former SIO Pondicherry - Informatics

More documents

Recommendations

Info

S PECIAL FEATUREM Manivannan, NIC-A&N (former SIO Pondicherry)AS.KVenkatesan,Roy and MonaSIO PondicherryAsnani,NIC HQPONDICHERRY NIC Certifying Authority-Setting Ensuring an a Example Secure E-Future“ The first step towards an Information Societyrequires that millions of people be entrustedwith information considered sensitive or evensecret”-S.Frederic StarrThe above quote implicitly considers thatsecret information be protected to maintainits secrecy ! But the very openness of theInternet, that has led to its explosive growth,has also given rise to security limitations.Government entities and private businessesthat are obvious candidates for participatingin electronic commerce are understandablycautious. To be able to rely on the electronicmessages they receive, such organizationsneed assurance that those messages areauthentic and reliable.Digital communication has created newcomplications for old business models:? How do you know the identity of theperson you’re dealing with?? How do you prove that a certaintransaction was performed ?? How do you secure your communication?By implementing a public key infrastructure(PKI), entities can be assured that dataremains confidential and intact, and alltransactions are legally binding.?| NIC Certifying Authority (NICCA)As the Government of India moves towardthe implementation of E-Governance atvarious levels of Government functioning,authentication of information becomes acritical requirement. To provide thenecessary platform, a Public KeyInfrastructure becomes essential. NIC hasset up a Certifying Authority, which is anintegral part of this Public KeyInfrastructure.PKI refers to a whole host of components,applications, policies and practices which areresponsible for offering its users thefollowing benefits:? Certainty of the quality of informationsent and received electronically? Certainty of the source and destinationof that information? Assurance of the time and timing of thatinformation? Certainty of the privacy of thatinformation? Assurance that the information may beintroduced as evidence in a court of lawPKI ModelUser deviceor server1. User appliesfor certificate155. RA sendscertificate toend userto user2. RA approvesrequest, sendsto CAThe basic components of a PKI are theRegistration Authority (RA) and theCertifying Authority (CA). The RAauthenticates and registers new users andrequests certificates for them. The CAgenerates certificates on the RA’s requestand posts the certificate to a directory. APKI also includes policies, procedures, andcontracts that govern how and when digitalcertificates are issued, renewed, or revoked,among other issues.Therefore, public key infrastructure consistsof :? A certifying authority (CA) that issuesand verifies Digital Signature Certificate.? A registration authority (RA) that acts asthe verifier for the certificate authoritybefore a digital certificate is issued to arequestor23Registrationauthority (RA)3. CA issuescertificate4CertificateAuthority (CA)4. CA postscertificate todirectoryCertificateDirectory? One or more directories where thecertificates (with their public keys) areheld? A certificate management systemA Certifying Authority (CA) is a trusted thirdparty or an entity that has been grantedlicense by the Controller of CertifyingAuthorities (CCA), the apex regulatory bodyfor Certifying Authorities in the country, tovalidate identities and issue DigitalSignature Certificates. The method ofvalidating identities, issuing of certificates,certificate management etc depends on thepolicies of CA as defined and published intheir Certificate Practice Statement (CPS).NICCA fulfills requirements oftrustworthiness of a Certifying Authority aslaid down by the IT Act2000.?| A certificate-based system providesservices commonly known as ‘CAIN’ :? Confidentiality- to ensure that sensitiveinformation does not fall into the wronghands? Authentication- to verify the identity ofthe sender and the recipient of digitalinformation? Integrity- to verify that information isreceived unaltered from the sender? Non-repudiation- to ensure thattransactions are legally binding,protecting your business from fraud?| How Public Key Cryptography Works :The method of disguising plain text in sucha way to hide its substance is calledEncryption. Encrypting plain text results inunreadable gibberish called Ciphertext. Theprocess of reverting ciphertext to its originalplain text is called Decryption.?| In public key cryptography :? A public and private key (called as keypair), are created by a CertifyingAuthority (CA) in the presence of thesubscriber or alternately this key pair maybe generated by subscriber himself.? The private key is given only to therequesting party. The private key isnever shared with anyone or sent acrossthe Internet.? The public key is made publicly available(as part of a digital certificate) in a06October 2003
S PECIAL FEATUREPONDICHERRYSetting an Exampledirectory that all parties can access.The private key is used to decrypt text thathas been encrypted with the correspondingpublic key of the key pair. Thus, if a person‘A’ wants to send a message to a person‘B’, ‘A’ can find out the public key (but notthe private key) of ‘B’ from a centraladministrator and encrypt a message usingthe same. When the person ‘B’ at the otherend receives it, he/she can decrypt it withhis/her private key.The Information Technology Act, 2000provides the required legal sanctity to theDigital Signatures based on asymmetriccrypto systems.?| Functions of NIC Certifying Authority :? Subscriber Request: Identification ofpersons applying for Digital SignatureCertificate (DSC) through RegistrationAuthority (RA).? Key Certification: The transaction thatresults in the CA signing a subscribers’public key and issuing the DigitalSignature Certificate.? Certificate Publishing: placing thecertificate in the PKI directory wherePKI users can search for and retrieveit.? Certificate Renewal: issuing a newcertificate to the subject when thecurrent certificate has expired.? Certificate Revocation: adding a userscertificate to the revocation list makingthe certificate invalid from that dateand time onward.? Revocation list Publishing andmaintenance: to keep the CertificateRevocation list (CRL) current within thePKI and place the current CRL in thePKI directory where PKI users cansearch for and retrieve it.Initially, NICCA functions as a trustedauthority in the G2G domain for issuance ofDigital Signature Certificates (DSC).?| Basic Services? Issuing Digital Signature Certificates toSubscribers in G2G environment.? Secure Socket Layer (SSL) Certificates:Issuance of Web Server Certificate.? Online Certificate Status Protocol(OCSP) Services: sends a request of acertificate status information to theclient.? Directory Services: Posting andmaintenance of Valid Certificates andM Manivannan, NIC-A&N (former SIO Pondicherry)A Venkatesan, SIO PondicherryCertificate Revocation List.? Time Stamping Services: a unique andunforgeable time stamp can beassigned to any piece of digital data.The time stamp provides proof that thisparticular data existed at a certainpoint in time.? Round the clock (24X 7) operations.? Provision for Key Archiving Services? Provision for Sub CA? Provision for Multiple RA: establishingmultiple Registration Authority within variousparts of the country, to function under NICCA? Provision for Disaster Recovery Site?| Application Development Services? Build awareness among GovernmentDepartments.? Provide training and consultancy services.? Integrate Digital Signature with existingNICNET applications.? Assist development of new DigitalSignature based Applications.?| ConclusionThe need for secure communications inComputer Networks has brought about theneed for setup of a Public KeyInfrastructure. NIC Certifying Authority isone such component in a PKI setup pavingthe way for a ‘trusted’ digital environmentleading towards good E-Governance.With the CA facility at NIC providing digitalsignatures, it is hoped that governmentoffices will first turn “less-paper” andgradually “paperless”. It would also helpthe e-governance drive through a secure and‘trusted’ digital environment in cyber space.In fact, with digital signatures attached e-mail and other documents transmitted overthe Net would become valid legal documents.For further information please contact:NIC Certifying Authority DivisionE-mail: support@camail.nic.inWWW : http://nicca.nic.inShri Arun Shourie, Hon’ble Minister for Communications and Information Technology, inauguratedthe Certifying Authority for Digital Signature Certificates at National Informatics Centre on 8 thJuly,2003. With this, NIC has become the first Certifying Authority in the government sector. Thisfacility will provide Digital Signature Cerificates(DSC) to the officials of central and state governmentand all District Administrators with a view to promote E-Governance in the country.The first lot ofdigital signature certificates from NIC were presented to Mr. Shourie, Mr. Thirunavukkarasar, Ministerof state for IT, and Mr. KK Jaswal, Secretary, Department of IT. As a first application of digitalsignatures in the government, electronically signed e-mails were exchanged.Hon’ble Minister for Communications & InformationTechnology, Shri Arun Shourie, lighting the lamp at theinauguration ceremony.Also seen in the pic:Sh. Thirunavukkarasar,MOS (IT), Sh. K.K.Jaswal,Secy(DIT),Sh. Lakshminarayanan, Add. Secy (DIT) and Sh. S. K. Roy,TD (NIC)Dignitaries visiting the NIC Certifying Authority. (From L toR) : Sh. M.Moni, Dr.N.Vijayaditya, Sh.Lakshminarayanan,Sh.K.K Jaswal, Dr. Y.K Sharma, Sh. Thirunavukkarasar,Sh. Arun Shourie and Dr. B.K GairolaDr. N Vijayaditya, DG (NIC) lighting the lamp atthe inauguration functionOctober 200307
Page 1 and 2: PONDICHERRYSetting an ExampleM Mani
Page 3 and 4: Accolades……PONDICHERRYSetting a
Page 5: S PECIAL FEATUREM Manivannan, NIC-A
Page 9 and 10: S TATE IN FOCUSM Manivannan, NIC-A&
Page 11 and 12: D ISTRICT INFORMATICSM Manivannan,
Page 13 and 14: E GOV PRODUCTS & SERVICESM Manivann
Page 15 and 16: E GOV PRODUCTS & SERVICESM Manivann
Page 17 and 18: T ECHNOLOGY UPDATEM Manivannan, NIC
Page 19 and 20: C YBER GOVERNANCEM Manivannan, NIC-
Page 21 and 22: H APPENINGSM Manivannan, NIC-A&N (f
Page 23 and 24: H APPENINGSM Manivannan, NIC-A&N (f

former SIO Pondicherry - Informatics

Create successful ePaper yourself

Delete template?

Save as template?