In an attempt to streamline electronic authentication in e-governance applications in the country, the department of information technology (DIT) has formulated a framework to deliver government services in a seamless and paperless manner through the Internet and mobile phones.
The proposed National e-Authentication Framework (NeAF) looks at identity management, authentication, authorisation, credential registration, permission assignment and de-registration of users to access government applications on the Internet and cellphones.
?The adoption of the NeAF by all ministries and departments will help mitigate identity related frauds, reduce duplication of efforts and achieve consistency of authentication approaches across several project implementations,? said a DIT official.
For this, citizens will have to participate in the process of generating their electronic identity. On the other hand, ministries which are already executing a number of e-governance projects such as passports, income tax and MCA21, will have to align the already existing citizen authentication mechanisms with the NeAF.
Identity management would include the creation of the user entity and a single point of administration for accounts hosted over one or multiple user stores while authentication is the process of verifying the digital identity of the sender of a communication. Similarly, credential registration will verify the user?s identity and issue a credential to him in the form of a password, a token or a digital certificate.
The framework also defines a layered approach towards e-authentication along with a methodology to determine the business and assurance requirements of government applications, the user registration process, the implementation model and the assessment of the chosen authentication model.
As per the NeAF, both the Internet-based and mobile-based applications will have five levels of application sensitivity for web-based applications, ranging from Level 0 to Level 4. The Level 0 is the lowest application sensitivity level whereas Level 4 is the highest.
Level 0 will not require any form of authentication and will be used for providing public information over the web and the mobile device, respectively.
Further, a fraud management layer will provide real-time protection against identity theft and online/mobile fraud by evaluating the fraud potential of online/mobile access attempts and calculating the risk score.
