Features

Now Sign Digitally

DQI Bureau

06 Feb 2006 00:00 IST

New Update

In a major step forward on the e-Gov front, digital signature
certificates can become the authentic and legal identity of an individual

Advertisment

The e-Governance initiative is picking up in
India. Many PSUs and government departments have made online procurement
compulsory. This has increased the rate of phishing and hacking. This in turn
has also increased the demand for high security solutions for transactions.
Thus, the need for digital certificate based authentication and security of
network devices and users is higher.

Set up in 2004, (n)code Solutions, a division of Gujarat
Narmada Valley Fertilizer Company (GNFC), is the certifying authority licensed
by the Department of IT, Government of India for providing digital signature
certificates to individuals and organizations. In Public Key Infrastructure (PKI),
the certification authority procures digital certificates for the individuals,
organizations, and departments, which includes the public key. The private key
is generated by the user using software and is safeguarded by the user himself.
PKI, and digital signature certificates in particular are addressing security
related issues.

Advertisment

The PKI technique was
implemented with certain objectives that included providing a solution
that addresses the basic issues of e-Governance; adding value to the
process in terms of convenience, ease, simplicity, cost effectiveness, and
transparency

The project incorporated by GNFC-IT was envisioned to cater
to e-Governance in the coming years. Most of the organizations are now IT
enabled. IT security being low is one of the deterrents in setting up of a
paperless office. PKI can play a pivotal role in implementing paperless office,
as digital signature certificates are as legal as ink signatures. The setback
though is that almost all organizations have one or the other system in place.
These will take care of the IT needs of the organizations. The personnel, at
times, are also reluctant to learn any new system, which makes a path towards
PKI difficult.

Services Offered By (n)Code
Products	Solutions
(n)Procure	A complete e-procurement solution that hardly requires paper transactions and hence a big step towards e-Governance
(n)Sign	PKI enabled application that helps to deliver digitally signed documents to via mail in a highly secure manner
(n)Pay	PKI enabled web based application that helps in generating the bills, digitally signing them and sending them across via e-mail
(n)Form	PKI enabled web based application that helps in submission of digitally signed forms

Advertisment

PKI Objectives

(n)Code Solutions was setup to act as a licensed certifying authority of
India. The license is provided by the Controller of Certifying Authorities ( CCA
) which comes under the umbrella of the Department of Information Technology,
India. A certifying authority (CA) is an entity that provides digital signature
certificates. Under the Indian IT Act 2000 and the various rules and regulations
framed, a digital signature certificate is admissible in the Indian court of
law. A digital signature certificate, bearing the certificate of licensed CA, is
considered valid and authentic.

The primary objective of (n)Code is to issue digital
signature certificates to the citizens of India and abroad. These certificates,
once issued, become the authentic and legal digital identity of the
individual/company/web server/network device. It is these certificates that
become the core of successful and complete e-Governance. At one point of time,
e-Governance failed to jumpstart as technology had failed to solve the problems
of privacy, authenticity, integrity and non-repudiation with a single solution.
(n)Code Solutions studied the problem and laid the foundation for creating a
world-class infrastructure to enable it to master the PKI. The PKI was literally
the key to most of the problems e-Governance faced.

Thus the PKI technique was implemented with certain
objectives that included providing a solution that addresses the basic issues of
e-Governance; adding value to the e-Governance process in terms of convenience,
ease, simplicity, cost effectiveness, and transparency; setting up an
infrastructure that should cater to all and not make it necessary for the end
user to invest heavily.

Advertisment

Benefits in a Nutshell
Aspect	Pre-PKI	Post-PKI	Effect
Data Security	Least secure data	Highly secure data	Organization relieved from hacking and data integrity.
Secured Transaction (e.g. payment system)	Manual (because online transactions were not secure)	Highly secure (online)	Very less personal contact - Drastic cutdown in time.
Authentication/Verification	Physical and Manual	Digital	Organizations relieved of stamps and physical presence of certificate issued
Sending and receiving forms and certificates	Expensive and time taking postal transactions	Online economical transaction	Drastic cut in cost.
Paper Work	More	Very less	Organizations relieved of maintaining heavy records on paper.
PKI technique assures data security with paperless office implementation. It will also drastically reduce the time factor involved in transactions. As the dependency on external factors will be minimum it will reduce the time taken and remove delay.

Classification of Digital Certificates
Certificates	Description
Class I	These certificates are issued to individuals to allow them to secure e-mail messages
Class II	These certificates are issued to individuals, organizations and Govt depts/agencies. Besides securing e-mails they can also be used to digitally sign and encrypt e-mails, sign web forms and enable subscribers to authenticate themselves to a web server.
Class IIIa	These certificates are issued to individuals for electronic commerce applications such as electronic banking, electronic data interchange (EDI), secure email, web form signing, client authentication, single sign on applications, code signing, authentication for VPN clients and membership-based online services, where security is a major concern.
Class IIIb	These certificates provide assurances of the identity and existence of various organizations, government agencies and departments.
Class IIIc	These certificates are issued to individuals, organizations and government agencies and departments for securing web server. They are used by subscribers, primarily, for SSL server authentication.
Class IIId	These certificates are issued to individuals, organizations and government agencies and departments to ensure security of communication between two VPN devices.

Advertisment

The Cost Effect

It seems the recurring cost of the project is on the issuance of the digital
certificates. In the initial stages of the project, there were incidents
associated with the recurring cost that included the expense of training and
extensive support. The actual turnover rate has not yet been achieved and so the
cost effectiveness may not be quantified on each and every individual
transaction.

But as the e-Governance will pick up and the awareness of
the end users increase, the associated costs will drop drastically. Then, it
will evolve into a service sector completely and the procedures set for a smooth
distribution will be in motion. The turnover rate will increase and then, the
cost effectiveness will be high.

Also, one should keep in mind that there is a notional cost
involvement only as the project proceeds, as it will be utilizing the
infrastructure that needs just one time investment and minimum maintenance.

Advertisment

The project aims to facilitate e-Governance by overcoming
the present challenges. Thus, when implemented full fledgedly, the project shall
offer a high value to the users and the government by reducing its cost in
comparison to the present implementation of the same procedures.

GP
Sahu, MP Gupta

Department of Management Studies, IIT Delhi and

Tanmai Mishra

Department of Physics, IIT Bombay

mail@dqindia.com

Advertisment