Dr. Salah A Rustum, CIELTECH Chairman and President
Digital signature protects the domain and content of an organization as it makes it impossible to intercept and tamper with the documents being transferred.
The message cannot be changed as highly sophisticated algebraically equations are used for encryptions, said an expert during the webinar ‘Know your Electronic Digital Signature’ hosted by Ministry of Transport and Communications (MoTC).
Dr. Salah A Rustum, CIELTECH Chairman and President, discussed about the electronic digital signature and partly about supporting rules and regulations and specifically the Qatari Digital Law.
Highlighting the eSignature (or digital signature) legality in Qatar, he said eSignatures are legally valid and admissible in the court of law. Qatar follows a model where eSignatures issued by a certifying authority are considered legally valid. Specific use cases for eSignatures are indicated in the ECT Law.
The Electronic Commerce and Transactions Law, (established in 2010) highlights that a handwritten signature is not always needed for a contract to be considered credible, and that contracts cannot be refused for simply being electronic.
They will usually be seen as such as long as legally able individuals have reached an agreement (this can be by agreeing verbally, electronically, or by physically signing something).
He said that digital signatures includes encryption and is the most advanced and secure type of electronic signature which makes it impossible to intercept and tamper with the documents being transferred.
He said, “CIELTECH can provide in Qatar qualified, electronic digital signature that allows to benefit from encryption, authentication, nonrepudiation, and integrity. With a qualified, digital signature the party you are dealing with knows exactly who you are and knows the contract that is duly signed and supported by the Qatari law which is equal to a handwritten signature.”
“Qatari law has provided everything for Qataris and for those residing in Qatar alike, to use the electronic digital signature, sign with their e-mail. This includes speedy HR document preparation with preapproved templates, easy update of each employee, new employee onboarding processes as well as 360 degree view of employee files. Also, end user agreements including sales and service terms, new retail account opening documents, invoices, shipment details, user manual, EULAs, policies.”
“Digital certificates protect the organizations from identity theft and forgery and also to safeguard your work on the Internet. Going paperless is very easy to adapt and implement on condition you take advantage of all what is expected to protect the data from hackers who are waiting for the slightest mistake to steal the data, to blackmail and sell the data to competitors.”
The expert talked about digital certificates and cryptographic control policy ISO27002 that is to comply with it you must have a digital certificate installed into your system. He defined cryptographic which is a method of storing and transmitting data in a form that only that those it is intended for can read and process.
He said, Cryptographic controls can be used to achieve different information security objectives. Firstly, confidentiality which is using encryption of information to protect sensitive or critical information, either stored or transmitted; secondly, integrity/authenticity that is using digital signature certificates or message authentication codes to verify authenticity or integrity of stored or transmitted sensitive or critical information; thirdly, non-repudiation which is using cryptographic techniques to provide evidence of the occurrence of an event or action.
Fourthly, authentication that is using cryptographic techniques to authenticate users and other system entities requesting access or transacting with system users, entities, and resources.
“A digital certificate gives the receiver assurance that the message was created and sent by the sender because when you digitally sign and e-mail you automatically attach to that mail the digital identity of the user or the sender. With digital certificate the sender cannot deny having sent the message nor the recipient can deny having received it which is required in the court of law.
A digital certificate ensures that the message was not altered in transit. A digital certificate ensures that the message was only read by the recipient.
He also shed light on using digital signatures in e-mail. Digital signing an email shows a recipient that the email they have received is coming from a legitimate source. S/MIME email is protection from spear phishing attacks which can help companies remain compliant with privacy and security regulations.
Emails protected by S/ MIME remain encrypted from the moment they are sent until the moment they are opened, ensuring that they cannot be read in transit.
These messages and attachments also remain encrypted while stored on mail servers, adding another layer of security that covers at-rest information.
According to Deloitte, one-third of consumers said they would stop dealing with a business following a cybersecurity breach, even if they do not suffer a material loss. Any company’s brand image and the trust can be obliterated if news of a data breach surfaces to the public.
