digital sig ppt1

8/2/2019 Digital Sig Ppt1

1/24

Application of DigitalSignatures:

Case Studies

Jagdeep S KocharExecutive Director


2/24

What is a Digital Signature Certificate( DSC) ?

Digital Signature Certificate is your PASSPORT onthe Internet used to:

Identify yourself

Help the software application to authenticate you

and:

Help you to secure your data

Give legal sanctity to the transaction


3/24

Physical Signature / Digital Signature

Physical Signature Digital Signature

Physical Signature is just a

writing on paper

Digital Signature encompasses

crucial parameters of

identification

Physical Signature can be

copied

It is IMPOSSIBLE to copy a

Digital signature

Physical Signature does not

give privacy to content

Digital Signature also enables

encryption and thus privacy

Physical Signature cannot

protect the content

Digital Signature protects the

content


4/24

DSC AND THE LAW

Major provisions of the Indian IT Act Legal recognition to electronic contracts /

records Legal recognition to digital signatures

Digital signature to be effected by use ofasymmetric crypto system and hashfunction

Usage of electronic records and digital

signatures in government and its agencies Retention of electronic records


5/24

Case StudyIPO


6/24

IPO - Business Background

Indian Patent Office processes patent, trademark andcopyright applications

Manual processing of applications had become tediousand unmanageable as the numbers have increaseddrastically

Manual system has issues of abuse and corruption Manual processing is slow and innovators want fast

registrations As the system is secretive in nature, manual processing

has its own issues

All this in the backdrop of need to encourage innovation inthe Indian Industry


7/24

IPO Online Objectives

Enable entire IPO system to accept onlineapplication

Innovators can file applications online from

anywhere in the world The system can process entire application

without any human intervention

All applications submitted are digitally timestamped


8/24

IPO PKI Implementation Diagram

User Connectedvia Internet

Servers at IPO

DigitallySigned

Document

DigitalSignature

Verification

CRLverified byCA Server


9/24

IPO Trademark Application

1. PKI & Digital certificates are used for two applicationseTMR (eTrademark Registration) & Online PatentsRegistration

2. eTMR is an entirely online application. Digital certificates

are used for authentication & data (Form) signing3. Applicant enters all details and then is requested to sign

the data using a Digital certificate.

4. Applicant selects his/her own certificate. The data

entered on the form is signed using the certificate


10/24

IPO Patents Application

1. Online Patents application works in dual (Offline as wellas online) mode. The offline module is downloaded bythe applicant and installed on his/her own PC.

2. The data entered by the applicant is gathered by the

offline module and is written to a file.3. The file is then signed using users Class III digital

certificate and uploaded to the IPO server using onlinemodule

4. Once the file reaches the server, it is verified for dataintegrity, certificate authenticity / validity and stored onthe server for further processing


11/24

Case StudyDGFT


12/24

DGFT Business Background

DGFT processes requests and issues Importand Export licenses

DGFT has multiple schemes under which

different licenses are issued There are hundreds of licenses which need to

be processed every day

Manual processing is slow and prone toabuse and corruption


13/24

DGFT Online Objectives

Enable users to be able to file licenseapplications online

Enable software to handle different schemes

like DEPB, EPCG, etc. automatically Approval of overall applications done online

Speedier processing of the licenses

Better MIS, audit trails and accountability


14/24

DGFT Online application

1. User can login only using Digital Certificates which haveIEC number

2. User creates document (typically *.doc word file ) anddigitally signs it

3. A file is generated which is a digitally signed documentand uploaded to the DGFT server

4. Once the file reaches on server, it is again verified tomake sure that no data tampering has happened during

transit. This provides for integrity verification.5. Whenever, the file has to be reviewed, it can be verified

to make sure that the file is not tampered with duringstatic storage


15/24

Case StudyE-Procurement


16/24

E-Procurement

Procurement using tenders has beenincreasing in complexity and numbers sincesome time

Large tenders with multiple items, goodstenders, multiple L1 scenarios, workstenders, etc. add to the complexity of thetendering

Cartel formation, rigging, informationleakages, modifications etc. plague thetendering system


17/24

E-Procurement Objectives

Enable tendering systems to be used online

Give a much wider reach to tenders

Provide privacy and confidentiality to the

documents within the tenders Keep the information regarding vendors

confidential

Reduce the human interface as much as possibleby allowing the vendors to provide informationand quote online


18/24

INTERNET

Nprocure Servers

Certifying AuthorityServer hosting CRL

VENDORS

BUYERS

E-Procurement - Diagram


19/24

Procurement Buyer Side

1. A buyer logs in to the system using his digitalcertificate

2. The buyer creates and/or uploads a tender

document3. The buyer uploads his public key for vendors to

encrypt the data with

4. Only the buyers digital certificate can decryptthe content uploaded by the vendors


20/24

E-Procurement Vendor Side

1. A vendor logs on to the system using his digitalcertificate

2. The vendor creates and/or uploads a tender

document3. The vendor uses the buyers public key to

encrypt data and digitally signs the content

4. The digital signature and data is verified beforestoring it into the server

5. All digitally signed content is time stamped


21/24

E-Procurement - Gujarat

(n)Code has set up a portal www.nprocure.com forproviding e-procurement services on SaaS basis

(n)Procure has completed more than 6500 tenders ofRs.11000 crores in year 2007 for Govt. of Gujarat

The estimated savings are in the range of 6-8% (n)Procure has received CSI award for the best e-

Governance project in G2B category in 2007 additionto an International award for e-Governance
http://www.nprocure.com/http://www.nprocure.com/


22/24

Digital Certificates Applications

MCA 21 DGFT : Online license applications

Online Income Tax Filing

Banks and Financial Institutions

RTGS IRCTC Ticket booking

E-Procurement : Government of Gujarat

Other State Governments Northern Railway

ONGC, DGS & D..


23/24

Government Online

Issuing forms and licenses Filing tax returns online

Online Government orders/treasuryorders

Online procurement and contractmanagement

E-auctions and reverse auctions

Online file movement system Public information records

Railway reservations & ticketing

e-Education


24/24

Thank you

Jagdeep S Kochar

[email protected]

digital sig ppt1

Documents