1 / 31

ID Based Smart Card Projects

ID Based Smart Card Projects. A success story. The Indian Success Story - Necessity the Mother of evolution. Started with the need of Interoperable Smart Card based Driving Licenses – Year 2003 Problem Statement – “Licenses issued from one province are non readable/writable in other states”

ashby
Download Presentation

ID Based Smart Card Projects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ID Based Smart Card Projects A success story

  2. The Indian Success Story- Necessity the Mother of evolution • Started with the need of Interoperable Smart Card based Driving Licenses – Year 2003 • Problem Statement – “Licenses issued from one province are non readable/writable in other states” • Different solutions in States with proprietary vendor driven technologies. • Total Vendor dependence, for all time to come. • NIC helped MoRT&H for bringing it out of these issues. • National Standards were named SCOSTA (Smart Card Operating System Specification for Transport Applications). • Were notified by Government of India, Ministry of Transport for national roll out. S.K.Sinha National Informatics Center

  3. The Indian Success Story- SCOSTA • A truly open standard for Smart Card OS. • Owned and maintained by National Informatics Center, Government of India. • Available at http://scosta.gov.in • No patent or royalty issues. • Based on international standards ISO 7816 for smart cards. • All open issues are plugged, fully implement ready. • Is uniformly applicable for all ID base project requirements. S.K.Sinha National Informatics Center

  4. The Indian Success Story -SCOSTA Drivers • National ID Card • 3 Million (Pilot Project), 10 Million Coastal MNIC, 1.1 Billion total • ePassport • 10 Million per year • Driving License • 60 Million per year • Vehicle RC • 180 Million per year • Rural Health Insurance Card • 60 Million • Rural Employment Guarantee Card • 90 Million • Public Distribution System • 140 Million S.K.Sinha National Informatics Center

  5. Role of NIC • Help creating a healthy eco-system • Technology framework • Policy framework • Legal/Statutory framework • Security Framework • Field Transaction Framework S.K.Sinha National Informatics Center

  6. Technology Framework • Evolving OS Standards (SCOSTA, SCOSTA-CL, ICAO specific etc) • Setting up testing and certification facility to test the compliance and other necessary requirements. • Suggesting best applicable chip technology in terms of Interfaces, Capacity, Advanced requirements. • Suggesting role-out model for personalization techniques and card related processes. S.K.Sinha National Informatics Center

  7. Policy Framework • New policies in terms of • Card Issuance • Beneficiary Service delivery processes • Security Policies • Operational policies S.K.Sinha National Informatics Center

  8. Legal/Statutory framework • Provisioning of Acts, Rules and Regulations to institutionalize the new technology • Amendments of existing laws S.K.Sinha National Informatics Center

  9. Security FrameworkKey Management System • Security Framework to establish following • Enabling the user organisation to authenticate the identity of the beneficiary with through Smart Card in an offline mode. • Enabling the user organisation to authenticate the card and protect illegal card cloning. • Protecting the card data against forging and tampering. • Enabling the authorized representatives to modify data in order to perform field transaction. S.K.Sinha National Informatics Center

  10. Field Transaction Framework • Evolving right specifications for POS Devices. • Tight coupling with the Key Management System. • Appropriate networking enablement. • Appropriate Human Resource to operate devices. • Uniform Application specification S.K.Sinha National Informatics Center

  11. MNIC S.K.Sinha National Informatics Center

  12. MNIC The Indian National ID Card - Background • No proper mechanism for proof of citizenship status and identity. • Every day problems in managing vast and porous borders. • Ad hock mechanisms for identity verification for citizen service delivery. • Loosely controlled service delivery systems of Government in absence of any field transaction mechanism. S.K.Sinha National Informatics Center

  13. MNIC - Objectives • Increasing national security • Managing Residents and Citizens Identity • Check illegal immigration • Facilitating eGovernance S.K.Sinha National Informatics Center

  14. MNIC - Implementing Agencies (Stakeholders) • Ministry of Home Affairs • Registrar General of India • Ministry of Communication and Information Technology. • National Informatics Center • Provincial Governments • District Level Government Bodies • Village Level Government/Elected bodies S.K.Sinha National Informatics Center

  15. MNICScope of Pilot Project • Volume - 3 Million • 22 selected sub-districts of 13 provinces. • Most of them along the borders. • Targets for Testing • Technology • Smart Card • Secure Transaction Infrastructure • Field Transactions • User acceptance • Roll out Model • Business Model S.K.Sinha National Informatics Center

  16. MNICScope of Costal Card Project • Volume - 10 Million • All costal villages • To help strengthen costal security • Enabling proof of Identity of fishermen off the coast. S.K.Sinha National Informatics Center

  17. Indian National ID CardRoll Out Strategy 1 • Preparation of National Citizenship Register • Door to door survey for data collection. • Capturing demographic details, photograph and finger print. • Data screening and verification. • Digital Signatures used for certification by local government bodies or PANCHAYAT (elected body at village level). • Data transmitted and merged with the National Data Grid. • Data Screening for de-duplication and purification. • Digitally Certified by Country Registrar General. S.K.Sinha National Informatics Center

  18. Indian National ID CardRoll Out Strategy 2 • Smart Card features • Security features (Cyber Security) • PKI for Passive Authentication. • Symmetric Key based access control for field transaction. • Data is read open. • Symmetric Key based Active Authentication (anti-cloning) • Technical specification • SCOSTA based Contact card with Microcontroller chip. • 64 Kbyte EEPROM. • Composite Plastic (PVC+PETG) • Visual Design by National Institute of Design • Centralized bulk personalization through outsourcing. S.K.Sinha National Informatics Center

  19. MNIC- Process Framework National Data Grid Digitization & Verification At District Bulk Personalization And issuance Door to door data capture At Village S.K.Sinha National Informatics Center

  20. MNICThe Road Ahead • Coastal Areas are currently being covered. • National Roll out to be taken-up with 2011 census. • Intensive Industry Participation through PPP • Finger Print standards to be finalized for 1:1 and 1:N match (for verification, identification and de-duplication). S.K.Sinha National Informatics Center

  21. Ecosystem for a Smart Card Project • Any Smart Card based eGovernance system/project requires a healthy ecosystem. • Statutory and Legal Framework. • Administrative Framework. • Technology Framework. • Security Framework. • Testing and Certifying body. • Transaction Management Framework • Card Life Cycle Management S.K.Sinha National Informatics Center

  22. Ecosystem for a Smart Card ProjectStatutory and Legal Framework. • Projects like Driving License, National ID Card, Health Card etc, require a legal environment for their acceptability. • Examples, • Central Motor Vehicle Act and Rules. • Citizenship Act. • Information Technology Act. • Health Insurance Act. Etc. S.K.Sinha National Informatics Center

  23. Ecosystem for a Smart Card ProjectAdministrative Framework. • A pre defined user/citizen friendly process needs to be defined, implemented and followed. • Adherence to processes needs to be monitored. • Process change management to be brought into for wide user acceptability, system re-engineering might be required. • An organization (preferably a new department within Government) behind the project. S.K.Sinha National Informatics Center

  24. Ecosystem for a Smart Card ProjectTechnology Framework • Different technology components to be clearly earmarked, based on the project design. • Technical specification of each component to be standardized and enforced. If required, statutory decree to be issued. • Suggested to be based upon open standards. • Control of Government over technology is crucial. S.K.Sinha National Informatics Center

  25. Ecosystem for a Smart Card ProjectSecurity Framework • Security framework for Smart Card projects require following. • Framework to verify the authenticity of cards. • Framework to protect the illegal card cloning. • System to protect illegal card data tampering. • Framework to allow authorized entities for performing card based transaction, and card data modification. • Inspection system framework • Solutions are Key Management System, Transaction Management System. S.K.Sinha National Informatics Center

  26. Ecosystem for a Smart Card ProjectIncreasing Confidence - Testing and Certifying body • Smart Card based eGovernance projects require implementation in a vast geographic area (inter-province or inter-countries). • Outsourcing is compelling, concern is cross-solutions interoperability between different vendors after the contract with one is over (Vendor Independence). • Smart card based projects must be multi-application compatible. • Standard Technology is a must. • Implementing agencies require to ensure above inter-operabilities beforehand. • Technology Interoperability and Compliance Testing by an authorized neutral body increases user confidence level beforehand. S.K.Sinha National Informatics Center

  27. Ecosystem for a Smart Card ProjectTransaction Management Framework • Smart Card applications require field transactions for delivery of various eGov services. • A framework is needed to allow authorized agencies to perform field transactions. • Devices need to customized and users to be trained for performing field transaction. • Devises must be user friendly, citizen friendly, manageable for wide distribution, and secure against virus/trapdoors. • SAM Management. S.K.Sinha National Informatics Center

  28. Ecosystem for a Smart Card ProjectCard Lifecycle Management • In a massive roll out, life cycle of each card to be maintained and monitored. • Card Life Cycle Stages, • Pre Perso stage • Perso Stage • Post Perso Stage • Application Status. • Lost Status • Damaged Status. S.K.Sinha National Informatics Center

  29. Ecosystem for a Smart Card ProjectRole of Government • Evolving and standardizing Technology Standards (e.g. SCOSTA), for healthy competition among industry and level playing field for industry to grow. • Enforcing Technology Standards through statutory decree. • Providing a mechanism to Test and Certify the compliance of products to defined standards. • Establishing Security Framework under its Technical and Operational control. S.K.Sinha National Informatics Center

  30. Ecosystem for a Smart Card ProjectThe Indian Example • Statutory and Legal Framework. • Administrative Framework. • Technology Framework. • Security Framework. • Testing and Certifying body. • Transaction Management Framework • Card Life Cycle Management S.K.Sinha National Informatics Center

  31. Thanks !!!!! S.K.Sinha National Informatics Center

More Related