220 likes | 303 Views
e-Transactions - Trust and Technology. Presented by J S Kochar Executive Director (n)Code Solutions – A Division of GNFC Ltd. Case Study e-Procurement Implementation For GUJARAT GOVT. www.nprocure.com. The 4 Pillars of Trust in eTransactions. AUTHENTICATION
E N D
e-Transactions - Trust and Technology Presented by J S Kochar Executive Director (n)Code Solutions – A Division of GNFC Ltd.
Case Study e-Procurement Implementation For GUJARAT GOVT. www.nprocure.com
The 4 Pillars of Trust in eTransactions • AUTHENTICATION • That the information sender and the recepient are the ones they claim to be • CONFIDENTIALITY • The knowledge and assurance that the information being exchanged remains confidential and private • INTEGRITY • That the information being received is the same as it was transmitted by the sender • NON-REPUDIATION • That the sender cannot deny having sent the information. The legal frame work for pinning the responsibility
e-Procurement Value Chain • Online Bid Process Management from publication of NIT until the award of contract • Download of tender documents, bids submission, opening of bids and publication of award notice are all done online • Technical bid evaluation is typically handled manually
e-Procurement Components: Vendor Side Process Buyer Side Process Vendor Bidding Tender Evaluation Vendor Registration Document Download Tender Preparation Pre-Qualification Pre-Bid Meeting Tender Approval Technical Evaluation Payment of EMD Tender Publishing Commercial Evaluation Reverse Auction Bid Submission Corrigendum Award of Contract
e-Tender : Buyer Process Cycle Buyer User Login Corrigendum Tender Creation Publish Tender Tender Available for Bid Submission Bid Evaluation Result Sharing
Vendor Login New Tender Bid Edit Profile Edit Document Library Document Download Joint Venture Process Document Upload Bid Submission Final Tender Submission Bid Acknowledgement e-Tender : Vendor Process Cycle
Buyer Login Primary Login Remote Login Biometric Login Committee Formation Bid Evaluation Comparative Reports Attached Documents Result Sharing e-Tender : Bid Evaluation Process
Trust enablers • 3-tier Architecture /128 – bit SSL enabled site • Username/password + Digital Certificate based Login • Time Validation • Role based access • Trusted Root Validation of RCAI (Valid CA and CCA) • Private Key Check (Content Signing Check) • Data Signing / encryption during • Any change in data vendor / buyer • Data transfer from client/server ( SSL ) • Data at Rest / Storage at the server
e-Transactions : Password Authentication • The Digital Signature system creates a Hash of the password and stores it, instead of storing the password. • The portal uses SHA1 as the hashing algorithm instead of MD5 as it has a fixed 160 bits instead of 128 bits. • When a user logs in, the system generates a hash of the password which travels over SSL to the server for verification. The actual password never leaves the machine.
Rights can be allocated to user or group of users while preparing a tender This avoids tampering in content by unauthorized person Existing Organization hierarchy is being mapped to the system and workflow is being maintained e-Transactions : Role Based Access
Time Based Access Date & Time sensitivity for Tender e.g. Tender cannot be opened even by authorized User before due date Server Time cannot be tampered as it is mapped through GPS Server Clock e-Transactions : Time sensitivity Time logging • Key processes are time logged • Tender cannot be preponed • Tenders cannot be submitted after Due date and time (server time) • Tender cannot be opened before Due date and time • All access / changes are logged with timestamps
e-Transaction : Sign / Verify • 1024 bits key pair is used for the Sign and verification. • Each and every important transaction is signed and after verification (at server end) it will be stored in the database.
e-Transaction : Data Security • Encryption / Decryption • 1024 bits key pair is used for the Encryption and Decryption. So no one can decrypt the content with any Attack like Brute Force Attack.
Security@nprocure.com • Nprocure.com has been audited by a certified third party auditor on CERT-IN guidelines that the site is free of • Errors in Digital signing and encryption • Authentication errors • Malicious file execution • Any coding or functional errors • Key loggers • XSS vulnerabilities • SQL injection vulnerabilities
Advantage –nprocure • Remote opening committee • On-line / e-mail alert on critical event • Online sharing of results to increase transparency • On the fly Dynamic Comparative reports • L1-L2 Comparative Report • Item-wise / All Bidder Comparative Report • Estimated Rates Comparative Report • (%) Above / Below Comparative Report • Bidder-wise / Item-wise Report • Any other Department Specific Report
GoG e-Tendering through (n)Procure • 1st implementation of e-tendering by a PSU • High level of trust and process sanctity • 3 years on… • Above 21000 tenders worth >40000 Crores • 128 Government departments & 587 Offices • >12,000 satisfied users (Buyers & Suppliers) • One of the few successful implementation of e-governance services by any state government in the country • Government Technology Award (October 2007) • E-Governance award for best technology implementation, by CSI in 2005 • Computer Society of India (CSI-Nihilent e-Governance Awards 2006-07) • National awards for e-Governance 2008-09 (Bronze medal) (January 2009)
(n)Procure (GoG) – Facts and Figures As on 28.02.2009
Thank you jskochar@gnvfc.net