Advanced electronic signatures are beneficial to security, but only if implemented properly, delegates to ITWeb Security Summit 2008 were told this morning.
L@Wtrust business development director Maeson Maherry said signatures were used as a mechanism to manage risk, and the same was true of electronic signatures.
He defined an electronic signature as: unique to the signatory; capable of identifying a signatory; created using means under sole control of the signatory; and lined to data in a way that any change in that data was readily recognisable.
Maherry said most evidence of an electronic nature was now thrown out of court, because in many instances it could be shown evidence could have been tampered with. The key was to have evidence where there was no doubt there was no error.
"What a digital signature does is give you a forensic test which will show you if something has been subverted, contaminated or not."
He said the Electronic Communications and Transactions (ECT) Act "talked about an advanced electronic signature as well".
An advanced electronic signature met the criteria of the definition of an electronic signature, but also, in terms of the Act, incorporated face-to-face identification.
The Act stipulated that if an advanced electronic signature was used, it would be deemed to have been applied properly unless the contrary was proved.
Maherry said such signatures were "hugely" more beneficial than ink signatures, not only in the legal sense, but also because they provided proactive verification. Ink signatures were usually discovered to be fake only much later, often during a legal battle.
He said for advanced electronic signatures to be authenticated, signatories had to apply for public key infrastructure accreditation from the South African Authentication Authority.
Real requirements included understanding the value, preparing the technology, and trialing some business processes.
If properly implemented, it would provide further benefits such as strong authentication, approval, and encryption.
Share