(Theme: PKI Enabled Digital Banking and Financial Services)
Mrs Debjani Nag is currently holding the post of Controller of Certifying Authorities in the Department of Electronics and Information Technology. Her responsibilities include the implementation of the provisions of the Information Technology Act for authentication of electronic transactions in E-Commerce & E-Governance in the country.
Earlier she has worked in National Informatics Centre on the development of Electronic Commerce & Security solutions and the development of Messaging Systems in the ERNET project.
Dr N Sarat Chandra Babu is presently the Executive Director of CDAC, Bangalore. He is leading the teams with R&D projects in the areas of Cloud Computing, Grid Computing, High-end security solutions, Realtime systems in Power sector, Heritage Computing and Ubiquitous Computing. Prior to this assignment, he was the Director of CDAC, Hyderabad, responsible for establishing the centre right from the beginning and transforming it into a vibrant R&D and training centre.
SmtHarshprabha Aggarwal is Scientist ‘G’ at the Office of Controller of Certifying Authorities (CCA), Ministry of Communications & Information Technology. She is responsible for policy and enforcement at CCA. She has over 31 years of experience in various sectors of GoI. She was with STPI and Trade & Industry (Telecom side) with her IES entry to the GoI. She has worked with various Government Institutions and also the Ministry of Communications & Information Technology.
She holds a degree in engineering from Thapar University, a P.G. Diploma in Cyber laws from Indian Law Institute and an Advanced Professional Program in Public Administration from Indian Institue of Public Administration (IIPA).
Shri B S Bindhumadhava is presently working as Associate Director, Computer Networks and Internet Engineering Group at C-DAC Bangalore. He had previously worked with Real Time Systems and Smart Grid and has executed a number of projects. Prior to joining CDAC, he had earlier served as Asst. Manager, Systems Engineering, Tata Company, Industrial Automation Bangalore. He has 27 years of experience in R&D planning, system design, development and deployment of Real time technologies.
He is the Chair of IEEE Bangalore Chapter. Earlier he had served as a Chairman of Computer Society of India, Bangalore Chapter. and is also a member of ACM. He has more 30+ publications in International and National conferences.
Sivakumar is a Professor at the Computer Science and Engineering Department at IIT Bombay. His research interests include various applications of Logic in Computer Science. His current focus of work is on formal verification of safety critical real-time systems for which a Centre has been setup recently at IIT Bombay.
He has guided a number of PhD students under him, and has a number of publications. He’s a big fan of GNU/Linux and Free Software and along with IBM and C-DAC has helped to setup at Mumbai the Open Source Software Resource Centre
He has given lectures on Internet Security and Cryptographic Protocols under the IEEE Distinguished Lecture Program, at several universities in Australia and NewZealand in the year 2002.
Prof. Sivakumar gave a Technical Session on: Challenges for PKI: IoT, Blockchains. He talked about three platforms in which the 1st platform included Mainframes, Computers and Terminals, 2nd platform included the basic client-server usage and 3rd platform included the SMAC(Social, Mobile, Analytics, Cloud)+IoT(Internet of Things) . Major part of the session was on giving importance to the security concerns that are associated with IoT.
Dr. Zia Saquib is the Executive Director of C-DAC Mumbai.He is also in theWorking Groups of many of the e-Governance Standards of Government of India. His current research interests are in the areas of network security & biometrics. He is leading the project on e-Pramaan – an authentication
In his earlier career, he had worked with multi-national organizations in the United States of America, in various positions, including the CTO of Infotec, in Florida.
Dr. N.P. Dhavale, Deputy General Manager in the Institute, is a Fellow of the Indian Institute of Management, Calcutta. He has a Doctorate in Management with specialization in MIS and Finance. He is an M.Tech., from IIT, Madras, and B.E. Computer Engineering from University of Bombay.
Prior to becoming a Doctoral Fellow at IIM Calcutta from 1995 to 2000, he was a Deputy Manager in the Avionics Division of Hindustan Aeronautics Ltd., Hyderabad for seven years.
He has visited Curtin University of Technology, Perth, Western Australia, during August-November 1999 under the Visiting Research Fellowship Programme of IIM Calcutta and Curtin University. His research interests include Intelligent Agents, Artificial Intelligence, Expert Systems and Decision Support Systems in Finance.
Dr. N P Dhavale Technical Session was related to explaining the works of IDRBT. He talked about the IDRBT acting as a Certifying Authority(CA) that is IDRBT CA issues certificate to bank and financial institutions for Payment System Application of the Reserve Bank of India.
Dr. N P Dhavale talked about the opportunities for the use of PKI in banking like in Bank’s CBS, Intra Bank Transactions- customer initiated etc, he also talked about the challenges that are experienced while using PKI in banking; Crypto token issues, Consequences of key compromise etc and what are the issues of certificates to customers like KYC cost is already factored in and is incrementally near zero, for CAs major cost is towards verification of the customer credentials.
Mr. Srinivasan is the Founder Chairman of eMudhra Limited since its inception in 2008. Prior to this, he was the Managing Director and Global Chief Executive Officer of 3i Infotech since April 1999. Within a span of just ten years, he turned 3i Infotech into a global technology company having revenue of above USD 500 million, with over 10,000 employees servicing a large number of customers in over 50 countries across 5 continents. Having travelled widely around the world, he has a deep understanding of global business issues.
Mr. Srinivasan combines a comprehensive mix of academic qualifications and professional experience. He is a graduate in Mathematics from Madras University and secured the First Rank in the university. Apart from being a rank holder in the Chartered Accountancy examination, he is also a qualified Cost and Works accountant and a Company Secretary. He had also attended the Executive Development Programme at the Kelloggs School of Management in Chicago, USA.
Mr. Srinivasan had also authored a book titled “New Age Management Philosophy from Ancient Indian Wisdom” based on his learning from the Thirukural, a 2000 year old Indian text.
Mr. V Srinivasan technical session was on "Highly Secure Paperless Banking with high cost optimization using PKI". He included various Agendas: Evolution of Automation in Banking, Security in Online Banking, Going Paperless, use cases in Banking Insurance Mutual Funds and Brokerages and he talked about eMudhra. In Automation of Banking he included four stages; Branch Banking, Semi-Automated Banking, Centralized Core Banking, Mobile and Anytime Banking.
Mr. V Srinivasan also talked about the security challenges these challenges include- Hacking Threats, Man-in-the middle attacks, Phishing attacks, Email Fraud and Impersonation Fraud.
He talked about the traditional way working of banks and emphasized on going paperless that will reduce cost and time, Authenticity, Non-repudiation, Traceability and Validation. They talked about E-Sign and gave a demo which allows a Aadhar holder to authenticate himself and digitally sign documents using mobile OTP or biometrics.
Mitesh Radia is currently working with NPCI for Product Development
Earlier he worked for Development of software - ATMs
Mr. Mitesh Radia holds B.E degree in Electronics & Communication
Mr. Mitesh Radia Technical Session was on "PAYEMENT SECURITY USING PKI". He talked about the key management, Application- Session Setup[SSL/TLS], Application Message level security, Digital Signatures and Digital Certificates- X509.
He explained the Static Data Authentication using EMV in which there are three entities namely issues, customer and acquirer. The Issuer issues the card to the customer and acquirer is the one who acquires the transaction then issuer generates the key-pair (public key and a private key). There will be some data which will be signed using the issuer private key and the signed data goes into the chip and the public key of the issuer which will be signed by the CA also goes into the chip. Whenever the ATM card is dipped into the terminal the chip data is read and using the CA public key the issuer public certificate is trusted first and if it is valid then using that public key of the issuer the static data is trusted.
Only one public key is residing on the system and using that single public key we can verify the chips of all the banks. The flaw in this system is that we can easily copy the entire chip data into a different chip and to overcome this every transaction should be unique. For every transaction, a random number is generated which is encrypted and sent to the terminal and later the terminal verifies the random number. So, using the EMV chip every transaction is unique.
He also talked about the Tag/Reader Security : Toll Plaza Validation. In this system, every vehicle will be affected with RFID tag and there is a memory block which can’t be copied from one tag to another, every tag has its own uniqueness. Two key pairs are created one for issuer and one for CA. The first pair is used to sign the data which is fixed and it can’t be copied and then the signed data is written on the tag. ECC is used to sign the data to reduce the signature footprint. Now, the issuer and CA public key goes to the reader so whenever any vehicle passes by the toll plaza, toll plaza will read the memory and it will verify the keys and then it will verify the data which is written on the tag whether it is changed or not.
Dr. Anil Kumar Sharma is an Adviser in Department of Statistics and Information Management handing Data Warehouse of Reserve Bank of India. His prior assignment include as General Manager in Department of Information Technology where he was GM-in-charge of Payment Systems. He has been closely associated with the implementation of ISO 20022 messaging standards as well as PKI in Next-Generation Real-Time Gross Settlement System (NG-RTGS) in India. He was the Convenor of the “Report on Enabling PKI in Payment Systems Applications” which was published in April 22, 2014 on RBI Website.
Dr. Sharma holds Ph.D. in Economics from Mumbai University and Masters Degree in Statistics from University of Delhi. He was awarded “CheveningGurukul Fellowship in Leadership and Excellence” by the UK Government in the year 2014 for his contribution in fields of IT, Payment Systems, External Sector and Corporate Sector.
Dr. Anil K Sharma talked about payment systems which will be PKI enabled like Real Time Gross Settlement, NEFT, CTS, CBLO etc. Dr. Anil K Sharma also talked about the current systems which are not PKI enabled like MICR and NON- MICR clearing systems, ECS- debit and credit clearings, IMPS.
Dr. Anil K Sharma showed the statistics of the Payment Systems which has about 94.5% of the total value which is being settled by the PKI enabled systems, about 61% transactions are card related which are being settled without PKI enabled systems.
Dr. Anil K Sharma also talked about the three-different classed being used in the PKI implementation in the RTSG payment systems like Thick Client Security, Web Service API Client Security and Browser based client security.
K. SrinivasaRaghavanis Scientist-F working in National Informatics Centre, a premiere S & T institution of the Government of India since 1988. He is presently stationed at Chennai and has wide experience of serving in various portfolios across the country including districts, State, Central Projects. The major domains include Customs and Central Excise, Ministry of Defence Projects, electronic procurement across the country.
He has experience in design, development and deployment of various software and integrated services based on the needs and requirements at various levels of State and Central Government Sector.
For the last eight years, he is heading the eProcurement Product development and countrywide implementation of NIC’s eProcurement system GePNIC (Government eProcurement System of National Informatics Centre) which has presence in 27 States and Union Territories and is also used by around 200 Central Govt entities.
The Technical Session was given on the topic of "PKI enabled e-Procurement with PG integration". The session included the Procurement Background in India and the background of NIC eProcurement. It included the benefits for Procuring entities that includes Greater Transparency, Shortened Procurement Cycles, Cost Savings, aided Evaluation process, Automated Process to a greater extent, On the fly reports, etc..
Integrity and Authenticity are ensured using Digital Signing of all documents, which improves the work culture in the departments and reduces litigation. It gives the benefits for Suppliers/Contractors/Bidders like Free of cost registration and participation, Anytime & Anywhere Bidding, Fully Secured and Standardized Process, Automatic Tender Alerts and Status Alerts, Zero Administrative Hassles etc…
The various Features of the -NIC Procurement System are Adhering to PKCS 7 format standards as per CVC Guidelines, Scalable Infrastructure, Web Based, Web Security SSL Technology, Time Stamping of all events, backup facility with disaster recovery, role based access implementation, SaaS model, Security audited by STQC and various other CERT-IN agencies. The session included steps which are required for the Authentication Mechanism in GePNIC which are; User Registration, Two factor Authentication using PKI, Unique login ID check, Valid Class 2 or Class 3 DSC under CCA India, Once the DSC is attached, the Public Key details of the DSC is stored against the user, Signing certificate is registered first then encryption. This session also explained about how PKI helped in Bid encryption.
He is currently managing PKI Datacenter, and involved in project management, operations, Business Development, Software projects, online portals, Identity management solutions for large scale Governments.
Mr. Girdhar M Varliani Technical Session was on the topic of "Protecting Transactions and Data in Virtual World using PKI".
He talked about the working of (n)code Solutions as in IT Division of GNFC Ltd which is a 4600+ Cr Organization, a Licensed Certifying Authority since 2004 to issue Digital Signatures, it is empaneled to provide eSign Services, an IT Framework is provided to Customers in African Countries and NICSI Empanelled for DSC Issuances.
Explained the working of (n)code Solutions as a CA which included PKI, Time Stamping, E-Sign, e-Tendering, e-Auctioning, e-Security, e-Surveillance and Comprehensive e-Governance Solutions.
Also explained about the PKI Ecosystem which included the RCAI, CA , RA and Other different Entities. Also talked the Certificate Details which consisted of three different categories like DSC, SSL and Special Certificates.
PKI Potential Usages are Banking, E-Biz, Office Applications, Education, E-Governance, Healthcare, ERP and SCM. E-Biz includes Online Auctions, Online Contracting and Security for Traditional EDI. Banking includes Electronics Funds Transfer, Letter of Credit, Statement Delivery etc. Office Applications include Transforming to paperless office, Secure Email Communication. E-Governance includes Online Tax payments, Government approvals and clearances etc. Healthcare includes Online medical advices, Secure storage and authenticated access to health records and Privacy of Medical Transcriptions.
The challenges in PKI which consisted of Achieving paperless computing, UIDAI to improve authentication services, Mobile PKI out of reach, RCAI yet to be listed in major browsers and low understanding on Judiciary process for PKI.
Talked about the basic PKI Enablement and further it has certain requirements like basic requirements which includes identify toolkit, download trust chains and verify thumbprints, schedule CRL download and DSC Validation Requirements
Sunil P is a Deputy Manager (Systems) of State Bank of India. He joined as Asst. Manager (System) in SBI on February 2008 and posted in Operations Payment Systems Department State Bank GITC, Belapur. Earlier he was promoted as Deputy Manager (Systems) on November 2012.
Earlier he was the System Administrator for Bank’s RTGS Application, co-ordinating with RBI/IDRBT for implementing any changes related to RTGS. He had also served as RA (Registration Authority) Officer for issuing Digital Certificate from IDRBT for Corporate Center Employees.
Mr. Sunil P gave Technical session on the topic of "Digital Certificates in Payment Systems".
He explained about the Payment System Products like RTGS and NEFT. The Structured Financial Messaging System(SFMS) is a platform which both these applications are using, it is a secure messaging standard developed to serve as a platform for inter-bank applications, this is like the SWIFT (Society for World-wide Interbank Financial Telecommunications) which is an international messaging system used for financial messaging globally.
He talked about the SFMS features like it is a secured communication, digitally signed encrypted messages are transferred between the banks and they use a specified message format, Unique Identification- Unique Transaction Reference is generated every time for tracking purpose and every participants is uniquely identified by the IFSC code.
He gave an overview on the SFMS Application, the first level was the Core Banking System and that was generating the financial transactions for NEFT and RTSG, once it was generated it will go to SMFS gateway and which is a part of bank system then it will validate the message and it will be sent to RBI through IDRBT message hub. All messages are going in encrypted format only which is using Asymmetric Key Encryption and explained the feature of RTGS system which is fully in State Through Processing mode(STP), supports High volume of Transactions.
He gave a Security Overview of the SFMS like the messages which are received from the banks should be digitally signed and verified at SFMS application end and talked about how the Authenticity, Confidentiality, Non-repudiation and Integrity can be maintained using the SFMS Application.
He also explained the Secure Messaging flow of SFMS over INFINET, Banks submit the message with the UMAC then SFMS verifies and encrypt message and it will sent to IDRBT SFMS hub and hub will for format the message to RBI for settlement and the acknowledgement will flow back to the originator and the original message will forwarded to beneficiary bank later the beneficiary bank will decrypt and verify the message and then send it to the core bank.
Mr. L R Prakash is presently the Director of CDAC, Chennai.
In his earlier career, he had worked in Indian Navy, Since 1991. He has been in leadership roles in maintenance, production floors and service delivery for over 15 years. He was commissioned in the Indian Navy in 1991 as an Electrical Engineer. His areas of work have included maintenance of weapon systems, shipboard machinery and in the Naval Dockyard. He was selected as an instructor at the Electrical Training of the Navy. has been certified in Project Management, Networking and Information Security. For the past decade, he has been involved with IT infrastructure setup and operations, enterprise software frameworks, and Identity Management and Access Control in the Armed Forces. He has extensive experience with steering large scale technical projects. He also has been associated with projects in signal processing, instrumentation and electronic design in the Navy. He has a wide range of IT-based qualifications in networking and security. He also has steered the project SCOSTA based ID Card system for the Armed Forces with CDAC NOIDA. He has represented the Navy in national-level committees involved with cyber security. He has undergone training in Project Management, Quality Assurance and ISO 9001 as well as ISO 27001.
Mr. L R Prakash holds M.Tech in Microwave Signals & Systems Indian Institute of Technology, Kharagpur and B.Tech in Electrical Engineering Naval College of Engineering, Lonavla
Mr. L R Prakash talked about the e-Sign Applications like the Online Citizen Centric Services which the bank sector has been leading the way in bringing the customer transactions services online, security and legal aspects are primacy and without the customer signature, the transfer of services to online media is limited.
He briefed about the E-Sign like it can be used as a legal way of digitally signing the documents without using registering for DSC, E-Hastakshar initiative allows anyone having valid Aadhar ID or a Biometric and registered mobile number to digitally sign documents on-line and the architecture of e-Hastakshar included the web interface, the e-Sign interface, the back end is the e-Sign service provider and the UIDAI authentication plays a major role in it.
The web interface sends the request for signing something, the e-Sign interface checks whether it is a valid request, what are the documents which needs to be signed, the security formalities and it gets the UIDAI authentication and then the e-Sign service provider instantly generates the key-pairs, signs it and hands it back.
Mr. S. Bhattacharjee(Bhatta) has 34+ years of accomplished career as techno-entrepreneur and corporate experience in the IT industry with Cisco, IBM, Tektronix & Wipro. He has gone through several Strategic Management programs at Michigan Business School at University of Michigan, USA. and IIM Ahmedabad. He is a graduate in Computer Science from BITS, Pilani.
He opted out of the corporate world and plunged into e-Governance initiatives of various state governments, Government of India and World Bank to engage technologies in social sector reforms. 11 years in the e-Governance sector he has been deeply engaged in implementation of core ICT infrastructure like State Wide Area Network, State Data Centre and IT solutions for effective delivery.
In last 6+ years, since inception of Aadhaar initiative by UIDAI, he has been engaged by Centre for e-Governance, Government of Karnataka to implement Aadhaar projects in the state. In this current endeavor, he is engaged in architecting Open source based Karnataka Resident Data Hub (KRDH) platform to enable Aadhaar based service delivery by the line departments and creating cross-linking repository of beneficiaries across government schemes in order to weed out duplicate, bogus beneficiaries and violations of eligibility.
He talked about the eSign in e-Governance Services, also he talked about the present current scenario of PKI in e-Governance like G2C, G2G, HRMS, e-Procurement and Treasury Department. What are the current limitations of the current Scenario and the new Paradigm of the e-Sign which included new features like new One Time password and Biometric and how the eSign will work in Stand-alone mode.
He talked about the challenges and Issues in eSign which included Bulk Signing, Multiple signature in a document, same signature in multiple pages etc..
Abdul Raoof Khan from Sify Technology heads the western region. He takes care of the Safescrypt business activities also.
Abdul Raoof Khan gave his technical session on "PKI Data Protection for BFSI". He talked about various impact of Threats that are upon the data and the how to control them. The data protection should be centric like limited use of sensitive data, encrypt sensitive data at transit, encrypt sensitive data at rest, keep the integrity, digitally sign for non-repudiation etc.
Also PKI needs secure key management as in the proof of ownership should be there, trusted key lifecycle, no lost keys, disaster recovery etc.
He talked about the trending projects in Indian market which includes PKI Pinpad Readers which is used as an extended Pinpad in corporate banking and secure Bluetooth pairing, Another project was Display Cards which is having Main driver that is used to combat CNP fraud. The Unique features in this is that it manages the batch and telephone orders. Another project was New Form Factors which is nothing but a Wristband paired to the galaxy Note 4 to show corporate uses and this project includes secure email, digital signature of documents and data protection.
Dr. Balaji Rajendran is working as a Senior Technical Officer at Centre for Development of Advanced Computing, Bangalore. He has more than 14+ years of experience in Research and Development and has executed funded projects in the domain of Information Security, Community Computing, and Applied AI. He is currently leading the project on PKI Body of Knowledge: Development and Dissemination.
He has published several papers in National and International Conferences. He has been selected by Internet Society, the parent body of IETF, for its Next Generation Leadership Program in 2012. He was also selected by Asia Productivity Organization, Japan for a short course on Information Security Management Systems and certified in 2012.
Dr. Balaji R gave his technical session on PKI Body of Knowledge. He talked about the few general facts about the PKI and talked about the PKI Ecosystem which included Authentication, Procurement, Secured Transaction, Governance and Tax returns.
The frameworks of PKI was explained which included Algorithms, Protocols, Standards, Policies, Laws and Applications. PKI barometer was explained thoroughly. He talked about the contents developed which included code snippets and kits comprising of bookmarks, crossword puzzles, glossary, FAQ and movies.
The PKI Knowledge Dissemination Program(KDP) are of three types; Awareness Program, Training Program and Conference.
Advocate Vicky Shah currently working as Senior Manager Risk Management at National Payment Corporation of India (NPCI). He was Founder of The EAGLE EYE – Law Firm and THE EAGLE EYE – Information Security Consulting.
Advocate Vicky Shah has over 12.5 years of both Technical experience and Legal knowledge and required skillsets in the Information Security Domain specializing in Cyber Security, Cyber Crime Investigations, Cyber Law and Cyber Forensics.
Advocate Vicky Shah has authored and published a book on Awareness and Prevention of Cyber Crime “Are You Protected?” – The HANDBOOK.
Advocate Vicky Shah has handled incidents related to Computer Related Offences and practices in Criminal matters of Computer Related Offence and Civil Matters related to Computer Related Offences (Contraventions/Damages to be claimed) at Information Technology Adjudicating Office pan India under provision of IT Act, 2000 and competent authorities in past.
Advocate Vicky Shah has worked as former Head/In-Charge Cyber & Digital Forensics & Asst. Professor, Institute of Forensic Science, Mumbai, Government of Maharashtra, former Manager DSCI – Cyber Labs, Senior Associate – Cyber Security and Compliance, NASSCOM and was involved and engaged in training over 7500 police officers, Judiciary, Public Prosecutors, etc... in Cyber Crime Investigation Techniques and Prevention Methodology.
Advocate Vicky Shah gave the technical session on "Best Practices in use of Digital Signatures". Agendas included Issues in E-Contracts, Concerns, Myths and Reality, Legal Recognition of Digital Signature and Precaution to Protect Digital Signatures.
What are the issues in E-Contracts, Concerns, Myths, Reality, the legal recognition of digital signature, uses of digital signature.
He talked about the E-Hastakshar that is C-DAC On-line digital signing service which allows citizens to instantly signing of their documents securely in a legally acceptable form. C-DAC through its e-Hastakshar initiative allows citizens with valid Aadhar ID and registered mobile number to carryout digital signing of their documents on-line. As a provider of Digital Signature Certificate and eSign services, C-DAC plays the role of a Certifying Authority(CA) under the Controller of Certifying Authorities(CCA).