Post on 25-May-2015
CORPORATE PRESENTATION
By: Siddharth Mishra
AGENDA
Major steps in e-tendering
Advantages of e-procurement
Security loop holes in most e-procurement systems
Various types of data encryption and their pros & cons.
What is wrong with Bit encryption using PKI
Digital signatures.
Electronic Tendering is carrying out the traditional
tendering process in an electronic form like the
internet.
e- TENDERING
MAJOR STEPS IN e- TENDERING
PRE - WORK
Hoisting Tender Documents
Opening of Envelope
Evaluation & Recommendatio
n
Price Bid Opening
Awarding of Contract
•Mode of tendering
•Nomination of tender committee
•Defining tender documents & Defining auction rules
•Obtaining digital certificates for each T.C. member & Generation of pass words
•Defining of server timing of clock
• EMD – Earnest Money Deposit
•QR ( in case of open tender)
• Technical details & data sheets.
•Technical deviation details
•Price bid Opening
•On line generation of comparative statement.
•Defining of auction strategy / date / time / rules.
•Intimation of reverse auction date & time to vendors.
•On line evaluation of technical bids and QR.
•On line technical and QR clarifications
•Assessment of new vendor
•Off line TC recommendation for opening of price bids
•Hosting of tender documents & release and uploading of documents
•Defining tender schedule & Allowing download of tender document
•Preparation of bids on line
•Submission of bids on line
•Up –loading of bids
•Submission of EMD –off line ( on line possible where e- payment facility is available)
•Opening of bids – on line ( upon applying individual) digital certificates & pass words by tender committee)
E-Procurement is the purchasing of goods and services using the internet. It Covers full life cycle of purchasing (indent to receipt of goods)
e- PROCUREMENT
No geographical barriers - Any time, any where - Reduced operating and inventory costs as no physical barriers are there.
Cost efficiency - Administrative (reduced staffing levels in procurement) and Process Cost are reduced
Transparency - By Improved communication
Timeliness - Reduction in time to source materials
Competitiveness - Gaining competitive advantage by Enhanced decision making and market intelligence
e- PROCUREMENT ADVANTAGES
SECURITY LOOPHOLES IN MOST E-PROCUREMENT SYSTEMS
Poor/ flawed Bid-sealing/Bid-encryption methodology. (Confidentiality of Bid Data is compromised)
Rudimentary Online Tender Opening. ( Bid Data Tampering, Counter Sign not possible, Separate Display)
Systems do not have the functionality to accept encrypted (i.e., sealed) detailed bids.
Systems do not have the functionality for digital signing of important electronic records.
Functionality of the e-tendering system is limited (e.g., all types of bidding methodologies are not supported. Submission of supplementary bids (modification, substitution, and withdrawal)).
DATA ENCRYPTION
Encryption is the coding and scrambling of messages to prevent their access by unauthorized individuals.
Data is encrypted by applying a secret numerical code, called an encryption key, so that the data are transmitted as a scrambled set of characters. To be read, the message must be decrypted (unscrambled) with a matching key.
TYPES OF DATA ENCRYPTION
Symmetric key encryption: The sender and receiver create a single encryption key that is shared.
Public key encryption: A more secure encryption method that uses two different keys, one private and one public.
DATA ENCRYPTION PROS
Separation: Data encryption allows the data to remain separate from the device security where it is stored.
No Data Breaches: Data ensures protection of intellectual property and other similar types of data.
Encryption Is On The Data: Because the encryption is on the data itself, the data is secure regardless of how it is transmitted.
Encryption Equals Confidentiality: Encrypting data means that it can only be read by the recipient who has the key to opening the data.
DATA ENCRYPTION CONS
Encryption Keys If one lose the key to the encryption, he/she have lost the data associated with it.
Expense: Data encryption can prove to be quite costly because the systems that maintain data encryption must have capacity and upgrades to perform such tasks.
Unrealistic Requirements: It is important to understand the restraints imposed by data encryption technology, otherwise unrealistic standards and requirement will jeopardize data encryption security.
Compatibility: Data encryption technology can be tricky when layering it with existing programs and applications. This can negatively impact routine operations within the system.
PROBLEMS IN BIT ENCRYPTION USING PKI
Private Key – It is available with the concerned officer before the Public Tender Opening Event.
1. If a clandestine copy of a bid is made before the ‘tender opening event (TOE)’, and if the concerned tender-opening officer (TOE-officer) connives in decrypting the bid before the TOE, the confidentiality of the bid is compromised.
2. If the concerned TOE officer(s) is/ are absent during the TOE, how will the bids be decrypted especially keeping in view that the private-keys should not be handed over to anybody else.
CONT’D…
Public Key with which bid-encryption is done, is available publicly –
1. The easy availability of the public key makes the data encrypted with it vulnerable to Attack.
Public Key algorithms are slow –1. As a result many e- Tendering systems which use PKI for
bid-encryption, use mainly an encrypted online-form for bid submission, and do not have facility for an encrypted detailed bid (e.g. detailed technical bid as a file), along with the online form. As a result, the detailed bid is either not submitted, or it is submitted in unencrypted form.
DIGITAL SIGNATURE It is a digital code attached to an electronically transmitted
message that is used to verify the origin and contents of the message.
A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a user's identity.
A digital signature is issued by a Certification Authority (CA) and is signed with the CA's private key.
A digital signature typically contains :
1. Owner's public key
2. Owner's name
3. Expiration date of the public key
4. Name of the issuer (the CA that issued the Digital ID),
5. Serial number of the digital signature
6. Digital signature of the issuer.
DIGITAL SIGNATURE - ADVANTAGES
Non Repudiation – Signer cannot refuse that he didn’t Digitally Sign a Document
Any change in the document, tampers Signature
Sign 1000’s Page document on a Click
Sign any number of documents with 1 Digital Certificate
DIGITAL SIGNATURE
Assemble
SignedMessage
f899139df5e1059396431415e770c6dd
Digest
Hash
SignatureEncrypt
Rs.100/-Only
Message
Key pair
SELLERS
Public Key
Private Key
DIGITAL SIGNATURE VERIFICATION
Retrieve Public Key
SignedMessage
Buyer – Govt. Dept
Rs.100/-Only
Signature
Message
f899139df5e1059396431415e770c6dd
DigestDecrypt
Digest
f899139df5e1059396431415e770c6dd
Valid, If matchesInvalid, if doesn't
DIGITAL ENCRYPTION/DATA ENVELOPING
Retrieve Public Key
Sellers Buyer – Govt. Dept.
Rs.100/-Only
SignedMessage
Key pair
Public
Private
Encrypt
EncryptedMessage
CXV;ZJ'#RTS%N
M:!jdt2 O:<Hti&
5I;e(T)$k>V;TS%NM:!jdt2O<Hti&5I;e(T)#$k>ioSD76%
$
Transmit
EncryptedMessage
CXV;ZJ'#RTS%NM:!jdt2 O:<Hti&5I;e(T)$k>V;TS%NM:!jdt2O<Hti&5I;e(T)#$k>ioSD76%$
Decrypt
Rs.100/-Only
SignedMessage
SOURCES INCOME TAX INDIA -
incometaxindiaefiling.gov.in/portal/faq_signature.do MANAGEMENT INFORMATION SYSTEM eProcurement-Integrity-Matrix - eProcurement-Integrity-Matrix-
Rev-9-CVC-V-2.pdf? http://www.spamlaws.com/pros_cons_data_encryption.html http://www.purchasing-procurement center.com/e-procurement-
advantages.html http://dqindia.ciol.com/content/top_stories/2011/211112405.asp
THANK YOU