Use of digital signature in e-Governance applications

BY

NIC-Bangalore

• Authentication– Proving the identity of an entity (e.g., a

person, a computer terminal, etc.) for what it claims to be.

• Confidentiality– Keeping Information secret from all but those

who are authorized to see it.

• Integrity– Ensuring information has not been altered by

unknown or unauthorized means.

• Non-repudiation– Preventing the denial of previous

commitments or actions.

Security Requirements

• Availability– Legitimate users have access when

they need it

• Access control (Authorization)– Unauthorized users are kept out

.. Security Requirements

Electronic Mail Electronic Transfer of Data Office Procedure Automation

– File Tracking and Monitoring– Electronic File Movement

Archival of Government Records Data built by any automation process

Vulnerable G2G Applications

E-Procurement Passport Applications Land Records Tax Returns Bill payments Licenses

Vulnerable G2B& G2C Applications

Encryption and Decryption

Clear-Text Clear-Text

Cipher Text

8vyaleh31&d

ktu.dtrw8743

$Fie*nP093h

Deposit Rs.

80,000 in SJ’s

Account

DecryptionDecryptionEncryptionEncryption

Deposit Rs. 80,000

in SJ’s Account

Digital Signature

Digital Signature is :A mechanism to sign electronic

documents “electronically”.Equivalent to the hand-written

signature in the real world.Message dependentDigital Signature Provides

Integrity, Authentication, Non-repudiation

NIC, Bangalore

Electronic mail

e-mail has become an acceptable means of information communication

ensuring integrity and non-repudiation is a necessity

e-mail clients now provide a feature to digitally sign electronic messages

NIC, Bangalore

Electronic mail

• Sender sends a digitally signed message using client

• Sender uses his / her private key• Receiver is able to view the message

by using sender’s public key– Authenticity of the message – Integrity of the message

• All this is in the electronic format

NIC, Bangalore

Electronic mail

Demonstration

NIC, Bangalore

Electronic mail

NIC, Bangalore

Electronic mail

NIC, Bangalore

Electronic mail

NIC, Bangalore

Electronic mail

NIC, Bangalore

E-Procurement

• Sender uses public key of the tender accepting authority

• Tender accepting authority uses his / her private key to open the document

• Software takes care of bringing to the notice of the tender accepting authority if there is any alteration

NIC, Bangalore

Nemmadi

is an e-Governance project that provides citizens, an IT interface to avail

services offered by the Government

IN THEIR VILLAGE ITSELF

NIC, Bangalore

A project of the Government of Karnataka

The objective is to provide a one stop shop all the citizen’s interactions with the Government and businesses

National Informatics Centre, Bangalore has designed and developed the software for Nemmadi for G2C services.

800 tele-centres through out the state at Hoblis

Implemented through PPP

Nemmadi – the players

NIC, Bangalore

Services In the form of certificates / documents.

Social Security SchemesIn the form of sanction orders

Information DisseminationProcedure & Forms for Services / Schemes of all

departments.

e-Notice BoardProvide a forum for placing and viewing advertisements

Citizen Database Reduce the service time

Nemmadi - What is offered ?

NIC, Bangalore

Birth certificate No tenancy

Certificate Agriculturist Certificate

Death certificate Agri Labour Certificate

Non-Creamy layer certificate

Population certificate

Land holding certificate

Caste Certificate for SC/ST

Living Certificate Residence Certificate

Caste Certificate for Cat-A

Solvency Certificate

Bonafide Certificate Non-creamy layer Certificate

Land less Certificate

Income Certificate Caste & Income Certificate

Birth registration Death registration Unemployment Certificate

OBC Certificate for GOI Jobs

Agri Family member Certificate

No Govt. Job certificate for compassionate appointment

Non-Re-marriage Certificate

Small & Marginal Former Certificate

Income certificate for compassionate appointment

Surviving Family Member Certificate

Sanction orders for Pensions (PH, OAP ,DWP,SSS,NSAP)

Nemmadi – G2C services and schemes

NIC, Bangalore

Nemmadi – Architecture

NIC, Bangalore

Services provided at the village level Requests are accepted in OFFLINE mode also KIOSK operator to provide services on turnkey basis Provision to scan the application and associated

documents - Less paper flow Workflow application Hybrid model with both computer and manual

process merged appropriately

Nemmadi – Significant features

NIC, Bangalore

Tele-centres accept requests Sent to the State Data Centre (SDC) The request then is routed to the taluk office

The taluk office houses the server which stores the transactions

The officials process the requests from the back office Data gets replicated both ways between SDC and

Taluk server Tahsildar digitally signs the electronic details using his

private key Digitally signed certificates can be printed at the tele-

centres

Nemmadi – Flow of requests

NIC, Bangalore

A smart client application developed on .Net platform Offline mode supported Unicode for data storage Bilingual Bio-Metric authentication for non-repudiation Scanner and Web cam interface for capturing

documents and photographs PKI for digitally signing documents & verifiable Bar-coded certificates / sanction order on

watermarked stationery RDS is a n-tier application

Nemmadi – Technology

– The certificates / endorsements are signed digitally by the Tahsildhar.

– The XML representing the certificate is first hashed.

– The hash of the XML is signed using the private key of the Tahsildhar.

– The digital signature thus obtained is stored in the database.

– The digital signature is transcribed onto the physical certificate as a 2-D barcode.

– Over the counter re-issue of certificates

Digitally signing documents in RDS

Digitally signing documents in RDS

• Every certificate is identified by a unique key called the request-ID

• The bar code contains the request ID concatenated with the digital signature

• Verification of the document is done to satisfy the recipient that the document’s contents was not tampered

Verification of certificates

Purpose For VerificationGoK is issuing signature less certificates / sanction orders for various services and schemes and delivered from both the Hobli Telecentres and the Taluka office.

Needles to say, the eco-system needs to be put in place to ensure that certificates are verified before accepting the same for delivering benefit to the citizens.

Types Of Verification

Verification methodologies

Web Based SMS based Offline

Request Id

Bar Code

Request Id

Bulk Requests

Web Based Verification Using Req.Id

Connect to http://202.138.101.172/rdscertificateverification/RDSCV-VerifyRequestIdPage.aspx.

Input Request Id and Click Verify.

Web Based Verification Using Req.Id

.

Compare the certificate with hard copy

Web Based Verification Using Bar Code

Connect to http://

202.138.101.172/rdscertificateverification/RDSCV-VerifyBarCodePage.aspx..

Use a barcode reader to read the 2-D bar code printed at the bottom of the certificate

Offline Verification Fully Independent Verification

does not require an internet connection

does not have dependence on the content on website rugged of all the processes.

The user needs to download and install a verification utility custom developed for Nemmadi

Stepwise procedure to download and install the verification utility and supporting tools given at website

Challenge : typing the contents exactly as certificate verification will not be successful even if there is a small change in the characters being typed

Web Based Verification Using SMS

SEND SMS :- <REQUEST ID>TO NUMBER EXAMPLE :- SUL01110100044 TO

OUTPUT :- Taluk name Hobli Village APPLICANT NAME Father / Husband’s name reservation-category caste income date –of-printing-of-certificate

Verification of single request using SMS

19.9.1009 National Informatics CentreBangalore

Financial Inclusion

• Identification of beneficiaries

• Enrolment

• de-duplication

• Smart card preparation

• Disbursement of pension

• Management and monitoring

19.9.1009 National Informatics CentreBangalore

Financial Inclusion

• Platform for data interchange has been build

• List of beneficiaries to be paid pension is generated and digitally signed (pdf)

• Treasury verifies this and compares the amount against the treasury bill

• Similarly banks also verify the list before crediting the amount to the a/c

19.9.1009 National Informatics CentreBangalore

Architecture

TALUK A

Gram Panchayat

SDC / Central Server

BANK BANK

INTERNET

MIS SERVER

KSWAN

ENROLMENT

DE-DEUPLICATION

Client

Payment