2. AGENDA
Major steps in e-tendering
Advantages of e-procurement
Security loop holes in most e-procurement systems
Various types of data encryption and their pros &
cons.
What is wrong with Bit encryption using PKI
Digital signatures.
3. e- TENDERING
Electronic Tendering is
carrying out the traditional
tendering process in an
electronic form like the
internet.
4. MAJOR STEPS IN e- TENDERING
PRE - WORK •Mode of tendering
•Hosting of tender documents & release
and uploading of documents
•Nomination of tender committee
Hoisting Tender
Documents •Defining tender schedule & Allowing
•Defining tender documents & Defining
download of tender document
auction rules
Opening of •Preparation of bids on line
Envelope • EMD – Earnest certificates for each T.C.
•Obtaining digital Money Deposit
•Price bid Generation
member & Opening of pass words
•Submission of bids on line
Evaluation & •QR ( in case of open tender)
•On line evaluation of technical bids and
Recommendation QR. line generationtiming of clock
•Defining of server of comparative
•On
•Up –loading of bids
• Technical details & data sheets.
statement.
•On line technical and QR clarifications
Price Bid •Submission of EMD –off line ( on line
•Technical deviation details
•Defining of auction strategy / date / time
Opening possible where e- payment facility is
•Assessment of new vendor
/ rules.
available)
Awarding of •Off line TC of reverse auctionfor opening of
•Intimation recommendation date &
Contract •Opening of bids – on line ( upon applying
price to vendors.
time bids
individual) digital certificates & pass
words by tender committee)
5.
6. e- PROCUREMENT
E-Procurement is the purchasing of goods and services
using the internet. It Covers full life cycle of purchasing
(indent to receipt of goods)
7. e- PROCUREMENT ADVANTAGES
No geographical barriers - Any time, any where - Reduced
operating and inventory costs as no physical barriers are
there.
Cost efficiency - Administrative (reduced staffing levels in
procurement) and Process Cost are reduced
Transparency - By Improved communication
Timeliness - Reduction in time to source materials
Competitiveness - Gaining competitive advantage by
Enhanced decision making and market intelligence
8. SECURITY LOOPHOLES IN MOST E-PROCUREMENT
SYSTEMS
Poor/ flawed Bid-sealing/Bid-encryption methodology.
(Confidentiality of Bid Data is compromised)
Rudimentary Online Tender Opening. ( Bid Data
Tampering, Counter Sign not possible, Separate Display)
Systems do not have the functionality to accept encrypted
(i.e., sealed) detailed bids.
Systems do not have the functionality for digital signing
of important electronic records.
Functionality of the e-tendering system is limited (e.g.,
all types of bidding methodologies are not supported.
Submission of supplementary bids (modification,
substitution, and withdrawal)).
9. DATA ENCRYPTION
Encryption is the coding and scrambling of messages
to prevent their access by unauthorized individuals.
Data is encrypted by applying a secret numerical code, called
an encryption key, so that the data are transmitted as a
scrambled set of characters. To be read, the message must be
decrypted (unscrambled) with a matching key.
10. TYPES OF DATA ENCRYPTION
Symmetric key encryption: The sender and
receiver create a single encryption key that is shared.
Public key encryption: A more secure encryption
method that uses two different keys, one private and
one public.
11. DATA ENCRYPTION PROS
Separation: Data encryption allows the data to
remain separate from the device security where it is
stored.
No Data Breaches: Data ensures protection of
intellectual property and other similar types of data.
Encryption Is On The Data: Because the
encryption is on the data itself, the data is secure
regardless of how it is transmitted.
Encryption Equals Confidentiality: Encrypting
data means that it can only be read by the recipient
who has the key to opening the data.
12. DATA ENCRYPTION CONS
Encryption Keys If one lose the key to the encryption,
he/she have lost the data associated with it.
Expense: Data encryption can prove to be quite costly
because the systems that maintain data encryption must
have capacity and upgrades to perform such tasks.
Unrealistic Requirements: It is important to understand
the restraints imposed by data encryption technology,
otherwise unrealistic standards and requirement will
jeopardize data encryption security.
Compatibility: Data encryption technology can be tricky
when layering it with existing programs and applications.
This can negatively impact routine operations within the
system.
13. PROBLEMS IN BIT ENCRYPTION USING PKI
Private Key – It is available with the concerned officer
before the Public Tender Opening Event.
1. If a clandestine copy of a bid is made before the ‘tender opening
event (TOE)’, and if the concerned tender-opening officer (TOE-
officer) connives in decrypting the bid before the TOE, the
confidentiality of the bid is compromised.
2. If the concerned TOE officer(s) is/ are absent during the TOE,
how will the bids be decrypted especially keeping in view that
the private-keys should not be handed over to anybody else.
14. CONT’D…
Public Key with which bid-encryption is done, is available
publicly –
1. The easy availability of the public key makes the data
encrypted with it vulnerable to Attack.
Public Key algorithms are slow –
1. As a result many e- Tendering systems which use PKI for bid-
encryption, use mainly an encrypted online-form for bid
submission, and do not have facility for an encrypted detailed
bid (e.g. detailed technical bid as a file), along with the online
form. As a result, the detailed bid is either not submitted, or it
is submitted in unencrypted form.
15. DIGITAL SIGNATURE
It is a digital code attached to an electronically transmitted message that
is used to verify the origin and contents of the message.
A digital certificate system uses a trusted third party known as a
certificate authority (CA) to validate a user's identity.
A digital signature is issued by a Certification Authority (CA) and is
signed with the CA's private key.
A digital signature typically contains :
1. Owner's public key
2. Owner's name
3. Expiration date of the public key
4. Name of the issuer (the CA that issued the Digital ID),
5. Serial number of the digital signature
6. Digital signature of the issuer.
16. DIGITAL SIGNATURE - ADVANTAGES
Non Repudiation – Signer cannot refuse that he
didn’t Digitally Sign a Document
Any change in the document, tampers Signature
Sign 1000’s Page document on a Click
Sign any number of documents with 1 Digital
Certificate
17.
18. DIGITAL SIGNATURE
SELLERS
Public Key
Private Key
Key pair Signed
Message Message
Rs. Assemble
100/-
Only
Hash
f899139df5e1059396431415e770c6dd
Digest Signature
Encrypt
19. DIGITAL SIGNATURE VERIFICATION
Buyer – Govt. Dept
Retrieve Public Key
Message
Signed Rs.
Message
100/- f899139df5e1059396431415e770c6dd
Only Digest
Valid, If matches
Invalid, if doesn't
f899139df5e1059396431415e770c6dd
Signature Digest
Decrypt
20. DIGITAL ENCRYPTION/DATA ENVELOPING
Sellers Buyer – Govt. Dept.
Retrieve Public Key
Public
Private
Key pair
Signed Encrypted Encrypted Signed
Message Message Message Messag
Rs. e
CXV;ZJ'#RTS%N
CXV;ZJ'#RTS%N
M:!jdt2 O:<Hti&
Rs.
100/- M:!jdt2 O:<Hti&
Transmit
5I;e(T)$k>V;T
5I;e(T)$k>V;T 100/-
Only S%NM:!jdt2O
S%NM:!jdt2O
<Hti&5I;e(T)
<Hti&5I;e(T) Only
#$k>ioSD76%$
Encrypt #$k>ioSD76%$
Decrypt
21. SOURCES
INCOME TAX INDIA - incometaxindiaefiling.gov.in/portal/faq_signature.do
MANAGEMENT INFORMATION SYSTEM
eProcurement-Integrity-Matrix - eProcurement-Integrity-Matrix-Rev-
9-CVC-V-2.pdf?
http://www.spamlaws.com/pros_cons_data_encryption.html
http://www.purchasing-procurement center.com/e-procurement-
advantages.html
http://dqindia.ciol.com/content/top_stories/2011/211112405.asp