With the rapid deployment of digital services and expansion of e-Government initiatives to deliver citizen services in the country, electronic transactions in Sri Lanka will grow substantially in the near future. This increases the probability of identity theft, financial fraud, and other security breaches. Therefore, the requirement to authenticate citizens as well as organizations involved in digital transactions becomes pivotal.
To address this requirement, it is essential for a country to establish a national framework which defines legal, administrative and technical regulations for granting, managing, and enforcing the use of digital certificates. From a legal perspective, digital certificates to establish the identities of citizens and organizations in the digital space to minimise fraud.
The Electronic Transactions Act No, 19 of 2006, amended by Act No. 25 of 2017, provides the legal basis for a national framework, with legal recognition for electronic signatures, including digital certificates. From a legal perspective, digital certificates have ensured that there is a mechanism to reliably and securely prove the origin, receipt and integrity of information and also to identify the parties involved in a digital transaction. The use of digital certificates also enables users to achieve transaction confidentiality and integrity using the public key cryptosystem and the hash function. The issue of digital certificates is done by certified third-party certificate service providers (CSPs).
The National Certification Authority (NCA) is the overall governance as well as the standard setting entity required for the smooth and effective functioning of Certification Service Providers (CSPs). Chapter IV of the Electronic Transactions Act No. 19 of 2006 grants authority for a recognised body to perform the function of the NCA and to establish an NCA task force to manage and administer the Certification Authority, having regard to the qualifications and experience as well as the need to represent relevant stakeholders, with the objective of ensuring its proper administration.
The key ceremony, a formal function to generate the Root certificate of the NCA, was held on 14 February and was carried out by the staff of Sri Lanka CERT. This was a major milestone in the annals of digital transactions in Sri Lanka. The Root Certificate facilitates secure digital transactions not only within Sri Lanka but also internationally with other countries. In order to enhance the operations of NCA as well as to ensure that digital certificates issued by the Sri Lankan NCA are recognised internationally, including web browser vendors (Browser forum), the objective of the NCA is to be “WebTrust standard” certified. Thus, Sri Lanka would become the first country in South Asia to adopt an international standard in this domain.