Corporate presentation ver final 1.0

22
CORPORATE PRESENTATION By: Siddharth Mishra

Transcript of Corporate presentation ver final 1.0

Page 1: Corporate presentation ver final 1.0

CORPORATE PRESENTATION

By: Siddharth Mishra

Page 2: Corporate presentation ver final 1.0

AGENDA

Major steps in e-tendering

Advantages of e-procurement

Security loop holes in most e-procurement systems

Various types of data encryption and their pros & cons.

What is wrong with Bit encryption using PKI

Digital signatures.

Page 3: Corporate presentation ver final 1.0

Electronic Tendering is carrying out the traditional

tendering process in an electronic form like the

internet.

e- TENDERING

Page 4: Corporate presentation ver final 1.0

MAJOR STEPS IN e- TENDERING

PRE - WORK

Hoisting Tender Documents

Opening of Envelope

Evaluation & Recommendatio

n

Price Bid Opening

Awarding of Contract

•Mode of tendering

•Nomination of tender committee

•Defining tender documents & Defining auction rules

•Obtaining digital certificates for each T.C. member & Generation of pass words

•Defining of server timing of clock

• EMD – Earnest Money Deposit

•QR ( in case of open tender)

• Technical details & data sheets.

•Technical deviation details

•Price bid Opening

•On line generation of comparative statement.

•Defining of auction strategy / date / time / rules.

•Intimation of reverse auction date & time to vendors.

•On line evaluation of technical bids and QR.

•On line technical and QR clarifications

•Assessment of new vendor

•Off line TC recommendation for opening of price bids

•Hosting of tender documents & release and uploading of documents

•Defining tender schedule & Allowing download of tender document

•Preparation of bids on line

•Submission of bids on line

•Up –loading of bids

•Submission of EMD –off line ( on line possible where e- payment facility is available)

•Opening of bids – on line ( upon applying individual) digital certificates & pass words by tender committee)

Page 5: Corporate presentation ver final 1.0
Page 6: Corporate presentation ver final 1.0

E-Procurement is the purchasing of goods and services using the internet. It Covers full life cycle of purchasing (indent to receipt of goods)

e- PROCUREMENT

Page 7: Corporate presentation ver final 1.0

No geographical barriers - Any time, any where - Reduced operating and inventory costs as no physical barriers are there.

Cost efficiency - Administrative (reduced staffing levels in procurement) and Process Cost are reduced

Transparency - By Improved communication

Timeliness - Reduction in time to source materials

Competitiveness - Gaining competitive advantage by Enhanced decision making and market intelligence

e- PROCUREMENT ADVANTAGES

Page 8: Corporate presentation ver final 1.0

SECURITY LOOPHOLES IN MOST E-PROCUREMENT SYSTEMS

Poor/ flawed Bid-sealing/Bid-encryption methodology. (Confidentiality of Bid Data is compromised)

Rudimentary Online Tender Opening. ( Bid Data Tampering, Counter Sign not possible, Separate Display)

Systems do not have the functionality to accept encrypted (i.e., sealed) detailed bids.

Systems do not have the functionality for digital signing of important electronic records.

Functionality of the e-tendering system is limited (e.g., all types of bidding methodologies are not supported. Submission of supplementary bids (modification, substitution, and withdrawal)).

Page 9: Corporate presentation ver final 1.0

DATA ENCRYPTION

Encryption is the coding and scrambling of messages to prevent their access by unauthorized individuals.

Data is encrypted by applying a secret numerical code, called an encryption key, so that the data are transmitted as a scrambled set of characters. To be read, the message must be decrypted (unscrambled) with a matching key.

Page 10: Corporate presentation ver final 1.0

TYPES OF DATA ENCRYPTION

Symmetric key encryption: The sender and receiver create a single encryption key that is shared.

Public key encryption: A more secure encryption method that uses two different keys, one private and one public.

Page 11: Corporate presentation ver final 1.0

DATA ENCRYPTION PROS

Separation: Data encryption allows the data to remain separate from the device security where it is stored.

No Data Breaches: Data ensures protection of intellectual property and other similar types of data.

Encryption Is On The Data: Because the encryption is on the data itself, the data is secure regardless of how it is transmitted.

Encryption Equals Confidentiality: Encrypting data means that it can only be read by the recipient who has the key to opening the data.

Page 12: Corporate presentation ver final 1.0

DATA ENCRYPTION CONS

Encryption Keys If one lose the key to the encryption, he/she have lost the data associated with it.

Expense: Data encryption can prove to be quite costly because the systems that maintain data encryption must have capacity and upgrades to perform such tasks.

Unrealistic Requirements: It is important to understand the restraints imposed by data encryption technology, otherwise unrealistic standards and requirement will jeopardize data encryption security.

Compatibility: Data encryption technology can be tricky when layering it with existing programs and applications. This can negatively impact routine operations within the system.

Page 13: Corporate presentation ver final 1.0

PROBLEMS IN BIT ENCRYPTION USING PKI

Private Key – It is available with the concerned officer before the Public Tender Opening Event.

1. If a clandestine copy of a bid is made before the ‘tender opening event (TOE)’, and if the concerned tender-opening officer (TOE-officer) connives in decrypting the bid before the TOE, the confidentiality of the bid is compromised.

2. If the concerned TOE officer(s) is/ are absent during the TOE, how will the bids be decrypted especially keeping in view that the private-keys should not be handed over to anybody else.

Page 14: Corporate presentation ver final 1.0

CONT’D…

Public Key with which bid-encryption is done, is available publicly –

1. The easy availability of the public key makes the data encrypted with it vulnerable to Attack.

Public Key algorithms are slow –1. As a result many e- Tendering systems which use PKI for

bid-encryption, use mainly an encrypted online-form for bid submission, and do not have facility for an encrypted detailed bid (e.g. detailed technical bid as a file), along with the online form. As a result, the detailed bid is either not submitted, or it is submitted in unencrypted form.

Page 15: Corporate presentation ver final 1.0

DIGITAL SIGNATURE It is a digital code attached to an electronically transmitted

message that is used to verify the origin and contents of the message.

A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a user's identity.

A digital signature is issued by a Certification Authority (CA) and is signed with the CA's private key.

A digital signature typically contains :

1. Owner's public key

2. Owner's name

3. Expiration date of the public key

4. Name of the issuer (the CA that issued the Digital ID),

5. Serial number of the digital signature

6. Digital signature of the issuer.

Page 16: Corporate presentation ver final 1.0

DIGITAL SIGNATURE - ADVANTAGES

Non Repudiation – Signer cannot refuse that he didn’t Digitally Sign a Document

Any change in the document, tampers Signature

Sign 1000’s Page document on a Click

Sign any number of documents with 1 Digital Certificate

Page 17: Corporate presentation ver final 1.0
Page 18: Corporate presentation ver final 1.0

DIGITAL SIGNATURE

Assemble

SignedMessage

f899139df5e1059396431415e770c6dd

Digest

Hash

SignatureEncrypt

Rs.100/-Only

Message

Key pair

SELLERS

Public Key

Private Key

Page 19: Corporate presentation ver final 1.0

DIGITAL SIGNATURE VERIFICATION

Retrieve Public Key

SignedMessage

Buyer – Govt. Dept

Rs.100/-Only

Signature

Message

f899139df5e1059396431415e770c6dd

DigestDecrypt

Digest

f899139df5e1059396431415e770c6dd

Valid, If matchesInvalid, if doesn't

Page 20: Corporate presentation ver final 1.0

DIGITAL ENCRYPTION/DATA ENVELOPING

Retrieve Public Key

Sellers Buyer – Govt. Dept.

Rs.100/-Only

SignedMessage

Key pair

Public

Private

Encrypt

EncryptedMessage

CXV;ZJ'#RTS%N

M:!jdt2 O:<Hti&

5I;e(T)$k>V;TS%NM:!jdt2O<Hti&5I;e(T)#$k>ioSD76%

$

Transmit

EncryptedMessage

CXV;ZJ'#RTS%NM:!jdt2 O:<Hti&5I;e(T)$k>V;TS%NM:!jdt2O<Hti&5I;e(T)#$k>ioSD76%$

Decrypt

Rs.100/-Only

SignedMessage

Page 21: Corporate presentation ver final 1.0

SOURCES INCOME TAX INDIA -

incometaxindiaefiling.gov.in/portal/faq_signature.do MANAGEMENT INFORMATION SYSTEM eProcurement-Integrity-Matrix - eProcurement-Integrity-Matrix-

Rev-9-CVC-V-2.pdf? http://www.spamlaws.com/pros_cons_data_encryption.html http://www.purchasing-procurement center.com/e-procurement-

advantages.html http://dqindia.ciol.com/content/top_stories/2011/211112405.asp

Page 22: Corporate presentation ver final 1.0

THANK YOU