ID Based Smart Card Projects A success story. India S.K.Sinha National Informatics Center 2 of 30...
-
Upload
nick-blunt -
Category
Documents
-
view
213 -
download
0
Transcript of ID Based Smart Card Projects A success story. India S.K.Sinha National Informatics Center 2 of 30...
ID Based Smart Card Projects
A success story
India
S.K.SinhaNational Informatics Center
2 of 30
The Indian Success Story- Necessity the Mother of evolution
Started with the need of Interoperable Smart Card based Driving Licenses – Year 2003
Problem Statement – “Licenses issued from one province are non readable/writable in other states”
Different solutions in States with proprietary vendor driven technologies.
Total Vendor dependence, for all time to come. NIC helped MoRT&H for bringing it out of these issues. National Standards were named SCOSTA (Smart Card
Operating System Specification for Transport Applications). Were notified by Government of India, Ministry of Transport for
national roll out.
India
S.K.SinhaNational Informatics Center
3 of 30
The Indian Success Story- SCOSTA
A truly open standard for Smart Card OS. Owned and maintained by National Informatics Center,
Government of India. Available at http://scosta.gov.in No patent or royalty issues. Based on international standards ISO 7816 for smart
cards. All open issues are plugged, fully implement ready. Is uniformly applicable for all ID base project
requirements.
India
S.K.SinhaNational Informatics Center
4 of 30
The Indian Success Story - SCOSTA Drivers
National ID Card 3 Million (Pilot Project), 10 Million Coastal MNIC, 1.1 Billion total
ePassport 10 Million per year
Driving License 60 Million per year
Vehicle RC 180 Million per year
Rural Health Insurance Card 60 Million
Rural Employment Guarantee Card 90 Million
Public Distribution System 140 Million
India
S.K.SinhaNational Informatics Center
5 of 30
Role of NIC
Help creating a healthy eco-systemTechnology frameworkPolicy frameworkLegal/Statutory frameworkSecurity FrameworkField Transaction Framework
India
S.K.SinhaNational Informatics Center
6 of 30
Technology Framework
Evolving OS Standards (SCOSTA, SCOSTA-CL, ICAO specific etc)
Setting up testing and certification facility to test the compliance and other necessary requirements.
Suggesting best applicable chip technology in terms of Interfaces, Capacity, Advanced requirements.
Suggesting role-out model for personalization techniques and card related processes.
India
S.K.SinhaNational Informatics Center
7 of 30
Policy Framework
New policies in terms of Card Issuance Beneficiary Service delivery processes Security Policies Operational policies
India
S.K.SinhaNational Informatics Center
8 of 30
Legal/Statutory framework
Provisioning of Acts, Rules and Regulations to institutionalize the new technology
Amendments of existing laws
India
S.K.SinhaNational Informatics Center
9 of 30
Security FrameworkKey Management System
Security Framework to establish following Enabling the user organisation to authenticate the
identity of the beneficiary with through Smart Card in an offline mode.
Enabling the user organisation to authenticate the card and protect illegal card cloning.
Protecting the card data against forging and tampering.
Enabling the authorized representatives to modify data in order to perform field transaction.
India
S.K.SinhaNational Informatics Center
10 of 30
Field Transaction Framework
Evolving right specifications for POS Devices.
Tight coupling with the Key Management System.
Appropriate networking enablement. Appropriate Human Resource to operate
devices. Uniform Application specification
India
S.K.SinhaNational Informatics Center
11 of 30
MNIC
India
S.K.SinhaNational Informatics Center
12 of 30
MNIC The Indian National ID Card - Background
No proper mechanism for proof of citizenship status and identity.
Every day problems in managing vast and porous borders.
Ad hock mechanisms for identity verification for citizen service delivery.
Loosely controlled service delivery systems of Government in absence of any field transaction mechanism.
India
S.K.SinhaNational Informatics Center
13 of 30
MNIC - Objectives
Increasing national securityManaging Residents and
Citizens IdentityCheck illegal immigrationFacilitating eGovernance
India
S.K.SinhaNational Informatics Center
14 of 30
MNIC - Implementing Agencies (Stakeholders)
Ministry of Home Affairs Registrar General of India
Ministry of Communication and Information Technology.
National Informatics Center
Provincial Governments District Level Government Bodies Village Level Government/Elected bodies
India
S.K.SinhaNational Informatics Center
15 of 30
MNICScope of Pilot Project
Volume - 3 Million 22 selected sub-districts of 13 provinces. Most of them along the borders. Targets for Testing
Technology Smart Card Secure Transaction Infrastructure Field Transactions
User acceptance Roll out Model Business Model
India
S.K.SinhaNational Informatics Center
16 of 30
MNICScope of Costal Card Project
Volume - 10 Million All costal villages To help strengthen costal security Enabling proof of Identity of fishermen off the
coast.
India
S.K.SinhaNational Informatics Center
17 of 30
Indian National ID CardRoll Out Strategy 1
Preparation of National Citizenship Register Door to door survey for data collection. Capturing demographic details, photograph and finger
print. Data screening and verification. Digital Signatures used for certification by local
government bodies or PANCHAYAT (elected body at village level).
Data transmitted and merged with the National Data Grid.
Data Screening for de-duplication and purification. Digitally Certified by Country Registrar General.
India
S.K.SinhaNational Informatics Center
18 of 30
Indian National ID CardRoll Out Strategy 2
Smart Card features Security features (Cyber Security)
PKI for Passive Authentication. Symmetric Key based access control for field transaction. Data is read open. Symmetric Key based Active Authentication (anti-cloning)
Technical specification SCOSTA based Contact card with Microcontroller chip. 64 Kbyte EEPROM. Composite Plastic (PVC+PETG)
Visual Design by National Institute of Design Centralized bulk personalization through outsourcing.
India
S.K.SinhaNational Informatics Center
19 of 30
MNIC- Process Framework
Door to door data capture
At Village
Digitization & Verification
At District
National Data Grid
Bulk Personalization
And issuance
India
S.K.SinhaNational Informatics Center
20 of 30
MNICThe Road Ahead
Coastal Areas are currently being covered. National Roll out to be taken-up with 2011
census. Intensive Industry Participation through PPP Finger Print standards to be finalized for 1:1
and 1:N match (for verification, identification and de-duplication).
India
S.K.SinhaNational Informatics Center
21 of 30
Ecosystem for a Smart Card Project
Any Smart Card based eGovernance system/project requires a healthy ecosystem. Statutory and Legal Framework. Administrative Framework. Technology Framework. Security Framework. Testing and Certifying body. Transaction Management Framework Card Life Cycle Management
India
S.K.SinhaNational Informatics Center
22 of 30
Ecosystem for a Smart Card Project Statutory and Legal Framework.
Projects like Driving License, National ID Card, Health Card etc, require a legal environment for their acceptability.
Examples, Central Motor Vehicle Act and Rules. Citizenship Act. Information Technology Act. Health Insurance Act. Etc.
India
S.K.SinhaNational Informatics Center
23 of 30
Ecosystem for a Smart Card Project Administrative Framework.
A pre defined user/citizen friendly process needs to be defined, implemented and followed.
Adherence to processes needs to be monitored. Process change management to be brought into for
wide user acceptability, system re-engineering might be required.
An organization (preferably a new department within Government) behind the project.
India
S.K.SinhaNational Informatics Center
24 of 30
Ecosystem for a Smart Card Project Technology Framework
Different technology components to be clearly earmarked, based on the project design.
Technical specification of each component to be standardized and enforced. If required, statutory decree to be issued.
Suggested to be based upon open standards. Control of Government over technology is
crucial.
India
S.K.SinhaNational Informatics Center
25 of 30
Ecosystem for a Smart Card Project Security Framework
Security framework for Smart Card projects require following.
Framework to verify the authenticity of cards. Framework to protect the illegal card cloning. System to protect illegal card data tampering. Framework to allow authorized entities for performing
card based transaction, and card data modification. Inspection system framework Solutions are Key Management System, Transaction
Management System.
India
S.K.SinhaNational Informatics Center
26 of 30
Ecosystem for a Smart Card ProjectIncreasing Confidence - Testing and Certifying body
Smart Card based eGovernance projects require implementation in a vast geographic area (inter-province or inter-countries).
Outsourcing is compelling, concern is cross-solutions interoperability between different vendors after the contract with one is over (Vendor Independence).
Smart card based projects must be multi-application compatible. Standard Technology is a must. Implementing agencies require to ensure above inter-operabilities
beforehand. Technology Interoperability and Compliance Testing by an authorized
neutral body increases user confidence level beforehand.
India
S.K.SinhaNational Informatics Center
27 of 30
Ecosystem for a Smart Card ProjectTransaction Management Framework
Smart Card applications require field transactions for delivery of various eGov services.
A framework is needed to allow authorized agencies to perform field transactions.
Devices need to customized and users to be trained for performing field transaction.
Devises must be user friendly, citizen friendly, manageable for wide distribution, and secure against virus/trapdoors.
SAM Management.
India
S.K.SinhaNational Informatics Center
28 of 30
Ecosystem for a Smart Card ProjectCard Lifecycle Management
In a massive roll out, life cycle of each card to be maintained and monitored.
Card Life Cycle Stages, Pre Perso stage Perso Stage Post Perso Stage Application Status. Lost Status Damaged Status.
India
S.K.SinhaNational Informatics Center
29 of 30
Ecosystem for a Smart Card ProjectRole of Government
Evolving and standardizing Technology Standards (e.g. SCOSTA), for healthy competition among industry and level playing field for industry to grow.
Enforcing Technology Standards through statutory decree.
Providing a mechanism to Test and Certify the compliance of products to defined standards.
Establishing Security Framework under its Technical and Operational control.
India
S.K.SinhaNational Informatics Center
30 of 30
Ecosystem for a Smart Card ProjectThe Indian Example
Statutory and Legal Framework.
Administrative Framework. Technology Framework. Security Framework. Testing and Certifying body. Transaction Management
Framework Card Life Cycle Management
India
S.K.SinhaNational Informatics Center
31 of 30
Thanks !!!!!