Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Presentation by Sunimal Weerasooriya, CEO LankaClear (Pvt) Ltd.
Introduction to LankaClear Originated as Sri Lanka Automated Clearing House (SLACH) under Central Bank of Sri Lanka (CBSL) 1987 Divested as a limited liability company owned by all Commercial Banks and the Central Bank of Sri Lanka (CBSL) 2002
Introduction to LankaClear Share Holders Payment Structure of SL Product Range of LankaClear
Establishment of LankaSign CSP Cyber security, information piracy, data theft, etc, are words we hear often these days in a world going High Tech at an ever increasing speed. Eliminating information piracy, data theft, etc. and ensuring security of information transmitted online is even more necessary as e payments are fast becoming the norm than the exception.
Establishment of LankaSign CSP Recognizing the need, The Central Bank of Sri Lanka (CBSL) invited LankaClear (Pvt) Ltd. (LCPL) to be the Financial Sector's Certification Service Provider and LCPL launched LANKASIGN on 22nd May 2009, as per the provisions of the Electronic Transactions Act No. 19 of 2006.
Root Signing Key - Protection LANKASIGN CSP Root signing key pair is ensured with the use of SafeNet Protect Server Gold HSM which is certified to FIPS 140 2 Level 3. The LANKASIGN CSP Root signing key pairs are 2048 bit and were generated within the Protect Server Gold HSM. The LANKASIGN CSP takes necessary precautions to prevent compromise or unauthorized usage of the key.
Root Signing Key - Recovery LANKASIGN CSP Root CA signing keys are encrypted and stored within a secure environment. The decryption key is maintained on a physical media and stored in a physically secured offline environment which requires two or more authorized officials of the LANKASIGN CSP to again access. When any LANKASIGN CSP Root signing key expires, it will be archived for at least 10 years.
Types of Digital Certificates Secure Server Certificates Digital Signature Certificates Public Key Encryption Certificates Secure E mail Certificates These Certificates are available for use in both the LCPL private networks and public domain.
Secure Server Certificates These are Server Certificates that are bound to an IP address that in combination with a SSL Web Server to attest the public server's identity, providing full authentication and enabling secure communication with customers and business partners. Example: Certificate issued to authenticate the Web Server used for Internet Banking or any other internal web server used in a Bank.
Digital Signature Certificates Certificates bound to an identity of an individual or an organization to allow owners of the certificates to digitally sign digital objects (transactions or documents) to certify authenticity. Example: To authenticate a Banking Customer, for online messages and documents exchanged between entities in a public network.
Public Key Encryption Certificates Certificates that are bound to an identity of an individual or an organization to allow electronic data to be encrypted. Example: for Encryption of data transmitted in Internet Banking transactions, to Encrypt data exchanged between branches and head office in a Bank s network.
Secure Email Certificates Certificates bound to an e mail address which will allow owners of the certificates to digitally sign e mails to ensure authenticity. Example: For e mail communications in Inter Bank and Intra Bank networks.
Signing & Encryption
CITS Clearing Before Digital Signing
CITS Legs 3 & 4 Completely Online with Digital Signing Bank (Sender) Outward Return File Outward Return of CITS Calculate Hash LankaClear (Receiver) Hash Calculate Hash Hash VPN Compare Hash Digital Signing (Bank Private Key) Vice Versa when Inward Return of CITS Verify Signature (Bank s Public Key) LankaSign OCSP Responder Note: Digital Signature Certificates are being Used
SLIPS with Digital Signing Bank Digital Signing CBSL (LCPL Private Key) Web Server Net Settlement VPN Digital Signing (Bank Private Key) Verify Signature (LCPL s Public Key) Verify Signature (Bank s Public Key) LankaSign OCSP Responder SLIPS Server Bank Note: Digital Signature Certificates are being Used
US$ Clearing with Digital Signing Traditional Way With LankaSign Digital Signed & Encrypted US$ Server US$ Server Email Server Signature Verification & Decrypted Note: Secure E mail Certificates & Public Key Encryption Certificates are being Used
Benefits of PKI Integration Data Integrity Non Repudiation Improved Operational Efficiencies. Lag Time Elimination. Cost Savings & Less Logistic Control Requirement Creates a Greener environment
Future of LankaSign Build High Awareness among Financial Sector Organizations on Email / Document Signing Certificates Usage, Legality and Benefits. Provide an Affordable Solution for Mass Scale Public Usage of E mail/doc Signing Certificates. Introduction of Cost Effective Crypto Tokens. Seeking Opportunities of Entering Secure Server Certificate Market
Thank You