Use of digital signature in e-Governance applications BY NIC-Bangalore
A uthentication –Proving the identity of an entity (e.g., a person, a computer terminal, etc.) for what it claims to be. C onfidentiality –Keeping Information secret from all but those who are authorized to see it. I ntegrity –Ensuring information has not been altered by unknown or unauthorized means. N on-repudiation –Preventing the denial of previous commitments or actions. Security Requirements
Availability –Legitimate users have access when they need it Access control (Authorization) –Unauthorized users are kept out.. Security Requirements
Electronic Mail Electronic Transfer of Data Office Procedure Automation –File Tracking and Monitoring –Electronic File Movement Archival of Government Records Data built by any automation process Vulnerable G2G Applications
E-Procurement Passport Applications Land Records Tax Returns Bill payments Licenses Vulnerable G2B& G2C Applications
Encryption and Decryption Clear-Text Cipher Text 8vyaleh31&d ktu.dtrw8743 $Fie*nP093h Deposit Rs. 80,000 in SJ’s Account Decryption Encryption
Digital Signature Digital Signature is : A mechanism to sign electronic documents “electronically”. Equivalent to the hand-written signature in the real world. Message dependent Digital Signature Provides Integrity, Authentication, Non- repudiation
NIC, Bangalore Electronic mail has become an acceptable means of information communication ensuring integrity and non-repudiation is a necessity clients now provide a feature to digitally sign electronic messages
NIC, Bangalore Electronic mail Sender sends a digitally signed message using client Sender uses his / her private key Receiver is able to view the message by using sender’s public key –Authenticity of the message – Integrity of the message All this is in the electronic format
NIC, Bangalore Electronic mail Demonstration
NIC, Bangalore Electronic mail
NIC, Bangalore Electronic mail
NIC, Bangalore Electronic mail
NIC, Bangalore Electronic mail
NIC, Bangalore E-Procurement Sender uses public key of the tender accepting authority Tender accepting authority uses his / her private key to open the document Software takes care of bringing to the notice of the tender accepting authority if there is any alteration
NIC, Bangalore Nemmadi is an e-Governance project that provides citizens, an IT interface to avail services offered by the Government IN THEIR VILLAGE ITSELF
NIC, Bangalore A project of the Government of Karnataka The objective is to provide a one stop shop all the citizen’s interactions with the Government and businesses National Informatics Centre, Bangalore has designed and developed the software for Nemmadi for G2C services. 800 tele-centres through out the state at Hoblis Implemented through PPP Nemmadi – the players
NIC, Bangalore Services In the form of certificates / documents. Social Security Schemes In the form of sanction orders Information Dissemination Procedure & Forms for Services / Schemes of all departments. e-Notice Board Provide a forum for placing and viewing advertisements Citizen Database Reduce the service time Nemmadi - What is offered ?
NIC, Bangalore Birth certificate No tenancy CertificateAgriculturist Certificate Death certificateAgri Labour CertificateNon-Creamy layer certificate Population certificateLand holding certificateCaste Certificate for SC/ST Living CertificateResidence CertificateCaste Certificate for Cat-A Solvency CertificateBonafide CertificateNon-creamy layer Certificate Land less CertificateIncome CertificateCaste & Income Certificate Birth registrationDeath registrationUnemployment Certificate OBC Certificate for GOI Jobs Agri Family member Certificate No Govt. Job certificate for compassionate appointment Non-Re-marriage Certificate Small & Marginal Former Certificate Income certificate for compassionate appointment Surviving Family Member Certificate Sanction orders for Pensions (PH, OAP,DWP,SSS,NSAP) Nemmadi – G2C services and schemes
NIC, Bangalore Nemmadi – Architecture
NIC, Bangalore Services provided at the village level Requests are accepted in OFFLINE mode also KIOSK operator to provide services on turnkey basis Provision to scan the application and associated documents - Less paper flow Workflow application Hybrid model with both computer and manual process merged appropriately Nemmadi – Significant features
NIC, Bangalore Tele-centres accept requests Sent to the State Data Centre (SDC) The request then is routed to the taluk office The taluk office houses the server which stores the transactions The officials process the requests from the back office Data gets replicated both ways between SDC and Taluk server Tahsildar digitally signs the electronic details using his private key Digitally signed certificates can be printed at the tele- centres Nemmadi – Flow of requests
NIC, Bangalore A smart client application developed on.Net platform Offline mode supported Unicode for data storage Bilingual Bio-Metric authentication for non-repudiation Scanner and Web cam interface for capturing documents and photographs PKI for digitally signing documents & verifiable Bar-coded certificates / sanction order on watermarked stationery RDS is a n-tier application Nemmadi – Technology
–The certificates / endorsements are signed digitally by the Tahsildhar. –The XML representing the certificate is first hashed. –The hash of the XML is signed using the private key of the Tahsildhar. –The digital signature thus obtained is stored in the database. –The digital signature is transcribed onto the physical certificate as a 2-D barcode. –Over the counter re-issue of certificates Digitally signing documents in RDS
Every certificate is identified by a unique key called the request-ID The bar code contains the request ID concatenated with the digital signature Verification of the document is done to satisfy the recipient that the document’s contents was not tampered Verification of certificates
Purpose For Verification GoK is issuing signature less certificates / sanction orders for various services and schemes and delivered from both the Hobli Telecentres and the Taluka office. Needles to say, the eco-system needs to be put in place to ensure that certificates are verified before accepting the same for delivering benefit to the citizens.
Types Of Verification Verification methodologies Web BasedSMS based Offline Request Id Bar Code Request Id Bulk Requests
Web Based Verification Using Req.Id Connect to ation/RDSCV-VerifyRequestIdPage.aspx. ation/RDSCV-VerifyRequestIdPage.aspx Input Request Id and Click Verify.
Web Based Verification Using Req.Id. Compare the certificate with hard copy
Web Based Verification Using Bar Code Connect to /rdscertificateverification/RD SCV-VerifyBarCodePage.aspx /rdscertificateverification/RD SCV-VerifyBarCodePage.aspx Use a barcode reader to read the 2-D bar code printed at the bottom of the certificate
Offline Verification Fully Independent Verification does not require an internet connection does not have dependence on the content on website rugged of all the processes. The user needs to download and install a verification utility custom developed for Nemmadi Stepwise procedure to download and install the verification utility and supporting tools given at website Challenge : typing the contents exactly as certificate verification will not be successful even if there is a small change in the characters being typed
Web Based Verification Using SMS SEND SMS :- TO NUMBER EXAMPLE :- SUL TO OUTPUT :- Taluk name Hobli Village APPLICANT NAME Father / Husband’s name reservation-category caste income date –of-printing-of-certificate Verification of single request using SMS
National Informatics Centre Bangalore Financial Inclusion Identification of beneficiaries Enrolment de-duplication Smart card preparation Disbursement of pension Management and monitoring
National Informatics Centre Bangalore Financial Inclusion Platform for data interchange has been build List of beneficiaries to be paid pension is generated and digitally signed (pdf) Treasury verifies this and compares the amount against the treasury bill Similarly banks also verify the list before crediting the amount to the a/c
National Informatics Centre Bangalore Architecture TALUK A Gram Panchayat SDC / Central Server BANK INTERNET MIS SERVER KSWAN ENROLMENTENROLMENT DE-DEUPLICATIONDE-DEUPLICATION Client Payment