ID Based Smart Card Projects A success story. India S.K.Sinha National Informatics Center 2 of 30...

ID Based Smart Card Projects

A success story

India

S.K.SinhaNational Informatics Center

2 of 30

The Indian Success Story- Necessity the Mother of evolution

Started with the need of Interoperable Smart Card based Driving Licenses – Year 2003

Problem Statement – “Licenses issued from one province are non readable/writable in other states”

Different solutions in States with proprietary vendor driven technologies.

Total Vendor dependence, for all time to come. NIC helped MoRT&H for bringing it out of these issues. National Standards were named SCOSTA (Smart Card

Operating System Specification for Transport Applications). Were notified by Government of India, Ministry of Transport for

national roll out.

India


3 of 30

The Indian Success Story- SCOSTA

A truly open standard for Smart Card OS. Owned and maintained by National Informatics Center,

Government of India. Available at http://scosta.gov.in No patent or royalty issues. Based on international standards ISO 7816 for smart

cards. All open issues are plugged, fully implement ready. Is uniformly applicable for all ID base project

requirements.

India


4 of 30

The Indian Success Story - SCOSTA Drivers

National ID Card 3 Million (Pilot Project), 10 Million Coastal MNIC, 1.1 Billion total

ePassport 10 Million per year

Driving License 60 Million per year

Vehicle RC 180 Million per year

Rural Health Insurance Card 60 Million

Rural Employment Guarantee Card 90 Million

Public Distribution System 140 Million

India


5 of 30

Role of NIC

Help creating a healthy eco-systemTechnology frameworkPolicy frameworkLegal/Statutory frameworkSecurity FrameworkField Transaction Framework

India


6 of 30

Technology Framework

Evolving OS Standards (SCOSTA, SCOSTA-CL, ICAO specific etc)

Setting up testing and certification facility to test the compliance and other necessary requirements.

Suggesting best applicable chip technology in terms of Interfaces, Capacity, Advanced requirements.

Suggesting role-out model for personalization techniques and card related processes.

India


7 of 30

Policy Framework

New policies in terms of Card Issuance Beneficiary Service delivery processes Security Policies Operational policies

India


8 of 30

Legal/Statutory framework

Provisioning of Acts, Rules and Regulations to institutionalize the new technology

Amendments of existing laws

India


9 of 30

Security FrameworkKey Management System

Security Framework to establish following Enabling the user organisation to authenticate the

identity of the beneficiary with through Smart Card in an offline mode.

Enabling the user organisation to authenticate the card and protect illegal card cloning.

Protecting the card data against forging and tampering.

Enabling the authorized representatives to modify data in order to perform field transaction.

India


10 of 30

Field Transaction Framework

Evolving right specifications for POS Devices.

Tight coupling with the Key Management System.

Appropriate networking enablement. Appropriate Human Resource to operate

devices. Uniform Application specification

India


11 of 30

MNIC

India


12 of 30

MNIC The Indian National ID Card - Background

No proper mechanism for proof of citizenship status and identity.

Every day problems in managing vast and porous borders.

Ad hock mechanisms for identity verification for citizen service delivery.

Loosely controlled service delivery systems of Government in absence of any field transaction mechanism.

India


13 of 30

MNIC - Objectives

Increasing national securityManaging Residents and

Citizens IdentityCheck illegal immigrationFacilitating eGovernance

India


14 of 30

MNIC - Implementing Agencies (Stakeholders)

Ministry of Home Affairs Registrar General of India

Ministry of Communication and Information Technology.

National Informatics Center

Provincial Governments District Level Government Bodies Village Level Government/Elected bodies

India


15 of 30

MNICScope of Pilot Project

Volume - 3 Million 22 selected sub-districts of 13 provinces. Most of them along the borders. Targets for Testing

Technology Smart Card Secure Transaction Infrastructure Field Transactions

User acceptance Roll out Model Business Model

India


16 of 30

MNICScope of Costal Card Project

Volume - 10 Million All costal villages To help strengthen costal security Enabling proof of Identity of fishermen off the

coast.

India


17 of 30

Indian National ID CardRoll Out Strategy 1

Preparation of National Citizenship Register Door to door survey for data collection. Capturing demographic details, photograph and finger

print. Data screening and verification. Digital Signatures used for certification by local

government bodies or PANCHAYAT (elected body at village level).

Data transmitted and merged with the National Data Grid.

Data Screening for de-duplication and purification. Digitally Certified by Country Registrar General.

India


18 of 30

Indian National ID CardRoll Out Strategy 2

Smart Card features Security features (Cyber Security)

PKI for Passive Authentication. Symmetric Key based access control for field transaction. Data is read open. Symmetric Key based Active Authentication (anti-cloning)

Technical specification SCOSTA based Contact card with Microcontroller chip. 64 Kbyte EEPROM. Composite Plastic (PVC+PETG)

Visual Design by National Institute of Design Centralized bulk personalization through outsourcing.

India


19 of 30

MNIC- Process Framework

Door to door data capture

At Village

Digitization & Verification

At District

National Data Grid

Bulk Personalization

And issuance

India


20 of 30

MNICThe Road Ahead

Coastal Areas are currently being covered. National Roll out to be taken-up with 2011

census. Intensive Industry Participation through PPP Finger Print standards to be finalized for 1:1

and 1:N match (for verification, identification and de-duplication).

India


21 of 30

Ecosystem for a Smart Card Project

Any Smart Card based eGovernance system/project requires a healthy ecosystem. Statutory and Legal Framework. Administrative Framework. Technology Framework. Security Framework. Testing and Certifying body. Transaction Management Framework Card Life Cycle Management

India


22 of 30

Ecosystem for a Smart Card Project Statutory and Legal Framework.

Projects like Driving License, National ID Card, Health Card etc, require a legal environment for their acceptability.

Examples, Central Motor Vehicle Act and Rules. Citizenship Act. Information Technology Act. Health Insurance Act. Etc.

India


23 of 30

Ecosystem for a Smart Card Project Administrative Framework.

A pre defined user/citizen friendly process needs to be defined, implemented and followed.

Adherence to processes needs to be monitored. Process change management to be brought into for

wide user acceptability, system re-engineering might be required.

An organization (preferably a new department within Government) behind the project.

India


24 of 30

Ecosystem for a Smart Card Project Technology Framework

Different technology components to be clearly earmarked, based on the project design.

Technical specification of each component to be standardized and enforced. If required, statutory decree to be issued.

Suggested to be based upon open standards. Control of Government over technology is

crucial.

India


25 of 30

Ecosystem for a Smart Card Project Security Framework

Security framework for Smart Card projects require following.

Framework to verify the authenticity of cards. Framework to protect the illegal card cloning. System to protect illegal card data tampering. Framework to allow authorized entities for performing

card based transaction, and card data modification. Inspection system framework Solutions are Key Management System, Transaction

Management System.

India


26 of 30

Ecosystem for a Smart Card ProjectIncreasing Confidence - Testing and Certifying body

Smart Card based eGovernance projects require implementation in a vast geographic area (inter-province or inter-countries).

Outsourcing is compelling, concern is cross-solutions interoperability between different vendors after the contract with one is over (Vendor Independence).

Smart card based projects must be multi-application compatible. Standard Technology is a must. Implementing agencies require to ensure above inter-operabilities

beforehand. Technology Interoperability and Compliance Testing by an authorized

neutral body increases user confidence level beforehand.

India


27 of 30

Ecosystem for a Smart Card ProjectTransaction Management Framework

Smart Card applications require field transactions for delivery of various eGov services.

A framework is needed to allow authorized agencies to perform field transactions.

Devices need to customized and users to be trained for performing field transaction.

Devises must be user friendly, citizen friendly, manageable for wide distribution, and secure against virus/trapdoors.

SAM Management.

India


28 of 30

Ecosystem for a Smart Card ProjectCard Lifecycle Management

In a massive roll out, life cycle of each card to be maintained and monitored.

Card Life Cycle Stages, Pre Perso stage Perso Stage Post Perso Stage Application Status. Lost Status Damaged Status.

India


29 of 30

Ecosystem for a Smart Card ProjectRole of Government

Evolving and standardizing Technology Standards (e.g. SCOSTA), for healthy competition among industry and level playing field for industry to grow.

Enforcing Technology Standards through statutory decree.

Providing a mechanism to Test and Certify the compliance of products to defined standards.

Establishing Security Framework under its Technical and Operational control.

India


30 of 30

Ecosystem for a Smart Card ProjectThe Indian Example

Statutory and Legal Framework.

Administrative Framework. Technology Framework. Security Framework. Testing and Certifying body. Transaction Management

Framework Card Life Cycle Management

India


31 of 30

Thanks !!!!!

ID Based Smart Card Projects A success story. India S.K.Sinha National Informatics Center 2 of 30...

Documents

Transcript of ID Based Smart Card Projects A success story. India S.K.Sinha National Informatics Center 2 of 30...