View
217
Download
2
Category
Tags:
Preview:
Citation preview
Use of digital signature in e-Governance applications
BY
NIC-Bangalore
• Authentication– Proving the identity of an entity (e.g., a
person, a computer terminal, etc.) for what it claims to be.
• Confidentiality– Keeping Information secret from all but those
who are authorized to see it.
• Integrity– Ensuring information has not been altered by
unknown or unauthorized means.
• Non-repudiation– Preventing the denial of previous
commitments or actions.
Security Requirements
• Availability– Legitimate users have access when
they need it
• Access control (Authorization)– Unauthorized users are kept out
.. Security Requirements
Electronic Mail Electronic Transfer of Data Office Procedure Automation
– File Tracking and Monitoring– Electronic File Movement
Archival of Government Records Data built by any automation process
Vulnerable G2G Applications
E-Procurement Passport Applications Land Records Tax Returns Bill payments Licenses
Vulnerable G2B& G2C Applications
Encryption and Decryption
Clear-Text Clear-Text
Cipher Text
8vyaleh31&d
ktu.dtrw8743
$Fie*nP093h
Deposit Rs.
80,000 in SJ’s
Account
DecryptionDecryptionEncryptionEncryption
Deposit Rs. 80,000
in SJ’s Account
Digital Signature
Digital Signature is :A mechanism to sign electronic
documents “electronically”.Equivalent to the hand-written
signature in the real world.Message dependentDigital Signature Provides
Integrity, Authentication, Non-repudiation
NIC, Bangalore
Electronic mail
e-mail has become an acceptable means of information communication
ensuring integrity and non-repudiation is a necessity
e-mail clients now provide a feature to digitally sign electronic messages
NIC, Bangalore
Electronic mail
• Sender sends a digitally signed message using client
• Sender uses his / her private key• Receiver is able to view the message
by using sender’s public key– Authenticity of the message – Integrity of the message
• All this is in the electronic format
NIC, Bangalore
Electronic mail
Demonstration
NIC, Bangalore
Electronic mail
NIC, Bangalore
Electronic mail
NIC, Bangalore
Electronic mail
NIC, Bangalore
Electronic mail
NIC, Bangalore
E-Procurement
• Sender uses public key of the tender accepting authority
• Tender accepting authority uses his / her private key to open the document
• Software takes care of bringing to the notice of the tender accepting authority if there is any alteration
NIC, Bangalore
Nemmadi
is an e-Governance project that provides citizens, an IT interface to avail
services offered by the Government
IN THEIR VILLAGE ITSELF
NIC, Bangalore
A project of the Government of Karnataka
The objective is to provide a one stop shop all the citizen’s interactions with the Government and businesses
National Informatics Centre, Bangalore has designed and developed the software for Nemmadi for G2C services.
800 tele-centres through out the state at Hoblis
Implemented through PPP
Nemmadi – the players
NIC, Bangalore
Services In the form of certificates / documents.
Social Security SchemesIn the form of sanction orders
Information DisseminationProcedure & Forms for Services / Schemes of all
departments.
e-Notice BoardProvide a forum for placing and viewing advertisements
Citizen Database Reduce the service time
Nemmadi - What is offered ?
NIC, Bangalore
Birth certificate No tenancy
Certificate Agriculturist Certificate
Death certificate Agri Labour Certificate
Non-Creamy layer certificate
Population certificate
Land holding certificate
Caste Certificate for SC/ST
Living Certificate Residence Certificate
Caste Certificate for Cat-A
Solvency Certificate
Bonafide Certificate Non-creamy layer Certificate
Land less Certificate
Income Certificate Caste & Income Certificate
Birth registration Death registration Unemployment Certificate
OBC Certificate for GOI Jobs
Agri Family member Certificate
No Govt. Job certificate for compassionate appointment
Non-Re-marriage Certificate
Small & Marginal Former Certificate
Income certificate for compassionate appointment
Surviving Family Member Certificate
Sanction orders for Pensions (PH, OAP ,DWP,SSS,NSAP)
Nemmadi – G2C services and schemes
NIC, Bangalore
Nemmadi – Architecture
NIC, Bangalore
Services provided at the village level Requests are accepted in OFFLINE mode also KIOSK operator to provide services on turnkey basis Provision to scan the application and associated
documents - Less paper flow Workflow application Hybrid model with both computer and manual
process merged appropriately
Nemmadi – Significant features
NIC, Bangalore
Tele-centres accept requests Sent to the State Data Centre (SDC) The request then is routed to the taluk office
The taluk office houses the server which stores the transactions
The officials process the requests from the back office Data gets replicated both ways between SDC and
Taluk server Tahsildar digitally signs the electronic details using his
private key Digitally signed certificates can be printed at the tele-
centres
Nemmadi – Flow of requests
NIC, Bangalore
A smart client application developed on .Net platform Offline mode supported Unicode for data storage Bilingual Bio-Metric authentication for non-repudiation Scanner and Web cam interface for capturing
documents and photographs PKI for digitally signing documents & verifiable Bar-coded certificates / sanction order on
watermarked stationery RDS is a n-tier application
Nemmadi – Technology
– The certificates / endorsements are signed digitally by the Tahsildhar.
– The XML representing the certificate is first hashed.
– The hash of the XML is signed using the private key of the Tahsildhar.
– The digital signature thus obtained is stored in the database.
– The digital signature is transcribed onto the physical certificate as a 2-D barcode.
– Over the counter re-issue of certificates
Digitally signing documents in RDS
Digitally signing documents in RDS
• Every certificate is identified by a unique key called the request-ID
• The bar code contains the request ID concatenated with the digital signature
• Verification of the document is done to satisfy the recipient that the document’s contents was not tampered
Verification of certificates
Purpose For VerificationGoK is issuing signature less certificates / sanction orders for various services and schemes and delivered from both the Hobli Telecentres and the Taluka office.
Needles to say, the eco-system needs to be put in place to ensure that certificates are verified before accepting the same for delivering benefit to the citizens.
Types Of Verification
Verification methodologies
Web Based SMS based Offline
Request Id
Bar Code
Request Id
Bulk Requests
Web Based Verification Using Req.Id
Connect to http://202.138.101.172/rdscertificateverification/RDSCV-VerifyRequestIdPage.aspx.
Input Request Id and Click Verify.
Web Based Verification Using Req.Id
.
Compare the certificate with hard copy
Web Based Verification Using Bar Code
Connect to http://
202.138.101.172/rdscertificateverification/RDSCV-VerifyBarCodePage.aspx..
Use a barcode reader to read the 2-D bar code printed at the bottom of the certificate
Offline Verification Fully Independent Verification
does not require an internet connection
does not have dependence on the content on website rugged of all the processes.
The user needs to download and install a verification utility custom developed for Nemmadi
Stepwise procedure to download and install the verification utility and supporting tools given at website
Challenge : typing the contents exactly as certificate verification will not be successful even if there is a small change in the characters being typed
Web Based Verification Using SMS
SEND SMS :- <REQUEST ID>TO NUMBER EXAMPLE :- SUL01110100044 TO
OUTPUT :- Taluk name Hobli Village APPLICANT NAME Father / Husband’s name reservation-category caste income date –of-printing-of-certificate
Verification of single request using SMS
19.9.1009 National Informatics CentreBangalore
Financial Inclusion
• Identification of beneficiaries
• Enrolment
• de-duplication
• Smart card preparation
• Disbursement of pension
• Management and monitoring
19.9.1009 National Informatics CentreBangalore
Financial Inclusion
• Platform for data interchange has been build
• List of beneficiaries to be paid pension is generated and digitally signed (pdf)
• Treasury verifies this and compares the amount against the treasury bill
• Similarly banks also verify the list before crediting the amount to the a/c
19.9.1009 National Informatics CentreBangalore
Architecture
TALUK A
Gram Panchayat
SDC / Central Server
BANK BANK
INTERNET
MIS SERVER
KSWAN
ENROLMENT
DE-DEUPLICATION
Client
Payment
Recommended