Professional Documents
Culture Documents
Icegate: Igital Ignature Ertificate
Icegate: Igital Ignature Ertificate
DIGITAL SIGNATURE
CERTIFICATE
PROCESS DOCUMENT
Version – 1.0
1. Introduction............................................................................................................................. 4
2. Digital Signature Certificate........................................................................................................5
2.1 Contents of a Digital Certificate.............................................................................................6
2.2 Defined Classes...................................................................................................................... 7
2.3 PKI.......................................................................................................................................... 7
3. Enabling PKI in ICEGATE...........................................................................................................8
3.1 Integration of PKI component...............................................................................................8
3.2 PKI Component functionalities.............................................................................................8
4. Digital Signature implementation framework..........................................................................10
4.1 Digital Signature implementation phases.............................................................................11
5. Benefits of Digital Signature implementation...........................................................................13
1. Introduction
Indian Customs EDI Gateway (ICEGATE) is the gateway for the users of Indian
Customs EDI system. All the Individuals (Importers/Exporters/CHAs/Airlines/Shipping
Lines/Shipping Agents etc.), trade partners (Banks/Custodians/PQIS/FSSAI etc.) or
Govt. Agencies (Ministry of Commerce/DGCI&S/DG,
Valuation/DGFT/CRIS/CONCOR/Ministry of Steel etc.) connect ICEGATE for
documents filing (BE/SB/IGM/EGM/CGM etc.), data sharing under Customs Business
Process (several information shared through messages with the help of Server to Server
SFTP communication system) or for administrative, statistical, analytical or policy
making purpose through SFTP in automated environment. It provides Remote EDI
Services (RES) to the trade and industry for filing documents, data exchange, e-payment,
status enquiry, document tracking, query-reply etc.
A Digital signature will include a message/ document which is signed with the
sender's private key, upon signing a hash value is generated which is transmitted with
the message. On receiving the message is deciphered by user who has access to the
sender's public key. The verification proves that the sender had access to the private key,
and therefore is likely to be the person associated with the public key. This also ensures
that the message has not been tampered with, as any manipulation of the message will
result in changes to the encoded message , which otherwise remains unchanged between
the sender and receiver.
DSC FRAMEWORK
Version
CA Name
Users
Public Signing by Validity
Key using CA’s
Public Key
User Name
2.3 PKI
PKI Component should be added in the application to make application PKI enabled. As
PKI component executes at client side, it should be added in the application such a way that it
makes component downloadable at client side. PKI component can be embedded in the web
pages using its tags. When component is embedded to the web page, it will expose few
component specific JavaScript functions to the web page. Web pages can communicate with the
embedded component by calling JavaScript functions.PKI Component provides following
functionalities
Certificate Selection: PKI component retrieves the list of all installed certificate at client
side, display it in a pop up box and allow user to select a certificate from list. Certificate
Verification: After Selection of certificate, component will perform validation on selected
certificate such as:
Date verification
Certificate Chain Verification
ROOT CA verification
CRL verification
Is Private Key Exists
Data OR File Signing: The user shall utilize any class – III PKI DSC for signing documents.
He will use web-based Common Singer Component while signing documents. This component
shall verify CRL also at the time of signing. It will share credentials of user, CA, validation and
Public Key in encrypted form along with Hash Value.
Data OR File Verification: Application will provide Original data, hash & public key of
Signer certificate to component, using all above information component will verify signature on
data. If original data/file or signature is tempered verification will be failed.
Encryption: Application provides component a public key with which data needs to be
encrypted. Component will process Public Key & Original data (Or user entered Data) &
generate encrypted representation of original data.
Decryption: Application provides component an encrypted data, component will pop up a
certificate dialog, which allows user to select certificate private key. After selection component
will verify the certificate & retrieve private key. Using private key & encrypted data component
can reproduce original data.
ICEGATE receives inbound documents from various individual users like importers,
Exporters, CHA etc. and send outbound messages to various agencies like DGFT, DGCI&S,
PQIS, FSSAI etc. The framework of Digital Signature in automated environment of ICEGATE is
different from other normal framework, so keeping in view workflow and specific functionalities
of ICEGATE it was required to create specific architecture of Digital Certificate implementation.
It was also required to have a DSC which could be operated in automated environment without
any interference of human being.
The normal Digital Signature issued on the name of an individual was not function for
outbound messages which are send by ICEGATE system. Considering the unique requirement of
ICEGATE system Controller of Certifying Authority(CCA) introduced a new type of Digital
Certificate with name “ Organization Document Signer Certificate” in September,2014. The
implementation of DSC was planned in phased manner.
The user authorized for signing documents shall use DSC in his name and execute
signing process and send the Digitally signed documents to ICEGATE. On receiving the
digitally signed documents the ICEGATE server side verifier shall verify the user’s
credentials, validity of certificate, CAs credentials, Public Key and CRL status and Hash
Value of certificate and integrated the data with ICES database. Validation of credentials
of the person who sings document, sends document and the CHA who files the
documents would be completed in the process. Records of digitally signed documents
shall be preserved for legal purpose if any.
ii. Phase 2 - Implementation of Certificates for server to server
communication: In the phase DSC will be implemented for all the agencies with which
server to server communication is done by the Department for all inbound and outbound
messages. ICEGATE will digitally sign all outbound messages with Organizational
Document Signer DSC, which was introduced by CCA keeping into view the specific
requirement of ICEGATE system.
The following are the key benefits of implementing digital signature for ICEGATE
inbound messages:
ii. Integrity – With Digital certificates it can ascertained that the message has
not been altered during transmission. Digital Signatures provide this feature
by using cryptographic message digest functions
iii. Non Repudiation – Digital signatures ensure that the sender who has
signed the information cannot at a later time deny having signed it . In case of
legal issues user can be held liable for documents received from him.
iv. Tracking: A digitally signed document can easily be tracked and located in a
short amount of time.