The Hong Kong office of international accounting firm KPMG is developing its own certificate authority for network security, and expects to have it up and running within six months, according to a company official.
"A certificate-based network is one of the directions we're adopting," said Francis Quek, director of information technology at KPMG. "I believe the whole world is moving to be certificate-based, with an electronic ID for everyone."
"A certificate-based network will bring us more (functionality) than conventional network authentication, which uses user passwords and user IDs. It can identify individual users down to the document level. If you're authorised to look at certain types of documents, the system will let you have it. If not, the system will deny your access to those documents," he said.
It is not impossible for conventional authentication to achieve the same thing, but it would take too much programming work to cover every document, said Quek.
"With the digital certificates, when we communicate with clients or external people, we can exchange individual information. My certificate will contain my e-mail address, my contact phone number, office details and other information," said Quek. "People can simply do a retrieval of my information."
Quek maintains that the use of digital certificates is an effective means to ensure authentication and non-repudiation. "People are doing more and more on the Internet. That creates problems -- people need to be able to identify who the individual (corespondent) is, and people need to be able to provide measures for non-repudiation. How could I make sure that whatever you do, you're not going to deny it later? Without a certificate, none of this can be done."
KPMG will be setting up its own certificate server inhouse, which will issue certificates to the company's staff. "The more than 1300 PC users in KPMG will have their own digital certificates by early next year," he said.
"The digital certificate will reside on the user's computer and our master server. We will not use smart cards, because they require a reader everywhere. It would be a huge cost that would slow down the development."
According to Quek, the certificate authority project is so far being implemented solely in the Hong Kong office, but other KPMG offices are considering the adoption of the architecture and applications developed here.