Sri Lanka becomes the first Country in South Asia to adopt an international standard for digital transactions Featured
05 Mar 2020
(0 votes)

Sri Lanka becomes the first Country in South Asia to adopt an international standard for digital transactions


Sri Lanka becomes the first Country in South Asia to adopt an international standard for digital transactions

Sri Lanka’s National Digital Certificate Authority Key Ceremony Successfully Completed
- National Certification Authority Task Force

With the rapid deployment of Digital services and expansion of e-government initiatives to deliver citizen services in the country, electronic transactions in Sri Lanka will grow substantially in the near future. This increases the probability of identity theft, financial fraud and other security breaches. Therefore, the requirement to authenticate citizens as well as organizations involved in digital transactions becomes pivotal.

To address this requirement, it is essential for a Country to establish a national framework which defines legal, administrative and technical regulations for granting, managing and enforcing the use of digital certificates to establish the identities of citizens and organizations in the digital space to minimize fraud.

The Electronic Transactions Act No, 19 of 2006, amended by Act No. 25 of 2017, provides the legal basis for a national framework, with legal recognition for Electronic Signatures, including Digital certificates. From a legal perspective Digital Certificates have ensured that there is a mechanism to reliably and securely prove the origin, receipt and integrity of information and also to identify the parties involved in a digital transaction. The use of Digital Certificates also enables users to achieve transaction confidentiality and integrity using the public key cryptosystem and the hash function. The issue of digital certificates is done by certified third-party certificate service providers (CSPs).

The National Certification Authority (NCA) is the overall governance as well as the standard setting entity required for the smooth and effective functioning of Certification Service Providers (CSPs). Chapter IV of the Electronic Transactions Act No. 19 of 2006 grants authority for a recognized body to perform the function of the NCA and to establish an NCA task force to manage and administer the Certification Authority, having regard to the qualifications and experience as well as the need to represent relevant stakeholders, with the objective of ensuring its proper administration

The NCA Task Force was first established in 2011 jointly by ICT Agency of Sri Lanka (ICTA) and Central Bank of Sri Lanka (CBSL), with ICTA’s Legal Advisor Jayantha Fernando CBSL Asst. Governor, Janakie Mampitiya as Co-Chairs. The ICTA was designated to perform NCA functions on 24th September 2013 by Gazette Extraordinary 2147/58 made under Section 18 of the Electronic Transactions Act, while NCA operational functions were performed by Sri Lanka CERT. Part of the equipment for this purpose was also procured by ICTA under the “e-Sri Lanka Development Program”.

The Electronic Transactions (Amendment) Act No. 25 of 2017 further modernized Sri Lanka’s legal digital transactions framework by giving effect to Sri Lanka’s ratification of the UN Electronic Communications Convention. Further this Amendment broadened the scope of application of Electronic Signatures, provided for licensing and authorizing of CSPs while separating the NCA Task Force with the operations of NCA.

Pursuant to Gazette Extraordinary, 2147/58, dated 30th October 2019, Sri Lanka CERT was designated as the Certification Authority under section 18 of the above Act to perform the functions of the NCA.

The key ceremony, a formal function to generate the Root certificate of the NCA, was held on 14th February 2020 and was carried out by the staff of Sri Lanka CERT. This was a major milestone in the annuls of Digital transactions in Sri Lanka. The Root Certificate facilitates secure digital transactions not only within Sri Lanka but also internationally with other countries. In order to enhance the operations of NCA as well as to ensure that digital certificates issued by the Sri Lankan NCA are recognized internationally, including web browser vendors (Browser forum), the objective of the NCA is to be “WebTrust standard” certified. Thus, Sri Lanka would become the first Country in South Asia to adopt an international standard in this domain.

The simple but formal key generation ceremony was inaugurated by Mr. Jayantha Fernando, Co-Chair of National Certification Authority (NCA) Task Force. Fernando is Board Director of Sri Lanka CERT and Legal Advisor, ICTA. A detailed presentation on the operations NCA and the Key generation ceremony was given by Mr. Rohana Palliyaguru, Director-Operations of Sri Lanka CERT. This was followed by the Key Generation ceremony which was carried out step by step by the staff of Sri Lanka CERT, in the presence of WebTrust Auditors.

The ceremony was attended by the Task Force Co-Chair, R. A. A. Jayalath (Asst. Governor, Central Bank) and Task Force Members, Rohan Seneviratne (DGM, CEB), Waruna Sri Dhanapala (Additional Secretary Digital Infrastructure & Information Technology, Ministry of Defence), Channa De Silva (CEO Lanka Clear), Mrs. S.G.A.R.K.R. Seneviratne (Additional Secretary Technical, MOD) and Lal Dias (CEO, Sri Lanka CERT). In addition, a number of other dignitaries including Rohan Fernando (Chairman, SLT), Oshada Senanayake (DG, TRCSL) and Mahinda Herath, ICTA CEO attended this formal ceremony.

Read 2080 times Last modified on Friday, 06 March 2020 03:00