Application of Digital Signatures: Case Studies

Jagdeep S Kochar
Executive Director

What is a Digital Signature Certificate ( DSC) ?

Digital Signature Certificate is your PASSPORT on the Internet used to: Identify yourself Help the software application to authenticate you

and:
Help you to secure your data Give legal sanctity to the transaction

Physical Signature / Digital Signature

Physical Signature Digital Signature

Physical Signature is just a Digital Signature encompasses writing on paper crucial parameters of identification Physical Signature can be It is IMPOSSIBLE to copy a copied Digital signature Physical Signature does not Digital Signature also enables give privacy to content encryption and thus privacy Physical Signature protect the content cannot Digital Signature protects the content

DSC AND THE LAW

Major provisions of the Indian IT Act

Legal recognition to electronic contracts / records Legal recognition to digital signatures Digital signature to be effected by use of asymmetric crypto system and hash function Usage of electronic records and digital signatures in government and its agencies Retention of electronic records

Case Study IPO

IPO - Business Background

Indian Patent Office processes patent, trademark and copyright applications Manual processing of applications had become tedious and unmanageable as the numbers have increased drastically Manual system has issues of abuse and corruption Manual processing is slow and innovators want fast registrations As the system is secretive in nature, manual processing has its own issues All this in the backdrop of need to encourage innovation in the Indian Industry

IPO Online Objectives

Enable entire IPO system to accept online application Innovators can file applications online from anywhere in the world The system can process entire application without any human intervention All applications submitted are digitally time stamped

IPO PKI Implementation Diagram

Digitally Signed Document

CRL verified by CA Server

Digital Signature Verification

User Connected via Internet Servers at IPO

Servers

IPO Trademark Application

1. PKI & Digital certificates are used for two applications eTMR (eTrademark Registration) & Online Patents Registration 2. eTMR is an entirely online application. Digital certificates are used for authentication & data (Form) signing 3. Applicant enters all details and then is requested to sign the data using a Digital certificate. 4. Applicant selects his/her own certificate. The data entered on the form is signed using the certificate

IPO Patents Application

1. Online Patents application works in dual (Offline as well as online) mode. The offline module is downloaded by the applicant and installed on his/her own PC. 2. The data entered by the applicant is gathered by the offline module and is written to a file. 3. The file is then signed using users Class III digital certificate and uploaded to the IPO server using online module 4. Once the file reaches the server, it is verified for data integrity, certificate authenticity / validity and stored on the server for further processing

Case Study DGFT

DGFT Business Background

DGFT processes requests and issues Import and Export licenses DGFT has multiple schemes under which different licenses are issued There are hundreds of licenses which need to be processed every day Manual processing is slow and prone to abuse and corruption

DGFT Online Objectives

Enable users to be able to file license applications online Enable software to handle different schemes like DEPB, EPCG, etc. automatically Approval of overall applications done online Speedier processing of the licenses Better MIS, audit trails and accountability

DGFT Online application

1. User can login only using Digital Certificates which have IEC number 2. User creates document (typically *.doc word file ) and digitally signs it 3. A file is generated which is a digitally signed document and uploaded to the DGFT server 4. Once the file reaches on server, it is again verified to make sure that no data tampering has happened during transit. This provides for integrity verification. 5. Whenever, the file has to be reviewed, it can be verified to make sure that the file is not tampered with during static storage

Case Study E-Procurement

E-Procurement
Procurement using tenders has been increasing in complexity and numbers since some time Large tenders with multiple items, goods tenders, multiple L1 scenarios, works tenders, etc. add to the complexity of the tendering Cartel formation, rigging, information leakages, modifications etc. plague the tendering system

E-Procurement Objectives
Enable tendering systems to be used online Give a much wider reach to tenders Provide privacy and confidentiality to the documents within the tenders Keep the information regarding vendors confidential Reduce the human interface as much as possible by allowing the vendors to provide information and quote online

E-Procurement - Diagram
VENDORS BUYERS

INTERNET

Nprocure Servers

Certifying Authority Server hosting CRL

Procurement Buyer Side

1. A buyer logs in to the system using his digital certificate 2. The buyer creates and/or uploads a tender document 3. The buyer uploads his public key for vendors to encrypt the data with 4. Only the buyers digital certificate can decrypt the content uploaded by the vendors

E-Procurement Vendor Side

1. A vendor logs on to the system using his digital certificate 2. The vendor creates and/or uploads a tender document 3. The vendor uses the buyers public key to encrypt data and digitally signs the content 4. The digital signature and data is verified before storing it into the server 5. All digitally signed content is time stamped

E-Procurement - Gujarat
(n)Code has set up a portal www.nprocure.com for providing e-procurement services on SaaS basis (n)Procure has completed more than 6500 tenders of Rs.11000 crores in year 2007 for Govt. of Gujarat The estimated savings are in the range of 6-8% (n)Procure has received CSI award for the best eGovernance project in G2B category in 2007 addition to an International award for e-Governance

Digital Certificates Applications

MCA 21 DGFT : Online license applications Online Income Tax Filing Banks and Financial Institutions RTGS IRCTC Ticket booking E-Procurement :
Government of Gujarat Other State Governments Northern Railway ONGC, DGS & D..

Government Online
Issuing forms and licenses Filing tax returns online Online Government orders/treasury orders Online procurement and contract management E-auctions and reverse auctions Online file movement system Public information records Railway reservations & ticketing e-Education

Thank you

Jagdeep S Kochar jskochar@ncodesolutions.com