UNICC Helps Secure UN Organizational Digital Identities with Common UN PKI Services

23 February, 2022

Photo: UNICC/Thomsen

UN Agencies are striving to improve their digital identity management systems. As the digital business and technology shared services hub for the UN, UNICC is there to provide its expertise in securing the right solutions for each UN Agency’s particular needs.

Public Key Infrastructure (PKI) is a framework that enables the integration of various digital identity services based upon cryptography, which is the use of secure communications techniques that allow only senders and intended recipients of messages to view message contents. The objective is to provide confidentiality, integrity, access control, authentication and most importantly, non-repudiation (ensuring that no party can deny that it sent or received a message via encryption and/or digital signatures).

PKI represents a combination of encryption and authentication, making online communications trustworthy, within a secure infrastructure.

People use ID cards (non-driver’s/driver’s license, passport, employee ID badge) as a means to prove their identity. A certificate has the same basic purpose in the electronic world except for a difference: certificates are issued to people, computers, software packages or to anything to show proof of identity.

UNICC Partner Organizations, through the UNICC Management Committee, committed to an R&D project to explore PKI shared services for subscribing UN Agencies. UNICC proceeded to develop a solution, also with inputs and collaboration from the International Telecommunications Union (ITU) and the World Trade Organization (WTO). Eventually, a UN system-wide PKI service was developed that would:

  • Provision the Root Certification Authority for the UN system.
  • Provision subordinate Certification Authorities for UNICC Clients interested in participating.

As a result, UNICC is now managing the root Certificate Authority (CA) for the UN system, which pertains to active subscribers and any other UN Agencies to leverage PKI services.

UNICC’s Common UN PKI service
The Common UN PKI service is a combination of authentication and encryption to make online communication more secure for UN Agencies who subscribe to the service. The system relies on machines that issue the certificate and the people that manage them (for the UNICC service, this is the UNICC Security team and UN Agency focal points). For a certificate to be granted, the system requires a name, country, city, location, contact person and the organization to which the person belongs. Certificates authenticate the senders or recipients of information.

PKI requires several different elements for effective use. A Certificate Authority is used to authenticate the digital identities of the users, which can range from individuals to computer systems to servers. Certificate Authorities prevent falsified entities and manage the life cycle of any given number of digital certificates within the system.

UNHCR, WTO and UN Women have subscribed to UNICC’s Common UN PKI service, aiming to protect communications between each organization’s servers (their websites) and the clients (the users). With these PKI systems in place, Partner Organizations can ensure that their data and information are thoroughly protected from cyber threat and breaches. UNICC’s security team is proud to manage this project to continue the work of keeping UN colleagues safe online.

Just like people’s IDs, the certificates are issued by a source that the server knows and trusts so as to accept a machines’ certificate as proof of its identity, providing trust and security for all message transfer across organizational infrastructures for each of the subscribing Agencies.