The South African Post Office (SAPO) has developed the Trust Centre, a secure environment that holds the public key infrastructure (PKI) and Certificate Authorities (CAs) which provide user authentication digital certificates that ensure trust and legal status in electronic transactions.
The Trust Centre technology has been accredited by the South African Accreditation Authority (SAAA), in terms of the Electronic Communications and Transactions Act 25 of 2002.
In its 2012 Norton Cybercrime Report, international security software maker Symantec said cybercrime was growing at rates never seen before, affecting 556-million victims every year.
Professional services firm Deloitte also said in a recent report that threats posed to organisations by cybercrime were increasing faster than potential victims – or online security organisations – could react, placing targeted organisations at significant risk.
Christopher Hlekane, group CEO at SAPO, says: “As a South African first, the launch of the Trust Centre, is the latest in a number of developments aimed at positioning the SA Post Office for the future – both from a technology perspective and in terms of delivering more relevant, customer-focussed solutions.
“With digital capabilities being a prerequisite rather than a luxury for contemporary businesses in South Africa, it is important that, going forward, we create a digital environment that has trust and a clear legal status and where customers have the comfort of knowing that their communications and transactions are secure,” he adds.
A public key infrastructure is a set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates. Trust Centre digital certificates provide the legislative authentication needed to open the doors for safe electronic communicating and transacting.
A digital certificate is an electronic file securely linking an individual to encryption keys and identification data. This certificate belongs to a server or person and resides on a mobile token or within the certificate store of an application like an internet browser – encrypting and signing communications and transactions, protecting them from being intercepted by any unauthorised third party.
The Trust Centre provides all three existing types of personal digital certificates in meeting the information security needs of prospective clients.
Medium and high assurance certificates are provided for standard commercial use with varying degrees of security, and then there are advanced electronic signature certificates which provide the strongest authentication available for users and organisations looking to transact and communicate with clear legal status.
The Trust Centre will also offer secure socket layer (SSL) certificates which provides strong authentication of servers and Web sites.
“The Trust Centre incorporates an environment housed within a secure perimeter with eight levels of encryption security,” says Hlekane. “It is at level eight that the encryption keys are stored. The control of each lies with a number or reputable and independent people and organisations, including Government, audit houses and private companies.”
Through its PKI, the Trust Centre will authenticate and ensure the user is who they say they are; validate the transaction to ensure non-repudiation; protect messages from tampering; encrypt messages to protect the message from unauthorised access; and will digitally sign transactions and communications to authenticate code, data messages and documents.