Presentation on theme: "ID Based Smart Card Projects A success story. India S.K.Sinha National Informatics Center 2 of 30 The Indian Success Story - Necessity the Mother of evolution."— Presentation transcript:
ID Based Smart Card Projects A success story
India S.K.Sinha National Informatics Center 2 of 30 The Indian Success Story - Necessity the Mother of evolution Started with the need of Interoperable Smart Card based Driving Licenses – Year 2003 Problem Statement – Licenses issued from one province are non readable/writable in other states Different solutions in States with proprietary vendor driven technologies. Total Vendor dependence, for all time to come. NIC helped MoRT&H for bringing it out of these issues. National Standards were named SCOSTA (Smart Card Operating System Specification for Transport Applications). Were notified by Government of India, Ministry of Transport for national roll out.
India S.K.Sinha National Informatics Center 3 of 30 The Indian Success Story - SCOSTA A truly open standard for Smart Card OS. Owned and maintained by National Informatics Center, Government of India. Available at No patent or royalty issues. Based on international standards ISO 7816 for smart cards. All open issues are plugged, fully implement ready. Is uniformly applicable for all ID base project requirements.
India S.K.Sinha National Informatics Center 4 of 30 The Indian Success Story - SCOSTA Drivers National ID Card 3 Million (Pilot Project), 10 Million Coastal MNIC, 1.1 Billion total ePassport 10 Million per year Driving License 60 Million per year Vehicle RC 180 Million per year Rural Health Insurance Card 60 Million Rural Employment Guarantee Card 90 Million Public Distribution System 140 Million
India S.K.Sinha National Informatics Center 5 of 30 Role of NIC Help creating a healthy eco-system Technology framework Policy framework Legal/Statutory framework Security Framework Field Transaction Framework
India S.K.Sinha National Informatics Center 6 of 30 Technology Framework Evolving OS Standards (SCOSTA, SCOSTA-CL, ICAO specific etc) Setting up testing and certification facility to test the compliance and other necessary requirements. Suggesting best applicable chip technology in terms of Interfaces, Capacity, Advanced requirements. Suggesting role-out model for personalization techniques and card related processes.
India S.K.Sinha National Informatics Center 7 of 30 Policy Framework New policies in terms of Card Issuance Beneficiary Service delivery processes Security Policies Operational policies
India S.K.Sinha National Informatics Center 8 of 30 Legal/Statutory framework Provisioning of Acts, Rules and Regulations to institutionalize the new technology Amendments of existing laws
India S.K.Sinha National Informatics Center 9 of 30 Security Framework Key Management System Security Framework to establish following Enabling the user organisation to authenticate the identity of the beneficiary with through Smart Card in an offline mode. Enabling the user organisation to authenticate the card and protect illegal card cloning. Protecting the card data against forging and tampering. Enabling the authorized representatives to modify data in order to perform field transaction.
India S.K.Sinha National Informatics Center 10 of 30 Field Transaction Framework Evolving right specifications for POS Devices. Tight coupling with the Key Management System. Appropriate networking enablement. Appropriate Human Resource to operate devices. Uniform Application specification
India S.K.Sinha National Informatics Center 11 of 30 MNIC
India S.K.Sinha National Informatics Center 12 of 30 MNIC The Indian National ID Card - Background No proper mechanism for proof of citizenship status and identity. Every day problems in managing vast and porous borders. Ad hock mechanisms for identity verification for citizen service delivery. Loosely controlled service delivery systems of Government in absence of any field transaction mechanism.
India S.K.Sinha National Informatics Center 13 of 30 MNIC - Objectives Increasing national security Managing Residents and Citizens Identity Check illegal immigration Facilitating eGovernance
India S.K.Sinha National Informatics Center 14 of 30 MNIC - Implementing Agencies (Stakeholders) Ministry of Home Affairs Registrar General of India Ministry of Communication and Information Technology. National Informatics Center Provincial Governments District Level Government Bodies Village Level Government/Elected bodies
India S.K.Sinha National Informatics Center 15 of 30 MNIC Scope of Pilot Project Volume - 3 Million 22 selected sub-districts of 13 provinces. Most of them along the borders. Targets for Testing Technology Smart Card Secure Transaction Infrastructure Field Transactions User acceptance Roll out Model Business Model
India S.K.Sinha National Informatics Center 16 of 30 MNIC Scope of Costal Card Project Volume - 10 Million All costal villages To help strengthen costal security Enabling proof of Identity of fishermen off the coast.
India S.K.Sinha National Informatics Center 17 of 30 Indian National ID Card Roll Out Strategy 1 Preparation of National Citizenship Register Door to door survey for data collection. Capturing demographic details, photograph and finger print. Data screening and verification. Digital Signatures used for certification by local government bodies or PANCHAYAT (elected body at village level). Data transmitted and merged with the National Data Grid. Data Screening for de-duplication and purification. Digitally Certified by Country Registrar General.
India S.K.Sinha National Informatics Center 18 of 30 Indian National ID Card Roll Out Strategy 2 Smart Card features Security features (Cyber Security) PKI for Passive Authentication. Symmetric Key based access control for field transaction. Data is read open. Symmetric Key based Active Authentication (anti-cloning) Technical specification SCOSTA based Contact card with Microcontroller chip. 64 Kbyte EEPROM. Composite Plastic (PVC+PETG) Visual Design by National Institute of Design Centralized bulk personalization through outsourcing.
India S.K.Sinha National Informatics Center 19 of 30 MNIC - Process Framework Door to door data capture At Village Digitization & Verification At District National Data Grid Bulk Personalization And issuance
India S.K.Sinha National Informatics Center 20 of 30 MNIC The Road Ahead Coastal Areas are currently being covered. National Roll out to be taken-up with 2011 census. Intensive Industry Participation through PPP Finger Print standards to be finalized for 1:1 and 1:N match (for verification, identification and de-duplication).
India S.K.Sinha National Informatics Center 21 of 30 Ecosystem for a Smart Card Project Any Smart Card based eGovernance system/project requires a healthy ecosystem. Statutory and Legal Framework. Administrative Framework. Technology Framework. Security Framework. Testing and Certifying body. Transaction Management Framework Card Life Cycle Management
India S.K.Sinha National Informatics Center 22 of 30 Ecosystem for a Smart Card Project Statutory and Legal Framework. Projects like Driving License, National ID Card, Health Card etc, require a legal environment for their acceptability. Examples, Central Motor Vehicle Act and Rules. Citizenship Act. Information Technology Act. Health Insurance Act. Etc.
India S.K.Sinha National Informatics Center 23 of 30 Ecosystem for a Smart Card Project Administrative Framework. A pre defined user/citizen friendly process needs to be defined, implemented and followed. Adherence to processes needs to be monitored. Process change management to be brought into for wide user acceptability, system re-engineering might be required. An organization (preferably a new department within Government) behind the project.
India S.K.Sinha National Informatics Center 24 of 30 Ecosystem for a Smart Card Project Technology Framework Different technology components to be clearly earmarked, based on the project design. Technical specification of each component to be standardized and enforced. If required, statutory decree to be issued. Suggested to be based upon open standards. Control of Government over technology is crucial.
India S.K.Sinha National Informatics Center 25 of 30 Ecosystem for a Smart Card Project Security Framework Security framework for Smart Card projects require following. Framework to verify the authenticity of cards. Framework to protect the illegal card cloning. System to protect illegal card data tampering. Framework to allow authorized entities for performing card based transaction, and card data modification. Inspection system framework Solutions are Key Management System, Transaction Management System.
India S.K.Sinha National Informatics Center 26 of 30 Ecosystem for a Smart Card Project Increasing Confidence - Testing and Certifying body Smart Card based eGovernance projects require implementation in a vast geographic area (inter-province or inter-countries). Outsourcing is compelling, concern is cross-solutions interoperability between different vendors after the contract with one is over (Vendor Independence). Smart card based projects must be multi-application compatible. Standard Technology is a must. Implementing agencies require to ensure above inter-operabilities beforehand. Technology Interoperability and Compliance Testing by an authorized neutral body increases user confidence level beforehand.
India S.K.Sinha National Informatics Center 27 of 30 Ecosystem for a Smart Card Project Transaction Management Framework Smart Card applications require field transactions for delivery of various eGov services. A framework is needed to allow authorized agencies to perform field transactions. Devices need to customized and users to be trained for performing field transaction. Devises must be user friendly, citizen friendly, manageable for wide distribution, and secure against virus/trapdoors. SAM Management.
India S.K.Sinha National Informatics Center 28 of 30 Ecosystem for a Smart Card Project Card Lifecycle Management In a massive roll out, life cycle of each card to be maintained and monitored. Card Life Cycle Stages, Pre Perso stage Perso Stage Post Perso Stage Application Status. Lost Status Damaged Status.
India S.K.Sinha National Informatics Center 29 of 30 Ecosystem for a Smart Card Project Role of Government Evolving and standardizing Technology Standards (e.g. SCOSTA), for healthy competition among industry and level playing field for industry to grow. Enforcing Technology Standards through statutory decree. Providing a mechanism to Test and Certify the compliance of products to defined standards. Establishing Security Framework under its Technical and Operational control.
India S.K.Sinha National Informatics Center 30 of 30 Ecosystem for a Smart Card Project The Indian Example Statutory and Legal Framework. Administrative Framework. Technology Framework. Security Framework. Testing and Certifying body. Transaction Management Framework Card Life Cycle Management
India S.K.Sinha National Informatics Center 31 of 30 Thanks !!!!!