July 2011 Prof. Bae, KyoungYul SangmyungUniversityunpan1.un.org/intradoc/groups/public/documents/ungc/unpan046553.pdf · July 2011 Prof. Bae, KyoungYul SangmyungUniversity. ... Digital

PKI, Digital Signature and e-Governmente-Government

July 2011

Prof. Bae, Kyoung Yul

Sangmyung University

Contents

01 Introduction

Digital Bangladesh

Information Security

02

03

PKI &Digital Signature

PKI Services in Korea

Future Works

04

05

06

2/75

01 Introduction

Digital Bangladesh


02

03



Future Works & Conclusion

04

05

06

3/75

Introduction

• Digital – Generates, stores, and processes data in terms of two states: positive and non-positive.

– A digital system uses discrete (discontinuous) values, usually but not always symbolized numerically (hence called "digital") to represent information for input, called "digital") to represent information for input, processing, transmission, storage

– Digital technology is primarily used with new physical communications media. Electronic transmission was limited to analog technology, which conveys data as electronic signals of varying frequency or amplitude that are added to carrier waves of a given frequency.

4/75

Introduction

• Digital Natives

Digital Immigrant Digital Natives

How they

handle

information

Slow & controlled from

limited channels

Quickly from multiple

sources

How they view

information

Text before pictures,

sounds and video

Pictures, sounds and video

before text

How they

process

information

Sequential, linear and

logical

Random access to

hyperlinks multimedia

information

5/75

Introduction

• Data

– Raw, non-summarized and

unanalyzed facts and figures

• Information

– Data that have been converted into a meaningful and useful context for the receiver

6/75

Introduction

• Why Digital?

Voice Data

Internet

IT/Service/NetworkDigitalization

Audio DMB, DMCConvergence

Wireless Broadcast

Satellite

Internet

Entertain

ment

InformationEducation

Computer

Tele

communi

cation

Appliance

Devices Contents

가나다라 A B C D

0101101001011···

Video

Text

Digital Home Media Center MP3, MPEG

7/75

Introduction

• Digital Risky?

– It may take a considerable processing time

– It can be hard to reduce noise

8/75

Introduction

• IT Convergence

Convergence

IT Service, Computing Networking,

Information Devices

BroadbandBroadband

High Data Processing Power

Real Time Information Processing

Ubiquity

Anytime, Anyplace,

Any Device, Any Platform,

Mobility, Accessability

Seamless

Intelligence

Artificial Intelligence

Context Awareness Service

9/75

Introduction

• IT Prediction– Gartner Research: Hype Cycle of Emerging Technologies, July 2009

10/75

Introduction

• Mobile App– YouTube, Game, Entertainment, Fun etc

– Location, Public Services

– Augment Reality

– One source - multi users

EEEEEEEEEEE

EEEEEEEEEEEEE

11/75

Introduction

• Mobile Services

FUN INFORMATIONSocial Network

12/75

Introduction

• Technology Paradigm

가치의원천변화

Convergence

Technology Improve

Material Industry : SIC, Embedded S/W, FPD, 2nd Batter

Broadcasting Industry : Video, Software, DMB

Eletronic Industry: Home appliance, Home networking,Telemetics, HD DVD,

Changing of Value FoundationChanging of

Value Foundation

ConvergenceConvergence

Desiring for Healthy LifeDesiring for Healthy Life

Highly Customer needs

Cultural Contents : Entertainment, Game, Digital Contents

Medical Industry : DNA, Biomedical DB

Broadcasting Industry : Video, Software, DMBAdvanced Communication

Service Industry : Financial,Logstics,Banking

Environment/Energy : Micro Cell & Fuel

Convergence

Convient

Mobility

ConvientEntertainment

Mobility

13/75

01 Introduction

Digital Bangladesh


02

03




04

05

06

14/75

Digital Bangladesh

• National IT Strategy

Canada

United Kingdom

100% of Government Services

Online by 2005

100% of Government Services Online

by 2005

More than 50% as of End of 2001

74% Estimated by End of 2002

Japan

Establishment of e-Government

United States

Australia

Government Services

&Documents Online by 2003

100% of Federal Government

Services Online by 2001

90% Have Met This Target

Establishment of e-Government

by 2003

Korea

100% of Government Services

Online by 2006

15/75

Digital Bangladesh

• National IT index– Infrastructure index

source: un e-government survey 200816/75

Digital Bangladesh

• Asia IT– E-participation index: one tool that enables governments to dialogue with their citizens


Digital Bangladesh

• Use of ICT in Governance

– United Nations E-Government Survey 2010

– Bangladesh is ranked 134.

Source: Bangladesh Computer Council, 2010

18/75

Digital Bangladesh


– Critical factors in implementing e-government in

Bangladesh

Source: Success and Failure Factors for e-Government projects implementation in developing countries:

A study on the perception of government officials of Bangladesh, Chowdhury Golam Hossan, 2006

19/75

Digital Bangladesh

• ICT enabled connected Governance


Digital Bangladesh

• The application of ICT in interactions between– Government and Citizens

– Government and Businesses

– Government and Employees

– Government and Government– Government and Government

Publish Interact Transact Integrate Transform

Information

available

online

Two-way

communicationTransaction

handled

online

Process,

system and

organisational

integration

Entirely new

services delivered

cross-agency

through a

centralized

enterprise portal

21/75

Digital Bangladesh


– Constraints and Recommendations

� Inadequate Access to ICT

� Create one-stop government

portal

Constraints Recommendations

� Inadequate Access to ICT

� Public Awareness about ICTs

� Lack of integrated approach

� Lack of regulatory/legal

framework

� Absence of processes and

systems

� Payment Gateway

portal

� Prioritization of Services

� Improve ICT access by citizens

� Emphasize Bangla interface for

citizen services

� Need training and leadership

from the government

� Awareness for the use of Open

Source

� Payment Gateway


22/75

Digital Bangladesh

• Legal Infrastructure & Policy

– 2000: Copyright Act enacted with inclusion of Software and ICT

– 2001: First ICT Policy drafted

– 2002: National ICT Policy adopted

– 2006: ICT Act enacted– 2006: ICT Act enacted

– 2008: Revised Policy Drafted

– 2009: New ICT Policy approved

– 2009: ICT Act 2006 amended

– 2010: Rules for Digital Signature (Certifying Authority)


23/75

Digital Bangladesh

• Building confidence and Security in the

use of ICT

– Network Security Policy

– Cyber Laws: Formulated

– Digital Signature: Law Formulated– Digital Signature: Law Formulated

– Privacy Law: Approved

– Intellectual Copyright: Approved

– Anti Piracy Law: Approved

– Cyber Crime unit : Established

Source: Expert Group Meeting on Regional Cooperation towards Building an Information Society in Asia and the Pacific, 2009

24/75

Digital Bangladesh

�To improve Government

efficiency and promote

interaction between

governments Ministry/

Divisions, Departments,

Districts and Upazillas

by construction of

Government network

infrastructure

�To use ICT system within

the public administration to

improve efficiency and

transparency, reduce

wastage of resources,

enhance planning and raise

the quality of services.


�To maximize the

computerization of work

processes and resources

through integrated

information management

system enabling real time

administration.

�To construct a public network

as a backbone for the

effective implementation of e-

Government

25/75

Digital Bangladesh

• Digital Government for Services

Delivery

– Two sub-components: e-Citizen, e-Admin


26/75

Digital Bangladesh

• e-Citizen services

– Requires: Innovative service design; Suitable delivery channel

– Leads to efficient delivery avoiding face-to-face contact;

• Examples: Ticket info using SMS, bill pay, etc.• Examples: Ticket info using SMS, bill pay, etc.

• e-Administration:

– Encapacitate civil servants;

– Reengineering administrative processes;

• Examples: MPO management at BANBEIS, Custom

House Automation

27/75

Digital Bangladesh

• BanglaGovNet

– It is a Public Network to connect all the Government

entities throughout the country under a single Network.

– To ensure a Basic Infrastructure for e-Government.

– To ensure a Secured Connectivity among all the – To ensure a Secured Connectivity among all the

Government entities.

– To ensure e-Governance through an integrated common

platform


28/75

Digital Bangladesh

• BanglaGovNet

Phase Year wise Plan

Scope of Work

Estimated Budget

(US Dollar)

Main Solutions

Ⅰ(BanglaGovNet)

Apr 2010 ~ June 2014

- National ICT Center( NICTC)

- Ministries/Divisions(45)

- Major Departments ( >100)

- District Offices(64 DICTC)40.21 Million

- E-mail

- Security Solutions

- E-Document

- Government WEB(BanglaGovNet) June 2014 - District Offices(64 DICTC)

- Upazila Offices(64 UICTC)

- Government WEB

- G2G

Ⅱ

(Info-Sarker)

July 2011 ~ Dec 2015

- Expand Network to Upazila level

- Interoperability between Central and Local Govt. Administration

- Development of Bangladesh

Education Network (“BanglaEduNet”)

=> Primary & Secondary level Education

- Connecting High level education Institutions

- Making an ICT-driven society

- Final preparation for Digital Bangladesh

150 Million

- e-Education

- e-Procurement

- e-Financial Services

- e-Local Government

- e-Community

- G2B, G2C, G2P

- Etc


29/75

01 Introduction

Digital Bangladesh


02

03




04

05

06

30/75


• Security– Freedom from risk or danger; safety.

– Freedom from doubt, anxiety, or fear; confidence.

– Something that gives or assures safety, as:

– A group or department of private guards: Call – A group or department of private guards: Call building security if a visitor acts suspicious.• Measures adopted by a government to prevent espionage, sabotage, or attack.

• Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.…etc.

31/75


• Network and Data Security

Identity validation

Confidentiality

Integrity

Non-Receive Repudiation

NetworkNetworkSecuritySecurity

� It must be developed to prevent

many dangerous things (hacking,

illegal forgery) from data transfer

on the internet.

Data Data SecuritySecurity

Identity validation

Confidentiality

Integrity

Non-Sending Repudiation

� It must be developed to prevent

illegal forgery and validation for

stored data.

32/75


• Internet Incident

ratio of 1st

Ratio of Korea

Rank of Korea

31%(USA)31%(USA)

10th

33%(USA)33%(USA)

9t

30%(USA)30%(USA)

4t

31%(USA)31%(USA)

10t

30%(USA)30%(USA)

9t

31%(USA)31%(USA)

10t

Source: www.kisa.or.kr

2%2%10th

2005

9th2006

2%2%

9%9%

56%(USA)56%(USA)

2005

3rd 3%3%

44%(USA)44%(USA)

2006

6th

2004

4%4%

4th 10t

h2007

2%2%

4%4%

26%(USA)26%(USA)

4th

2005

2%2%

26%(China)26%

(China)

11th

2006

31%(USA)31%(USA)

15th

2007

2%2%3%3%

25%(UK)25%(UK)

9th

2004

3%3%

33%(USA)33%(USA)

9th2007

9%9%

60%(USA)60%(USA)

2004

2nd

9th20071/2

3%3%10th20072/2

2%2%

33/75


• Security Challenge

Leakage of the personal Inf.

Sales of 6 MM DB Server is hacked by

------------ --------

source: www.kisa.or.kr

Sales of 6 MM

customer information

to telemarketing

company for 2yrs

Sales is controlled by

the board of directors

DB Server is hacked by

hackers (2008.4.)

10 MM customers’

personal information

including banking A/C

34/75


• Information Security

– Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.investments and business opportunities.

– To achieve business objective

35/75


• Information Security

Confidentiality

Integrity

Processing

Storage

Transmission

Information States

Integrity

Availability

Policy & Procedures

Technology

Education, Training & Awareness

Security Properties

Security Measures

36/75

01 Introduction

Digital Bangladesh


02

03




04

05

06

37/75

PKI & Digital Signature

• Personal Information Flow

DB serverWeb server

Customer informationExclusive line/Wired or Wireless

organization

InternetInternet

Subscribersection

Communication networksection

Web server section Intranet,user section

Application serversection

Data interceptionMalware execution

Data buggingData alteration

Data processing errorInadequate access control, authorizationInadequate authentication

Inadequate security settingsInadequate patch management

Inadequate access control

AP server firewall firewall

internal staffIPSuser

38/75


• Electronic Signature– It is a unique information which identifies a person who made an electronic document and confirms whether the electronic document has been modified or not. The electronic document has functions such as self-identification, secret protection and prevention of tampering, forging document and denying himself.tampering, forging document and denying himself.

39/75


• Weakness of Electronic Document– The 3rd party can send documents deceiving he is the transmitter.

– The document can be modified in the middle of the transmitting process by 3rd party.

– The receiver can be easily deceived and it is difficult for – The receiver can be easily deceived and it is difficult for receiver to verify.

Transmitter Jane Receiver John

You areterrible

You are terribly handsome

3rd party Tom

40/75


• Requirement of Electronic Signature

IdentificationPerson who owns the key is he one who performs electronic signature

Not forgeable

Not changeablePerson who does not have keycan modify electronic document

Not repudiation Prevent from repudiate the act of signing for person who has the key and has performed

electronic signing

Not forgeablePerson who does not have key cannot create electronic

signature

Not reusable

Electronic signature of document A cannot be replaced

by electronic signature of document B

41/75


• Electronic Signature– To secure the stability and the reliability of electronic documents

• Electronic signature

– Functions of electronic signature

• Identification; Authentication• Identification; Authentication

• Integrity of Electronic document

• Confidentiality

• Non-repudiation

• Fulfill conditions of written document and signature

– Introduction to authentication system to secure stability and integrity of electronic signature and to activate usage of electronic documents.

42/75


• PKI– A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction.

ThreatSecurityServices

Solution

Root-CA

Certificate Authority (CA)

Encryption

DigitalSignature

DigitalSignature

DigitalSignature

Data Leakage

Data Forgery

UnauthorizedUser

Repudiation

ThreatServices

Solution

Certificate

Issue Revoke RenewRegistrarion

Registration Authority (RA)

CorporationCorporation ServerServer S/MiMEIndividual

Certificate Authority (CA)

OperationOperationManagementManagement

CRLCRLManagementManagement

Confidentiality

Integrity

Authenticity

Non-repudiation

CertificateCertificateManagementManagement

C

R

Y

T

O

G

R

A

P

Y

PUBLIC

KEY

43/75


• PKI

ServerCertcertificate

DS (Directory Server) PKI Server

Server-side software

Regulations,PKI Standards

PKI System,Facility and Equipment

Operation+ +PKI =

ClientCert

DS (Directory Server)

CA (Certificate Authority)

RA (Registration Authority)

repository

PKI Server

Client-side software

PKI Client(PC/Phone/PDA/Mobile Device)

Digital Signature

44/75


• PKI Component

� Issue or distribute the certificate for other CA, End Entity, RA.� handle revocation request from the owner of certificate or RA.

� publish certificate and CRL to directory server� issues the cross-certificate and manages

CACA Certificate Authority

� identify the user and register the user information

� transmit certificate request to CA.� search certificate and CRLs from directory server.� request the certificate revocation

RARA

� store certificates (End Entity, RA, CA) and CRLs� support LDAP (Lightweight Directory Access Protocol)

DSDS

Registration Authority

Directory System

45/75


• PKI Component

� Manage the certificate with certificate management softwarepublished by CA.

� Create digital signature and verify that.

EEEE End Entity

OCSPOCSP Online Certificate Status Protocol System

� OCSP is an Internet protocol used for obtaining the revocation statusof an X.509 digital certificate.

� can choose as an alternative to certificate revocation lists (CRL).� can confirm a current status of the certificate immediately.

� TSA's role is to time-stamp a datum to establish evidenceindicating that a datum existed before a particular time.

� verify that a digital signature was applied to a messagebefore the corresponding certificate was revoked

� indicate the time of submission when a deadline is critical,or to indicate the time of transaction for entries in a log.

TSATSA Time Stamping Authority

46/75


• PKI Functions– When to apply PKI techniques in each business unit, Security functions (Authentication, Integrity, Confidentiality, Non-repudiation) are applied as follows

ProblemMatched

security method

Protection

Technology

Difficult

to verify user

security method

Authentication

of identity

Digital Signature Technology

(User authentication)

Easy to make forgery or

modification on contents

Guarantee

Integrity

Digital Signature Technology

(Message authentication)

Technology

Repudiate transactions Non-repudiationDigital Signature Technology


Breach information ConfidentialityEncryption Technology


47/75


• PKI Terminology– Hashing functions

– Symmetric encryption and decryption

• Session key

– Asymmetric encryption and decryption

• Key pair• Key pair

– Digital signature

– Digital certificate

– Certification Authorities (CA)

– Registration Authorities (RA)

– Hierarchy of trust

48/75


• Hashing Function

It was the best of times,it was the worst of times

It was the best of thymes,it was the worst of times

Small Difference

Examples: MD5 (128 bit), SHA-1 (160 bit)

Small Difference

Large Difference

3au8 e43j jm8x g84w

Hash Function

b6hy 8dhy w72k 5pqd

Hash Function

49/75


• Symmetric Key Cryptography

– Problems:

• Alice and Bob must agree on the secret key without

anyone else finding out

• Anyone who intercepts the key in transit can later

read, modify, and forge all messages encrypted using read, modify, and forge all messages encrypted using

that key

50/85

Message Common key

Encrypted Message

Eavesdropper

A

Message

BEncrypt Decrypt

50/75


• Asymmetric Key Cryptography

– Problems:

• Key exchange has to be done in a secure way

• Encryption and decryption are extremely SLOW

Message Public key MessagePrivate keyMessage Public key

Encrypted Message

Eavesdropper

A

Message

BEncrypt Decrypt

Private key

51/75


• Creating Digital Signature

3kJfgf*£$&Py75c%bn

This is the document created by Gianni

Message or File Digital SignatureMessage Digest

SHA, MD5RSA

This is the document created by Gianni 3kJfgf*£$&

(Typically 128 bits)

Calculate a short message digest from even a long input using a one-way message digest function (hash)

Signatory's private key

priv

GenerateHash

SHA, MD5

AsymmetricEncryption

SignedDocument

52/75


• Verifying Digital Signature

Jrf843kjfgf*£$&Hdif*7oUsd*&@:<CHDFHSD(**

Py75c%bn&*)

&nmdFg$5knvMd’rkvegMs”

Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”

Asymmetricdecryption (e.g. RSA)

Digital Signature

Everyone has access to trusted public key of the signatory

Signatory’s public key

about Bill’s…

This is a really long message about Bill’s…

Same hash function(e.g. MD5, SHA…)

Original Message

Py75c%bn&*)

&nmdFg$5knvMd’rkvegMs”

Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”

? == ?Are They Same?

53/75


• Certificate Like

54/75

01 Introduction

Digital Bangladesh


02

03




04

05

06

55/75


• Stage of PKI in Korea

Stage 1 Introduction 2002 ~ 2005

2006 ~

1999 ~ 2001

• Enacted Digital Signature

• Providing User-

friendliness

(UI Guidelines, Storages)

• Upgrading of PKI techno-

logies

(RFC3280, RSA 2048)

• Addition of Root CA Certi-

Stage 2 Take-off

Stage 3 Maturity

• Enacted Digital Signature

Law

• Designated accredited

Certification Authority

• Promotion of Digital Sign-

nature usage

• Interoperability among

accredited CAs

(UI Guidelines, Storages)

•Increasing in certificates

and applications rapidly

• Mandatory use of certifi-

cates (Banking, Stock)

• Cross Certification for

NPKI and GPKI

• Addition of Root CA Certi-

ficate to Microsoft IE

for secure web server

• Providing users with se-

cure environment (HSM)

56/75


• Management of PKI in Korea

� Arrangement of law and decree

� Planning national authentication

� Accredited CA management

MIC

Digital Signature

Authentication

Management Center

Government

MIC

KISA (Root CA)Root CA

Accredited CA

KICAKICA KOSCOM KFTC

NIASign

NIA

1st1st1st1st 2nd2nd 3rd3rd 4th4th � Operation management of CA center

� Providing CA services

� Certificate issuance

� Certificate termination / renewal

� National authentication system operation

� Field test for accredited CA designation

� Issuing certificate for accredited CA

Accredited CA

Korea Information Security Agency

5th5th 6th6th

KECA KTNET

57/75


• Government PKI & National PKI

58/75


• Government PKI & National PKI

MutualRecognition

National Root CANational Root CA(KISA)(KISA)

Government Root CAGovernment Root CA(GCMA)(GCMA)

Accredited CA

Accredited CA

Certification issuance / Management

Accredited CA

Accredited CA


Subscriber Subscriber

E-Government Service Provider

E-Government Service Provider



……

……

……

……

59/75


• PKI in e-Government Applications

e-Government

Petition Service- Identify oneself online by certificates

Taxation - National Tax Agency - Access with certificates

Regional Administration- Service for counties- Access with certificates

Personal Management inside Government- All employees inside Government

Digital Signature & Seal-Distribute certificates-Develop and enhance system adopting certificatese-Government

ApplicationsE-Supply (G2B)- Online bidding with certificate

4 Major Insurances data exchange- Labor, Medical care, Pension, Industrial disaster- Internet access with certificate

National Financing Information System- Based on Internet banking, etc

Education Administration System-Teachers can assess with cert.

Electric document system- Interoperable with other systems

adopting certificates

Enhance computerization- Sharing national resource information

Public Key Infrastructure(PKI Center)

60/75


• PKI Services

– Internet Banking

• 19 Banks and Post Office provide internet banking

service based on accredited certificate

• Internet banking users must use the accredited

certificate for secure online transaction ('02. 9)certificate for secure online transaction ('02. 9)

61/75


• PKI Services

– Public Services

• Housing subscription deposit system, Education,

Medical information, e-bidding ('06)

• Housing subscription, the year-end tax adjustment,

NEIS, National health Insurance, etc.NEIS, National health Insurance, etc.

62/75


• PKI Services

– Mobile Banking

• Mobile banking service with certificate ('07~)

• Transferring a certificate from PC to mobile phone

• Generating electronic signature in mobile phone

63/75

E-Procurement in Korea (KONEPS)

LinkageUse

E-Procurement ASP

Supplier supporting service

Unit contract system

Portal

Integrated

GoodClassification

System

Portal

CommercialProductsCatalogue

UserRegistration

Supplier’s

E-Guarantee

E-payment

PPSOperation

CertificationRelated agencies

Ministry of GovernmentAdministration

64/75

Linkage

LinkageUse Integrated Notice

CatalogueSupplier’sPerformance E-payment

Documents distribution and outside linkagePublic

Organizations(Buyers)

PublicOrganizations(Buyers)

Administration and Home Affairs

Construction-Related Associations

Korea FinancialTelecommunication

s& Clearings Institute

Suretyinsurance

Ministry of Finance and Economy

ConstructionCALS

Characteristics of KONEPS

Integration of entire procurement workIntegration of entire procurement work

� All business is conducted via the internet(registration, bid notice, bidding, contracting, payment); one click purchase at online shopping mall

One-stop service

� About 400 types of documents are exchanged electronically by using the linkage with 90 external systems

Single Window

� Integrated provision of all bid information� One time registration at KONEPS suffices participation in all tenders

65/75

E-Tendering Flow for KONEPS

KFTC PPS/Public Buyers NIA

2) Tender Notice2) Bid Opening3) Award Notice

1) Issue encryption key4) Verify decryption key

3) Record biddingtime

3) Submit warrantee(upon bidding)

66/75

∗ KFTC: Korea financial Telecommunications & Clearings Institute∗ NIA: National Information Society Agency

Surety Companies Supplier Authentication Authority

3) Bidding(w/digitalsignature)

Issue digital signature

certificate

3) Free payment

PKI and Digital Signature in KONEPS

Bidding

e-Bidding System

Signature Verification

� Reliability and Stability in e-Transactions are secured through PKI and

Digital Signature

67/75

� Decryption key for the Bid

� Result Opening

Bidding

Opening Bid

Decryption of DigitalSignature and Bid

Store in Database

Preparing Bid Bid EncryptionDocument Encryptionand Digital Signature

KONEPS Security

Network Security

� Separation of Intranet and Extranet, Dual Fire-wall, Intrusion Detection System, Security Solutions, etc

� Periodic Security Check-up

System Operation complying with ITIL

� Check and Balance between PPS and outsourced Operator, Programmers and System managers

68/75

Access control to system, program and D/B

� National Computing & Information Resources Center� Automatic management of log access and program modification history, post-verification system

� On-line monitoring of program modification by the independent body

System Stability against accidents

� Dual operation of servers and networks, Back-up Center(Data mirroring), ITSM

Transparency of Public Procurement

Bidders can have real time info on the progress of bidding and contract

Eligibility test for successful bidder

No need to visit procurement offices

69/75

Eligibility test for successful bidder through KONEPS

KONEPS Helps to Expand e-Commerce

Application of digital signature

authentication in e-Bidding

Certified authentication for enterprises

mainly for e-Procurement

Promoting technological base for e-

Procurement including digital signature

and security

Encouraging firm establishment of

certified authentication market including

70/75

Gov’t & enterprises jointly used certified

authentication electronically

⇒ Expanding e- Commerce base

certified authentication market including

internet baking and online stock trading

1.9 m1.9 m

8.7m8.7m

11.9 m11.9 m

01 Introduction

Digital Bangladesh


02

03



Future Works

04

05

06

71/75

Future Works

• Advanced Trends

MobileInternetsubscribers

Mobilesubscribers

800

1000

1200

1400

1600

1800

Mobile

Fixed

Mobile Internet

Fixed Internet

The major trends at a glanceThe major trends at a glance

� Advance of the Internet

� Advance of mobile communication

� Bandwidth evolutionsubscribers

0

200

400

600

800

1995 2000 2005 2010

Subscribers worldwide (millions) : Source ITU-R

� Convergence of digital industries*

� Advance of e-commerce

Services are key

The end user is interested in services and applications only,

the underlying technology is not relevant to her or him.

From Technology-driven, to service - driven72/75

Future Works

• General PKI Issues

– PKI technologies have been matured

• However, lack of killer applications

– Long term signature retention is necessary

• Stable standards are needed for signature verification capability • Stable standards are needed for signature verification capability

over long term period

– PKI supports high assurance security

• Many applications will reside on web services

– Trusted validation authority

• Out source validation service from client

73/75

Future Works

• PKI in Korea

– Establishing a reliable u-Authentication System

– Extending the authentication means to Biometric, OTP

with PKI certificate

– Extending the authentication object to devices– Extending the authentication object to devices

– Developing new PKI business model

74/75

Future Works

• Considerable PKI Service in Bangladesh

– Government Procurement System

– Utility Bill Payment -Gas & Electricity

– Law Web Portal

– Process Automation –Bangladesh Bank– Process Automation –Bangladesh Bank

– Automatic Clearing House –Bangladesh Bank

– Bangladesh Post Office Online

– Service Ticketing System

75/75

Thank You

You have to leave the city of your comfort and go into the You have to leave the city of your comfort and go into the

wilderness of your intuition.

What you’ll discover will be wonderful.

What you’ll discover is yourself.

- Alan Alda