Business10.04.2013

LAWtrust first African WebTrust and Adobe certified certificate authority

South African cryptographic security provider LAWtrust has become the first provider in Africa to be certified by both WebTrust and Adobe. LAWtrust was certified by global certificate authority WebTrust in February, shortly after being added to the Adobe Approved Trust list in December.

LAWtrust has earned the right to carry the WebTrust Seal of Assurance on its website, the company says.

“The WebTrust Seal of assurance for Certification Authorities (CA) symbolises to potential relying parties that a qualified practitioner has evaluated the CA’s business practices and controls to determine whether they are in conformity with the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria,” says WebTrust. “An unqualified opinion from the practitioner indicates that such principles are being followed in conformity with the WebTrust for Certification Authorities Criteria. These principles and criteria reflect fundamental standards for the establishment and on-going operation of a Certification Authority organisation or function.”

Simply put, this means LAWtrust has been audited and is trusted by a globally recognised certification authority.

The Adobe Approved Trust List (AATL), the company says, is a program that allows users to create digital signatures that are trusted whenever the signed document is opened in Adobe Acrobat or Reader. Any digital signature created with a credential that can trace a relationship (“chain”) back to the high-assurance, trustworthy certificates on this list is trusted by Acrobat and Reader.

Says Adobe: “Certificate authorities (CAs) — entities that provide digital signing credentials to other organisations and users — as well as governments and businesses that provide certificates to their citizens and employees can apply to Adobe to join the AATL program by submitting application materials and their root certificates (or another qualifying certificate). After verifying that the applicant’s services and credentials meet the assurance levels imposed by the AATL technical requirements, Adobe adds the certificate(s) to the Trust List itself, digitally signs the Trust List with an Adobe corporate digital ID that is linked to the Adobe Root certificate embedded in Adobe products, and then posts the list to a website hosted by Adobe.”
In order to obtain these certifications LAWtrust had to obtain the ISO21188 certification – public key infrastructure for financial services. LAWtrust is also the only accredited authentication services provider in terms of the Electronic Communications and Transaction (ECT) Act of 2002. In order to achieve that it had to obtain both the ISO and WebTrust certifications. It is thus the only company in the country that can issue Advanced Electronic Signatures (AESign).

This is important, says LAWtrust solutions director Maeson Maherry, “because a signature is the fundamental risk management mechanism for businesses to enforce accountability. Signatures are a fundamental aspect of doing business – you can’t do business without them. Just because signatures are now electronic is no different, you need to be able to rely on them. The most important thing about AES is that it fixes the issues with real world signatures – the cost and logistics of getting documents manually signed by multiple people, the difficulty of identifying or verifying signatures, which leads to fraud. With AES you can quickly and cleanly electronically sign a document without any of the negative drawbacks.”

Next, LAWtrust aims to be added to Microsoft’s trusted list, which will mean that people can use LAWtrust signatures in all major browsers and mail clients.

“A signature must be a positive act of acceptance – visible, understandable and fair and must identify you and be verifiable,” says Maherry, “the last two aspects have huge problems in the physical world with wet signatures. AES have none of the drawbacks and only bring advantages – streamlining processes, reducing the cost of logistics, archiving, searching, copying, and keeping things electronic. And AES satisfies original document requirements in our law.”

Sign up to the MyBroadband newsletter