- Posted by: mkt
- Category: Digital Certification
Digital massification and the new official Time Stamping standard stimulate the sector’s growth
In 2021, when it completed two decades of activities, the Brazilian Public Key Infrastructure (ICP-Brasil) surpassed the mark of seven million certificates issued per year, according to the National Institute of Information Technology – ITI.The organ expects a new record for this year, with more than eight million emissions.
Following this trend, the number of Certification Authorities (CAs), responsible for issuing digital certificates, also increased. In the last five years, there has been a 67% growth in the accreditation of Level 1 CAs. Furthermore, Level 2 CAs accreditations in 2021 have increased in by 160% compared to the previous year. Despite the high growth, the CA market is still restricted and highly regulated, which is difficult for new entrants. At the same time, there is a demand from public, private, and Judiciary institutions that, to reduce costs with the large volume of digital certificates in their internal operations, seek to create their own CAs.
“The ICP-Brasil digital certificate appeared in 2002, however, it only started to become popular almost 15 years later because of modernization and better usability, allowing more fluid and integrated experience for the user. So, there is still a great movement towards digitization, with many possibilities to be explored”, explains Roberto Gallo, CEO of Kryptus, a Brazilian multinational specialized in cryptography and cybersecurity, which has been working in partnership with ICP- Brasil for more than 10 years and provides products and solutions to build and manage public key infrastructure.
Responsible for issuing Timestamps, which legally validates the presence of digital data in precise date and time, the Time Certifying Authorities – TCAs will also grow in the coming years. Since December 2021, as a result of a Public Notice from ITI, Kryptus made public and free of charge some of its products’ native protocols. By this action, these protocols became the official standards of ICP-Brasil for the Timestamp network.
Before that, the synchronization and auditing protocols were proprietary and closed, which restricted the market. “In recent years, TCAs have maintained an almost static growth rate, apart from 2013 to 2014, when five new accreditations were performed. The opening of the protocol will allow the emergence of new entrants and greater competitiveness for this market”, predicts Roberto Gallo.
Also according to Gallo, the accredited CAs are seeking to diversify and innovate their portfolio so it does not depend on the regulatory market. “CAs no longer consider themselves as just digital certifiers or stampers. They are investing in startups in different areas, such as payment methods, real estate, chip production, smart cities, IoT device traceability, and also in correlated solutions, such as biometrics, voice recognition, electronic voting, digital diplomas, among others.”
During the pandemic period, there was a change in the perception of the relevance of a physical establishment for the identification process. This threatened the sales model of Registration Authorities (RAs) – entities that help CAs to verify the physical documentation of the applicant for a digital certificate -, especially those that acted exclusively as a support point for CAs, which caused a movement in the market.
“The RAs will not lose their value, but they will need to slightly change their characteristics and business model, seeking new opportunities in the regions where they operate”, explains Gallo. “The capillarity they offer allows a better knowledge and proximity to the market, opening up opportunities to connect with companies and people and contributing to the mass adoption of the digital certificate”.
In addition to security, the economic impact can be a great stimulus for this massification. According to consultancy McKinsey, the potential value of using digital ID in Brazil could reach 30 billion dollars by 2030. “Citizens’ awareness of the importance of securing their data is a first step towards demanding that applications must have, at least, support for digital certificates, and the government’s incentive in requiring digital certification in some types of application has brought greater comfort for other solutions to start incorporating digital certification. In the end, the whole chain wins”, concludes Roberto Gallo.