As part of its continued journey into the digital age, the South African Post Office (SAPO) has developed the Trust Centre, a highly secure environment that holds the public key infrastructure (PKI) and Certificate Authorities (CAs) which provide user authentication and ensures trust and legal status in electronic transactions through the use of Trust Centre digital certificates.
The Trust Centre technology, a first South African-developed PKI platform, has been accredited by the South African Accreditation Authority (SAAA), in terms of the Electronic Communications and Transactions Act 25 of 2002.
In its 2012 Norton Cybercrime Report, international security software maker Symantec said cybercrime was growing at rates never seen before, affecting 556-million victims every year.
Professional services firm Deloitte also said in a recent report that threats posed to organisations by cybercrime were increasing faster than potential victims - or online security organisations - could react, placing targeted organisations at significant risk.
Christopher Hlekane, group CEO at SAPO says, "As a South African first, the launch of the Trust Centre, is the latest in a number of developments aimed at positioning the SA Post Office for the future - both from a technology perspective and in terms of delivering more relevant, customer-focused solutions."
"With digital capabilities being a prerequisite rather than a luxury for contemporary businesses in SA, it is important that, going forward, we create a digital environment that has trust and a clear legal status and where customers have the comfort of knowing that their communications and transactions are secure," he adds.
Technicalities unpacked
What is a public key infrastructure? It is 'a set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates'. Trust Centre digital certificates provide the legislative authentication needed to open the doors for safe electronic communicating and transacting.
A digital certificate is an electronic file securely linking an individual to encryption keys and identification data. This certificate belongs to a server or person and resides on a mobile token or within the certificate store of an application like an internet browser - encrypting and signing communications and transactions, protecting them from being intercepted by any unauthorised third party.
The Trust Centre provides all three existing types of personal digital certificates in meeting the information security needs of prospective clients. Medium and high assurance certificates are provided for standard commercial use with varying degrees of security, and then there are advanced electronic signature certificates which provide the strongest authentication available for users and organisations looking to transact and communicate with clear legal status. The Trust Centre will also offer Secure Socket Layer (SSL) certificates which provides strong authentication of servers and websites. These certificates are crucial when surfing the web as many websites cannot be trusted, and SSL certificates provide that trust.
"The Trust Centre incorporates an environment housed within a secure perimeter with eight levels of encryption security," says Hlekane. "It is at level eight that the encryption keys are stored. The control of each lies with a number or reputable and independent people and organisations, including Government, audit houses and private companies."
Through its PKI, the Trust Centre will authenticate and ensure the user is who they say they are; validate the transaction to ensure non-repudiation; protect messages from tampering; encrypt messages to protect the message from unauthorised access; and will digitally sign transactions and communications to authenticate code, data messages and documents.
A local player
The SAPO Trust Centre is fully-compliant with Web Trust Certification requirements and specifications as well as being accredited by the SAAA in terms of the Electronic Communication and Transactions Act 25 of 2002 - the principle act in South Africa, which creates legal certainty around electronic transactions and communications.
"Compliance to all the relevant standards is the foundation on which the Trust Centre's reliable, integrated and functional service delivery is built," says Hlekane.
SAPO maintains that operating within a South African-based PKI is beneficial as it means that all processes, encryption and content of transactions and communications are kept within the country, including face-to-face maintenance and support. A local PKI will also provide rand-based costing and a local understanding of the challenges and opportunities in the South African market.
Furthermore, SAPO contends that the Trust Centre benefits not only businesses and consumers but the country as a whole. "It is important for South Africa to showcase its capability and expertise to develop intellectual property in the technology space," says Hlekane. "This represents a giant step forward for the country and if all goes well we will be able to export this technology, proving to the world that we are more than capable."