Agenda
• About Us• What is e-Tendering?• Benefits to your Organization• Benefits to Suppliers/Contractors• Manual Vs Electronic Tendering Comparative• Legal Compliance• Is e-Tendering Secure?• Ease of e-Tendering –Tender Cycle
About Us• Information Security Management System (ISMS) is must for
e-Procurement as per MDB’s e-GP Guidelines.
• We are the only an ISO/IEC 27001:2005 Certified e-Procurement company
• Government of India approved Software Testing and Quality Certification (STQC) certified Application Software
• The only company whose management has 25 Years of combined experience in handling e-Procurement of various types
• 500 Cr. (More than 100 million U.S. $) Worth of e-Procurement for various organizations
• The one stop shop for all your e-Procurement requirements
The Solution/Services
• ABCProcure the e-Procurement suite comprise of
– e-Tendering– e-Auctions– Reverse Auction– e-Sourcing
• Over and above this we also offer
– PKI consultancy & support– e-Procurement Consultancy– Customized e-Procurement solutions for
enterprise
Our USP
• The only e-Procurement suite developed using Free and Open Source Software's (FOSS) like Java /Linux /MySQL which means– More secure– Low deployment cost
• Only e-Proc. Application that supports JAVA based PKI Signer
• Supports all CA’s Digital Certificate of different classes• The only e-Procurement solution that supports all browsers• Dynamic & Flexible application with inbuilt workflow• Available on Windows/Linux operating system• Multiple Options Rental/Annual License/Ownership• Young Team with average age of 30
Our Customers
•Ahmedabad Municipal Corporation•Health Department, Gujarat•Gujarat Gas Company Limited•Gujarat Industrial Development Corporation•Gujarat Urban Development Corporation•Gujarat Maritime Board•Dishman Pharmaceuticals & Chemicals Ltd.•Ramky Infrastructure Projects Limited
…more
What is e-Tendering?
• E Tendering is a process of carrying out entire Tendering Cycle Online including submission of Price Bid such that Efficiency, Economy, Speed of Internet can be harnessed.
• E Tendering Cycle can be broken in Key Modules
1) Tender Notice Creation 7) Tender Storage & Opening
2) Tender Promotion 8) Tender Evaluation
3) Tender Document 9) Negotiation
4) Pre Bid Meeting 10) Tender Award
5) Bid Submission 11) Vendor Registration & Rating
6) Payment Gateway 12) Tender Audit & Storage
Benefits of Tendering Authority
• Completely Automated Process
• Shortens Procurement Cycle
• Economical and Environment Friendly
• Greater Transparency
• Improvement in work culture in the departments
• System aided Evaluation process
• On the fly reports/comparatives statement
• Minimize Human errors
• Minimal Storage Spaces
• Change in Perception – Progressive Organization
• Lesser hassle of communication and administration
Benefits to Suppliers/Contractors
• Anytime & Anywhere Bidding• Fair, Free and Fearless participation for vendors.• No dependence on Newspaper, Courier, Banks,…• Zero Administrative hassles• Can carry out all activities from any computer• Economical – saving on Traveling cost• Reduces efforts & cost of bidding• No tenders can be missed because of distance• Can submit bid on last minute
Manual Vs E Tendering System
Manual Tendering System• Longer Procurement Cycle• Expensive• Paper Based Procurement• Restricted Mobility• No work on Holidays• Prone to Human errors• Content not sharable• Physical Security• Wastage of space to store bids• Not retrievable• Ideal till 2003
E - Tendering System• Shorter Procurement Cycle• Economical – Fixed Cost• Environmentally Friendly• Anytime – Anywhere Bidding• Bidding possible on Holidays• Automated & Accurate process• Shareable Content• Foolproof Security• Lifelong storage on CD• One click access to bids• For year 2004 & Beyond
Government Guidelines
• Project Administration Instructions, ADB- November 2005Executing Agencies (EAs) may use electronic systems to conduct procurement on ADB- financed contracts where the procedures involved meet acceptable standards. A guide has been prepared in co-operation with the World Bank and Inter- American Development Bank
• For E Commerce Activities – IT ACT 2000Any document which is digitally signed, by digital certificate issued by a licensed Certifying Agency (CA) who is approved by Controller of Certifying Agency (CCA) will be considered as a valid document in the court of law.
• For E Procurement – CVC GuidelinesE Procurement is allowed as per the guidelines of CVC order no. 46/9/03 provided the E Procurement is done in a fair and transparent fashion & IT Act 2000 is complied
Strategic Alliances
• IBM for Software• OS – Microsoft /Linux• RDBMS – Oracle / MYSQL/SQL• Front End – Sun JAVA / Dot Net• Data Centre – VSNL• Broad Band – BSNL / VSNL• Payment Gateway – ABCPayment• Biometrics – Secugen
Computer Specification – User End
• Any Desktop with 16 MB Ram/20 GB HDD or Higher• OS – LINUX /Windows• Browser – IE/Netscape/Mozilla/ Firefox /Any Browser• Java Run Time – Freeware• Valid Digital Certificate• Token/Crypto Key for DC – Optional• Biometrics – Optional• Digital Signer & Cipher– Freeware• Net connection – Dialup connection or better
Is e-Tendering Secure?
• E Tendering Challenges• Detecting whether document is Tampered or not• Identifying a person in the faceless world of Internet• Non Repudiation• Document Secrecy• Bidding should not be allowed after due date and time• Bids cannot be opened before due date and time• Bids can only be opened by authorized officers
Digital Certificate
Public Key Private Key
Digital Certificate
• Digital Certificate is your Internet Passport
• Digital Certificate come with 1 / 2 Years validity
• Can be procured easily, in less than 8 Hours
• List of licensed Certifying Agency (CA)– TCS – N Code (GNFC)– Safescrypt– MTNL– NIC
Digital Signature
Assemble
SignedMessage
f899139df5e1059396431415e770c6dd
Digest
Hash
SignatureEncrypt
Rs.100/-Only
Message
Keypair
SELLERS
Public Key
Private Key
Digital Signature Verification
Retrieve Public Key
SignedMessage
Buyer – Govt. Dept
Rs.100/-Only
Signature
Message
f899139df5e1059396431415e770c6dd
DigestDecrypt
Digest
f899139df5e1059396431415e770c6dd
Valid, If matchesInvalid, if doesn't
Digital Encryption/Data Enveloping
Retrieve Public Key
Sellers Buyer – Govt. Dept.
Rs.100/-Only
SignedMessage
Keypair
Public
Private
Encrypt
EncryptedMessage
CXV;ZJ'#RTS%N
M:!jdt2 O:<Hti&
5I;e(T)$k>V;TS%NM:!jdt2O<Hti&5I;e(T)#$k>ioSD76%
$
Transmit
EncryptedMessage
CXV;ZJ'#RTS%NM:!jdt2 O:<Hti&5I;e(T)$k>V;TS%NM:!jdt2O<Hti&5I;e(T)#$k>ioSD76%$
Decrypt
Rs.100/-Only
SignedMessage
Digital Signature
• Non Repudiation – Signer cannot refuse that he didn’t Digitally Sign a Document
• Any change in the document, tampers Signature
• Sign 1000’s Page document on a Click
• Sign any number of documents with 1 Digital Certificate
Digital Encryption
• Data Encrypted with Public Key, can only be decoded by corresponding Private Key
• No one has decrypted data without Private Key
• RSA Open Challenge worth Millions of Dollars
• Highly Secure, used at various military installation across the world to secure Data
• Used to protect Nuclear Missile Passwords, E Commerce Activities worth billions on dollars on Internet
Biometrics
• Biometric verification of 2 authorized users can be used in tender opening process.
• Finger print of any two individual doesn’t match.
• Help to establish that user remains physically present when Tender opens.
Role Base Access
• Access to website is on the basis of rights allocated to a User or Group of Users
• This ensure that Tampering by unauthorized person is not possible
• Existing Organization hierarchy can be mapped to the system
Time Based Access
• No activity can be carried out before due date & Time for e.g.
Tender cannot be opened even by authorized User before due date
• Server Time cannot be tampered as it is mapped to National Standard Time Server
Time Stamping
• Key processes are time stamped – Tender cannot be proponed– Tenders cannot be submitted
after
Due date and time– Tender cannot be opened
before
Due date and time• All processes can be time
stamped
Architecture
Secure Electronic Tendering Process
• We follow the following process for secure Bid Submission & Opening
1. Create Bid2. Generate Hash3. Generate Attached Signature (Bid + Digital Signature)4. Data Enveloping/Encryption using Public Key of Digital Certificate5. Bid Submission using SSL6. Tender Opening Date & Time Verification7. Tender Opening Rights Verification of the Officer8. Biometric Verification of the Officer9. Data De-enveloping/Decryption using Public Key of Digital
Certificate10.Signature Verification11.Hash Verification12.Original Bid
Electronic Sealed Envelope
Step 1: Bid Creation Stage
– Price Bid– Attached Digital Signature– Asymmetric Encryption (Supplier Public Key)
Step 2: Bid Submission Stage
– Decrypt Bid (Supplier Pvt. Key)– Signature Verification– Asymmetric Encryption (Buyer Public Key)– Tender opening (Buyer Private Key)
Standards notified in India
• Public-key cryptography – Asymmetric Cryptosystem - RSA – Diffie-Hellman Public key Cryptography
• Digital Signature Standards – MD5 -Hashing Algorithms – SHA-1 -Hashing Algorithms– DSA Signature Algorithm – RSA Signature Algorithm
• Directory Services (LDAP ver 3)– X.500 for publication of Public Key Certificates and Certificate
Revocation Lists – X.509 version 3 Certificates as specified in ITU RFC 1422– X.509 version 2 Certificate Revocation Lists
• Public-key Cryptography Standards (PKCS) – PKCS#1 - PKCS#15
Ease of e-Tendering –Tender Cycle
e-Tendering involves following phases as per convential
tendering systems.
• Phase 1: Pre Tendering Activities• Phase 2: Tendering Cycle• Phase 3: Post Tendering Activities
General Questions?
• Validity of eTendering/eProcurement – IT ACT 2000• Legal Compliance – CVC, PWD Guidelines• Security Issues? ISO/IEC 27001:2005 Co.• Quality of Service – SLA• Training your employees?• Training your Suppliers/Bidders?• Backup and Business Continuity?• Digital Certificate• What value of Tenders can be procured online?• How to Get Started?
For further details contact us at our following address:
Mr. Ajay Singh9811113345
M/s P.J. Softwares Ltd.
E-mail: [email protected] Web Site: http://procure.pjsoftwares.com
Thanks…