01 - Usage of PKI in E-Procurement - Mr. J S Kochar

8/12/2019 01 - Usage of PKI in E-Procurement - Mr. J S Kochar

1/32

Presented by

J S Kochar

Executive Director

(n)Code Solutions A Division of GNFC Ltd.

PKI and e-Procurement

- An Indian perspective


2/32

Mail Received Today Mornin

From : Sheikh Mohammed sheikmohamed003@yahoocn!

My na!e is S"ei#" Mo"a!!ed. $ a! a dyin !an %"o "as decided to

donate

t"e su! of &'!illion dollars to you for t"e ood %or# of "u!anity.lease contact !e via *!ail at+s"ei#!o"a!ed,,-ya"oo.cn

for detailed infor!ation on t"is no/le 0ro1ect of !ine.

lease note t"at $ "ave 2$LL*D &'! to you /y 3uotin !y 0ersonal

reference nu!/er

A#a45ds4674'8-,49tr$477ln4de.so t"at i can confir! t"at you actually

received !y e!ail notice to you.

2assala! and reards:

S"ei#" Mo"a!!ed.
http://cn.mc922.mail.yahoo.com/mc/[email protected]://cn.mc922.mail.yahoo.com/mc/[email protected]


3/32

e-Security creates confidence

Takes care of PAIN of online Transactionsq Information can be kept private

PRIVACYq Identity of an individual is assured

AU !N ICA I"Nq Information cannot be manipulated

IN !#RI Yq Information cannot be diso$ned

N"N%R!PU&IA I"N


4/32

Common e-Security Technologies

Authentication Confidentiality Integrity Non-repudiation

Anti-virus

Firewalls

Access Control

Encryption

Public KeyInfrastructure


5/32

Di"ita# Si"nature

q A di'ital si'nature is not a di'iti(ed form of si'nature

q A di'ital si'nature $ill be UNI)U!for every document *si'ned+by an individual

q Private key and public key are uni,ue to t-e subscriber and

q &ata !ncrypted $it- Public .ey/ can only be decoded by

correspondin' Private .ey

q Impossible to decrypt data $it-out Private .ey

Unbreakable igital Security

e% oken


6/32

*lectronic docu!ents of any ty0e and any lent"can /e diitally sined as follo%s...

An electronic docu!ent is fed into a one;%ay "as"alorit"! (S9A;') to 0roduce a fi


7/32

S!A

-$PU%

Public

Key

DigitalSignature

Algorithm

T"e oriinal docu!ent is used to re;co!0ute t"e one;%ay"as" value

Signed

ocument

T"e sinature is fed into t"e Diital Sinature Alorit"! usin

t"e 0u/lic #ey of t"e siner (fro! t"eir certificate) and0roducin %"at s"ould /e t"e sa!e "as" value

Finally: t"e t%o "as" values are co!0ared to see if t"ey are

e3ual

$f t"e "as" values are e3ual: t"en t"e sinature is valid?i.e.,t"e source is aut"enticated and t"e docu!ent "as not/een !odified

$f t"e "as" values are note3ual: t"en t"e sinature is

inva#id?i.e.,eit"er t"e source is not %"o t"ey clai! to /eor t"e docu!ent "as /een !odified

&'

()S

*+

!ash!ash

#alidating a igital Signature


8/32

igital Signature , the a.

q T-e IT Act 0111 $it- amendment in 0112/ provides 3

4or le'al and re'ulatory frame$ork for promotion of

e%Commerce and e%#overnance

4or appointment of Certifyin' Aut-orities to issue &i'ital

Certificates

4or le'al validity of !lectronic transactions 5 contracts and

records

T-e le'al frame$ork for electronic filin' of documents

Publication of official 'a(ette in electronic form


9/32

e-Procurement


10/32

Ma$or Dra%backs o& 'onventiona# System

q Discri!ination in issue of tender sc"edules

q "ysical t"reats to /idders

q Cartel for!ation ; su00resses co!0etition

q $nordinate delays in tender finaliation

q 9u!an interface Mani0ulations: Ta!0erin

q $nade3uate trans0arency

Procurement Challenges


11/32

Comparison

Conventional system e-Procurement

Bffline Bnline

Manual records in 9ardco0y a0erless records in softco0y

Manual Neotiation Auto Neotiation4Reverse

AuctionLi!ited Co!0etition Glo/al Co!0etition

Manual rocess Auto!ated rocess

Ti!e Consu!in *fficient rocess

uyer Friendly ser (uyer E idder) Friendly

Butdated Data Real ti!e 0dated Data


12/32

e-Procurement 6Advantages on

Conventional system

q

Strea!lines t"e entire 0rocedures

q rea#s t"e cartel For!ation

q $ncreases Trans0arency in ad!inistration

q Reduces 0rocessin cost

q Anyti!e E Any%"ere rocess


13/32

e-Procurement #alue Chain


14/32

Buyeror

Supplier?User Login

TenderCreation

PublishTender

User Login

Corrigendum

BidSubmission

Bid Edit

Final BidSubmission

Tender Available or BidSubmission

Supplier

Buyer

Bid Evaluation

!esult Sharing

BidA"#no$ledgeme

nt

e-Tender / Process Cycle


15/32

e-Procurement / Indian Scenario

q E(P!odule for )ndentin"* +endor Mana"ement , )nventory

sers + rivate Sector: Ss+ BNGC: GA$L: *ML

q e-.enderin"/e-uctiont"rou" SP4 FMP !odule

sers + Central Ministries : State Govt.: Ss+

GoG:GoA:Go

q e-Paymentst"rou" 0ay!ent ate%ay /uc#et

sers + A Govt.: Govt. of Gu1arat:


16/32

e-Procurement / Indian Scenario

Early Movers

qState 1ovt ; A: Gu1arat

qMinistry / De2t; $ndian Rail%ay: DGSED: RCF

q)' ; MGS: Brissa E TN Govt.

qDel"i Munici0al Cor0oration

qPS4sli#e BNGC: GA$L: NTC: 9*L: $FFCB

Increasing Adoption

q State 1ovt ; Del"i: 5"ar#"and: 9aryana:

C"attisar": arnata#a

q

1ovt 5odies ; SCL: STCL: MLN:So!e State 2Ds E r/an Aut"orities

q 5anks ; S$: $: Canera an#

q Port Trust Aut"orities T: CT: MDL

q PS4s; D$L: R$9CB: NFL: MMTC: etc


17/32

e-Procurement

Stage / 0


18/32

Determine where you are going based on

E-procurement strategy

Technology options

Assess your capabilities

Technology

Processes

People

Trading Partners

Recognize that multiple paths exist

Choose the path that Meets strategic intent

Capitalizes on strengths

s technically !easible

s promoted by leadership and supported by sta!!

s realistic" clear and manageable

1ay 2or.ard / Plan a "oute

6 .hink bi"* start sma## %ith ear#y success 7


19/32

Poli"y %Legal

Frame$or#

Te"hnology &nstitutionalChange

'uman!esour"es

#o$ernment

%eadership

Policy & %egal 'ramewor(

e(Pro"urement strategy

!oles % !esponsibilities

Enabling environment

Fle)ibility

)uman Resources

A$areness raising

Capa"ity building

Buy(in

nstitutional ChangesPro"urement pro"ess *BP!+

,rgani-ational stru"tures

Technology

&nrastru"tureCompatibility % standards

S"alability % se"urity

e(Pro"urement system o$nership

#o$ernment %eadership

Ta#ing the driver.s seat

/ision and goals

Colle"tive "ommitment or "hange

Partnerships $ith private industry

e-procurement / Key Inputs


20/32

3u4arat e-Procurement

- A Case Study


21/32

e-Procurement in 3u4arat

Pro$ect (o##out :

q All Govern!ent De0art!ents

q oards: Cor0orations E Nia!s

q Munici0alities: Naar0ali#a E r/an Develo0!ent Aut"orities

q Ss and 0rivate $nstitutions in Gu1arat

)nitia# 'ha##en"es :

q Govern!ent rocess Re;enineerinq Trainin of all t"e De0art!ents and %"ole Su00lier Co!!unity

q ser s0ecific re3uire!ent and consideration

q Security related re3uire!ents and consideration


22/32

{EFA7A904-A26B-430C-93E8-1A64ED62769E}

*o!tware Application

,ngoing evolution

{1D5E4C63-0B91-4393-BABF-83DCA1925898}

Digital Certi!icates +%icensed Certi!ying Authority,

entation o e(tendering by Li"ensed CASaaS modelFriendly and &ntuitive &ntera"e

{077FF4E8-08B3-4FAF-932C-8F4066037947}{EC9D513E-BB6C-471C-B4FD-BB202DFA3EB4}{6297575C-BB02-4A1C-9BCD-9F18AA27E303}

Assured Availability

{321D5FA4-F00A-408B-BA19-D78253D26FBA}

Assuran"e o Physi"al as $ell as Logi"al

{DD055E45-DA21-4360-B593-42A57FDF7124}

Tier &&&0 Data Center

{B335A760-7829-4925-8FF2-2ADF537B45C3}

*ecurity and A$ailability

{4D7C97FC-0459-454E-AD92-2B705BAA3315}

Training and *upport

!emote SupportE)tensive training sessions&ntera"tive training materialCall Centerssuan"e in(house to establish trust

5n6Procure / The Pillars


23/32

5n6Procure Assurance

q Tier $H Data Centre %it" "ot D.R. Site

q Security and usiness Continuity olicies

q Strict co!0liance to $T Act and CHC uidelines

q Scrutiny /ased e!0loy!ent 0ractices

q Continuous learnin and evolvin for latest solutions

q *!0o%erin t"e overn!ent

I8,J of clients are self;de0endent /y no%


24/32

!o. .e secured our Portal+

q 'K /it SSL ena/led site

q Diital Certificate serna!e4ass%ord /ased Loin

q Ti!e Halidity (Certificate e


25/32


26/32

)7clusive on 5n6Procure

Features

qRe!ote B0enin Co!!ittee

q

Bnline re;/id

qe;Li/rary

qDyna!ic Co!0arative Re0orts

qBnline Results E e!ails

qAudit Trail

qac#u0 Arc"ival

Functiona#ity

q

B 4 2BRs tenderin %it" Tender consolidated vie%

Dyna!ic for! desinin

Dyna!ic co!0arative re0orts

$dentity of tender o0eners Bn;line result s"are

A/stract E Su/;%ord re0orts

q BM 4 GBBDs Tenderin %it"

Ta


27/32

q More t"an 7-:,,, tenders for 'O, ser De0art!ents %it"out

sinle failure

q A sinle tender of Rs. -,, Crore conducted successfully for

Gu1arat State *lectricity Cor0oration for i!0orted coal 0urc"ase.

q SMC conducted sinle tender for 'KKO ite!s successfully %it"!ulti;o0tional co!0arative re0orts of PK 0arties

q G2SS conducted a tender for 76, ite!s successfully %it" 76,

L' ran#in re0orts

q CMSB conducted one tender for Medicine ite!s %"ere -'

su00liers too# 0art.


28/32

s on February 8099

5n6Procure 53o36 62acts and 2igures

0

2

4

6

8

10

12


29/32

5n6Procure / Savings to 3ovt of 3u4arat

Man-day Savin" throu"h e-.enderin"

Savins for Docu!ent Distri/ution E Collection O., Man Days

Savins %"ile Tender *valuation "ase KP.6 Man Days

Savin" throu"h on-#ine tenderin" ;Per .ender<

Savins on Advertise!ent cost K,:,,,

Savins on Stationary E Distri/ution Cost P:8,,

Man Days Savin on evaluation 0rocess P6:K6,

.ota#;22roximate< =>*9=0

Sa!0le /ase of P,, tenders


30/32

)ncapsulated Advantage /

Trust , Technology

q Reduction in false /idders

q Reduction in cycle ti!e for tender 0rocess

q Co!0etitiveness of ids

q 9i" Level of Trans0arency

q Reduction in Corru0tion at Govt. offices

Study Re0ort /y $$M: A"!eda/ad for Gu1arat e;rocure!ent


31/32

Important essons

q e;rocure!ent is a very effective %ay 0rocure!ent es0.

overn!ent and 0u/lic 0urc"ases

q Diital Sinatures 0lay a very i!0ortant role for security of

e;0rocure!ent 0rocess

q Successful e;0rocure!ent initiatives derive "eavily on+

Govern!ent initiative and co!!it!ent

Strent" of Tec"noloy and security

ca0acity uildin and Tranin


32/32

Documents

01 - Usage of PKI in E-Procurement - Mr. J S Kochar