South African cryptographic security provider LAWtrust, the first provider in Africa to be certified by both WebTrust and Adobe, has recently been included in the Microsoft Root certificate programme.
Certificate Authorities (CA) such as LAWtrust make use of X.509 digital certificates to assert an identity verified by the CA and to validate signatures from a certificate owner. A basic requirement in this process is that the document viewer – browser, Word, Excel and so on – be able to recognise that a signature is authentic and comes from the CA as stated.
This is achieved by doing a forensic-type verification of the signature against the trusted root certificate embedded in the vendor software in a secure manner, such as the way in which Microsoft has embedded the LAWtrust root CA certificate.
What this means, says LAWtrust solutions director Maeson Maherry, is that “LAWtrust certificates and, more importantly, digital signatures and advanced digital signatures will be verifiable and trusted across the globe in Microsoft products such as Sharepoint, Outlook, Word, Excel and Internet Explorer.
LAWtrust was certified by global trust and assurance watchdog Webtrust in February, shortly after being added to the Adobe Approved Trust list in December 2013.
LAWtrust is also the only accredited authentication services provider in terms of the Electronic Communications and Transaction (ECT) Act of 2002. In order to achieve that it had to obtain both the ISO and WebTrust certifications. It is thus the only company in the country that can issue Advanced Electronic Signatures (AES).
Says Maherry: “A signature is the fundamental risk management mechanism for businesses to enforce accountability. Signatures are a fundamental aspect of doing business – you can’t do business without them. Just because signatures are now electronic is no different, you need to be able to rely on them.
“The most important thing about AES is that it fixes the issues with real world signatures – the cost and logistics of getting documents manually signed by multiple people, the difficulty of identifying or verifying signatures, which leads to fraud. With AES you can quickly and cleanly electronically sign a document without any of the negative drawbacks.
“This is a great step forward in LAWtrust’s journey to providing digital signature solutions to organisations that want to benefit from the cost reductions and performance improvements that only digitally signed business processes can bring. This removes the need for end users to make tricky security choices as Microsoft has evaluated LAWtrust rigorously before embedding the trust anchor in its products,” he states.