www.egovonline.net
Volume II issue 12, December 2006
ISSN 0973-161X
Enhancing community security PAGE 9 Secure access: Raising concerns PAGE 12 ICR/OMR technology: Bettering lives PAGE 17 e-Passport Current activities and technology PAGE 31 The e-Government magazine for Asia and the Middle East
Rs 200
Tackling identity fraud Check on travel document counterfeit
34
Interview: Markus Mosen Infineon Technologies
42
Uniform e-Gov practices in personnel administration
45
d d A ON
ov
The first and only medium to reach top Government policy makers, implementers and industry leaders in Asia and Middle East egov is the only monthly print magazine on e-Government for Asia and Middle-East. It is an effort to cover public sector/industry requirements in planning and implementing e-Government initiatives and provide a holistic view of the developments and issues in the sector. The portal (www.egovonline.net) is engaging readers with the content of its magazine available for free and full access. It provides daily eGovernment news, case studies and promotes academic and anecdotal discussion on wide-ranging issues pertaining to the use of information technologies for governance - a platform for user groups, researchers, implementers, NGOs, policy makers and administrators (from the government and the private sector). Frequency: Monthly Print run = 15,000
Readership: 95,000
www.egovonline.net monthly hits: 6,58,512
Readership Profile A Government departments/ ministries B IT industry, Telecom Industries, Finance, PSUs and Banking sector C International agencies
Our Advertisers till now IBM
Microsoft
SAP
HP
Newgen
GILAT
Telelogic
Intel
Wipro
EPFL
NIIT
Event Ads Assocham
egov World Forum
For more details contact Gautam Navin (gautam@csdms.in) Mobile: +91 9818125257
IN THIS ISSUE INDUSTRY PERSPECTIVE
COVER FEATURE
9
Enhancing community security
42 Smart cards propelling smart governance
Hiroshi Ueda, Yusaku Fujii, Shigeru Kumakura, Noriaki Yoshiura and Naoya Ohta
12
Secure access: Raising concerns Satyam V. Bheemarasetti
17
ICR/OMR technology: Bettering lives Gitanjali Sen, Srini Ramakrishnan and Theodore Gering
31
Interview: Markus Mosen Vice President, Chip Card Business, Infineon Technologies
e-Passport: Current activities and technology Calvin Lee, Detlef Houdeau and Rainer Bergmann
IN PRACTICE: PIMS
45
Uniform e-Gov practices in personnel administration Anil K. Sharma
REGULAR FEATURES
34
48
Facts and Data
49 50
numbers
Check on travel document counterfeit Adi Tedjasaputra
38
Future travels secure, safer. How? Kemal Bajramovic
NEWS REVIEW
8 22 40
India Asia Business
What’s On
Read all the articles online at www.egovonline.net 4
www.egovonline.net |
EDITORIAL Vol. II, Issue 12
December 2006
President Dr. M P Narayanan Editor-in-Chief Ravi Gupta Sr. Assistant Editor Danish A. Khan Sr. Sub Editor Prachi Shirur Research Associate Sanjeev Kumar Shrivastav Marketing Gautam Navin Mobile: +91-9818125257 email: gautam@csdms.in Designed by Bishwajeet Kumar Singh Web Zia Salahuddin Ramakant Sahu Circulation Lipika Dutta Editorial and marketing correspondence eGov G-4 Sector 39 NOIDA 201301, India Tel: +91 120 2502181-87 Fax: +91 120 2500060 Email: info@egovonline.net Printed by Yashi Media Works Pvt Ltd New Delhi, India egov does not neccesarily subscribe to the views expressed in this publication. All views expressed in the magazine are those of the contributors. egov is not responsible or accountable for any loss incurred, directly or indirectly as a result of the information provided. egov is published in collaboration with Elets Technomedia Pvt. Ltd. (www.elets.in)
e-Information, e-Services and e-Security: Raising hackles It is vital to see that citizens must be comfortable with e-Government services and have confidence that their online services are trustworthy and secure while using them. In this networked world, people are feeling greatly concerned about the protection of their assets and privacy. This is particularly because access to the Internet has diversified as never before – from PCs to digital TVs, to mobile phones and wireless devices... The world is determinedly moving towards smart digital environments that are based on various interacting objects, devices and systems. Today, the Information Society is driven by its key enablers – Trust and Security. The rapid development of online activities by governments worldwide has given momentum to the process of e-Government enabling it to reach its crescendo in recent years. The governments’ dependence on electronic information has invariably increased, and so have the threats from sources such as hackers, viruses and denial of service attacks. The progress made of late, therefore, also inevitably concerns information security. The reason being that network is inherently open, international and seamless, which necessitates higher security requirements. For example, according to Commission of the European Communities, in Europe, businesses, individuals and public administrations still underestimate the risks of insufficiently protecting networks and information. In the IT expenditure, security currently represents only around 5-13%, which is obviously low. The European Commission, in a recent policy document, has decided to promote greater awareness through an open and inclusive multi-stakeholder dialogue on a new IT Security Strategy for Europe. Passports and ID cards are also important in the given perspective. These are also bogged down by security concerns. In Japan, the e-JIKEI Network Project specifically focuses on the need to collaborate on the security of local communities because this concerns the most and is of great interest. This is equally important to popularise e-Government among the public. However, not only a top-down approach from a government body would be necessary but also a bottom-up approach from the local community with a specific sense of purpose, is the need of the hour. In the article ‘Secure Access: Raising concerns’, the technical details about how users of e-Government systems are identified, controlled and managed using authentication and authorisation systems that provide unique identity and access controls, has been provided. Hopefully, our readers would benefit from the content in this issue. Last but not least, your feedback would be eagerly awaited.
Ravi Gupta Ravi.Gupta@csdms.in
© Centre for Science, Development and Media Studies, 2006 www.csdms.in
| December 2006
5
Editorial Guidelines egov is a monthly magazine providing a much needed platform to the voices of various stakeholders in the arena of e-Government, apart from being a repository of valuable information and meaningful discussion on issues of e-governance in general, and e-Government in particular – both to the specialist and the generalist. Contributions to egov magazine should be in the form of articles, case studies, book reviews, event report and news related to e-Government project and initiatives, which are of immense value for practitioners, professionals, corporate and academicians. We would like the contributors to follow these guidelines, while submitting their material for publication. • Articles/ Case studies should not
•
•
•
•
exceed 2500 words. For book reviews and event report, the word limit is 800. An abstract of the article/case study not exceeding 200 words should be submitted along with the article/case study. All articles/ case studies should provide proper references. Authors should give in writing stating that the work is new and has not been published in any form so far. Book reviews should include details of the book like the title, name of the author(s), publisher, year of publication, price and number of pages and also send the cover photograph of the book in JPEG/ TIFF (resolution 300 dpi). Book reviews of books on e-Governance related themes, published from year 2002 onwards, are preferable. In case of website, provide the URL.
•
The manuscripts should be typed in a standard printable font (Times New Roman 12 font size, titles in bold) and submitted either through mail or post. • Relevant figures of adequate quality (300 dpi) should be submitted in JPEG/ TIFF format. • A brief bio-data and passport size photograph(s) of the author(s) must be enclosed. • All contributions are subject to approval by the publisher. Please send in your papers/articles/ comments to: The Editor G-4, Sector 39 NOIDA (UP) 201 301, India Tel +91 120 2502180-87 Fax +91 120 2500060 Email: info@egovonline.net
Editorial Calendar 2006-07 Solution Focus
Application Focus
October
Interoperability (Open Standards, Open Source Software)
Transport
November
eForms
Police
December
Information and Network Security
Passport Visa
January
Metadata and Data Standards
Income Tax
February
e-Governance Architecture
Courts
March
WiMAX
Posts
Have your daily cup of hot morning tea with hot ee--Government news!
6
Log on to www.egovonline.net www.egovonline.net |
IN THE NEWS
‘Spectrum availability to be enhanced in India’ Dr. Shakeel Ahmad, Union Minister of State for Telecommunications and Information Technology, while inaugurating the 12 th International Telecom Summit organised jointly by ASSOCHAM and BEACON recently at New Delhi, said that the government would be taking steps to enhance the spectrum availability by releasing the spectrum from the existing users mostly security agencies, thereby opening up the gateway for rolling out 3G services and enhancing additional 8200 million mobile connections. “The government proposes to pass the Bill in the current session for providing assistance to mobile service operators from the USO Fund and enhance the spectrum availability to facilitate 3G services to have additional 8200 million mobile connections to expand mobile base in the rural areas. The government was committed to achieve the target of 250 million phones by 2007 and 500 million by 2010,” Dr. Ahmad declared. Acknowledging that the spectrum availability is crucial for the growth of the wireless services in every nook and corner of the country, Dr. Ahmad reiterated the need to enhance
Dr. Shakeel Ahmad
investment and growth in the telecom sector. As such, 100% FDI is permitted to the telecom manufacturing sector and in the telecom services sector. The Minister further said that broadband is the cornerstone in the efforts to usher in information society in India. Dr. Ahmad said, “We launched broadband services in January 2005 to over 200 towns in one year. By now over 300 towns have been covered with more than 1.5 million connections. The tariff for these services has been brought down consistently. The government has
set a target of 20 million broadband subscribers by the end of 2010 as envisaged in the broadband policy and efforts were on to prioritise provision of broadband to schools and colleges.” Anil K. Agarwal, ASSOCHAM President, speaking on the occasion stressed that the need of the hour is that the domestic telecom manufacturing be positioned in a manner such that it can effectively address telecom requirements of emerging markets in its neighbours like Bangladesh, Pakistan, Sri Lanka, Nepal, Indonesia, Philippines and Vietnam. He also said that the telecom equipment manufacturing would need a special sectoral treatment rather than being governed by general policy framework in view of special characteristics of telecom and the WTO stipulations for elimination of duties on this segment. Agarwal suggested, “The objectives of the new strategy to support and encourage telecom equipment manufacturing should have a slew of measures that can sustain the domestic telecom subscribers demand and establish a critical size of the Indian telecom hardware manufacturing sector, besides aiming to make Indian telecom manufacturing globally competitive.”
Defence Ministry launches Raksha Bhoomi software M. M. Pallam Raju, Union Minister of State for Defence, recently launched “Raksha Bhoomi” software, which is aimed at computerising land records comprising vast tracts of land in the country measuring about 17 lakh acres falling under Defence Ministry’s Directorate General of Defence Estates. Raju said that though digitising of defence land records remains a highly specialised and complex task, this would give a fillip to e-Governance upon completion. “The 8
Defence Estate officials should make optimum use of the Raksha Bhoomi software to protect the precious Defence land and prevent encroachments. There are instances of encroachment on Defence lands that have come up to the notice of the Defence Ministry. The software would facilitate in solving these cases,” the Minister said. The entire digitisation of the land records would be done in two phases at a total cost of INR20.52mn (US$ 459,982). www.egovonline.net |
Cover CoverFEATURE
e-JIKEI Network Project/Japan
Enhancing community security Hiroshi Ueda | Yusaku Fujii | Shigeru Kumakura | Noriaki Yoshiura | Naoya Ohta
There are many activities worldwide aimed at developing e-Government. The e-JIKEI Network project in Japan is a novel concept of realising e-Government through a bottom-up approach from citizens and utilising security cameras, PCs and software
| December 2006
T
he concept of e-Government, which involves reconstruction of administrative workflow, improvement of public services, and more efficiency and productivity has attracted much interest in recent years due to information technology (IT) becoming widespread amongst the general public. There are many activities worldwide aimed at developing eGovernment. For example, the Japanese government in 2001, 2004, and 2006 drew up the “e-Japan Strategy” and the “eJapan Strategy II” which aims at ensuring that “Japan will grow to be at the forefront of IT five years from now.” Similar plans have also been reported in the EU, the United States, and other countries. However, in order to popularise eGovernment with the public, not only a top-down approach from a government body would be necessary but also a bottom-up approach from the local community with a specific sense of
purpose. The reason for this is that the general idea of e-Government contains several functions such as online administration, service delivery, privacy, and security of information. The focus should now be indeed on the security of local communities because this concerns the most and is of interest. As such, a community can arguably have a strong ability to prevent crime provided only a portion of residents keep watch on what happens around their houses with the aid of their own PC, commercially available, cheap cameras, and image capture software. In Japan, this concept of archiving community security is named the “e-JIKEI Network”. In Japanese, “JIKEI” means “vigilante”. Additionally, the need to discuss this concept has also arisen from the viewpoints of social science and homeland security. There are many types of software available for capturing video images, but it is difficult to find any free software suitable for the e-JIKEI Network project. Therefore, e-JIKEI Network’s own software has been developed with the minimum necessary functions and being distributed free of charge through the website http://www.ejikei.org. The software is written in English and in Japanese and simply selects relevant pictures and saves them to the hard disk. If this concept were to spread nationwide (something which has of course not happened yet), it could become a bottom-up approach towards achieving e-Government for community security. 9
“The Society for e-JIKEI Network” has been organised to promote this community security framework. PCs with e-JIKEI software have been installed and connected with security cameras in Kiryu, Maebashi, Japan. This was done with the cooperation of a variety of partners, including the Kiryu Police Department, the city of Kiryu, the Kiryu city local board of education, and the NPO, Higumi.
e-JIKEI Network and achieving e-Government The concept of the e-JIKEI Network is intended to recreate a system of mutual watching, which was commonly found in communities in the past. However, in the present day this continues, but in a much more powerful and flexible form with the aid of IT. In particular, this concept enables ordinary individuals to introduce, possess, and operate a high performance home security system using the PC which they already have, an Internet connection,
10
a variety of cheap cameras, and free software provided at the e-JIKEI Network website, which has been established by the authors for promoting this concept both nationwide and worldwide. The first version of this free software has been provided with a manual since December 2004. Even if the e-JIKEI Network System is introduced separately, it would be useful as a home security system. If the system spreads out in the community in relatively high density, within an altruistic, community-minded framework, the effectiveness of this system of watching on community security would be much more significant than ever before experienced in history. Without a “network,” namely a partnership between government and citizens, it is impossible to spread this idea to the general public. Therefore, this project includes not only technology for home security systems, but also construction of a social network structure
among citizens for the achievement of e-Government. Very few attempts have been made at such an approach.
Developing free software: Dairi EYE Series The Society for e-JIKEI Network has provided free software “Dairi EYE Standard” since December 2004. “Dairi” means “proxy” in Japanese. The software has the minimum necessary functions to enable “keeping watch over your home, 24 hours per day.” In other words “watching over your home, not for your own security, but for the security of the surrounding community”. The major features of the software are as follows: Supports Microsoft WindowsTMXP/2000 / Me/98 operating system; easy installation and simple operation; small and fast; and, supports multiple cameras such as VFW (Video for Windows) cameras or adapters (VFW mode), and network cameras (FTP and HTTP mode); able to acquire images several times in a second from USB cameras or networks; saves images that are different from the ones acquired immediately before (supports user adjustments for the threshold values for saving images, creates time and location information with the saved image files1, allows erasing of the saved images automatically, and, monitors disk space and number of ima-ges); and, automatic motion detection (Up to 10 arbitrary rectangular areas for detec-tion sensitivity adjustment can be set). Other implementations are also available. “Dairi EYE Lock” supports encryption and decryption under the administration section for policing of images in order to get rid of any concerns regarding invasion of privacy. “Dairi EYE Frontier” was developed to add a high level of functionality to our project. Additionally, “Dairi EYE Easy” is provided for usage with only single VFW mode cameras. In the current Dairi-EYE series, network functions such as communicating with another home security system and browsing and searching the images in that system cannot be used. Implementation of network functions is now in progress. The rules and guidelines are necessary for avoiding unexpected and unnecessary problems. One potential cause of such problems is that ordinary residents can easily obtain a great ability www.egovonline.net |
to observe and memorise what happens around their house because the system based on our concept is very simple and quite powerful. However, as long as the system is used within an altruistic community-minded framework, the introduction of the e-JIKEI Network concept yields much. For example, the file name and its path express time and location information such as “C:\eJIKEI\Location-A\2006\Apr\05\ H04M12S11_4.jpg”, which means that this image file was taken at 04:12:11 on the 5th of April 2006 at Location-A.
Security camera usage guideline Security camera systems, which include the free software distributed by e-JIKEI Network project team, have been developed for those who feel that they would like to contribute to local area security. There is no intention howsoever of promoting use of this security camera system to people without this desire. The system has great potential, and if used correctly the local area security could be improved. However, given its potential the misuse of this system could cause serious social issues. It is also feared that if information innocently obtained by this security camera system is carelessly revealed, then serious results such as invasion of privacy could occur. The guideline’s objective is to provide the teams that security camera system administrators must obey. The security camera system must be used for the creation of a secure and peaceful local community and for preventing crime and accidents. Security camera system users must prevent, in the usage of the system, the illegal invasion of others’ privacy or rights. Security camera system users must safely keep pictures obtained by the security camera system and the storage media of the pictures and prevent leakage of these pictures. Security camera system may reveal pictures obtained by security camera systems only for use in criminal investigations or for common social ideas or legal reasons. However, in all case, the decision for revealing pictures obtained by security camera systems depends on the user who owns the pictures. Security camera system users must not leak others’ secrets discovered through pictures taken by security camera systems. | December 2006
Introduction experiments in communities Introduction experiment in communities in Maebashi, Gunma, Japan, were conducted in partnership with the NPO, Higumi. It was decided not to attempt to introduce the e-JIKEI Network into a person’s home, but into a local community because the system would be able to display its capabilities better under conditions where the system is introduced to the relatively high density of a community. In addition, this concept is based on a system of mutual watching, which was commonly found in communities in the past. For that reason, this is a good example for the rest of the districts of the nation and for introduction worldwide. Higumi has been making continuous efforts to prevent crimes in local communities consisting of quiet residential quarters, 12 hectares in area, and having 380 households. From 2004, crime prevention posters and lights with security sensors have been introduced into the 2nd block of Hiyoshi, Maebashi, Gunma. Furthermore, from January 15, 2005, the e-JIKEI Network has been introduced into areas designated as “crime prevention model cases” by the Maebashi Police Department. Installation of 35 sets of security cameras, software and stickers labelled with “Warning: security cameras are in operation!” has been implemented thanks to the volunteer work of Higumi. All cameras have been directly placed outside of houses in order to achieve the goal of “watching over your home, not for your own security, but for the security of the surrounding community”. What should be remembered in this case is not the “technical” but the “social” method for the installation of security cameras and/or software into the community. In particular, Higumi works out original security camera usage guidelines such as the e-JIKEI Network in order to achieve a consensus in use to defend themselves and make the guidelines and concepts known to everyone without exception. Consequently, no problems or claims have been reported since January 2005. At the same time, Higumi received an official commendation for these activities from the Minister of Public Management, Home Affairs, Posts and Telecommunications.
The result clearly shows that the eJIKEI Network has been introduced and has operated successfully in the district for almost 2 years. It has been amply proved that the concept of the e-JIKEI Network could be accepted by ordinary residential districts as well. If this attempt spreads nationwide and has an effect on the government, the concept of the eJIKEI Network would be able to contribute to achieving e-Government. This is the bottom-up approach.
Conclusion Very few attempts have been made at a bottom-up approach for achieving e-Government, a concept that has attracted much interest in recent years. The e-JIKEI Network project has a strong ability to support it in local community security since the project’s concept proposes not only security camera system software used in home PCs but also a community-minded security platform. However, currently the e-JIKEI Network project only proposes methods to create community security in neighbourhoods or in city districts. The present study clearly indicates that comparing it to top-down methods for achieving e-Government in local community security, the system based on the e-JIKEI Network has advantages in cost, ability and flexibility.
About the authors Hiroshi Ueda is Associate Professor at the Library and Information Technology Centre, Gunma University, Maebashi, Japan. Yusaku Fujii is Associate Professor in the Department of Electronic Engineering, Gunma University, Kiryu, Japan. Shigeru Kumakura is Vice Chairman of the board for the NPO Higumi based in Maebashi, Japan. Noriaki Yoshiura is Associate Professor at the Graduate school of Information and Computer Sciences, Saitama University, Saitama, Japan. Naoya Ohta is Professor in the Department of Computer Science, Gunma University, Kiryu, Japan
11
Cover CoverFEATURE
Secure access: Raising concerns Satyam V. Bheemarasetti
A
s India embarks on its eGovernance journey, it is about time to firstly recap and learn from the recent security breaches that took place in developed countries like United States. In May 2006, Veteran’s Administration lost laptop and disks with 26.5 million veterans and 2.2 million active military. Again, a computer containing 16,000 US Veterans was lost from an office in August 2006. These incidents raise serious concern particularly when they happen in developed countries. It has, therefore, now become imperative to provide ‘Secure Access’ to
users coming in from all different locations (urban and rural, private or public networks, contro-lled or public locations) as e-Government applications are developed and more data sources are built and identified. Users of e-Government systems are identified, controlled and managed using authentication and authorisation systems that provide unique Identity (using PAN, Passport No. or equivalent) and access controls. Combination of public and private networks (shared/dedicated, wired/wireless, and dial-up/broadband) are used for Access (connectivity) and
traditional technologies such as user id/ passwords, firewalls, SSL, encryption, and anti-virus come to play in security. It is essential to provide an ‘Identity, Access and Security (IAS) Platform’ that integrates the above distinct technologies to provide centralised Identity and Access management (across different identity stores, covering strong authentication such as tokens/biometric and Single Sign On; and granular and differentiated access controls at application level); normalised Secure Access (irrespective of the access method used); and End-to-End Security (all the way from user’s access
Typical Networked Enterprise
12
www.egovonline.net |
device/PC to the application/data server, covering end-device security, encrypted channels and application firewalls).
Identity theft Identity theft is a non-discriminatory crime. It can happen to anyone, and at any time, irrespective of gender, age, race, social or financial status. Recent statistics about identity theft are quite revealing. According to FBI [Federal Bureau of Investigation], about 9.91 million of Americans became victims of identity theft suffering losses amounting to US$52.1bn. Identity theft victims spent an average of 30 hours resolving the problem. In 2005, incidents of mass identity theft were reported in the United States. In April that year, investment firm Ameritrade reported that backup tapes containing details of nearly 200,000 account holders had been lost in transit. During the same period, Citigroup and Bank of America disclosed that backup tapes with the data of nearly 3.9 million and 1.2 million account holders respectively had been lost. MasterCard’s data-collection firm Choicepoint gave information on nearly 150,000 US citizens to criminal groups posing as legitimate businesses. Let it be known that data leaks such as these would continue until and unless companies begin realising consumers’ pain when these breaches happen.
Core issue For enrolment into any organisation or service (computerised or not), the provider requires user’s confidential data such as DOB, PAN (or SSN), Passport No., and POB. Once a complete set of identity information is shared with the provider, what else is left for the user that is strictly confidential, except to go biometric! On top of that, this information is recorded in ‘multiple copies’ – on paper applications and computer databases (online and offline). Combine these elements with ‘easy access’ and lack of policies and methods, this current infrastructure, as clearly evident, is ‘weak’ and vulnerable to pilfering and susceptible to crimes such as ‘identity theft’.
VA laptop theft: Lessons learnt In Untied States, VA (Veteran’s | December 2006
Administration) laptop theft in May this year made waves, due to the sensitivity of the war at hand. The Office of Inspector General published the investigation report on 11 July 2006, and focused on key issues. These included whether the employee had an official need to access the data that was stolen, whether he was authorised to take it home and whether it was properly safeguarded; whether the response of Managers and Senior Executives to the notification of the stolen data – was appropriate and timely; Information Security officials acted with indifference and little sense of urgency; and, policies and procedures did not adequately safeguard protected information. The investigation concluded that the employee did not have the need nor was authorised to take VA data to home. In 2003, the employee was working on a phone survey project to verify results. The project was not critical. The employee downloaded the personal databank of the affected, took it home and dumped on an external hard disk (without encryption or password protection). Processing of the notification of theft was not timely, without a sense of urgency. The incident was reported on May 3, and it took 12 days to reach the Office of Inspector General. Number of managers and agencies, in the path of reporting, simply were not capable of determining the extent and seriousness of the damage. The investigation concluded that in order to address the above issues policies and procedures should be strong, using strict controls and systems; comprehensive, covering different scenarios; and, traceable/measurable. Security breaches are gaining worldwide attention, and unlike before, for compliance reasons – companies and organisations are freely publishing the complete investigation and facts. It is best to have a group to track these worldwide activities and reports, and organise frequent updates and seminars, in order that the learning can become quick and ‘early’ from others’ mistakes.
Proposed e-Governance platform When one attempts a ‘holistic’ approach to designing ‘end-to-end’ security, there is no single product that can satisfy every
need at every point of the network. While anti-virus is applied at a point (user device, server or mail host), a firewall protects the network at the perimeter. What one needs is a ‘platform’ – to pull all pieces together. A Security Platform or ‘Security Middleware’ provides a framework to tie Identity, Access and Security in an enterprise. The concept is similar to Enterprise Service Bus, Application Server or TP Monitor – tying application clients, servers and databases together. A ‘security platform/middleware’ can effectively cover the security requirements, across devices, applications, and networks, with flexibility to integrate existing mechanisms with newer approaches and thereby tightening and taking control of ICT environments. Large implementations like e-Governance need to employ a good ‘security middleware’ to build the ICT foundation. End-to-end Enterprise Security: There is a need to identify steps/stages for ‘end-to-end’ enterprise security. The different steps/stages for ‘end-to-end’ enterprise security includes Assess – identify the user device and assess the security level of the end device/point – if the prescribed security profile requiring personal firewall, antivirus and others, of appropriate versions, are up and running on the device; Identify – users, internal or external, using user id, password, tokens, SMS or digital certificates; along with their end device, connectivity, time and location; Authorise – access to specific set of applications and data; differentiate based on user identity, user role, device and location; using granular ‘application controls’; Access/deliver – applications (of all types, browser, client/server or terminal-based), data and networks; with application intelligence; with a choice of access method (client-less, client based, or network-level) – delivered to the user’s access device; Protect – critical applications such as web portals, ERP and CRM apps, using built-in and configurable application firewall; URL cloaking to mask internal web sites; intermediate user sessions for additional security; and, Audit – logs recording user identity, access IP, time of access and application/data accessed; downloadable or redirected to internal log servers; for industry 13
compliance such as BS7799, HIPAA, GLB, or Sarbans-Oxley. Security solutions need to be designed comprehensively, with an understanding of the end-to-end flow of data – from a user’s end device, network to application/data servers. This is the only method for enterprises to improve ‘visibility’ into their network and security configuration. Three tiers of a typical corporate IT set up are – Application, Network and End Device. For application security requirements, there is a need to protect applications and data servers from unauthorised access, without requiring complex network or firewall changes; ability to provide Differentiated and Granular Access to target applications, and by differentiating between different types of users (power users, regular users, guest users); protection from malware such as viruses, worms, Trojan
Systems (IDS) and Intrusion Prevention Systems (IPS) are deployed host-based on specific critical server machines or network based. They typically require high maintenance (to update attack signatures) and are reactive in approach. End Device Security: Without an accurate way to assess the “health” of a user’s end device, even the most trustworthy user can inadvertently expose everyone else on the network to significant risks, posed by either an infected device, or by one that is not properly protected against infection. Hence, it is imperative to assess and enforce a ‘permitted state of end device security’. Network Admission Control (NAC): Cisco’s NAC is an industry initiative with about 60 partners, including Microsoft. With NAC in place, whenever an endpoint device attempts to make a network connection, the network access device
Providing ‘Secure Access’ to users coming from diverse locations be they rural, private or public networks has become imperative as e-Government applications are developed and more data sources are built and identified. Users of e-Government systems are identified, controlled and managed using authentication and authorisation systems that provide unique identity and access controls Horses, spyware, etc. that can contaminate and compromise the servers; and, protecting browser-based applications from web hacking (against meta characters, SQL injection). Applications are improving to handle these errors, but legacy applications and new/notproperly-tested applications can slip by. Regarding network security requirements, as the number of firewalls increase and their policies are being updated/modified frequently, ‘security’ condition of the enterprise is no longer under control and clearly visible; ‘Transparency’ and ‘visibility’ in implementing access and security requirements are lacking in the current environment; and, Intrusion Detection 14
automatically requests a ‘security profile’ of the endpoint device, which is provided either through an installed client or through assessment tools. This profile is compared to network security policy, and based on the ‘level of device compliance’ the network can do one of the following – Permit or Deny access; Restrict access by redirecting the device to a network segment with limited exposure; or, Quarantine a noncompliant device by redirecting it to a remediation server. NAC is a powerful method, when the technology becomes available and implemented. Implementation requires substantial investment in switches and routers, without which NAC cannot be complete. Roll out may be speeded up if
the existing network equipment and systems can be upgraded using software.
Authentication and Authorisation New user data flows use Strong Authentication, Application-level access and Single Sign On. User Identity issues can be addressed through the possible solutions that include authentication, authorisation, and alternate identity. Authentication: A centralised ‘Identity and Access Management’, with a hierarchy of authentication systems need to be planned, to have control on a billion citizen country like India. Depending on the role of the user, you may combine ‘strong authentication’ using biometric, token, or smart card approaches and ‘traditional authentication’ of user id and password. Once you front end the network using strong authentication, you can consider Single Sign On methods to speed up access to applications reliably. Authorisation: It is equally important to ‘differentiate’ between users/roles, log in device, type of connectivity (wired/wireless, public/ private), and time/day – and ‘granularly’ map to different sets of applications based on context. ‘Differentiated access’ and ‘granular controls’ are key features to consider. Later section on ‘application-level’ access method discusses more on exercising ‘granular’ controls, compared to typical ‘network-level’ access. Alternate Identity: While guarding places of storage and securing access are imperative, alternate ‘user identity’ should be ‘created’ and made available for general usage. An ‘operative user id’, instead of a PAN number, issued by a government Post Office or a bank, can be used to apply for non-critical applications such as ‘getting a phone connection’.
Application-level access and security Typically users, both internal and external, are first allowed to join the network before accessing any of corporate applications or data. How does a user have access to an application? Consider users – internal (employees)/ external (guests, consultants, auditors), www.egovonline.net |
over internal (LAN/WAN) / external (dial-up, VPN) connectivity. While corporate networks are segmented through physical subnets or virtual networks (VLAN) to create separation and protected using firewalls – this entire set up is constantly under flux. As access/ security requirements come from internal or external groups, on a day-to-day basis, the set up of firewalls and subnets is constantly updated. On Day 0, overall configuration is designed on a ‘whiteboard’ and implemented with complete clarity, but after changing the firewalls and subnets over a period of time, there is no continued
applications using specific access clients (browser/client/direct host). Hence, giving ‘more’ access to these business users, and then figuring out ways to protect the network, is a ‘reactive’ approach. A ‘proactive’ approach to controlling the majority user population is using – ‘application-level’ access. Using this method, access is provided and controlled for ‘individual applications’. Separate pipes are set up (virtually) from the application servers to the users, without adding users to the network. This model requires an intermediary (a gateway) between the users and application servers. Using ‘Application-level’ access, enter-
End-to-End Security Platform ‘visibility’ into the corporate network and security conditions. ‘Lack of visibility’ is a major roadblock in managing a networked enterprise. Applications define user roles and track user activity, after the user successfully logs into the application. There are controls and a record of what the user can do, and what the user did. How about expecting similar controls – from the user’s end device to the application server – from the point of user entering the network to application login? Enterprise (network) security is about controlling, tracking and ‘recording’ access up to the point of ‘login’. Access records are extremely critical for ‘compliance’ purposes. More than 95% of end users in a typical enterprise are non-technical – from business groups and management, on LAN or remote locations. These users typically require access to specific 16
prises can identify users, user roles and privileges, and based on their job function and security policy. Most importantly, what applications (or data) can they access from which device and at what time. Application Gateway – in order to provide ‘application-level access’, the Application Gateway intermediates between users and application servers. Secure links are established from application servers to the gateway and users connect to the gateway over a secure channel. After the initial configuration, ‘user to application’ access is managed on the gateway, using a single GUI. The gateway can act as a ‘soft’ switch, providing access to different sets of applications, based on user id, end device, location and time of access.
Standards vs. Security for a foundation When a set of technologies to form the foundation for security at the national-
level is chosen, few points need to be considered seriously in preparation for disasters and national emergencies – physical or electronic. Dependency on commercial packages: In this age of global economy, where ICT business of products, technology, people and services is (kind of) freely flowing across national boundaries, it is tempting to go for ‘established’ vendors to implement national-level e-Governance solutions. While several factors are in favour of the current vendors, a nation cannot be held hostage – if national policies are changed, or priorities are rearranged in other countries. For example, some large multinationals have a policy, even today, not to sell into Indian defence organisations. Trick of Open/de facto Standards: Open Standards encourage products and technologies that are interoperable and fairly poised in the markets. When it comes to security, key factors to consider includes different levels of authentication, authorisation, layers of network security, encryption, and data and data centre security. At any of these levels, as one follows standards, one is well understood and can potentially be a target for attack. Hence, sometimes it pays to use an indigenous or small company product, to be ‘different’. There is therefore a need to stay away from ‘de facto’ standards and products. There are options in Open Systems, starting from desktops to servers, operating systems to databases, which can be considered seriously. Indian Defence Labs believed the approach of developing indigenous technology, without succumbing to any international pressures or politics. ‘Security foundation to e-Governance’ is equally critical and sensitive that begs a similar approach from defence scientists. Multiple options are open for e-Governance management to acquire and maintain source code of key components. Some of the options include open source technologies, buying Intellectual Property from companies, and, deviation from open standards/policies and creating ones ‘security differentiator’.
About the author Satyam V. Bheemarasetti is Co-Founder of NetSilica, Inc., USA. satyam@ieee.org
www.egovonline.net |
Cover CoverFEATURE
ICR/OMR technology
Bettering lives Gitanjali Sen | Srini Ramakrishnan | Theodore Gering
K
arnataka Public Service Commission (KPSC) is the state level body that conducts examinations for the government services at various departments of the State. At all the different levels of examinations – starting from the clerical or below, to the managerial level – the applications received are much larger as compared to the actual vacancies. The number of applications received for each of these examinations is too large for the manual system to work efficiently, be it on the part of processing those applications, to conducting examination, or final publications of results. Moreover, the manual system leaves larger room for corruption, in terms of data manipulation, thereby reducing the credibility on the commission. Subsequently, KPSC used Intelligent Character Recognition (ICR) technology for processing the application forms for the KPSC examinations and Optical Magnetic Recognition (OMR) technology along with barcode for designing the answer scripts. Comat Technologies has provided the technology. The Government of Karnataka has also used the same ICR technology for designing one of the survey forms. Under the Sarva Shiksha Abhiyan program of the Government of India, each State is required detailed data on school children at the primary educati on level along with the background information for providing relevant universal primary education to the children. This data has been collected by the respective States for further entry into the database. | December 2006
ICR technology ICR converts hand printed characters to their machine print (ASCII) equivalents, representing a significant step forward in technology as compared to the older OCR systems, which only reads machine print. The ability to recognise handprint significantly broadens the range of applications that benefit from automated ICR solutions leading to saving time and increasing accuracy to levels not attainable by OCR or human intervention. ICR includes the added benefit of developing a level of confidence in each character result, where confidence is defined as the ability to report on itself, making a judgment about the accuracy of its recognition. The characters that ICR considers unreliable are sent to human operators for double-checking. Hand printed characters are created by humans, so understanding and interpreting the patterns of human
The use of simple technologies like Intelligent Character Recognition and Optical Magnetic Recognition could lead to more efficient system in terms of less time, higher productivity and cost effectiveness, thus leading to better lives to the people through improved governance
writing is far more complicated than converting simple machine print. Like OCR engines, ICR engines execute recognition character-by-character and start by segmenting words into their component characters. ICR technology in fact recognises separate words or word combinations such as form fields, and letters cannot be written sloppily or stuck together. People read text by scanning entire words, not individual characters. ICR systems, like the most advanced OCR systems, try to imitate the human approach. They use dictionaries that contain possible field values, facilitating word recognition by combining primary recognition results with alternate choices, and then analysing available alternatives.
OMR technology OMR is generally distinguished from optical character recognition by the fact that a recognition engine is not required, i.e. the marks are constructed in such a way that there is little chance of not reading the marks correctly. This requires the image to have high contrast and an easily recognisable or irrelevant shape. This technology is useful for applications in which large numbers of hand-filled forms need to be processed quickly and with great accuracy such as surveys, reply cards, questionnaires and ballots. A common OMR application is the use of “bubble sheets” for multiple-choice tests used by schools, which gets fed 17
through an Optical Mark Reader, a device that scans the document and reads the data from the marked fields. The error rate for OMR technology is less than 1%.
KPSC examination and technology application For Karnataka’s Public Service Commission examination, the Government engaged Comat to carry out the pre-examination and postexamination work for the selection of First Division Assistants (FDA) during the year 2005. Pre-examination works included design, printing and supply of ICR application, processing the filled in ICR application, customised application development, printing of admission ticket, help desk, printing of nominal roll cum attendance sheet etc. The postexamination works included design, printing and supply of OMR answer sheets, processing of OMR sheets, and generation of customised reports etc. Public Service Commission has been accepting simple paper based application forms so far for all its exams. After receiving the filled-in applications forms along with the photograph of the candidate pasted on the form, the commission used to enter the information into the database manually. Finally, the Commission is required to print the hall tickets for the selected candidates before the exam. For the preparations of hall tickets again, the officials were required 18
to type the data, such as names, addresses of the candidate manually, on the hall tickets and were required to paste the candidates’ photographs once again on ticket. During the examination, the registration numbers were written on the answer booklet to match those with the individual candidate. The problem with the manual process involves extra cost required to process each application form, including the time taken for typing each of those. It also involves a higher risk of manual errors that, to be controlled correctly, would require adding additional Quality Control steps, time burdens and costs. For preparing the hall tickets, the same information needs to be duplicated from the application forms manually, which leaves a higher chance of error, cost and leaving larger window for corruption as well. Finally, the registration number on the answer booklet makes it easy for the evaluators to identify the candidate, leaving a window for manipulating the outcomes.
Working of ICR, OMR technology The solution provided to address the above problems worked in two phases – the pre-examination process and postexamination process. For the pre-examination process, the FDA application forms has been designed and printed according to requirements of the department. The application form is in
two colours and includes instructions along with the declaration to enable the candidates to fill the application. The acknowledgement part in each application form has been perforated for easy separation. The filled in ICR application forms were scanned at the centres designated by the PSC officials. Application forms were scanned with a speed of 1,000 scans per hour. As a part of processing the application forms, the photographs, signatures and address of the applicants were captured, the accuracy of information such as the date of birth verified, and finally, the centres based on the choice of the candidate were allotted. One of the most important and efficient steps in pre-examination processing was the generation of admission ticket with each candidate’s photo, and the examination details. The photo and address of the candidate has been extracted from the application form in an automated way. The centre code and the centre name according to the candidate’s choice are printed on the admission ticket. All the admission tickets were dispatched to the candidates one month before the scheduled examination date. As a part of the whole preexamination processing, a Helpdesk was also set up. Images of all the scanned applications, the details of the admission tickets such as centre code, venue code, etc. were available at that single point, along with issuance of duplicate hall tickets. There were well-publicised helplines for the candidates to address all the above issues. The last step in the preexamination processing was printing of the nominal roll cum attendance sheet, which confirms the candidate’s identity with photo. Each sheet had the details of up to 6 candidates along with photographs, attendance, nominal roll, the OMR sheet numbers, question booklet series, subjects attended by the candidate and signatures. During the post-examination process, some 400,000 carbonless OMR answer sheets were designed, printed and supplied to the destination, along with one duplicate for candidate’s reference. The OMR answer sheets having a unique number were printed in two different colours for Paper I and Paper II. www.egovonline.net |
Processing of OMR answer sheets was done centrewise at KPSC centres by professionals having expertise in projects of similar nature. These OMR machines are capable of scanning around 2,500 answer sheets per hour with an accuracy of 98% without quality checks and 100% through quality checks. Finally, the data was entered in Excel. The answer sheets had two bar coded portions, one containing the answers and the other containing the registration numbers with some more personal details, whereas the only way to match both parts was through the barcodes. The portions were received separately for scanning to prevent identification of the candidate by the people involved in scanning. Both the data were matched later through the respective barcodes, after getting scanned separately. The database and the software developed enable the user to generate customised reports, based on marks, subject, etc., with the provision of individual mark sheet to be developed from that. The software also enables to convert the Word format document to other required formats such as pdf etc.
Impact and issues addressed The evaluation of this project is based on outcomes that include impact in terms of number of people affected by the project, impact in terms of likely improvement of the quality of service, impact on the economy or the economic environment in the country, and impact through curbing channels of corruption. Regarding impact in terms of number of people affected by the project, about 400,000 applicants approached for registering in the examination for the First Division Clerks of Karnataka Public Service Examination in the year 2005. There are several examinations of different nature conducted by the commission every year. If the same technology is applied for all public service commission exams, there is a scope of benefiting millions of people at all different public examinations every year. In terms of impact of likely improvement of the quality of service, the total time for the whole process starting from the acceptance of application to the declaration of results was around of 15| December 2006
16 months for a number of 1.10 lakh candidates in the year 2000. This came down to less than 4 months for a number of 1.75 lakh candidates in the year 2005, with the application of this simple technology. Also, in the history of KPSC, for the first time, the result was announced in a record time of only 40 days after the exam. Considering the economic environment in the county, India had a population of about 40 million unemployed in 2004, with an estimate of 32.4 lakh graduates among them. Considering such a large number of unemployed graduates, the functions of public service examinations should be efficient enough to encourage a large number of people to come under its purview, which will help in the best talent pool for the public services. 15-16 months is too long a time for all candidates to wait for a job, which itself eliminates a large talent pool from the system. Therefore, by reducing the time required for processing the applications, until the declaration of results, would definitely provide scope to larger number of otherwise eligible candidates. It will benefit the economy both in direct and indirect way. Even if the excess supply of examinees over the actual vacancies are not able to fill up the post due to skill mismatches, the extent of the problem could be reduced if higher number of qualified candidates comes under the scope of the exam, creating a direct impact on the economy. Regarding the curbing of channels of corruption, the use of OMR answer sheets with barcodes to be matched from two separate parts automatically takes care of the channels to manipulate the exam score. The exams scores of the candidate being entered against the barcodes number and later being matched with his decoded personal information does not leave any window for identifying the candidate for further manipulation of the exam scores. It also enhances the credibility of the commission.
ICR technology in SSA program Sarva Shiksha Abhiyan (SSA) aims to provide useful and relevant education to all children of the age group 6-14, as a part of the policy towards the Millennium
Development Goals of the Government of India. The project requires current and comprehensive data, including the entire household level information relevant to the issues in education for all children of the same age in the country. The data collected is used for planning, monitoring, starting of Education Guarantee Scheme (EGS) centres, opening of new schools in school-less habitations etc. Access to accurate, complete and validated data on time is the key to any successful interventions leading to further policy implications. Yet similar household surveys conducted earlier suffered from certain shortcomings putting at risk the basis for some policy decisions. In the earlier years, the data of same nature was collected and consolidated manually at each habitation level and then computerised. The survey forms used for capturing those data were long with the existence of some repeated fields. The forms were simple paper based requiring manual data entry. The earlier process contributed to the problems such as delay in processing; errors in consolidation; for working at the habitation level “Data granularity” was a significant problem; the challenge to ensure data is collected in the same time and space; validation of data very difficult; individual child based intervention was not possible; and, updating the data was very difficult. During the application of the ICR technology, the size of the forms has been reduced to a more relevant, simple, one page data capture format. As a part of the process, the number of households in each habitation or ward was firstly identified. Finally, a master data, including habitation list was created and validated at Block and District level. As a part of the plan for data usage, data mining tool was deployed. Data updation was done at Gram Panchayat level with the following procedures: the list of children maintained at habitation level as a Village Education Register; the list is updated online using and transmitted to State Data Centre; data is extracted for discussion as well as for corrective and preventive action at “Gram Sabha” meetings; and, key issues are escalated automatically to Special Project Directors. Regarding the number of people affected by the project, all habitations have 19
been covered with 100% coverage of children. The coverage was such that 10.2 million forms have been scanned and converted to the relevant format for using the ICR technology. The forms have been verified in 15 days, with a speed of over 650,000 forms processed per day. Finally, the entire project was done within 5 weeks and at reasonable cost. In terms of likely improvement of the quality of service, the application of ICR technology assured granularity at individual child level, and high quality data, which is verifiable objectively. Also, the whole process was completed in a record time. The in-built flexibility in the new process facilitates further use of the same data. It allows tracking and planning at individual child level. It allows dynamic “slice and dice� of data to assist with analysis for informed policy. It allows data sharing with the followings: selective access to data on State Data Centre to all stakeholders; regularly updated reports and views on the portal; custom data extracts
20
for other departments as requi-red; and, transparency and access to up- dated data to public. The impact of any public policy depends on the quality of data used for the study to a large extent. The accessibility to a more recent and accurate date helps to generate larger impact on the people. Therefore, without the help of technological innovations, it poses a bigger challenge to the govern-ment while framing its policies, if not supported by a good quality, timely and relevant data.
Conclusion In general, as these two cases demonstrate, the reduction of cost and time in processing of forms in public
examinations, in announcing results, or in collection of data, the Return on Investment and positive effect on public life is much larger compared to the modest costs of this simple technology and approach. The well-managed application of simple technology assures a more efficient, transparent system, with less channels of corruption. Identification of eligible beneficiaries becomes an easy process with an access to more current and accurate data. Also, the data being uploaded centrally for further use ensures that the whole system works in a much more efficient and transparent way by eliminating wrong identification of beneficiaries.
About the authors Gitanjali Sen is a Lead Economist at Comat Technologies, India. gitanjali.sen@comat.com
Theodore Gering is Business Head Europe, Comat Technologies. theodore.gering@comat.com
Srini Ramakrishnan is Principal Consultant, Advisory Services, Comat Technologies, India. srini.ramakrishnan@comat.com
www.egovonline.net |
Philippines’ guidelines on adoption of e-Payment, Collection
IN THE NEWS
A joint administrative order was recently issued by Philippines’ Department of Finance (DoF) and the Department of Trade and Industry (DTI) recommending guidelines and policies to the government adoption of an Electronic Payment and Collection System (EPCS) in relation to the implementation of the E-commerce law. The policies prescribed include the keeping of electronic payment and collection data for 60 days, while government electronic archives would be kept available for 10 years. The directive also announced that a Government Electronic Payment and Collection Systems Evaluation Team (GEPCSET) would be shortly created.
Singapore e-Government Leadership Centre set up
e-D form system for travellers exiting Myanmar
Lee Boon Yang, Singapore’s Information, Communications and the Arts Minister, announced the setting up of ‘Singapore e-Government Leadership Centre’ to help developing countries share its brand of e-Government solutions. The centre would train policy makers and telecoms regulators involved in information and communications technology. Besides, the centre would also offer programmes in the area of eGovernment strategy, policies and implementation.
All the travellers exiting Myanmar would now be able to avail e-D ( e l e c t r o n i c departure) form system that would facilitate their process for exit after a passport is ready at hand. Being implemented as part of the e-Government system, the Ministry of Immigration and Manpower has provided this online service for the first time. A special website for e-D form has been put up on the Internet. Myanmar has so far launched some e-Government systems including e-Visa, e-Passport, and e-Procurement. Currently, Myanmar is trying to improve its public Internet services. In 2006, some 50 public access centres (PAC) have been established in the country in places such as Yangon, Mandalay, Pyinmana, Pyay, Magway, Muse, Myitkyina, Monywa, Pathein and Taunggyi. Myanmar intends to establish some 400 PACs in 324 townships within 3 years.
Meanwhile, the Infocomm Development Authority of Singapore (IDA) recently awarded the service provider iCell Network a contract to build the eastern portion of Singapore’s ambitious nationwide Wi-Fi initiative, Wireless@SG. ICell Network, which is a partner of wireless multi-service mesh technology developer Firetide Inc., would be creating a high-capacity wireless infrastructure for the thousands of new Firetide access points needed for the area.
Brunei to implement IDPS e-Government project Brunei’s Public Works Department (PWD), which falls under the Ministry of Development, recently signed a Memorandum of Understanding (MoU) with JSY Systems and its consortium partner Autodesk Inc., to implement the e-Government project ‘Integrated
22
Document Production System’ (IDPS). The MoU mandates JSY Systems to oversee the project management, design, supply, delivery, installation, integration, testing, training, commissioning and maintenance of software, hardware and other related
services for the implementation of the IDPS project. The project is worth US$7.5mn, and is expected to be complete in September 2007. The IDPS project would provide a technology and process platform enabling the PWD architects, engineers, designers and project managers to utilise world-class standardised processes. Particularly, designers involved in public infrastructure would be able to do more concurrent design activities utilising the IDPS. A new platform would also be introduced for the local construction industry in the project tendering process. www.egovonline.net |
O pportunities for
D igital A sia 6-8 February, 2007 Putrajaya International Convention Centre, Malaysia
Organisers
Host Organisations
Ministry of Energy, Water and Communications (MEWC) Government of Malaysia
knowledge for change
Institutional Partners
Principal Sponsor
International Government Partners
MCMC
Knowledge Partner
Media Partners ov
University of Malya
INTAN
Supporting Partners
www.e-asia.org
L CATION
Asia's largest conference on ICT4D eASiA 2007 through its five seminal conferences, will focus on five emerging application domains of ICT for Development - eGovernment, ICT in Education, ICT and Rural Development, ICT enabled Health Services and Mobile Application and Services for Development
What? •
Meeting point to foster cooperation in ICT for Development in Asia
•
Platform for consultative dialoguing, strategic planning and business partnering
•
Comprehensive programme with keynotes from professionals, technical sessions and an exhibition
•
Participation of high level speakers and experts on ICT from Asia and beyond
•
Forum to address the issues of digital divide and explore opportunities for Digital Asia
Who? •
Ministry of Energy, Water and Communication, Government of Malaysia
•
Malaysian Communications and Multimedia Commission, Malaysia
•
Microsoft Corporation
•
Swiss Agency for Development and Cooperation (SDC), Switzerland
•
The Commission in Information and Communications Technology, Philippines
•
The National Computer Center (NCC), Philippines
•
Ministry of Information and Communication, Government of Korea
•
The National University of Singapore (NUS), Singapore
•
Universiti Teknologi Mara (UiTM), Malaysia
•
International Development Research Centre (IDRC), Canada
•
... And many more
Why? •
Meet key decision makers, experts, leaders and stakeholders in ICT arena at one platform
•
Meet professional service providers, IT vendors, Telecom vendors, Satellite providers, Consulting firms, Government agencies and National-International development organisations in the domain of ICT
•
Opportunity for potential business partners from Asia and beyond to meet and exchange ideas and needs
•
Opportunities for cooperation in the field of ICT for development, education, governance and health among Asian countries
www.e-asia.org
6 - 8 February, 2007 Putrajaya International Convention Centre, Malaysia
The Venue The Putrajaya International Convention Centre or better known as PICC among the Putrajaya residents, is located on top of Taman Puncak Selatan in Precinct 5. PICC takes its shape from the eye of the pending perak (a silver Malay royal belt buckle) with the main halls set in the eye of the pending perak. Putrajaya International Convention Centre Dataran Gemilang, Precinct 5 Federal Government Administrative Centre 62000 Putrajaya, Malaysia Tel: +6-03-8887 6000 Fax: +6-03-8887 6499 E-mail: enquiry@pcc.gov.my Web: www.pcc.gov.my
Transportation and Accommodation Transportation By Road: Putrajaya is 25 kms from Kuala Lumpur and 15 minutes drive from KLIA and F1 circuit in Sepang. It is the most accessible city in Malaysia. You can reach Putrajaya using expressways, urban highways and rail. Prepaid Taxi: Delegates may take prepaid taxis from Airport to Putrajaya and/or from Kuala Lumpur to Putrajaya. Putrajaya International Convention Centre is approximately 30 min from KLIA and approximately 40 minutes from Kuala Lumpur city. Shuttle Service by organisers during the conference period: The organisers will provide a shuttle service for delegates from the Putrajaya Station to Conference Venue and Conference Hospitality Partner Hotels in Putrajaya (and back) on hourly basis. By Train: A high-speed train service either from Kuala Lumpur International Airport or KL Central (city), Kuala Lumpur, is the fastest way to reach Putrajaya.
Accommodation Organisers are pleased to announce Marriott Putrajaya as the Conference Partner Hotel for eASiA 2007. The hotel will offer the delegates room accommodation at a subsidised rate. Please visit the link www.e-asia.org/2007/accommodation.asp for more details and to book your room.
eASiA's Unique Value Proposition •
High level speakers and experts from Asia and beyond
•
Right technology solutions and partners
•
Opportunity to forge strategic partnerships with sellers and buyers
•
Focussed session and target audience
•
Face-to-face meeting with key customers and prospects
•
Latest e-Solution services and initiatives from across Asia
6 - 8 February, 2007 Putrajaya International Convention Centre, Malaysia
Asia's largest conference on ICT4D
ASiA 2007
ASiA 2007
egov Asia 2007 will bring together some of the best minds from the highest echelons of government, industry, academia and civil society to discuss and deliberate on the key strategies for e-Government. The conference aims to create an invaluable Asian platform for consultative dialoguing, strategic planning, knowledge networking and business partnering in the field of e-Government. Highlights: • National e-Government strategies • International and regional perspectives • Policy reforms for ICT-enabled governments • Models of e-Service delivery • Emerging technology solutions
Digital Learning Asia 2007 will bring some of the key drivers from the leading countries of technology-enabled education to deliberate on the pressing challenges of technology-enabled education from capacity building to reengineering pedagogy; change management to providing digital access.
Asian Telecentre Forum 2007 aims to bring the Asian practitioners on a platform for learning and sharing the experiences. Experts will be engaged in close assessment of issues relating to project monitoring steered by external financial support, from international development agencies & governments in Asia.
Highlights
Highlights • Telecentre movement in Asia: Road ahead • Partnerships for developing telecentre networks • Financing mechanism and sustainability factors of rural telecentres: A reality check • Service delivery and capacity building through telecentres
• National strategies on ICT in education • Localisation, customisation and content development • Educating the educators • Re-engineering pedagogy • e-Learning trend and practices • Education technology trends in Asia
Get Visibility through our Four Niche Magazines
ASiA 2007
Key Speakers
eHealth Asia 2007 aims to provide a platform to discuss the recent trends and emerging issues in the development of information & communications, science and technology and its integration in healthcare systems. Conference will provide a knowledge sharing platform for deliberating on the opportunities and possibilities of ICT use for better health care delivery.
mServe Asia aims to discuss and showcase the different aspects of mobile services, technologies, implementation and implications, developments on the public administration and tie them to the existing and future m-Government, education, agriculture and other applications. The conference will provide a platform to promote networking and business opportunity development.
Highlights
Highlights • Enterprise mobile workforce management • Mobile infrastructure and connectivity issues • Next Generation 3G Network • mLearning • mServices • Emerging applications
• e-Health in developing countries • e-Health administration and management • Rural telemedicine • Emerging technologies in e-Health • Challenges and opportunities for collaborative action in e-Health
• Walter Fust, Swiss Agency for Development and Cooperation (SDC) • Richard Fuchs, International Development Research Centre (IDRC) • R. Chandrashekar, Additional Secretary, Ministry of Information, Communication and Technology, Government of India • Gerri Elliot, Corporate Vice President, Worldwide Public Sector, Microsoft
Host and Partner Organisations Host Organisation
Supporting Partners
Ministry of Energy, Water and Communications, Malaysia The Ministry is the key policy formulator and service regulator in Energy, Water and Communications sectors in Malaysia. The Ministry's main thrust is to facilitate and regulate the growth of industries in these sectors to ensure the availability of high quality, efficient and safe services at a reasonable price to consumers throughout the country. www.ktak.gov.my/
The Asia Foundation is a non-profit, nongovernmental organization that supports programs in Asia that help improve governance and law, economic reform and development, women's empowerment, and international relations. www.asiafoundation.org/
The Malaysian Communications and Multimedia Commission is the regulator for the converging communications and multimedia industry. The role of the MCMC Malaysian Communications and Multimedia Commission is to implement and promote the Government's national policy objectives for the communications and multimedia sector. www.cmc.gov.my
International Government Partners The Commission in Information and Communications Technology, Philippines, is the primary policy, planning, coordinating, implementing, regulating, and administrative entity of the executive branch of Government that promotes, develops, and regulates integrated and strategic ICT systems and reliable and cost-efficient communication facilities and services. www.cict.gov.ph The National Computer Center (NCC), Philippines, fundamental functions were to provide information bases for integrated planning and implementation of development programs and operational activities in the government. www.ncc.gov.ph
Knowledge Partner INTAN is a premier government institution of Malaysia providing world-class training and capacity building programmes for public sector organisations of the country. www.intanbk.intan.my
www.e-asia.org
ASiA 2007
ASiA 2007
Bellanet promotes and facilitates effective collaboration within the international community, especially through the use of ICTs. www.bellanet.org The Commonwealth is an association of 53 independent states consulting and co-operating in the common interests of their peoples and in the promotion of international understanding and world peace. www.thecommonwealth.org
telecentre.org is both a social investment program that supports grassroots telecentre networks and a loose family of organizations with a common commitment to helping the telecentre movement thrive. www.telecentre.org In India USAID is investing in economic growth, health, disaster management, environment and equity in India and in programs that focus on areas where help is needed most and people-level impact is high. www.usaid.gov in Warisan Global is a knowledge strategy company of Malaysia that is in the business of designing, developing and executing projects in the area of bridging the digital divide and grassroots entrepreneurhsip. www.warisanglobal.com
Institutional Partners The National University of Singapore (NUS) is a multicampus university of global standing, with distinctive strengths in education and research and an entrepreneurial dimension. www.nus.edu.sg
MobileMonday Malaysia is an open community of mobile professionals fostering cooperation and cross-border business development through virtual and live networking events that share ideas, best practices and trends from global markets. http://www.mobilemonday.com.my/
UiTM is Malaysia's premier institution of higher learning that has experienced a phenomenal growth since its inception in 1956. www.uitm.edu.my
Swiss Agency for Development and Cooperation (SDC) is Switzerland's international cooperation agency within the Swiss Foreign Ministry. www.sdc.admin.ch Southeast Asian Ministers of Education Organization (SEAMEO) was established on 30 November 1965 as a chartered international organization whose purpose is to promote cooperation in education, science and culture in the Southeast Asian region. www.seameo.org Sarvodaya is dedicated to making a positive difference to the lives of rural Sri Lankans. www.sarvodaya.org
University of Malya
Universiti Malaya is the first University of Malaysia, situated in the southwest of Kuala Lumpur - the capital city of Malaysia. www.um.edu.my
Conference Contacts Exhibition: Himanshu Kalra (himanshu@e-asia.org) Papers: Prachi Shirur (prachi@e-asia.org) Registration: Mukesh Sharma (mukesh@e-asia.org) General Information: Himanshu Kalra (himanshu@e-asia.org)
Asia's largest conference on ICT4D
Top Reasons to Exhibit at eASiA 2007 Targeted audience eASiA 2007 brings the right mix of quality delegates unparalleled at any other Asian forum. Unlike many other general IT fairs, it addresses the need to bring region's top public sector buyers at one place thus saving time and resources of focussed suppliers.
Valuable opportunity for face-to-face meetings eASiA 2007 maximises the face-to-face time exhibitors spend with key customers and prospects through informal meetings, structured appointments and many networking lunch and dinner receptions.
Listen to key decision-makers' needs eASiA 2007 gives you access to government IT decision-makers with the need, the authority and the budget to buy your products and services.
Focussed sessions for sponsors to position their solutions Sponsors could benefit from the key sessions, panel discussions and workshops by participating in the discussions and presenting their solutions to the quality audience from around Asia-Pacific and beyond.
Proven organisers eASiA 2007 is organised by Centre for Science, Development and Media Studies (CSDMS) and GIS Development, who have more than 10 years of experience in organizing niche events on ICT and GIS across continents along with several government partners.
Exhibitor's Response! "I wish to congratulate you all on pulling off not one but three conferences, all at the same platform. That was truly audacious in scope." Cisco
"I congratulate the CSDMS team for organising such a prestigious event. It was insightful for us at least." Canon India
"I was deeply honoured to participate in the conference. The quality of discourse, talent and depth of knowledge by the speakers, and the extraordinary opportunity for learning made Vision 2010 a great success for TechSoup." TechSoup
www.e-asia.org
6 - 8 February, 2007 Putrajaya International Convention Centre, Malaysia
Exhibition Floor Plan 11
12
13
15
14
16
17
18
19
20
21
23
22
24
25
10 26 9
43 53
50
27
48
8
7
52
42
44
41
45
40
28
47 29
6
49
30
39
46 51
5
31
4
32
3
33 2
1
38
Entrance For any enquiry on exhibition contact: Himanshu Kalra (himanshu@e-asia.org) Tel: +60166852201
37
36
35
34
= 12 sq metre
= 16 sq metre
= 77 sq metre
= 9 sq metre
= 20 sq metre = 24 sq metre = 49 sq metre
= 21 sq metre = 56 sq metre = 42 sq metre
= 48 sq metre
= 120 sq metre
6 - 8 February, 2007 Malaysia
DELEGATE REGISTRATION FORM Personal details
First Name ................................................................................................................................................................................................... Last Name.................................................................................................................................................................................................... Designation/Profession ................................................................................................................................................................................. Organisation ................................................................................................................................................................................................ Address........................................................................................................................................................................................................ City................................................................................ .Postal Code ......................................................................................................... State .............................................................................. .Country ............................................................................................................... Tel.(O) ............................................................................ .(R)........................................................................................................................ Mobile ........................................................................... .Fax....................................................................................................................... Website....................................................................................................................................................................................................... E-Mail .........................................................................................................................................................................................................
Delegate type: Author
Regular
Exhibitor
Sponsor
Supporting Partner
NGO
Private
Academics/Institutions
Sector: Govt.
My primary interest area is: egov Asia
Digital Learning Asia
Asian Telecentre Forum
I would like to receive weekly e-Newsletter on: egov Payment mode: Demand Draft
Digital Learning Cheque
eHealth
mServe
i4d Wire Transfer
Payment Details: Cheque/Demand Draft No. ............................................... or Transaction ID .......................................... Dated .................. Drawn on ........................................... for amount RM/USD ................................... Payable in favour of 'CSDMS'.
"
Wire transfer detail: Beneficiary detail: CSDMS Bank name and address: Citibank Noida Branch, India, A-6 Sector - 4, Noida, UP, India, Account : 5-000890-288, Swift code: CITIINBXAXXX Detach & mail to eAsia Secretariat in Malaysia or India
"
"
Delegate Registration Fees Details Malaysia Delegates
Delegates from outside Malaysia
Govt./NGO/Academia Private
888 RM 1588 RM
Govt./NGO/Academia Private
300 USD 500 USD
Fees Entitlements The Delegate Registration entitles the individual to participate in all technical sessions, workshops, keynotes and plenary sessions and social functions for all five/any egov Asia 2007, Digital Learning Asia 2007, Asian Telecentre Forum 2007, eHealth Asia 2007 and mServe Asia 2007 conferences. It also includes: •
Delegate Kit
•
Tea/Coffee breaks on all three days of conference.
•
Lunch for all three days
Cancellations and Substitutions In case of any unforeseen or unprecedented occurrence beyond the hold of the conference secretariat, where the conference is called off, due to natural disasters, epidemics, man-made civil disturbances or other mishaps of large scale, there shall be no refund or reimbursement of any fees or commitments. Cancellation and Substitution Policy !
In case a registered participant is unable to attend, s/he may send his substitute to attend the conference. S/he must inform the Secretariat by 6th January 2007.
!
In case a registered participant is unable to attend and wants refund of registration fees, s/he may convey the same by 6th January 2007 and is liable to claim back 50% of the Registration Fee, subject to decision of the Secretariat. This does not hold for force majeure condition.
WAYS TO REGISTER Online
www.e-asia.org
registration@csdms.in
eASiA 2007 Secretariat (Malaysia) GIS Development Sdn. Bhd., Suit 22.6, Level 22, Menara Genesis, 33 Jalan Sultan Ismail, Kuala Lumpur 50250, Malaysia Tel: +60166852201 Tel: +60166910129
Fax +60321447636 (Malaysia) +91 120 2500060 (India)
eASiA 2007 Secretariat (India) Centre for Science, Development and Media Studies G - 4, Sector-39, NOIDA - 201 301, India, Tel: +91-120-2502180 to 85 Fax: +91-120-2500060 Web: www.e-asia.org E-mail: info@e-asia.org
For any information/enquiry contact: Tel: +60166852201 (Malaysia) Tel: +919312907675 (India) Web: www.e-asia.org Email: info@e-asia.org
Cover CoverFEATURE
e-Passport
Current activities and technology Calvin Lee | Detlef Houdeau | Rainer Bergmann
T
here is a growing need to review the international standardisation, regulation and recommendations for travel documents, with a focus on ePassports and other travel documents. It, therefore, becomes pertinent to provide an overview of the worldwide activities for e-Passports and border control in the time window 2005 to 2009.
Standardisation Five Task Forces (TF) began running under ICAO/NTWG (International Civil Aviation Organisation/New Technology Working Group) in 2005, with some to finish in 2006. Most of the international standards for travel documents were frozen in the beginning of 2006 under ICAO 9303-1. This captures data structure (ICAO/LDS), biometrics, security architecture (ICAO/PKI), data storagetechnology (EEPROM) and –size (32/64k) interface (ISO 14443) of the e-Passport and the data transmission speed (424kpbs). Further additional activities are planned for 2007, which includes defining mechanical tests for electronic passports for 10 years lifetime under ISO standardisation activity; agreement of the security scheme on Extended Active Authentication Control (EAC) under ICAO/PKI (NTWG TF 5); expanding the current EU Citizen Card (ECC) standard CEN TC224 for e-Government with the I.A.S. (Identification, Authentication and Signing) scheme together with a technical bridge to the ICAO framework. The agreement of a | December 2006
In view of the growing threat to security worldwide, it has become pertinent to focus on ePassports and other travel documents – their international standardisation, regulation and recommendations. e-Passport technology is addressing the security threat effectively joint logical data structure and security architecture is the target; conformity test procedure for EAC products (ePassports, e-ID cards, resident permit cards, border control terminals) under ISO; and, new standard for commercial readers for government and nongovernment applications.
One important government application is the reading and handling of biometric data. The initial access to the data set is defined by Basic Access Control (BAC) but for the fingerprint data only by a special security key (using EAC). The access to the data set in the nongovernment applications is very often 31
The government regulations and/or recommendations that are in progress or are expected are as follows: USA published the US VISIT (Visitor and Immigration Status Indicator Technology) program in 2003 for 27 visa waiver countries and non-visa waiver countries; USA published the tender for the US e-Passport in December 2003; EU
each citizen’s two index finger. After this publishing of specification in June 2006, each member state has 36 months for implementation (latest in June 2009); USA announced the trusted traveller programme to Mexico and Canada as part of the US VISIT programme. This programme has the name PASS CARD (People Access Security System); China announced the trusted traveller programme to Hong Kong and Macao as part of their border control programme; USA announced the electronic visa programme for the non-Visa Waiver Programme (VWP) countries as part of the US VISIT programme. This visa type needs no international standard; USA starts the Transport Worker ID Credential project with a pilot called TWIC programme. This programme captures
(European Union) Commission published in October 2004 the regulation 2252 for biometric passports; EU published in February 2005 the specification for the first implementation step of biometric passports in the EU area with frontal photo, microcontroller and minimum 32k EEPROM and the security level ICAO/ PKI/BAC. The implementation was to be done till August 2006; EU Commission published the final EAC specification 1.1 for the second implementation step of digital travel documents. This includes the requirement to store the fingerprints of
workers such as those in harbours, train stations, and besides drivers of trucks and public buses; USA starts the Container Security Initiative (CSI) program with the electronic seal on all sea container. This project could be linked in future to the TWIC program; EU defined the specific Advanced Passenger Information (API) program. Main target is to harmonise the data set and structure of the passenger profiles in the EU area; EU announced a feasibility study or “Registered Passenger” for frequent flyer in the European area; and, USA has
realised by password and for access to eGovernment applications and for online authentication by PIN (Personal Identification Number). The government reader needs a device security certificate, to ensure mutual authentication of the transaction so as to have the access key to the fingerprint data in the IC (Integrated Circuit).
Regulations/Recommendations
32
published in July 2006 the technical interoperability specification for registered travellers in the US.
Application scope In terms of the application scope, Governments started in 2005 and 2006 several activities. The USA Department of Homeland Security (DHS), under the Visa Waiver Program (VWP), required the Visa Waiver countries to start issuing e-Passports from October 2006. Most of the EU member states are part of the VWP. Countries such as Singapore, Brunei, Japan, Australia and New Zealand are also members of the VWP. The USA Department of State (DOS) together with DHS has started in summer 2005 a field trial test with electronic Passports and the new border control between selected airports in USA, Australia, New Zealand and Singapore. US A started the issuing of the US e-Passport in August 2006, which is contactless secure crypto-controllers with 64k EEPROM as defined by ICAO. The chips have a Common Criteria (CC) certificate with security level EAL5+, the highest security level currently possible for chip hardware. The DHS has started in the 1st quarter 2006. tests with electronic Visa with two frequency ranges – HF (13.56 MHz) and UHF (2.45 GHz). Currently there is no final decision, but the industry expects that the higher frequency band might be selected. Target for this travel document are all non-VWP countries. EU Commission has published the EU specification of the first step of the biometric passport. The first implementation was to be completed by August 2006, i.e. 2 months earlier than the US timeframe. This EU specification contains digital country signer certificate and document signer certificate, frontal photo and digital MRZ data together with digital photo image stored in a contactless microcontroller according to ICAO/PKI/ BAC. EU Commission has published 14351/2005, a recommendation for the minimum security approach of next generation national e-ID cards. The scheme is the same as that for electronic passport in the second implementation stage. This means face recognition and two index finger data combined with ICAO/PKI/EAC. www.egovonline.net |
Sweden has started in October 2005 the issuing of their national e-ID card with the logical data structure according to ICAO/LDS 1.7 and the security architecture according to ICAO/PKI/ BAC, biometric data (face image) and the contactless interface according to ICAO/ ISO 14443. A secure crypto-controller with 32k EEPROM was selected. For national e-Government services, this card has a second microcontroller with additional 32k freely addressed EEPROM data space combined with a contact-based interface. This is a dual interface hybrid card. The Netherlands Ministry of Interior has tested the border control process in the winter of 2005 at Schipol airport, Amsterdam. This was a pilot programme with around 5000 electronic passports, with BAC, but without the country signer certificate and document signer certificate. On the terminal side, contactless ISO 14443 type A readers were installed. In this program, two biometric data sets (face and 2 index fingerprints) were taken. The test group were from the KLM airline crew members and frequent flyers. Thailand’s Ministry of Foreign Affairs has started a pilot at Bangkok airport in June 2005 with daily issuing of 200 electronic passports. In terms of security, Passive Authentication (PA) was selected. The border control included two biometric data sets – face and 2 index fingerprints. Besides, many workshops, conferences and specific Government events were organised in 2005 and 2006, most of them from the four technology corners such as ISSE and Global Border Control capture IT/Security/Homeland security; European Biometric Forum with focus on Biometrics; World e-ID, European Passport Forum, CARTES and Intergraf with focus on Smart Card and Passport; and, ICAO interoperability tests (Singapore, Tsukuba/Japan, Berlin/ Germany etc.).
Banks to install Biometric ATMs in rural areas In an attempt to cater services for the rural customers, public sector banks such as Union Bank of India, Dena Bank and Central Bank of India have decided to install biometric automated teller machine (ATMs). This is a part of their key strategies to tap the rural market. The ATMs are to be installed within a month’s time frame. Already, other key players such as Corporation Bank, Andhra Bank and Canara Bank have expressed keen interest to roll out a pilot study by introducing one such ATM.
offering increased security and decreased process time for border control, but the big picture combining e-Passport, Visa, API, paperless ticketing and the impact on the complete traveller management process is unresolved. Border control police foresee a decreasing of travel document fraud.
e-Passport technology
Regarding the implementation of ePassports, 27 countries of the US-VWP and some other countries such as Thailand and Turkey have got experience in biometric data collection (e.g. frontal photo), PKI (Public Key Infrastructure)/certificates and travel document issuing process. Results about new border control process such as total cycle time of the process, accepting rate for document, data and recognition and maintenance of the border systems, have been collected as well. By November 2006, 33 countries have either issued or started the issuance of electronic passports (30% of all countries with Machine Readable Zone (MRZ)-passports; these issue up to 50% in volume of all passports). Among these 33 countries, 27 of them are members of US-VWP. New activities would include countries with large populations such as China, India and Pakistan. These countries are expected to start their ePassport rollout program in near future. Airlines, ground handler and immigration offices at airports have some understanding of the new process
Semiconductor companies listed as chip suppliers for European e-Passports need to compulsorily obtain EAL 5+ (high) (Evaluation Assurance Level 5 Plus High) Common Criteria certification, the highest security level for chips. Certifying security mechanisms to comply with this standard involves some of the most demanding tests in the world. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik– BSI), an independent and highly specialised national authority that controls and monitors the entire process and issues internationally recognized Common Criteria certificates in Germany, conducted assessed and tested Infineon’s security controller designed for e-Passports – the SLE 66CLX641P – to meet EAL5+ (high) Common Criteria requirements, and certified it. CC-security level EAL 5+ (high) is the highest certification level for microcontrollers. Evaluation respectively certification bodies have full access to the development documentation of the products being tested and can verify the effectiveness of their security functions in a series of detailed tests based on the latest scientific findings. The tests use the internationally recognized BSI Protection Profile PP0002. This ensures that all attack scenarios of practical relevance to chip cards/ e-Passports are taken into account both theoretically and in laboratory tests.
Detlef Houdeau is Senior Director for Business Development Identification, Infineon Germany.
Rainer Bergmann is Director Business Development Identification, Infineon Germany.
Detlef.Houdeau@infineon.com
Rainer.Bergmann@infineon.com
Implementation
About the authors Calvin Lee is Marketing Manager, Identification, Automotive, Industrial & Multimarket, Infineon Singapore. Calvin.Lee@infineon.com
| December 2006
33
Cover CoverFEATURE
Check on travel document counterfeit Adi Tedjasaputra
B
iometric passports have recently been touted as some technologically cutting-edge passports that could prevent travel document counterfeit using a secure authentication process. These passports carry some digital data about human physical characteristics of their respective holders, such as face shape and fingerprints. These physical characteristics and their combination are the parameters or the determining factors in an authentication process known as biometric authentication. Before a biometric authentication process can be performed, a recording process that transforms the human physical characteristics into some digital biometric data or biometric signature is required to set an authentication reference. These digital data are usually encrypted and stored in a Radio Frequency Identification (RFID) chip embedded or inserted into each biometric passport. During a biometric passport authentication process, a passport reading machine will usually try to read the biometric data stored in the RFID chip. After a successful contactless access, the data retrieved from the chip will then be authenticated against the initial, presumably genuine, biometric data stored in the authority database. In addition, a physical authentication process could also be integrated to increase the trustworthy level of the authentication process. 34
Biometric passports are now being touted as technologically cutting-edge passports designed to prevent travel document counterfeit using a secure authentication process www.egovonline.net |
New Biometric Indonesian passports Most of the countries in the world are currently implementing or planning to adopt biometric passports generally for security purposes, including Indonesia. As the world’s fourth most populous nation with more than 200 million people, Indonesia has decided to venture into the world of Biometric. Since February 2006, the country has started to issue what the government called the “new biometric passport”. According to the news titled “Justice ministry clarifies biometric passport prices” published by The Jakarta Post on 21 July 2006, the government says the biometric system, which scans fingerprints and photo-graphic data into a bar code, has helped it detect 1,800 attempted passport frauds since its introduction in February 2006. In addition, Germany’s Digital Identification Solutions AG – the sole contractor of the Biometric Indonesian Passport project – issued a press release on 12 July 2006 in Stuttgart claiming that the new biometric passport system on average processes 10,000 online passport applications daily and issues the passports in full colour and with numerous security features right on the spot where the citizens apply for it. However, while the other developed countries are implementing and planning biometric passports with RFID chips embedded or inserted into their biometric passports, the biometric Indonesian
passports resort to the bar code technology, which defeats the purpose of anti-counterfeit in the first place. Basically, it is easier to clone bar codes than the encrypted identification stored in an RFID chip. Beside the security issue, it is also essential to guarantee that certain information in the biometric passports are kept from unauthorised parties and specific privileges granted or assigned to the right persons, which though is almost impossible with the application of the bar code technology on the biometric Indonesian passports. The biometric Indonesian passport system designer apparently forgets that secure authentication is the fundamental assumption for privacy protection and authorisation. Moreover, the use of bar code technology also means that there is no unique identification system due to the limitation of bar code numbering system. The bar code technology was originally designed only to identify a class of generic products, not a unique item, compared to the RFID technology, which could support a unique identification system despite of the numbering system being used.
Biometric (+RFID) passports and ID cards Biometric (+RFID) passports and ID cards are definitely better off without the basic security issues posed by the bar code technology. Nevertheless, the
In 2006, Biometrics adoption to increase IT services vendor Unisys has predicted that in 2006 there would be an increase in the commercial usage of biometrics owing to technological improvements brought about through e-Passports. Terry Hartmann, Unisys’ Director and Global Solution Lead for Secure Identification and Biometrics, said in a company release that traveller security is driving the adoption of biometrics much faster than commercial pressures would have. The Unisys statement said that Asia would lead the world in using biometrics for national identity and security. Currently, for purposes of national identity verification countries such as Cambodia, China, Hong Kong, Japan, Malaysia and Thailand are evaluating, planning, piloting or deploying smart cards with biometric features. It may be noted that in October 2005 Australia introduced biometric e-Passports becoming the first country in the world to do so. The U.S. Department of Homeland Security also conducted e-Passport tests at the San Francisco International Airport, Singapore’s Changi Airport and Sydney Airport in Australia. | December 2006
recent demonstration of Biometric +RFID passport data cloning performed by a security consultant at the Black Hat security conference in Las Vegas could indicate that the security risk in the implementation of Biometric (+RFID) passports and ID cards still exists. The consultant could not change the information stored in the chip due to cryptographic protection though. In reality, there is no 100% security guarantee in this networked world. When you become part of a “network” voluntarily or involuntarily, there is always a chance that your security is compromised. A sensible action lies in assessing security status continuously, taking several appropriate security measures and preparing for some recovery plans that may arise from any security breach.
Beyond technological issues During the Government Forum on National ID and e-Passport for Indonesia held last June in Jakarta, the Director for International Cooperation at Indonesia’s Directorate General of Immigration unveiled the plan to decentralise the issuing process of Biometric Indonesian Passports throughout the Indonesian Embassies located outside Indonesia. Until now, there has been no country in the world planning or implementing the decentralisation plan as the Indonesian Government has done. It is certainly not about technological barriers. It is simply based on the common sense and assumptions that the security risk of having such decentralisation system will outweigh the benefits of efficiency produced by such system. There is simply no country in the world that is willing to put its nationals and citizens on the front line of security risks and threats.
About the author Adi Tedjasaputra is the Founder of RFID Asia [http://www. rfidAsia.org], and resides in Indonesia. adi.tedjasaputra@rfidAsia.org
35
Cover CoverFEATURE
Future travels secure, safer. How? Kemal Bajramovic
A
t 7:42 am on the Logan International Airport in Boston, passengers of the American Airlines company flight to Los Angeles did not suspect at least that there were two Al-Qaeda members, Mohammad Atta and Abdulaziz Al-Omari, in line for embark. At 8:46 am instead of landing in Los Angeles, the plane finishing it flight zooms into the Tower 1 of the World Trade Center in New York, causing death of hundreds of innocent civilians. That is how the largest attack on USA interests, ever made on her soil, started, avalanching political and social changes around the world, in which common and individual safety became the most respected value of modern society. This immediately made crucial the very issue of how to make future travel secure and safer.
Conventional passports with the picture and safety imprint cannot longer respond to security requirements, so governments worldwide introduce, or are getting ready to introduce, modern passports based on the chip which holds biometric data of passport bearer classic contactless smart card. Personal data and the image of the passport holder are stored in the digital form, and the aerial enables the contactless data transfer from the chip. Some countries attend to include additional biometrical data, like the fingerprints or eye iris scan, in order to make identification of passport bearer more reliable.
An electronic passport automates and accelerates the process of identity check and increases the safety on the border. What does happen on passport control? The officer who is responsible for passport control take the passport and permeate the page holding data and picture of passport carrier through the special reader, in order to read off
Electronic identity of travelers Alongside with practically unlimited possibilities of traveling worldwide, the need was born for the improved generation of travel documents which are resistant to every sight of attempt counterfeits. Answers to such needs are the machine-readable electronic passports, which from outside, seems to be like usual conventional passports. They consist of the same printed personal data of passport carrier and his/her picture. Besides printed data, such passport has the special polycarbonate page with the built-in RFID (radio frequency identity) chip and an aerial. This plastic page is a 38
www.egovonline.net |
characters of two printed lines which are found at the bottom of this page. Every passport on the world has unique contents of these two lines of MRZ (machine readable zone) characters. The reader must compute the characters and use the first line as an authentication key to wake the smartcard chip and use the second as an encryption key. A mathematically generated digital signature ensures that no one has altered any of the stored data. For the reason of safety, the data can be read off only from a very small distance from the chip, using previously obtained read authorisation. Energy from the reader appliance activates the chip, which passes on the data about the bearer of the passport to the screen of computer. Passport control officer can see now all information about the bearer of the passport with his/her picture, like these data have been presented in the printed form.Comparing picture from the screen, picture printed in the passport and the face of the bearer, visual check of passenger’s identity is achieved. Information which is found on the chip is protected using public key technologies, so in the same time, passport control officer can automatically verify if the passport is issued by the authorised government institution from the relevant country. Data stored on the chip have been recorded according to the standards of the International Civil Aviation Organisation (ICAO) in order to make electronic passports of all countries, and suitable appliances for their reading, mutually compatible. By introducing ICAO compatible, machine-readable electronic passports, every possibility of counterfeiting travel documents is avoided.
Electronic passports The US government began issuing service and diplomatic electronic passports this spring, and by the end of this year new civil passports would be issued only as electronic one. However, old passports would continue until their expiration. As a safety measure, after the September 11 attacks, the US government has made it mandatory that citizens of 27 countries including Japan, Australia, other EU | December 2006
member states, in its visa-waiver pool must hold electronic passports. However, nations such as Italy and France crossed the 26 October 2005 deadline, and failed to satisfy the requirements of the US Department of Homeland Security to produce electronic passports with the stored picture of passport holder in the digital format. The citizens of these two countries who own the conventional passport have been asked to compulsorily obtain an entry visa. The other regions would be required to add additional biometric data. The European Union, for instance, would store fingerprints in the memory of the chip.
Personal data security Smart card built in the electronic passport doesn’t broadcast data, but using the suitable equipment; data can be read off from specific distance. Alongside the announcement of electronic passports publishing, different scenarios of abuse of this technology appeared. According to these scenarios, terrorists and criminals can use electronic passports to identify citizens. Electronic passports system use the PKI scheme prescribed by International Civil Aviation Organisation (ICAO),
which enables passport control authorities to check the authenticity and data integrity of the stored data. The ICAO special technical instruction describes the ways to implement this technology, and program member countries have a possibility to make choices in a few distinct areas like setting access control, measures taken against unauthorised data scanning, automatic borders transfer etc. For the prevention of unauthorised data scanning, there is a possibility of implanting metal foil in passport rinds, so the data could not be read off before opening the passport. Price differences of non-personalised electronic and conventional passports, as well as equipment for the personalisation, are very small. Introduction of this technology increases credibility of security institutions of a country and surely is working for visa facilitation to their citizens.
About the author Kemal Bajramovic is Head of Information Technology Group, Civil Service Agency of Bosnia and Herzegovina. kemal.bajramovic@ads.gov.ba
39
Rail e-Ticketing pact between
BUSINESS
IN THE NEWS
AccesRail
Travel technology provider Amadeus and Canadian Rail provider AccesRail have signed a major global technology deal that would enable AccesRail customers to access the advanced Amadeus electronic Ticketing Server to fulfil electronic document storage and data management needs in a phased approach throughout 2007. The Amadeus server would facilitate the storage of e-Tickets, regardless of their origin, as well as validate and carry out security checks on the issuance of e-Tickets. By 2007 end, the Amadeus server aims at enabling rail companies remain up-to-date and in line with airlines.
Coal e-Auctions in India faces Court ban India’s highest judiciary Supreme Court (SC) in its recent ruling asked the CIL (Coal India Limited) to discontinue coal e-auctions for the next 3-4 days. The SC denounced the scheme terming it as “misuse of CIL’s monopoly status to seek the highest price rather than fulfilling its constitutional goals”. The SC judgement observed: “Union of India has conceded that it took recourse to e-auctions to enable sick coal companies to turnaround. CIL needs to formulate a new policy based on public interest as distinguished from a profit motive.” According to the judgement, roughly 95% of coal is made available to the core sector at a notified price or roughly Rs. 1,155/mt (per metric tonne), whereas non-core linked
Karnataka inks e-Procurement deal
Hewlett-Packard India (HP) and India’s Karnataka state recently signed agreement for developing a unified e-Procurement strategy for the region. Through this public-private partnership (PPP), Karnataka aims to improve its tendering, bidding and empanelment processes, including contract 40
consumers and traders procuring through e-Auctions are forced to pay Rs. 1,660-1,900/mt.
management. Malati Das, Karnataka Chief Secretary, said, “The system would enable government to maintain a clear picture of its procurement activities on a real-time basis. The strategy would improve efficiency and transparency in public spending by automating processes and allow for demand aggregation.” Initially, the project would cover selected government departments during the trial period. Later on, this would be adopted across all other regional government departments. Accordingly, the responsibility for applying policy lies with Karnataka’s Centre for e-Governance. A dedicated agency has also been established to coordinate strategy implementation across departments.
“Despite a Government of India office memorandum promising sale of coal to linked consumers at an average e-Auction rate, sale to linked consumers is being made at the highest bid or price and not average bid price. The methodology for allocation of coal to a bidder of eauction is thus, inequitable, irrational and fortuitous. No public opinion was sought and no committee appointed before starting e-auctions,” the SC ruling said. The judgement has ordered that linked non-core sector consumers would get 100% of their linked quantity of coal. Besides, their security deposits also have to be refunded within six weeks along with interest charges at 12%.
e-Loans facility for Indian SSIs India’s standalone factoring company Global Trade Finance (GTF) launched the webbased e-Loans facility for SSI (Small Scale Industries) exporters recently. This is being done for the first time in India. The e-Loans would carry an interest rate of 9% at present. GTF has entered into an arrangement with Export Credit Guarantee Corporation for credit insurance cover of up to INR500mn (US$11.10mn). Under the e-Loans facility termed ‘SSIs – Sanction Your Loan’, an SSI unit meeting the required eligibility criteria would be able to obtain export factoring up to INR20.5mn (US$455,454), which would be sanctioned instantaneously. www.egovonline.net |
Department of Administrative Reforms & PG Government of India Department of IT Government of India
Government of Madhya Pradesh
10th National Conference on e-Governance “Enabling Government to Accelerate Transformation” February 2-3, 2007 Vidhan Sabha, Bhopal (Madhya Pradesh) http://darpg.nic.in www.10thnationalegovconf.in
National Awards for e-Governance Nominations are invited from Central Ministries/Departments, States/UTs, Districts, Local Bodies, PSUs, Civil Society Organisations, Industry and individuals for • • • • • •
Excellence in Government Process Re-engineering Exemplary Horizontal Transfer of ICT-based Best Practice Outstanding Performance in Citizen-centric Service Delivery Innovative Technology Usage in e-Governance Exemplary Usage of ICT by PSUs Best Government Website
Last date for receipt of nominations is December 31, 2006 Nominations must be sent by e-mail to awards@arpg.nic.in A hard copy of the nomination may also be sent to Ms. Lekha Kumar Director (e-Governance), Department of AR & PG Sardar Patel Bhawan, Parliament Street, New Delhi – 110 001 Telephone: +91 11 23743030 E-mail: lekha.kumar@nic.in For more details on the Conference and Awards, you may visit these websites http://darpg.nic.in, www.10thnationalegovconf.in
Industry PERSPECTIVE IndustryPERSPECTIVE
Smart cards propelling smart governance “With the emergence of e-Government applications such as ePassport, National eID, addressing security concerns has become of higher importance since it relates to national security. Infineon is efforting to drive the adoption of secure chip card technology in eGovernment applications,� contends Markus Mosen, Vice President, Chip Card Business, Infineon Technologies, in an interview to Danish A. Khan of egov
42
www.egovonline.net |
Please tell us about Infineon Technologies. What are its key areas of activity? Infineon Technologies AG, Munich, Germany (www.infineon.com), offers semiconductor and system solutions for automotive, industrial and multimarket sectors, for applications in communication, as well as memory products through its subsidiary Qimonda (www.qimonda.com). With a global presence, Infineon operates through its subsidiaries in the US, in the Asia-Pacific region from Singapore and in Japan from Tokyo. In fiscal year 2006 (ending September), the company achieved sales of EUR7.93bn (US$10.46bn) with about 41,600 employees worldwide. In what way is Infineon collaborating with the public sector? In collaboration with the public sector, Infineon emphasise on the increasing importance of high-level security for e-Government applications. With the emergence of e-Government applications (e.g. e-Passport, National e-ID), addressing security concerns is of even higher importance since it relates to national security. Infineon is in the prime position to drive the adoption of secure chip card technology in e-Government applications. We have over 20 years of experience in driving and implementing security and certification standards. Tell us about e-Government solutions that Infineon offers? Infineon offers a wide selection of security controllers and cryptocontrollers that meet the high-security project demands typical of this sector. These include Contact-based/Contactless/Dual-Interface controller chips with our SLE 66 product family for high security applications such as e-Passport, e-ID, eHealthcare and eDriving License. We have consistently rea-ched the highest security levels for our complete product portfolio according to Common Criteria EAL5+ (high) BSI PP0002. What initiatives Infineon is planning for the future? Leveraging many years of security expertise in chip development and production for cards and security applications, Infineon is armed with its broad portfolio of security controllers, security memories, | December 2006
and other semiconductor and system solution. Infineon would continue to focus on ongoing research and development predominantly on secure solutions for the rapidly expanding communications, payment, identification, computing and payTV market segments. Any major roadblocks you have faced in marketing your solutions to the government? The issue of security has shifted from an afterthought to a key issue. In the present age, few, including the government, question the need to protect communication and secure transactions. For some market players, the increased security requirements have indeed set up a tough market entry barrier. To meet government requirements, Infineon calls for robust siliconbased security solutions that are tailored to the individual requirements of each application achieving the highest level of Government security. In what manner is the RFID technology used in Smart Card applications? What are its advantages? The term “RFID” spans the entire contactless identification products spectrum, including the controller products, secure memory products and also the object identification RFID tag products. There are three main categories for RFID in smart card applications, namely for Government ID (e.g. e-Passport, e-ID, health care, driving license), Personal ID (e.g. transportation, access control) and Object ID (e.g. inventory tagging, asset tracking). RFID smart cards differ from traditional contact smart cards by not requiring physical connectivity to the card reader. In general, the advantages of RFID include ease of use, faster transaction time and ease of reader maintenance. Where are the greatest areas of demand for RFID technology? In what applications and in what industries? Recent market studies (e.g., Frost & Sullivan, 2006) confirm that for the year 2005, the greatest demand for contactless technology comes from mass transit applications, followed by Government ID, payment and access control. In the upcoming years, the demand will move towards Government ID applications.
The use of biometric smart cards by government agencies and other establishments raise security concerns in the manner that they pose unseen threat of greater personal surveillance of the users. How is this concern being addressed? For government projects requiring contactless smart cards support, there are many security features in place to ensure that the integrity, confidentiality and privacy of the information stored in the smart cards are well protected. This includes mutual authentication technology, which ensures the authenticity of the reader before starting a secure transaction; strong date security whereby data are encrypted to prevent eavesdropping; tamper-resistance smart cards to counter security attacks; and many other security features. Infineon’s security controllers has in-built more than 50 security features as countermeasures against the different attacks including semi-invasive, observing and manipulating attacks. What is the current scenario of the adoption of RFID technology and Smart Cards globally? Besides SIMs, smart cards are meanwhile adopted globally for payment functions. Here, 2006 has seen a significant increase of the contactless portion, namely in US and Asia: Paypass, T-Money Korea, Japan Felica, just to mention some prominent examples. The use of smart card technology in the Government sector, e.g. for ePassports or National IDs, is ramping quickly. Eurosmart expects a growth of more than 50% in this segment. How do you perceive the future of RFID and Smart Cards in the years to come? The growth for smart card market is expected to be around a CAGR of 9% from year 2005 to year 2011 (source: Frost & Sullivan 2006). Key market drivers include high-end SIM ICs; Government ID projects; contactless technology for secure travel document, payment and transport; and EMV migration push. Apart from this, we expect a higher security demand also for new applications apart from card form factor card. The TPM (Trusted Platform Module) is a recent example for chip card-based technology entering the PC world. 43
InPRACTICE PRACTICE
Uniform e-Gov practices in personnel administration Anil K. Sharma
S
uccessfully implemented and sus tained e-Governance projects are rare, whereas failed projects are numerous and many of them go unrecorded. It is the implementation and sustenance, which are the real parameters of success of e-Governance projects. These are important and pose a real challenge. Personnel Information and Management System (PIMS) is one of the success-
ployee related data to all its stakeholders at click of a mouse on one’s own desktop dispensing with uncalled for correspondence. Expenditure on establishment, stationary, postage and time are saved making stakeholders not to run from pillar to post for information or looking into paper files. It has brought about a big convenience and transparency in availability of personnel information in Delhi PWD. It has also proved to be a powerful tool for
tration transparent with fair and unbiased service at the lowest cost.
Implementation and sustainability To ensure sustainability of e-Governance project in large establishments, more so in Government, where rotational transfers of formulators/implementers are not ruled out, self-sustainability is an important criteria, which is to be introduced intelligently. Self-sustainability can be bet-
Personnel Information and Management System the eGovernance project that has been successfully implemented in Delhi State and Central Government with over 35,000 state/ central Government employees on its database ful e-Governance projects, which has been implemented in the Public Works Department (PWD) of the Government of Delhi. This is laterally extendable to any Central/ State Government department/ministry with a common database. It has already been extended to Central PWD and now being extended to the other departments of the Delhi State. It has over 35,000 employees on its database. It makes the availability of the relevant and accurate em| December 2006
implementation of Right to Information Act, 2005. It has empowered the citizen, employees, management as well as the Government as a whole. In fact, the aim of the PIMS is to improve the reach of citizens, employees, administration and the Government with seamless and secure access to authentic information crossing the inter-office, inter-department and inter-ministerial barriers at just minimal response time, making personnel adminis-
ter achieved by facilitating each of the stakeholders through e-Governance project in one way or the other and also increasing their number. This task is the most important and really challenging for successful implementation and sustainability of any e-Governance project. Sustainability of PIMS is achieved by making compulsory for each Head of Office of following two items: to draw salary bill of each of the employees only through 45
PIMS, and, to issue only through PIMS the orders of transfer, relieving and joining of all transferred employees. Number of stakeholders of PIMS is further increased due to continuous upgradation and addition of new user-friendly features since its implementation. PIMS stakeholders includes common employees, citizens, Heads of Offices, DDOs, officials posted in establishment dealing with salary bills, issue of orders of transfer/ joining/ relieving, leave application and its sanctioning, options from employees for training/ seminars and nominations therein by competent authorities etc. These could also add to self-sustainability to such an extent that the formulator/implementer of PIMS could be transferred, while PIMS continues to sustain in Delhi PWD since its implementation in June 2004.
Important features Decentralised data entry: It is a common practice to create database by making data entry centrally, which could work only in small organisations. But in large organisations, data entry and responsibility for its accuracy has to be delegated. As otherwise, e-Governance would be fairly difficult to implement because those with vested interest would criticise the system by highlighting the data inaccuracies, if any, made by data-entry operators. Thus they would have been allowed to attempt the failure of a good system. PIMS ensures data entry of employees from decentralised locations of such offices of a department, which are in possession of employees’ service records and are scattered in different parts of country. Even in case of offices not equipped with Internet accessibility in such remote localities, the data could be entered from cyber cafés. Data accuracy and its responsibility: Data accuracy has to be a built in feature of database to be used for personnel management. Each of the employee as well as respective head of office in possession of service record, are both made responsible for accuracy of data entered in PIMS. The employee is required to give his own personal and service details in a datasheet based on his own personal information, and employee’s Head of Office is to verify the same from service record before making entry in the data base through web46
based application. PIMS printout of employee data, as entered in database, is required to be delivered to the employee and a copy of the same with employee’s signatures has to be kept in his personal record. Each Head of Office is required to certify that data entered of his employees is accurate as per Service Record and submits such a PIMS generated certificate to next higher authority. Employee classification: Each employee on PIMS database is classified based on a variety of criteria for the administrative requirement and convenience. The broad employee classifications incorporated in PIMS are: Group Classification i.e. A, B, C, D, Work-charged/ Industrial Worker; Broad Duty based classification i.e. administrative, engineering, architectural, accounts, ministerial, etc.; Nature of duties within each broad classification for rotational transfer e.g Planning/field duty in case of engineering, Correspondence Branch/Accounts Branch for ministerial staff of CPWD Cadre, etc.; Cadre, in case of organized services i.e. IAS, IPS, Central Engineering Service (CES), Central Electrical & Mechanical Engineering Service (CE&MES), DASS, Delhi Govt Accounts Service, Central Architects Service, CSS, CSCS, CSSS etc and Appointing department in case of non-organized subordinate services e.g. CPWD, Income Tax, C&CE, etc.; Designations, which are generic and specific to the employee of a particular cadre/department e.g. AE(C), SE(E), LDC, UDC, etc.; Post Held, which is specific to the actual position held by employee in a particular office e.g. AE(C) posted as Asstt. Director(P), SE(E) posted as SE(Vigilance), an LDC posted as Storekeeper, a UDC posted as Auditor, etc.; Specialisations up to three for each Group
A officer; Caste Criteria i.e. SC, ST, OBC, etc.; and, Physical Handicapped with its nature and %age disability. Adding new department/ministry possible: The modular character of the software allows other departments to be added conveniently to the PIMS database. It is due to such character that the software originally designed for Delhi PWD could easily be extended to CPWD. And it is further extendable to any other department/ministry of Central and State Government(s). It would give lot of advantages due to common database for all Government employees. The employees’ data addition can commence immediately after receipt of following data and after creation of office IDs in PIMS database. The employees’ database of any department/ministry can be conveniently completed within 30 to 90 days depending upon the commitment of the top executive and subject to availability of hardware and Internet connectivity in each office. Uniqueness of Employee ID: The Employee ID is generated independently based on the employee’s name, date of birth, date of initial joining the service and the initial designation at which service started. While the Employee ID becomes unique with no chance of any duplicate Employee ID, it is also easy to memorise by the employee himself. The database can have data of all employees in the Government on a uniform pattern. PIMS is capable of handling employees of any department/ministry with its employees drawn from different Cadre Controlling Authorities. It provides for adoption of designation wise and cadre wise different criteria for rotational transfer/ posting based on tenures of ‘nature of job’, www.egovonline.net |
‘station of posting’, ‘posting in region, zone, circle and/or division’ etc. This star feature of the software enables each of the Cadre Controlling Authority to fix transfer/posting criteria centrally in PIMS. Since, transfers of employees are to be done only through PIMS, the rules of man-management can be enforced, if desired, for its uniform adoption in the Government by various subordinate authorities delegated powers to issue Orders of Transfer of employees of that cadre. Online administrative functions: The online administrative functions includes issue and printing of orders of transfer/ posting based on tenure at a station of posting, tenure in a particular type of duty, and/or tenure in the same office; relieving and joining of the transferred employees; salary bills; leave application/sanction and simultaneous updating leave account of each employee; promotion module; online directory of employees; and, an instant and sure communication system. Monitoring transfer orders and their implementation: The system displays at every login the employees posted-in or transferred-out from an office till they finally join respective ordered office of posting. This compulsive monitoring enables any Head of Office to bring about and enforce administrative discipline conveniently by locating the absconding transferred employees, who after getting relieved from an office disappear on other lucrative assignments and join back in the new office later. Enforcing administrative discipline: The compulsive linkage of payment of salary of each employee through this software can enforce administrative discipline in the Government in ensuring strict implementation of its policies including transfer/posting orders. The salary of a transferred employee, beyond one month after the calendar month in which transferred, would not be allowed unless requested through PIMS in public interest by respective Head of Office and then allowed through PIMS by competent authority also in public interest. Human Resource management: It covers all aspects of human resource management and its development. It can be used with advantage in skill up-gradation of employees with training needs appropriately addressed. Online nomination for | December 2006
seminars/training courses based on specialisations allocated to each of the officers is an important tool for proper human resource development. The availability of an online database has permitted to have many additional online features such as monthly salary slip of the employee oneself; annual salary statement of the employee oneself; preparing Income Tax return and compute Income Tax liability based on salary data in database and additional inputs related to savings, if any; search and view data of any employee based on one or more of the available criteria; locate office(s) with contact details and view all employees posted therein; leave application by employee(s) and sanction thereof by the competent authority; viewing by employees of leaves at their credit; online viewing of seniority lists; and, server based instant communication system with file attachment facility such as PIMS Mail and Chatroom. The composite unified database of all Government employees would be immensely advantageous to the Government, employees as well the citizens at large. Few of such advantages include reduction of uncalled for paper work; introducing uniform e-Governance practices throughout the Government(s) in the state/country; long and short term realistic policies can be gainfully formulated and their strict compliance can be ensured due to availability of online reliable data and its analysis; accurate database of salary components could be a great utility in realistic analysis and future projections in a variety of scenarios due to online availability the staff strength in each cadre/ designation/ category and availability of database of salary components (payments and deductions); and, simultaneous accounting of recoveries from salary and updating of relevant record is possible as salary package can be linked to other departments such as GPF and CGEIS account, licence fees of Government houses allotted, income tax recoveries, and CGHS/ DGHS recoveries. Password protected functions: While it addresses day-to-day personnel administration with user friendly web-based software, the data security mechanism has been ingrained into the system with password protected operations and designa-
tion based graded responsibilities of administrative functions for employees under their administrative jurisdiction. Flexible data retrieval tool: In the present day environment, when there is a generation gap in day-to-day use of computers with a very few of the literate young population exposed, it is absolutely essential that any software developed has to be user friendly with flexibility for getting the desired information. It is therefore essential to always provide a tool for the user to be able to extract relevant data from the database in the desired format as may be needed by him. In the webbased software, which is developed as above, provides for information extraction with the button named ‘Customised Report’ and lets the user to have all the information of relevance, which he can selectively download in the Excel format for further processing as may be needed. General public is allowed to have an access to PIMS with User ID and Password taken as ‘guest’ for searching any employee or locate any office, contact address and other details. The front end is Asp.net and SQL Server is the back-end database software.
Conclusions Implementation of e-Governance in any other department or ministry of Union/ State Government using PIMS as a tool is convenient and assured as it has already come over various hurdles in its implementation stage. It has built in selfsustainability and can be used with advantage to bring in uniform e-Governance practice in personnel administration in the Government with a common database. It is citizen-centric, empowers the citizen, employees, the administration and the Government as a whole. It would make the Government more efficient as all personnel related information would be available at click of mouse. Besides it would bring in transparency and reduce large number of disputes and court cases, which happen otherwise due to non-transparent system.
About the author Anil K. Sharma is Superintending Engineer, Central PWD, Siliguri, West Bengal. aksharmacpwd@yahoo.com
47
FACTS & DATA
European broadband penetration gap widening Sixty-four million people now have broadband access across the 25 countries of the European Union - but the gap between the best and worst performers is widening. Denmark, the Netherlands, and Finland lead the European Union in broadband penetration while Greece, Slovakia, and Poland trail, according to a recent broadband survey by European Competitive Telecommunications Associations (ECTA). Back in the US, broadband penetration among active Internet users neared 75% in August 2006. Denmark tops the EU with broadband penetration of 29.3% while last place Greece trails far behind at just 2%. Broadband uptake in high scoring countries is growing faster than the low scoring countries, widening the gap between wired and unwired countries. ECTA attributes the widening gap to regulatory action which creates more choice and competition. Denmark tops the list at 29.3%, followed by the Netherlands at 26.8%, Finland at 24%, Sweden at 22.9%, Belgium at 19.1%, and the UK at 18.9%. At its current growth rate, the UK is poised to pass Belgium in broadband penetration to become fifth among European countries surveyed. Greece at 2% broadband penetration, Slovakia at 2.9%, and Poland at 3.3% trail all countries in the EU. Overall, the average broadband penetration rate of the EU is 14.1%, up 5.5 million lines over the 12.9% penetration rate of the previous quarter. 48
Source: http://www.websiteoptimization.com/bw/0609/
www.egovonline.net |
numbers 55% 61% of Germans with an Internet connection have used it at least once to contact public administrations, according to an online survey conducted by market researchers TNS Infratest earlier this year.
160,000,000
US$ is the estimated amount of money to be spent by state and local governments in the USA on automated fingerprint identification system by 2010, according to a new study by market research firm Input Inc.
of e-Government clients in the EU-25 reported a positive experience regarding online administrative services. However a substantial number have encountered major problems. This was revealed in a recent survey by the EUfunded eUser project.
24
months is the expected timeframe in which basic e-Governance services would be made available across India, with roughly one-third of revenue expected to be generated from the e-Governance services and the rest from an array of private services.
100,000 20,000,000
rural CSCs would be set up in India after the Union Government gave its approval recently. The CSCs would cater to six lakh villages, at least one CSC in a cluster of six villages.
1,000,000 and above e-ID cards have been issued in Estonia – 231,985 of them to foreign residents in the country, up till October 2006. Now, nearly 90% of the Estonian population between the ages 15 and 74 now has a valid e-ID card. Errata: Please refer to the article “e-Forms: Bridging paper-digital divide” by Madaswamy Moni and Pratibha Lokhande in egov November 2006 issue. The statement “The Union Cabinet has approved the National e-Governance Programme(NeGP) at the estimate cost of INR 2300 mn....” should be read as “The Union Cabinet has approved the National e-Governance Programme(NeGP) at the estimate cost of INR 230 bn or 230,000 mn (23000 crores)...”. The error is inadvertent.
| December 2006
rural land records have been computerised under the Bhoomi project in Karnataka, India. The project now covers 67,00,000 farmers in the State.
Source
61%
http://ec.europa.eu/idabc/en/document/6248/194
US$160mn
http://www.gcn.com/online/vol1_no1/42710-1.html
100,000
http://www.dnaindia.com/report.asp?NewsID=1067722
1 million
http://ec.europa.eu/idabc/en/document/6216/194
55%
http://ec.europa.eu/idabc/en/document/6189/194
24
http://www.dnaindia.com/report.asp?NewsID=1067722
20,000,000
http://www.hardnewsmedia.com/portal/2006/12/686
49
WHAT’S ON 14 – 15 December 2006
6 – 7 March 2007
2 May 2007
BELIEF International Conference New Delhi, India
Fifth Annual eGov Summit 2007 London, UK
e-Government Forum Sydney, Australia
www.beliefproject.org/events/internationalconferences
www.egovsummit.com/
www.agimo.gov.au/resources/events/2006/ cebit_2007
8 – 9 March 2007
15 – 17 December 2006 ICEG-2006 – International Conference on E-Governance New Delhi, India
European e-ID Card Conference Leuven, Belgium www.eema.org/index.cfm?fuseaction= focus.content&cmid=328
www.iceg.net/2006/
1 – 3 May 2007 CeBIT Australia 2007 Sydney, Australia www.agimo.gov.au/resources/events/2006/ cebit_2007
27 – 28 March 2007
17 January 2007 e-Government National Conference London, UK
12th Dubtech Government ICT Summit Dubai, UAE
21 – 22 June 2007
www.datamatixgroup.com/conferences/ agenda.asp?id=297
ECEG 2007: 7th European Conference on e-Government The Hague, The Netherlands
19 – 21 January 2007
28 – 30 March 2007
www.academic-conferences.org/eceg/ eceg2007/eceg07-home.htm
RFID Expo ‘ LIVE’ India 2007 Bangalore, India
I-ESA’07 - Interoperability for Enterprise Software and Applications Madeira, Portugal
www.e-governmentawards.co.uk/agenda.php
www.rfidexpo.in
www.aidima.es/iesa2007/web/index.htm
25 January 2007 Mobile and Flexible Working in the Public Sector London United Kingdom www.headstar-events.com/mobile/
3 – 4 April 2007 2nd UAE eGovernment Projects Summit Abu Dhabi, UAE www.datamatixgroup.com/conferences/ agenda.asp?id=303
5 – 6 February 2007
11 – 13 April 2007
The 2007 Scandinavian Workshop on eGovernment Örebro, Sweden
5th Eastern European e|Gov Days 2007 Prague, Czech Republic http://egov.ocg.at/
www.electronicgovernment.se/sweg.asp
16 April 2007 6 – 8 February 2007 Kuala Lumpur Malaysia
O pportunities for
D igital A sia
www.e-ASiA.org
EISCO 2007 - European Information Society Conference Hämeenlinna, Finland www.hameenliitto.fi/eisco2007/index.php
25 – 28 June 2007 EEE’07- The 2007 International Conference on e-Learning, e-Business, Enterprise Information Systems, and eGovernment Nevada, USA www.world-academy-of-science.org/ worldcomp07/ws/EEE07
8 – 11 July 2007 WMSCI 2007 — 11th World MultiConference on Systemics, Cybernetics and Informatics Florida, USA www.mait.com/newsletters/news183-MAIT% 20Events%20Guide%2023.pdf
18-19 September 2007 Global Biometrics Summit 2007 Brussels, Belgium www.biometricsummit.com/
11 – 12 February 2007
25 – 27 April 2007
Middle East Electronic Documentation and Archiving Strategies Conference Dubai, UAE
TED Conference on e-Government Olten Switzerland
www.datamatixgroup.com/conferences/ agenda.asp?id=354
http://international.fhso.ch/ted/ted
19 September 2007 World e-ID 2007 Sophia Antipolis, France www.strategiestm.com/conferences/we-id/07/ index.htm
Tell us about your event at info@egovonline.net 50
www.egovonline.net |