one can easily verify a citizen’s identity without exposing sensitive information and the citizen can also digitally sign documents with their designated key.
Healthcare
The Healthcare Reformation Commission in Bangladesh recently proposed a centralized healthcare record system similar to the British National Health Service (NHS). This system will hold a patient’s symptoms, treatment, medicine, and other history for easier access to healthcare services, diagnosis, and follow-up. However, this data must be strongly protected and only be accessed by people with the necessary permissions. PKI can ensure that the health record is kept encrypted in the Record Server and can only be decrypted if the patient has given consent. It can also make sure that the data is authentic and not being manipulated which can be achieved through System Generated Certificates.
Finance
PKI is probably most used in securing financial transactions. Debit and Credit cards are forms of crypto smart cards that hold a key pair for the verification and encryption of transaction data. Bangladesh Bank has taken various steps to incorporate PKI into the banking system to ensure better financial integrity. In particular, PKI is very useful for securing Bank Statements, Clearing Statements, and other documents that are regularly exchanged between different commercial banks and the central bank.
