digital sig ppt1
TRANSCRIPT
-
8/2/2019 Digital Sig Ppt1
1/24
Application of DigitalSignatures:
Case Studies
Jagdeep S KocharExecutive Director
-
8/2/2019 Digital Sig Ppt1
2/24
What is a Digital Signature Certificate( DSC) ?
Digital Signature Certificate is your PASSPORT onthe Internet used to:
Identify yourself
Help the software application to authenticate you
and:
Help you to secure your data
Give legal sanctity to the transaction
-
8/2/2019 Digital Sig Ppt1
3/24
Physical Signature / Digital Signature
Physical Signature Digital Signature
Physical Signature is just a
writing on paper
Digital Signature encompasses
crucial parameters of
identification
Physical Signature can be
copied
It is IMPOSSIBLE to copy a
Digital signature
Physical Signature does not
give privacy to content
Digital Signature also enables
encryption and thus privacy
Physical Signature cannot
protect the content
Digital Signature protects the
content
-
8/2/2019 Digital Sig Ppt1
4/24
DSC AND THE LAW
Major provisions of the Indian IT Act Legal recognition to electronic contracts /
records Legal recognition to digital signatures
Digital signature to be effected by use ofasymmetric crypto system and hashfunction
Usage of electronic records and digital
signatures in government and its agencies Retention of electronic records
-
8/2/2019 Digital Sig Ppt1
5/24
Case StudyIPO
-
8/2/2019 Digital Sig Ppt1
6/24
IPO - Business Background
Indian Patent Office processes patent, trademark andcopyright applications
Manual processing of applications had become tediousand unmanageable as the numbers have increaseddrastically
Manual system has issues of abuse and corruption Manual processing is slow and innovators want fast
registrations As the system is secretive in nature, manual processing
has its own issues
All this in the backdrop of need to encourage innovation inthe Indian Industry
-
8/2/2019 Digital Sig Ppt1
7/24
IPO Online Objectives
Enable entire IPO system to accept onlineapplication
Innovators can file applications online from
anywhere in the world The system can process entire application
without any human intervention
All applications submitted are digitally timestamped
-
8/2/2019 Digital Sig Ppt1
8/24
IPO PKI Implementation Diagram
User Connectedvia Internet
Servers at IPO
DigitallySigned
Document
DigitalSignature
Verification
CRLverified byCA Server
-
8/2/2019 Digital Sig Ppt1
9/24
IPO Trademark Application
1. PKI & Digital certificates are used for two applicationseTMR (eTrademark Registration) & Online PatentsRegistration
2. eTMR is an entirely online application. Digital certificates
are used for authentication & data (Form) signing3. Applicant enters all details and then is requested to sign
the data using a Digital certificate.
4. Applicant selects his/her own certificate. The data
entered on the form is signed using the certificate
-
8/2/2019 Digital Sig Ppt1
10/24
IPO Patents Application
1. Online Patents application works in dual (Offline as wellas online) mode. The offline module is downloaded bythe applicant and installed on his/her own PC.
2. The data entered by the applicant is gathered by the
offline module and is written to a file.3. The file is then signed using users Class III digital
certificate and uploaded to the IPO server using onlinemodule
4. Once the file reaches the server, it is verified for dataintegrity, certificate authenticity / validity and stored onthe server for further processing
-
8/2/2019 Digital Sig Ppt1
11/24
Case StudyDGFT
-
8/2/2019 Digital Sig Ppt1
12/24
DGFT Business Background
DGFT processes requests and issues Importand Export licenses
DGFT has multiple schemes under which
different licenses are issued There are hundreds of licenses which need to
be processed every day
Manual processing is slow and prone toabuse and corruption
-
8/2/2019 Digital Sig Ppt1
13/24
DGFT Online Objectives
Enable users to be able to file licenseapplications online
Enable software to handle different schemes
like DEPB, EPCG, etc. automatically Approval of overall applications done online
Speedier processing of the licenses
Better MIS, audit trails and accountability
-
8/2/2019 Digital Sig Ppt1
14/24
DGFT Online application
1. User can login only using Digital Certificates which haveIEC number
2. User creates document (typically *.doc word file ) anddigitally signs it
3. A file is generated which is a digitally signed documentand uploaded to the DGFT server
4. Once the file reaches on server, it is again verified tomake sure that no data tampering has happened during
transit. This provides for integrity verification.5. Whenever, the file has to be reviewed, it can be verified
to make sure that the file is not tampered with duringstatic storage
-
8/2/2019 Digital Sig Ppt1
15/24
Case StudyE-Procurement
-
8/2/2019 Digital Sig Ppt1
16/24
E-Procurement
Procurement using tenders has beenincreasing in complexity and numbers sincesome time
Large tenders with multiple items, goodstenders, multiple L1 scenarios, workstenders, etc. add to the complexity of thetendering
Cartel formation, rigging, informationleakages, modifications etc. plague thetendering system
-
8/2/2019 Digital Sig Ppt1
17/24
E-Procurement Objectives
Enable tendering systems to be used online
Give a much wider reach to tenders
Provide privacy and confidentiality to the
documents within the tenders Keep the information regarding vendors
confidential
Reduce the human interface as much as possibleby allowing the vendors to provide informationand quote online
-
8/2/2019 Digital Sig Ppt1
18/24
INTERNET
Nprocure Servers
Certifying AuthorityServer hosting CRL
VENDORS
BUYERS
E-Procurement - Diagram
-
8/2/2019 Digital Sig Ppt1
19/24
Procurement Buyer Side
1. A buyer logs in to the system using his digitalcertificate
2. The buyer creates and/or uploads a tender
document3. The buyer uploads his public key for vendors to
encrypt the data with
4. Only the buyers digital certificate can decryptthe content uploaded by the vendors
-
8/2/2019 Digital Sig Ppt1
20/24
E-Procurement Vendor Side
1. A vendor logs on to the system using his digitalcertificate
2. The vendor creates and/or uploads a tender
document3. The vendor uses the buyers public key to
encrypt data and digitally signs the content
4. The digital signature and data is verified beforestoring it into the server
5. All digitally signed content is time stamped
-
8/2/2019 Digital Sig Ppt1
21/24
E-Procurement - Gujarat
(n)Code has set up a portal www.nprocure.com forproviding e-procurement services on SaaS basis
(n)Procure has completed more than 6500 tenders ofRs.11000 crores in year 2007 for Govt. of Gujarat
The estimated savings are in the range of 6-8% (n)Procure has received CSI award for the best e-
Governance project in G2B category in 2007 additionto an International award for e-Governance
http://www.nprocure.com/http://www.nprocure.com/ -
8/2/2019 Digital Sig Ppt1
22/24
Digital Certificates Applications
MCA 21 DGFT : Online license applications
Online Income Tax Filing
Banks and Financial Institutions
RTGS IRCTC Ticket booking
E-Procurement : Government of Gujarat
Other State Governments Northern Railway
ONGC, DGS & D..
-
8/2/2019 Digital Sig Ppt1
23/24
Government Online
Issuing forms and licenses Filing tax returns online
Online Government orders/treasuryorders
Online procurement and contractmanagement
E-auctions and reverse auctions
Online file movement system Public information records
Railway reservations & ticketing
e-Education
-
8/2/2019 Digital Sig Ppt1
24/24
Thank you
Jagdeep S Kochar