Use of digital signature in e-Governance
applications
BY
NIC-Bangalore
Security Requirements
• Authentication
– Proving the identity of an entity (e.g., a person, a
computer terminal, etc.) for what it claims to be.
• Confidentiality
– Keeping Information secret from all but those
who are authorized to see it.
• Integrity
– Ensuring information has not been altered by
unknown or unauthorized means.
• Non-repudiation
– Preventing the denial of previous commitments or
actions.
.. Security Requirements
• Availability
– Legitimate users have access when they
need it
• Access control (Authorization)
– Unauthorized users are kept out
Vulnerable G2G Applications
 Electronic Mail
 Electronic Transfer of Data
 Office Procedure Automation
– File Tracking and Monitoring
– Electronic File Movement
 Archival of Government Records
 Data built by any automation process
Vulnerable G2B& G2C Applications
 E-Procurement
 Passport Applications
 Land Records
 Tax Returns
 Bill payments
 Licenses
Encryption and Decryption
Encryption
Decryption
Cipher Text
Digital Signature
Digital Signature is :
A mechanism to sign electronic documents
“electronically”.
Equivalent to the hand-written signature in
the real world.
Message dependent
Digital Signature Provides
Integrity, Authentication, Nonrepudiation
Electronic mail
e-mail has become an acceptable
means of information communication
 ensuring integrity and non-repudiation
is a necessity
 e-mail clients now provide a feature to
digitally sign electronic messages
NIC, Bangalore
Electronic mail
• Sender sends a digitally signed
message using client
• Sender uses his / her private key
• Receiver is able to view the message
by using sender’s public key
– Authenticity of the message
– Integrity of the message
• All this is in the electronic format
NIC, Bangalore
Electronic mail
Demonstration
NIC, Bangalore
Electronic mail
NIC, Bangalore
Electronic mail
NIC, Bangalore
Electronic mail
NIC, Bangalore
Electronic mail
NIC, Bangalore
E-Procurement
• Sender uses public key of the tender
accepting authority
• Tender accepting authority uses his /
her private key to open the document
• Software takes care of bringing to the
notice of the tender accepting authority
if there is any alteration
NIC, Bangalore
Nemmadi
is an e-Governance project
that provides citizens,
an IT interface to avail
services offered by the Government
IN THEIR VILLAGE ITSELF
NIC, Bangalore
Nemmadi – the players
 A project of the Government of Karnataka
 The objective is to provide a one stop shop all the citizen’s
interactions with the Government and businesses
 National Informatics Centre, Bangalore has designed and
developed the software for Nemmadi for G2C services.

 800 tele-centres through out the state at Hoblis
 Implemented through PPP
NIC, Bangalore
Nemmadi - What is offered ?
 Services
In the form of certificates / documents.
 Social Security Schemes
In the form of sanction orders
 Information Dissemination
Procedure & Forms for Services / Schemes of all
departments.
 e-Notice Board
Provide a forum for placing and viewing advertisements
 Citizen Database
Reduce the service time
NIC, Bangalore
Nemmadi – G2C services and schemes
Birth certificate
No tenancy Certificate
Agriculturist Certificate
Death certificate
Agri Labour Certificate
Non-Creamy layer certificate
Population certificate Land holding certificate Caste Certificate for SC/ST
Living Certificate
Residence Certificate
Caste Certificate for Cat-A
Solvency Certificate
Bonafide Certificate
Non-creamy layer Certificate
Land less Certificate
Income Certificate
Caste & Income Certificate
Birth registration
Death registration
Unemployment Certificate
OBC Certificate for
GOI Jobs
Agri Family member
Certificate
No Govt. Job certificate for
compassionate appointment
Non-Re-marriage
Certificate
Small & Marginal
Former Certificate
Income certificate for
compassionate appointment
Surviving Family
Member Certificate
Sanction orders for
Pensions (PH, OAP
,DWP,SSS,NSAP)
NIC, Bangalore
Nemmadi – Architecture
NIC, Bangalore
Nemmadi – Significant features




Services provided at the village level
Requests are accepted in OFFLINE mode also
KIOSK operator to provide services on turnkey basis
Provision to scan the application and associated
documents - Less paper flow
 Workflow application
 Hybrid model with both computer and manual
process merged appropriately
NIC, Bangalore
Nemmadi – Flow of requests
 Tele-centres accept requests
 Sent to the State Data Centre (SDC)
 The request then is routed to the taluk office
The taluk office houses the server which stores the
transactions
 The officials process the requests from the back office
 Data gets replicated both ways between SDC and
Taluk server
 Tahsildar digitally signs the electronic details using his
private key
 Digitally signed certificates can be printed at the telecentres
NIC, Bangalore
Nemmadi – Technology






A smart client application developed on .Net platform
Offline mode supported
Unicode for data storage
Bilingual
Bio-Metric authentication for non-repudiation
Scanner and Web cam interface for capturing
documents and photographs
 PKI for digitally signing documents & verifiable
 Bar-coded certificates / sanction order on
watermarked stationery
 RDS is a n-tier application
NIC, Bangalore
Digitally signing documents in RDS
– The certificates / endorsements are signed
digitally by the Tahsildhar.
– The XML representing the certificate is first
hashed.
– The hash of the XML is signed using the
private key of the Tahsildhar.
– The digital signature thus obtained is stored
in the database.
– The digital signature is transcribed onto the
physical certificate as a 2-D barcode.
– Over the counter re-issue of certificates
Digitally signing documents in RDS
Verification of certificates
• Every certificate is identified by a unique
key called the request-ID
• The bar code contains the request ID
concatenated with the digital signature
• Verification of the document is done to
satisfy the recipient that the document’s
contents was not tampered
Purpose For Verification
GoK is issuing signature less certificates /
sanction orders for various services and
schemes and delivered from both the
Hobli Telecentres and the Taluka office.
Needles to say, the eco-system needs to
be put in place to ensure that certificates
are verified before accepting the same for
delivering benefit to the citizens.
Types Of Verification
Verification methodologies
Web Based
Offline
SMS based
Request Id
Request Id
Bar Code
Bulk
Requests
Web Based Verification Using Req.Id
Connect to
http://202.138.101.172/rdscertificateverific
ation/RDSCV-VerifyRequestIdPage.aspx.
Input Request Id
and Click Verify.
Web Based Verification Using Req.Id
.
Compare the certificate with hard copy
Web Based Verification Using Bar Code
Connect to
http://202.138.101.172/rdscertificateverification/RD
SCV-VerifyBarCodePage.aspx..
Use a barcode reader to
read the 2-D bar code
printed at the bottom of
the certificate
Offline Verification
Fully Independent Verification
does not require an internet connection
does not have dependence on the content on website
rugged of all the processes.
The user needs to download and install a verification utility
custom developed for Nemmadi
Stepwise procedure to download and install the verification utility
and supporting tools given at website
Challenge : typing the contents exactly as certificate verification
will not be successful even if there is a small change in the
Web Based Verification Using SMS
Verification of single request using SMS
SEND SMS :- <REQUEST ID>TO
NUMBER
EXAMPLE
:- SUL01110100044 TO
OUTPUT
:- Taluk name Hobli Village
APPLICANT NAME Father / Husband’s
name reservation-category caste income
date –of-printing-of-certificate
Financial Inclusion
• Identification of beneficiaries
• Enrolment
• de-duplication
• Smart card preparation
• Disbursement of pension
• Management and monitoring
19.9.1009
National Informatics Centre
Bangalore
Financial Inclusion
• Platform for data interchange has been
build
• List of beneficiaries to be paid pension
is generated and digitally signed (pdf)
• Treasury verifies this and compares the
amount against the treasury bill
• Similarly banks also verify the list
before crediting the amount to the a/c
19.9.1009
National Informatics Centre
Bangalore
Architecture
SDC / Central
Server
TALUK A
KSWAN
Gram
Panchayat
Client
D
E
D
E
U
P
L
I
C
A
T
I
O
N
INTERNET
E
N
R
O
L
M
E
N
T
19.9.1009
MIS SERVER
BANK
National Informatics Centre
Bangalore
BANK
Payment