Implementation of public key infrastructure for eprocurement system : a case of selected state corporations
The dynamic character of the world means that it can be difficult to forecast future conditions and thus flexible strategies may be needed to cope with uncertainty. E-Procurement has been seen as a response to the uncertainties of relying paper work in the procurement processes. The implementation of PKI in E-Procurement in State Corporations is an initiative that ensures security and authenticity in procurement are maintained throughout the processes. The implementation of such initiative is thus influenced by some internal and external factors and some challenges. This study evaluated the implementation of PKI in E-procurement in the Kenyan Parastatals. This was done by utilizing guidelines of three objectives that is; 1) To determine the current status of Public Key Infrastructure in state corporations, 2) To find out the challenges that state corporations experience in the implementation of Public key Infrastructure in the E-Procurement process, and 3) To establish a framework that government organizations can use in the implementation of PKI in E-Procurement processes. The target population was sixteen (16) selected Kenyan Parastatals. One respondent from Information Technology department, from each organization was purposively selected to participate in the study. A self administered questionnaire was applied in the data collection. The collected data was then be analyzed in descriptive statistics technique by using a computer aided program; Statistical Package for Social scientist (SPSS). This study found that most of the State Corporations in Kenya have online services that use PKI/SSL Certificate. In addition,secure email was the principal business function of the PKI-enabled application. It was also established that state corporations were using CA service providers to run their PKIs. The study also found that state corporations do not have a central (public/private) key server. State corporations establish a PKI or digital certificate services for authentication (Single Sign On or Access Control), transport security (e.g. IPSec, wireless) and for document Signing (or "non repudiation"). PKI can help in ensuring that bidder's information is be kept private, 111" supporting confidentiality in the processes and in ensuring identity of an individual and in promoting trust in use of the system.