LankaPay is happy to announce the launch of seamless integration of third-party applications and issuance of LankaSign certificates for integrated applications.
LankaSign offers two integration options:
HSM based integration allows third party applications to be integrated using LankaSign digital certificates provided via hardware security tokens.
Our customers may integrate new applications or subscribe with already integrated third-party apps.
SigNEX is a platform developed by Authnex Technologies (Private) limited, an award-winning Sri Lankan based startup, which is the first application to integrate with LankaSign API.
SigNEX is a next generation digital signature platform, which focuses security and convenience for any signing requirement. It facilitates a ‘Qualified Electronic Signature’, considered to be the highest grade of Digital Signature according to eIDAS standards. SigNEX is a platform which can be customized to match many business requirements with the ability to interface into your existing business application making document signing experience quite convenient and seamless.
Please contact LankaPay Helpdesk/LankaPay Support for more information on use of existing LankaSign integrated apps or new integration needs.
The Payment Industry in Sri Lanka has evolved towards greater efficiencies and customer centricities, which has resulted in high reliance on advance technology. The use of the Internet and electronic transactions has evolved rapidly in Sri Lanka facilitating greater customer convenience and attracting new customers, irrespective of their demographics. This is very evident by the high use of SLIPS (Sri Lanka Interbank Payment System) and other electronic payment systems and the growth in the use of Internet Banking.
Though advance technology brings about many advantages to financial institutions and its customers, it also brings in great risks of information security and electronic fraud. Therefore as the use of electronic payments (e-payments) increases, the need for advanced IT security infrastructure becomes critical in order to prevent the risks associated with information security and unauthorized access.
Authentication is a critical issue for users of electronic commerce. Banks must have confidence in the authenticity and the integrity of an electronic transaction received from another bank. This can be achieved through the use of Digital Signatures. Digital Signatures are aimed at achieving a higher level of trust where physical signatures are not possible. Digital signing helps the recipient of the electronic transaction to know with certainty that it was originated by the party who claims who they are and that no changes have been made after the transaction has been signed.
Recognizing this need the Central Bank of Sri Lanka requested LankaPay (Pvt.) Ltd. (LCPL) to be the financial sector Certification Service Provider (CSP). LCPL launched Sri Lanka's first Certification Authority under the brand name LankaSign in accordance with the Electronic Transaction Act, No.19 of 2006 on May-22-2009. A CSP is an authority on a network that issues and manages security credentials and public -private key pair's for message signing and encryption. As part of a public key infrastructure (PKI), a CSP checks with a Registration Authority (RA) to verify information provided by the requestor of a Digital Certificate. If the RA verifies the requestor's information, the CA can then issue a Digital Certificate that can be used for the purpose of signing and encrypting electronic transactions.
LankaSign in its first phase started providing digital certificates to Banks to be used in financial transaction clearing systems, such as SLIPS and CITS (Cheque Imaging and Truncation System), where the CSP and Public Key Infrastructure (PKI) was made available on LCPL's Virtual Private Network (VPN).
On 9th February 2011 LankaSign launched its second phase of providing digital certificates for all financial sector enterprise applications, SSL Certificates and end Users (E-mail/Document signing Certificates) on both private and public networks. This adds great value to the financial sector in Sri Lanka as using digital certificates of Lankasign will save the country its valuable foreign exchange where the other alternative is to procurer Certificates from foreign CSPs at a much higher cost. With LankaSign’s expansion it is now providing a customer focused local service and solutions to reduce document management overheads associated with managing physical documents, as well as promoting Green initiatives.
Currently LankaSign is widely used in almost all financial sector organizations as well as few other sectors for automating their documentation process by digitally signing electronic copies of documents and adding high security for electronic documentation exchange process. As the next phase in their expansion plan, with a major upgrade to their system, LankaSign is now capable of providing digital certificates in real-time for mobile based payment applications for digitally signing and authenticating electronic documents. This has been enabled by a common API developed by LankaSign, which can be easily integrated with such mobile payment applications via a Software Development Kit (SDK) that is freely distributed to such developers.
Aligning with the Electronic Transaction Act, No.19 of 2006, LankaSign follows a stringent process on validating the certificate users and their respective organizations before issuing a digital certificate. Due to its high security standards, LankaSign was able to obtain certification on ISO 27001:2013 for its Information Security Management System in the year 2015.
LankaSign is not only a significant milestone in the ICT industry of Sri Lanka, but also encourages more institutions in all sectors to adopt cost effective digital certificate based technology to achieve a greater level of information security for all their electronic communications and transactions.
1. Is digital signature recognized by Sri Lankan court of law?
Yes, it’s recognized according to Electronic Transactions Act No.19 of 2006 amended by Act No.25 of 2017
2. If a printout of the digitally signed document is given, can we verify whether it is digitally signed?
No. The document must be in original soft form to verify the digital signature.
3. Can a scanned document/image be digitally signed?
Yes. Any document in soft form can be digitally signed.
4. What will happen if I change a digitally signed document?
The existing digital signature will not be valid anymore and it will be indicated that the document had been modified.
5. What will happen if someone else changes the content of a digitally signed document?
Original signature will not be valid anymore and it will be indicated that the document had been modified.
6. Can I remove the digital signature from a document?
Yes but then the document cannot be considered as valid.
7. What is an electronic signature?
It is only an image of a signature that can be added to any document. An electronic signature can be copied and pasted and attached to other documents by anyone. An electronic signature doesn’t provide any document security and it doesn’t have a document verification process, or any tracking for changes made to the documents content after signing.
8. How is digital signature different?
Digital Signature is based on cryptographic technology which offers greater document security and signer authenticity. Each digital signature is unique to the signer and the document, you cannot copy and paste the signature from one document to another. If any changes are made to the document or the signature after signing is complete, this will be indicated in the document rendering the document invalid..
9. Between electronic signature and digital signature, which one is recommended?
There is some confusion regarding the difference between electronic and digital signature technology with people thinking the two are the same thing. However, the two signature types are different and it is important to understand how, otherwise your business could be exposed to additional risks. Digital signatures provide the necessary security controls and hence is the recommended solution.
10. What are some use cases of LankaSign digital certificates?
LankaSign digital certificates has broad uses including document/email signing, systems/applications integrations, mobile integrations, etc.
LankaSign document/email signing certificates can be used to sign/approve any digital document.
11. What will happen if I give my USB token and disclose the PIN to a third person?
He or She can (fraudulently) affix your digital signature.
12. What shall I do if I lose my USB token?
Immediately notify your organization and CSP (LankaPay Helpdesk)
13. What shall I do if I forget my PIN?
Contact your CSP to re-set your PIN.
14. What will happen if I try a wrong PIN multiple times or try the Admin PIN?
Security token PIN is known only to the user. If the user forgets the PIN by any chance, they can only attempt an incorrect PIN a limited number of times. After that the token gets locked and can only be unlocked by using an admin PIN after sending to LankaPay. Admin PIN is only for use of LankaPay. If the user attempts the admin PIN incorrectly, the security token will be permanently locked and unusable. This is intended behavior to ensure the security of digital certificate, so that it cannot be misused.
15. What shall I do if someone else gets to know my PIN?
Change your PIN
16. Do I need to change my PIN after receiving it from CSP?
Yes, it is recommended.
17. Can I take printouts of digitally signed documents and store them?
Cannot verify the digital signature validity if it is stored in printed format.
It must be stored in electronic format to be able to validate same..
18. What is the benefit of storing the digitally signed document?
Saves paper, saves space, cannot do unauthorized changes, very convenient and saves time
19. How can I obtain a digital certificate?
It should be obtained from an authorized/licensed Certification Serviced Provider (CSP) in Sri Lanka.
20. Can I use your digital certificates to automate my document management system or other workflow system?
Yes, you can. We will provide the digital certificates and general guidelines.
21. What is the recommended use of digital certificates within an automated system?
The certificates can be used in anyway within the application the developer and product owners wishes at the discretion of developer and product owners as per product, compliance, legal and other requirements as long as such functions does not violate rules and regulations of LankaSign CSP. LankaSign provides only the certificates and related token driver software and does not provide any other software/application related services or support.
22. How is my digital certificate provided to me?
It is provided in a security token which can be plugged to the USB port.
23. What’s the cost to obtain a digital certificate?
The security token is a one-time purchase and the digital certificate needs to be annually renewed. The security token and digital certificate should be purchased per user.
24. Why should I choose LankaSign CSP?
LankaSign is Sri Lanka’s first and the only Certification Authority established in accordance with the Electronic Transaction Act, No.19 of 2006 on May-22-2009. LankaSign complies with all the international requirements for commercial Certification Service Provider facilities along with ISO 27001:2013 certification.
25. How should I proceed to obtain a digital certificate from you?
Please refer to our How to Obtain Digital Certificates section for all necessary instructions and reach out to our helpdesk on email@example.com or 0112356999.
26. Should each new customer sign an Agreement with LankaPay in order to be eligible to apply for a digital signature?
27. Is the above mentioned Agreement a standard Agreement for all new customer who wish to apply for a digital certificate?
28. Is it possible to amend the above mentioned Agreement to suit each customer? who wish to apply for a digital certificate?
No, it is a standard Agreement. However, LankaPay reserves the right to update the Agreement from time to time.
29. Is there a different Agreement to be signed based on the purpose for which each customer may want to use the digital certificate?
No. There is one standard Agreement for all new customer who wish to apply for a digital certificate
30. Is the Agreement available as a download?
How to revoke your existing certificate ?
How to check the validity of the signed document ?
How to enable email signing & encryption ?
All LankaSign related communications including clarifications, pricing, support requests and any other communications must be submitted to Helpdesk via
Phone : 011 2356999 / 011 2356900
Email : firstname.lastname@example.org
Pre-requisites for Support
LankaSign CSP provides LankaSign digital certificates, validation services for issued certificates and any support related to same. LankaSign CSP does not provide integration services, software development or coding support.
Additional Support Services (incur professional charges on per hour basis)