370 likes | 572 Views
Use of digital signature in e-Governance applications BY NIC-Bangalore. Security Requirements. A uthentication Proving the identity of an entity (e.g., a person, a computer terminal, etc.) for what it claims to be. C onfidentiality
E N D
Use of digital signature in e-Governance applications BY NIC-Bangalore
Security Requirements • Authentication • Proving the identity of an entity (e.g., a person, a computer terminal, etc.) for what it claims to be. • Confidentiality • Keeping Information secret from all but those who are authorized to see it. • Integrity • Ensuring information has not been altered by unknown or unauthorized means. • Non-repudiation • Preventing the denial of previous commitments or actions.
.. Security Requirements • Availability • Legitimate users have access when they need it • Access control (Authorization) • Unauthorized users are kept out
Vulnerable G2G Applications • Electronic Mail • Electronic Transfer of Data • Office Procedure Automation • File Tracking and Monitoring • Electronic File Movement • Archival of Government Records • Data built by any automation process
Vulnerable G2B& G2C Applications • E-Procurement • Passport Applications • Land Records • Tax Returns • Bill payments • Licenses
Deposit Rs. 80,000 in SJ’s Account Encryption and Decryption Clear-Text Clear-Text Deposit Rs. 80,000 in SJ’s Account 8vyaleh31&d ktu.dtrw8743 $Fie*nP093h Encryption Decryption Cipher Text
Digital Signature Digital Signature is : • A mechanism to sign electronic documents “electronically”. • Equivalent to the hand-written signature in the real world. • Message dependent • Digital Signature Provides Integrity, Authentication, Non-repudiation
Electronic mail • e-mail has become an acceptable means of information communication • ensuring integrity and non-repudiation is a necessity • e-mail clients now provide a feature to digitally sign electronic messages NIC, Bangalore
Electronic mail • Sender sends a digitally signed message using client • Sender uses his / her private key • Receiver is able to view the message by using sender’s public key • Authenticity of the message • Integrity of the message • All this is in the electronic format NIC, Bangalore
Electronic mail Demonstration NIC, Bangalore
Electronic mail NIC, Bangalore
Electronic mail NIC, Bangalore
Electronic mail NIC, Bangalore
Electronic mail NIC, Bangalore
E-Procurement • Sender uses public key of the tender accepting authority • Tender accepting authority uses his / her private key to open the document • Software takes care of bringing to the notice of the tender accepting authority if there is any alteration NIC, Bangalore
Nemmadi is an e-Governance project that provides citizens, an IT interface to avail services offered by the Government IN THEIR VILLAGE ITSELF NIC, Bangalore
Nemmadi – the players • A project of the Government of Karnataka • The objective is to provide a one stop shop all the citizen’s interactions with the Government and businesses • National Informatics Centre, Bangalore has designed and developed the software for Nemmadi for G2C services. • 800 tele-centres through out the state at Hoblis • Implemented through PPP NIC, Bangalore
Nemmadi - What is offered ? • Services In the form of certificates / documents. • Social Security Schemes In the form of sanction orders • Information Dissemination Procedure & Forms for Services / Schemes of all departments. • e-Notice Board Provide a forum for placing and viewing advertisements • Citizen Database Reduce the service time NIC, Bangalore
Nemmadi – G2C services and schemes NIC, Bangalore
Nemmadi – Architecture NIC, Bangalore
Nemmadi – Significant features • Services provided at the village level • Requests are accepted in OFFLINE mode also • KIOSK operator to provide services on turnkey basis • Provision to scan the application and associated documents - Less paper flow • Workflow application • Hybrid model with both computer and manual process merged appropriately NIC, Bangalore
Nemmadi – Flow of requests • Tele-centres accept requests • Sent to the State Data Centre (SDC) • The request then is routed to the taluk office The taluk office houses the server which stores the transactions • The officials process the requests from the back office • Data gets replicated both ways between SDC and Taluk server • Tahsildar digitally signs the electronic details using his private key • Digitally signed certificates can be printed at the tele-centres NIC, Bangalore
Nemmadi – Technology • A smart client application developed on .Net platform • Offline mode supported • Unicode for data storage • Bilingual • Bio-Metric authentication for non-repudiation • Scanner and Web cam interface for capturing documents and photographs • PKI for digitally signing documents & verifiable • Bar-coded certificates / sanction order on watermarked stationery • RDS is a n-tier application NIC, Bangalore
Digitally signing documents in RDS • The certificates / endorsements are signed digitally by the Tahsildhar. • The XML representing the certificate is first hashed. • The hash of the XML is signed using the private key of the Tahsildhar. • The digital signature thus obtained is stored in the database. • The digital signature is transcribed onto the physical certificate as a 2-D barcode. • Over the counter re-issue of certificates
Verification of certificates • Every certificate is identified by a unique key called the request-ID • The bar code contains the request ID concatenated with the digital signature • Verification of the document is done to satisfy the recipient that the document’s contents was not tampered
Purpose For Verification GoK is issuing signature less certificates / sanction orders for various services and schemes and delivered from both the HobliTelecentres and the Taluka office. Needles to say, the eco-system needs to be put in place to ensure that certificates are verified before accepting the same for delivering benefit to the citizens.
Types Of Verification Verification methodologies Web Based Offline SMS based Request Id Request Id Bulk Requests Bar Code
Web Based Verification Using Req.Id Connect to http://202.138.101.172/rdscertificateverification/RDSCV-VerifyRequestIdPage.aspx. Input Request Id and Click Verify.
Web Based Verification Using Req.Id . Compare the certificate with hard copy
Web Based Verification Using Bar Code Connect to http://202.138.101.172/rdscertificateverification/RDSCV-VerifyBarCodePage.aspx.. Use a barcode reader to read the 2-D bar code printed at the bottom of the certificate
Offline Verification Fully Independent Verification • does not require an internet connection • does not have dependence on the content on website • rugged of all the processes. • The user needs to download and install a verification utility custom developed for Nemmadi • Stepwise procedure to download and install the verification utility and supporting tools given at website • Challenge : typing the contents exactly as certificate verification will not be successful even if there is a small change in the characters being typed
Web Based Verification Using SMS Verification of single request using SMS SEND SMS :- <REQUEST ID>TO NUMBER EXAMPLE :- SUL01110100044 TO OUTPUT :- Taluk name Hobli Village APPLICANT NAME Father / Husband’s name reservation-category caste income date –of-printing-of-certificate
Financial Inclusion Identification of beneficiaries Enrolment de-duplication Smart card preparation Disbursement of pension Management and monitoring National Informatics Centre Bangalore
Financial Inclusion Platform for data interchange has been build List of beneficiaries to be paid pension is generated and digitally signed (pdf) Treasury verifies this and compares the amount against the treasury bill Similarly banks also verify the list before crediting the amount to the a/c National Informatics Centre Bangalore
Architecture SDC / Central Server TALUK A KSWAN Gram Panchayat Client DE-DEUPLICATION INTERNET ENROLMENT MIS SERVER Payment BANK BANK National Informatics Centre Bangalore