Local business sets new global standard: Certified authority pioneers secure digital identities

Interoperability empowers diverse systems, technologies, and platforms operating across different countries and industries to exchange and interpret data seamlessly, with minimal human intervention. It is achieved through globally recognised standards, protocols, and frameworks that ensure consistency, security, and efficiency in data exchange. Interoperability supports cross-border collaboration, enhances operational efficiency, and fosters innovation. As organizations and governments increasingly rely on interconnected digital ecosystems, global interoperability becomes essential.

South African business one of the first to achieve global certified authority status

In January 2025, local digital document delivery and e-signature business, Impression Signatures, officially attained certified authority (CA) status with AWS CloudHSM, following stringent audit and application processes governed by WebTrust. This remarkable achievement marks it as a trusted entity in the verification of digital identities – one of the first accreditations of its kind across the globe. Achieving its CA status comes shortly after Impression Signatures was also accredited as one of the first cloud based registration authorities (RA) in the world, by WebTrust.

To be recognised as a CA under the WebTrust programme, a company must prove that it maintains effective controls for verifying subscriber information, securing keys and certificates, and protecting user data. The CA must also follow a clear certification practice statement (CPS) and undergo rigorous and regular audits by licensed public accounting firms to ensure adherence to these standards and practices. In short, the road to becoming a CA requires significant effort, resources, and commitment to maintaining high standards of security and compliance.

A registration authority (RA) operates within a network security framework known as public key infrastructure (PKI). The RA's primary role is to verify the identities of individuals requesting digital certificates, serving as a trusted intermediary between the user and the certificate authority (CA). Upon validating the legitimacy of these requests, the RA instructs the CA to issue digital certificates, which contain public keys. This process ensures secure and reliable information exchange within the PKI.

A public key plays a crucial role in verifying authenticity and ensuring data integrity. When a sender sends a document for digital signature, a hash of the message is created using a cryptographic hash function – a unique digital fingerprint of the message. The hash is encrypted using their private key and comprises the digital signature. At this stage, the signed message is sent to the recipient. Once the recipient extracts the digital signature, they will use the sender’s public key to decrypt the digital signature, revealing the original hash. If the decrypted hash matches the newly calculated hash, it confirms that the message has not been altered and the signature was created using the sender’s private key, proving authenticity.

This is wholly secure because only the sender’s private key can create the signature, only the corresponding public key can verify the signature. If the message is tampered with, the hash values won’t match, and verification will fail.

Certificate authorities (CAs), in turn, function as a reliable third party, verifying the identities of online entities. By validating these identities, CAs can issue certificates that confirm the legitimacy of the entities involved. This process is essential for maintaining secure online communications and transactions.

How CAs shape the future of digital identities

Digital signatures, the cornerstone of secure digital transactions, guarantee data integrity and authentication, effectively preventing fraud and tampering. Trusted digital identities bolster confidence in online interactions, enabling seamless cross-border communication and collaboration. The concept of global interoperability, essential for modern digital ecosystems, fosters innovation. By adhering to internationally recognised standards and protocols, global interoperability ensures consistent, secure, and efficient data exchange, paving the way for a more interconnected and trustworthy digital economy. It is CAs who bring these essential elements together.

With global CA status, Impression Signatures has become a key player in the pursuit for true and trusted African digital identities. As a female led, homegrown South African business, this drives the notion that Africa can lead at the forefront of innovation and identity certainty.

Carrie Peter, Impression Signatures’ managing director and Advocacy Committee vice-chair at the Cloud Signature Consortium

As a CA operating on AWS Cloud, there are cost, infrastructure and security benefits for customers, citizens and the country at large. “Significant cost savings are passed on to customers, with physical infrastructure provided by AWS allowing for a break bulk approach. Impressions owns all its own IP and offers a local solution, meaning customers are also protected against the uncertainty created by currency fluctuations. With a passion for Africa, we’re working hard to bring previously unattainable infrastructure and uptime standards to the continent,” shares Carrie Peter, Impression Signatures’ managing director and Advocacy Committee vice-chair at the Cloud Signature Consortium.

Wherever a challenge exists, equal opportunity arises. In Africa, driving proper, recognised digital identities, cybersecurity infrastructure and certification skills and capabilities is crucial. “Now the overhead to offering cybersecurity to citizens is no longer an obstacle, and we’re a large step close to making proper cybersecurity available where access is a challenge – all while protecting critical services like identity verification, banking and online commerce,” she adds.

Driving trusted digital identities in Africa and beyond

In Africa, identity is a critical roadblock to global participation. It's essential for Africans to be removed from the grey list to facilitate this progress. Beyond simply creating digital identities, the focus must be on providing secure digital IDs that offer practical utility. “South Africans require visas to travel to 96 countries. This is a stark indicator of the lack of trust in the identity documents issued by a compromised Home Affairs system. The only way to overcome this is by creating trusted, secure and globally recognised digital identities.”

As a CA, Impression is committed to creating a digital Africa with secure identities that operate on a global scale. “We are exceedingly proud of this achievement, and the team that worked tirelessly to achieve the impossible,” concludes Peter. “With a deep commitment to Africa, the goal is to drive signing channels like USSD and WhatsApp for inclusivity and mitigate fraud and ID challenges across the continent. As we prepare for the new era of digital ID wallets, cryptography and eSigning, innovation underpinned by identity certainty is the only way forward.”

Issued by Perfect Word Consulting (Pty) Ltd. For more information, contact az.oc.satinirt@drowtcefrep.