Public Key

Background to PKI (Public Key Infrastructure) (SARS EDI Guidelines)

The Internet is an inherently open system. Its strengths are built around this openness, low cost and ease of access and therefore the Internet is an inexpensive medium for transacting customs compliance-related business. This openness, however, is also a source of major threat to users of the Internet. The open nature of the system makes it relatively easy for web-sites and Internet communications to be compromised and the IT assets of the Customs administration deployed to carryout EDI messaging are exposed to such threats.

Certain standards of security are therefore required to be maintained, which, while affording protection to the IT assets of the customs administration, address concerns of security. The security concerns pertain to: (a) privacy of the message (b) its authenticity (c) integrity and (d) non-repudiation. Public Key Infrastructure (PKI), based on the technology of public key cryptography, offers a solution to a customs administration, to respond to the specific security concerns raised.

The EDIINT standards were developed by the Internet Engineering Task Force (IETF) to address issues concerning secure communication techniques for EDI messaging over the internet using AS1/AS2/AS3. Applicability Statement 1 (AS1), Applicability Statement 2 (AS2) and Applicability Statement 3 (AS3) are security standards defined by the IETF that allow business transactions to move securely over the Internet. The AS1 standard secures file attachments over e-mail (no longer supported by SARS). AS2 is most widely used which is based on Hyper Text Transfer Protocol and its secure form (HTTP and HTTP/S) and the secure form of Multipurpose Internet Mail Extensions (S/MIME). AS3 (FTP) is also gaining momentum worldwide.

To learn more about EDI and become a certifiedĀ EDI Professional, please visit ourĀ course schedule page.

Leave a Reply

Your email address will not be published.

Post Navigation