The South African national smart ID card has been a landmark achievement for SA in terms of the delivery of a credible and secure identity card to replace the ID book of old.
This is according to Maeson Maherry, solutions director at LAWtrust, who says it is not just the green booklet's physical nature that has been overhauled and radically improved - what is more significant is the inclusion of the chip within the card that allows for digital interaction with the smart ID card to remove human interference or subjectivity.
"The card can even produce a digital signature after being unlocked with citizens' fingerprints."
It is in the application of this card where not only government, but private business, will be able to benefit from the enhanced security and functionality, says Maherry.
Maherry believes digital IDs are the answer to securing identities, overcoming the challenges of password weakness and onerous one-time passwords (OTPs):
1. Password weakness: The traditional way of identifying yourself in the cyber world has been to make use of passwords. The problems with this approach as a security tool are numerous and make a user extremely vulnerable to attack. The reasons for this include poor choice of easy-to-crack passwords, the re-use of the same password at numerous sites, and the ability for a hacker to conduct a brute force attack on the server password storage.
2. Onerous OTPs: Technologies such as OTPs via SMS or from a security dongle have increased the security, but are still vulnerable to a man-in-the-middle attack if the user is unsuspecting and follows a bad URL from a fake e-mail (phishing). OTPs can also become a burden for the user to type in if they have to repeat a transaction many times a day.
ITWeb Security Summit 2015
The 10th annual infosec event from ITWeb is a 'must-attend' for every IT and security professional and senior manager with business and information management responsibilities. Click here to register.
"It is [in light of this] that the digital ID really comes to the fore as a secure and user-friendly technology to secure transactions."
Maherry explains digital ID technology relies on cryptography, which is "millions of times" stronger than any password a user can choose. "[Furthermore], it stores a private key in a secure container such as a smart card, a software wallet or a secure mobile phone wallet. You simply unlock the device you have with a simple pin and then the cryptography takes over and securely logs you in or digitally signs your transaction with the ultimate in security and legal defensibility."
He says digital ID technology is both forensically sound and legally defensible. "This the missing puzzle piece to paperless business."
Share
