Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka



Similar documents
Payment & Settlement Systems in Sri Lanka and the Future Expectations. Ranjani Weerasinghe Director Payments and Settlements

Danske Bank Group Certificate Policy

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

CERTIFICATION PRACTICE STATEMENT UPDATE

National Certification Authority Framework in Sri Lanka

Public Key Infrastructure (PKI)

Using etoken for Securing s Using Outlook and Outlook Express

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

SSLPost Electronic Document Signing

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

PKI Architecture for VISIONng Proposal by A-TrustA

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Internet Programming. Security

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Land Registry. Version /09/2009. Certificate Policy

Certification Practice Statement

Statoil Policy Disclosure Statement

TrustKey Tool User Manual

KAZAKHSTAN STOCK EXCHANGE

Sync Security and Privacy Brief

HKUST CA. Certification Practice Statement

Concept of Electronic Approvals

PrivateServer HSM Integration with Microsoft IIS

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

StartCom Certification Authority

Neutralus Certification Practices Statement

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Data Protection: From PKI to Virtualization & Cloud

Best prac*ces in Cer*fying and Signing PDFs

Comodo Certification Practice Statement

CALIFORNIA SOFTWARE LABS

Adding Digital Signature and Encryption in Outlook

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

Ericsson Group Certificate Value Statement

Guidelines Related To Electronic Communication And Use Of Secure Central Information Management Unit Office of the Prime Minister

PKI: Public Key Infrastructure

DIGIPASS CertiID. Getting Started 3.1.0

Authentication Levels. White Paper April 23, 2014

AD CS.

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

ARCHIVED PUBLICATION

esign Online Digital Signature Service

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc

Ford Motor Company CA Certification Practice Statement

e-authentication guidelines for esign- Online Electronic Signature Service

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

Lecture VII : Public Key Infrastructure (PKI)

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

PROXKey Tool User Manual

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Operating a CSP in Switzerland or Playing in the champions league of IT Security

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

CERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0

HP ProtectTools Embedded Security Guide

SSL Protect your users, start with yourself

Information Security Basic Concepts

Frequently Asked Questions Please read this document before using this application.

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

TELSTRA RSS CA Subscriber Agreement (SA)

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

RSA Digital Certificate Solution

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

Technical Certificates Overview

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Certification Practice Statement

- X.509 PKI SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

Identity & Privacy Protection

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

OECD workshop on digital identity management BELGIAN approach

SSL BEST PRACTICES OVERVIEW

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Savitribai Phule Pune University

Secure Data Exchange Solution

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Alliance Key Manager Solution Brief

IBM Client Security Solutions. Client Security User's Guide

What is an SSL Certificate?

Business Issues in the implementation of Digital signatures

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

CERTIFICATE POLICIES (CP) Legal Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP

Transcription:

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Presentation by Sunimal Weerasooriya, CEO LankaClear (Pvt) Ltd.

Introduction to LankaClear Originated as Sri Lanka Automated Clearing House (SLACH) under Central Bank of Sri Lanka (CBSL) 1987 Divested as a limited liability company owned by all Commercial Banks and the Central Bank of Sri Lanka (CBSL) 2002

Introduction to LankaClear Share Holders Payment Structure of SL Product Range of LankaClear

Establishment of LankaSign CSP Cyber security, information piracy, data theft, etc, are words we hear often these days in a world going High Tech at an ever increasing speed. Eliminating information piracy, data theft, etc. and ensuring security of information transmitted online is even more necessary as e payments are fast becoming the norm than the exception.

Establishment of LankaSign CSP Recognizing the need, The Central Bank of Sri Lanka (CBSL) invited LankaClear (Pvt) Ltd. (LCPL) to be the Financial Sector's Certification Service Provider and LCPL launched LANKASIGN on 22nd May 2009, as per the provisions of the Electronic Transactions Act No. 19 of 2006.

Root Signing Key - Protection LANKASIGN CSP Root signing key pair is ensured with the use of SafeNet Protect Server Gold HSM which is certified to FIPS 140 2 Level 3. The LANKASIGN CSP Root signing key pairs are 2048 bit and were generated within the Protect Server Gold HSM. The LANKASIGN CSP takes necessary precautions to prevent compromise or unauthorized usage of the key.

Root Signing Key - Recovery LANKASIGN CSP Root CA signing keys are encrypted and stored within a secure environment. The decryption key is maintained on a physical media and stored in a physically secured offline environment which requires two or more authorized officials of the LANKASIGN CSP to again access. When any LANKASIGN CSP Root signing key expires, it will be archived for at least 10 years.

Types of Digital Certificates Secure Server Certificates Digital Signature Certificates Public Key Encryption Certificates Secure E mail Certificates These Certificates are available for use in both the LCPL private networks and public domain.

Secure Server Certificates These are Server Certificates that are bound to an IP address that in combination with a SSL Web Server to attest the public server's identity, providing full authentication and enabling secure communication with customers and business partners. Example: Certificate issued to authenticate the Web Server used for Internet Banking or any other internal web server used in a Bank.

Digital Signature Certificates Certificates bound to an identity of an individual or an organization to allow owners of the certificates to digitally sign digital objects (transactions or documents) to certify authenticity. Example: To authenticate a Banking Customer, for online messages and documents exchanged between entities in a public network.

Public Key Encryption Certificates Certificates that are bound to an identity of an individual or an organization to allow electronic data to be encrypted. Example: for Encryption of data transmitted in Internet Banking transactions, to Encrypt data exchanged between branches and head office in a Bank s network.

Secure Email Certificates Certificates bound to an e mail address which will allow owners of the certificates to digitally sign e mails to ensure authenticity. Example: For e mail communications in Inter Bank and Intra Bank networks.

Signing & Encryption

CITS Clearing Before Digital Signing

CITS Legs 3 & 4 Completely Online with Digital Signing Bank (Sender) Outward Return File Outward Return of CITS Calculate Hash LankaClear (Receiver) Hash Calculate Hash Hash VPN Compare Hash Digital Signing (Bank Private Key) Vice Versa when Inward Return of CITS Verify Signature (Bank s Public Key) LankaSign OCSP Responder Note: Digital Signature Certificates are being Used

SLIPS with Digital Signing Bank Digital Signing CBSL (LCPL Private Key) Web Server Net Settlement VPN Digital Signing (Bank Private Key) Verify Signature (LCPL s Public Key) Verify Signature (Bank s Public Key) LankaSign OCSP Responder SLIPS Server Bank Note: Digital Signature Certificates are being Used

US$ Clearing with Digital Signing Traditional Way With LankaSign Digital Signed & Encrypted US$ Server US$ Server Email Server Signature Verification & Decrypted Note: Secure E mail Certificates & Public Key Encryption Certificates are being Used

Benefits of PKI Integration Data Integrity Non Repudiation Improved Operational Efficiencies. Lag Time Elimination. Cost Savings & Less Logistic Control Requirement Creates a Greener environment

Future of LankaSign Build High Awareness among Financial Sector Organizations on Email / Document Signing Certificates Usage, Legality and Benefits. Provide an Affordable Solution for Mass Scale Public Usage of E mail/doc Signing Certificates. Introduction of Cost Effective Crypto Tokens. Seeking Opportunities of Entering Secure Server Certificate Market

Thank You