Basics of DSC IREPS Stores Tender Sivakumar A
Basics of DSC, IREPS & Stores Tender Sivakumar. A Professor Works/IRICEN/PUNE 7420041125 sivakumar@iricen. gov. in
Topics covered 1. What is Digital Signature / Encryption Certificate 2. Basics of e-tendering / IREPS 3. Features of track procurement (store) contract
WHAT IS DIGITAL SIGNATURE
Requirements of Traditional Signature Authenticity Same / Similar Signature again and again Integrity Able to be Confirmed at any later date by any one Non-repudiation Unable to reject / disown the signature
Electronic Record 1. Very easy to make copies 2. Very fast distribution 3. Easy archiving and retrieval 4. Copies are as good as original 5. Easily modifiable 6. Environmental Friendly Because of 4 & 5 together, these lack authenticity
Why Digital Signatures? • To provide Authenticity – ensure signer as the only individual who has signed • Integrity – ensure No Change during transit / storage / copying etc • Non-repudiation – impossible to disown to electronic documents • To use the Internet as the safe and secure medium for e-Commerce and e-Governance
Concepts • A 2048 bits number is a very big number much bigger than the total number of electrons in whole world. (PRIME NUMBERS ARE USED) • Trillions of pairs of numbers exist in this range with each pair having following property A message encrypted with one element of the pair can be decrypted ONLY by the other element of the same pair • Two numbers of a pair are called keys, the Public Key & the Private Key. User himself generates his own key pair on his computer
Digital Signatures Each individual generates his own key pair [Public key known to everyone & Private key only to the owner] Private Key – Used for making digital signature Public Key – Used to verify the digital signature
Here is an example of generating the Keys 1. Choose two distinct prime numbers, say p=61 and q=53 compute n , Thus n = 61 x 53 = 3233 2. Compute the Carmichael's totient function of n = λ(n) = lcm (p − 1, q − 1) = LCM of (60, 52)=780 3. Choose any number 1 < e < 780 such that it is coprime to 780. Thus, say e = 17 4. Compute d, the modular multiplicative inverse of e = (mod λ(n)), yielding, d = 413 Thus the Public key is (n = 3233, e = 17). The Private key is (n = 3233, d = 413*) (*Or also p and q)
What is Digital Signature? • Any message irrespective of its length can be compressed or abridged uniquely into a smaller length message called the Digest or the Hash. • Smallest change in the message will change the Hash value • Hash value of a e-Document when encrypted with the private key of a person is his Digital Signature on that e-Document – Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. – As the public key of the signer is known, anybody can verify the message and the digital signature
Digital Signatures I agree efcc 61 c 1 c 03 db 8 d 8 ea 8569545 c 073 c 814 a 0 ed 755 My place of birth is at Gwalior. fe 1188 eecd 44 ee 23 e 13 c 4 b 6655 edc 8 cd 5 cdb 6 f 25 I am 62 years old. 0 e 6 d 7 d 56 c 4520756 f 59235 b 6 ae 981 cdb 5 f 9820 a 0 I am an Engineer. ea 0 ae 29 b 3 b 2 c 20 fc 018 aaca 45 c 3746 a 057 b 893 e 7 I am a Engineer. 01 f 1 d 8 abd 9 c 2 e 6130870842055 d 97 d 315 dff 1 ea 3 • These are digital signatures of same person on different documents • Digital Signatures are numbers • They are document content dependent
Paper signatures v/s Digital Signatures Parameter Authenticity Integrity Paper May be forged Signature independent of the document Non-repudiation a. Handwriting expert needed b. Error prone Electronic Can not be copied Signature depends on the contents of the document a. Any computer user b. Error free
Private key protection • The Private key generated is to be protected and kept secret. The responsibility of the secrecy of the key lies with the owner. • The key is secured using • PIN Protected soft token • Smart Cards • Hardware Tokens
PIN protected soft tokens • The Private key is encrypted and kept on the Hard Disk in a file, this file is password protected. • This forms the lowest level of security in protecting the key, as • The key is highly reachable. • PIN can be easily known or cracked. Soft tokens are also not preferred because • The key becomes static and machine dependent. • The key is in known file format.
Smart Cards • The Private key is generated in the crypto module residing in the smart card. • The key is kept in the memory of the smart card. • The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card. • The card gives mobility to the key and signing can be done on any system. (Having smart card reader)
Hardware Tokens • They are similar to smart cards in functionality as • Key resides inside the token. • Key is highly secured as it doesn’t leave the token. • Highly portable. • Machine Independent • can be connected to the system using USB port. • Access to contents is password protected • Install the drivers provided along with the USB tokens on your computer before use. Caution : Avoid keeping password on paper slips along with the tokens.
Digital Signing Certificates (DSC) • It is issued to person specified by name and is mapped to a specific personal E-mail ID. • It is NOT issued to any designation. • Usage and safe custody is responsibility of person in whose name issued. • Not to be handed over to anyone else for use even after transfer or superannuation. • To be purchased as a consumable and not T&P • In case of loss, get it revoked from issuing authority • Device driver required to use DSC. Supplied by supplier of DSC.
Different types of Digital Signature Certificates Class 1: do not hold any legal validity as the validation process is based only on a valid e-mail ID and involves no direct verification. Class 2: Identity of a person (valid E-mail ID) is verified against a trusted, preverified database but no personal verification is involved. Class 3: Highest level where the person needs to present himself or herself in front of a Registration Authority (RA) and prove his/ her identity. The E-mail ID mentioned at the time of application needs to be verified online, prior to issue of Digital signature.
Digital Encryption Certificates (DEC) • Functions are similar to the DSC. • Works on a pair of keys (Public & Private). • This is used to Encrypt a document. • Every Railway Department has one Encryption certificate which is attached with the tender document and is used to encrypt the bids submitted on-line by the vendors. • To be uploaded on IREPS once by dept. admin. • Will be required only for tender opening thereafter.
Here is an example of Encryption and Decryption ENCRYPTION STARTS (using N and e calculated earlier) Let message = 65, which B wants to send to A. Thus B encrypts using A’s Public Key Using the encryption function c(message) = messagee mod (n) c = 6517 mod 3233 = C= 2790. Thus 2790 is the encrypted version (c) of message of 65 which B sends to A DECRYPTION STARTS (using N and d calculated earlier) and in order to decrypt c = 2790, we use the formula = cd mod (n) M = 2790 413 mod 3233 = 65 , which is decrypted at A
Digital Encryption Certificates (DEC) • Can be purchased in the name of any official of the unit. • In case of loss of DEC all tenders issued with the DEC are lost. • To be purchased in duplicate in two different tokens (Not two different DECs). One token to be kept in safe custody • DEC not the property of the official in whose name it is purchased. To be handed over to new incumbent in case of transfer / superannuation. Handing over to be accompanied with a recorded acknowledgement. • To be preserved for as many years as the tender files are preserved. • DEC and DSC not to be purchased on same token.
Example for Digital Signature • Assume you are going to send the draft of a contract to someone else in another town. You want to give the assurance that it was unchanged from what you sent and that it is really from you. 1. You create the contract on , say, a word document. 2. Using special software, you obtain a message hash (mathematical summary) of the document. 3. You then use your private key that you have previously obtained from a Certifying Authority (CA) to encrypt the hash. 4. The encrypted hash becomes your digital signature of the Document. (Note that it will be different each time you send a message. ) This encrypted hash along with the original document is sent to the recipient • At the other end, the document is received by the recipient. 1. To make sure that’s it is intact and from you, the receiver makes a hash of the received document. (a) 2. Using your public key, the message hash or summary is decrypted to reveal the hash originally created at the senders end (b). 3. If the hashes (a) and (b) match, the received message is valid.
Public Key Infrastructure (PKI) • Some Trusted Agency is required which certifies the association of an individual with the key pair. Certifying Authority (CA) • This association is done by issuing a certificate to the user by the CA Public key certificate (PKC) • All public key certificates are digitally signed by the CA • Issued for a limited period validity (1 or 2 Years). • Is legal under the I. T. Act 2001.
Certifying Authority • Must be widely known and trusted • Must have well defined Identification process before issuing the certificate • Provides online access to all the certificates issued • Provides online access to the list of certificates revoked • Displays online the license issued by the Controller • Displays online approved Certification Practice Statement (CPS) • Must adhere to IT Act/Rules/Regulations and Guidelines
CAs have been licensed by CCA (List is dynamic) • Safescrypt • IDRBT • GNFC • e Mudhra CA • CDAC CA • Capricorn CA • NSDL e-Gov CA • Indain Air Force • Verasys CA
IREPS Indian Railways E-Procurement System
History of E-Procurement • Minister for Railways announced in his Budget speech in year 2004 -05 that all procurement related activities to be done online. • Pilot Project started in May 2005 on NR as NREPS (Northern Railway EProcurement System) • In Sep 2008, CRIS hosted IREPS website for all Zonal Railways. CRIS is the agency for Developing all modules for IREPS in consultation with NR as the Co-ordinating Rly. • 2008 -09 Downloadable tender form was made compulsory. Cost of tender form was to be submitted as separate instrument. • 2010 stores e tendering started. • 2016 Works e- tender was started. • 2018 Online tender cost, EMD, E-TC and LOA, Bill Monitoring started • Now all tenders are to be done through IREPS, hosted and managed by CRIS
Features / Scope • • • Online Creation & Publishing of Tender Document Online Creation & Publishing of Corrigendum Online TDC/EMD payments Online Submission of offers by Bidders Online Tender opening Process/ Automatic Generation of Comparative Statement Online Viewing of Offers/ Comparative Statement by Railway Users & Bidders Online Automated Creation of Briefing Note Item Directories (for Works tenders) o SOR & NS o Unified and/or Zonal, Department-wise Condition Masters and Document Masters
Features / Scope • Online Technical Evaluation of Offers (in 2 packet system) • Online Creation of Draft Tender Committee Minutes • Viewing/Signing of TC minutes by TC members o Adding of comments/suggestions by TC members, Modifications of TC minutes by convener • Online Submission of TC recommendations to Accepting Authority • Acceptance/Modification/Return of TCR by AA with or without remarks • Submission of revised TC recommendations • Negotiations/ Counter Offer • Online Creation and Issue of LOA • Issue and Digital Signing of Contract by Railways & Successful bidder • Online Creation and Publishing of Completion report • Online raising of bill, its monitoring and payment
Modules in IREPS Ø 13 Modules planned for IREPS. Ø Out of which following 9 modules implemented ü ADMIN ü PARAMETERIAZATION (Back end module) ü RFQ (tendering, pre-bid meeting) ü BID (Bidding, Evaluation etc) including E-TC, including issue of LOA ü TRAINING (multimedia Training Kit) ü Help Desk ü PKI (Digital signature interface, Backend Module) ü ID (Interface development) ü Auction (reverse auction, Reverse sale) v Remaining 4 modules under Development by CRIS o Contract (contract, amendment etc) o Contract Tracking (Dispatch, Receipt, Inspection, Invoice, Payment) o E-payment (Payment gateway, NEFT etc) o DRBC (Disaster recovery and Business Continuity)
Benefits of E-Procurement For Vendors • Complete Transparency • No possibility of Coercion • Offers can be modified any number of times and up to the time and date of opening of tender. The last offer made is the valid offer. • No need to be physically present at tender opening place for dropping of tender / opening of tender. Comparative statement is available to all tenderers on their PC. • All offers / attachments are digitally signed by Vendor, hence cannot resile from the offer / documents at any later date. Thus, authenticity is ensured. • Generally competitive rates are received.
Benefits of E-Procurement For Railway • Complete Security as login is made with e-mail ID mapped to password, which is linked to digital signature with a matching Password and all the above duly encrypted with Encryption Certificate. • No possibility of late / Delayed tenders • Opening of tender can be done at any Convenient time after the scheduled date and time of opening as mentioned in tender. • Convenient Place of opening as any Computer with internet facility can be used where the Tender opening officials can sit together.
Benefits of E-Procurement For Railway • Corrigendum can be uploaded at any time up to a predesignated date from date and time of opening of tender. • No more botheration for arranging a physical tender Box, its location, accessibility, sealing, opening, and its security. • Technical Suitability / Unsuitability in Two packet system is intimated to all tenderers as soon as technical bid is evaluated.
Registration of Vendor Pre-requisites: - ü Vendors need to have valid Class III Digital Signature with Firm’s Name and mapped to Unique E-mail ID issued by licensed CA ü They need to have a (dedicated) computer with latest Internet browser ü The drivers for the Digital signature is to be installed in the PC. ü Adequate Internet connectivity.
Registration of Vendor ü Go to Home page of IREPS. ü Open "New Vendors" link and fill login registration form to obtain User ID and password. Attach public key of DS. ü Thereafter, Login ID is activated. ü Login using Login ID and password, change password, to become a registered Vendor.
Registration of Railway User • CRIS has created various department under each Railway/Division as per Railways organisation structure. • Every department shall have an admin who will do all admin function for IREPS. • Admin shall have a DS and a EC. • Admin shall get himself registered as admin with CRIS by sending a authorisation letter from head of the office (PCE/DRM/Director). • Admin can create his organisation in IREPS on his own. • Railway User needs to have valid Class III Digital Signature issued by licensed CA in User’s Name and personal E-mail ID • Dedicated computer with the drivers for DS • Finance also need to register on IREPS with DSC.
ADMIN Once Digital Signature of the Nominated person is procured, the Public Key is to be sent to CRIS by e-mail with a request to assign this DS as administrator. This is confirmed by CRIS by return E-Mail. The power of Administrator includes assigning powers to various other member to (a) Open tender Box (b) Upload tenders (c) Co-ordination duties (such as attachments etc) (d) Nominate tender opening officials (Nomination may be done Day wise)
MINUMUM REQUIREMENT FOR E-PROCUREMENT 1. 2. 3. 4. 5. 6. DSC for all users (including TAA, TC members, Tender uploading / opening officials) in their individual capacity mapped to their personal E-Mail IDs 1 EC for the Organization as a unit Preferably one dedicated PC Good / Reliable Internet connection Nomination of 1 Admin Identification of Accounts / Stores counterparts and ensuring the DSCs for TC members, Tender Opening officials, Admin for Accounts / stores
BASICS OF TRACK PROCUREMEMT
STORES V/S WORKS CONTRACT Contract Works Stores Activity Execution of works Purchase Activity Centre Rly. Premises Supplier plant Governed by - Contract Act - GCC - Sales of Goods Act. Para 1220 of Engineering Code - IRS conditions GST - - Para 417 of Stores Code GST Interaction Continuous Intermediate Assistance from Railways More – Site, Drawing Very Less (except issue of Rails)
TRACK PROCUREMENT Rails Railway Board Concrete sleepers Governed by Stores Code & IRS Conditions of Contract. Sale of Goods Act. Other P. Way Material Mostly Plants located on Railway Land. Zonal Railway Assistance in Procurement of Raw Material. Complete productions under Railway Supervision. Dispatches of sleepers through Railway Siding. No. outside order can be taken by plant without Railway’s permission. Though technically store contract but practically more like Works Contract
PROCUREMENT PROCESS (Presently Sequential) Vetted Indent Tendering Purchase Order Supply of Rails. (Switches, SEJ, GJ) Contract Handling SUPPLY OF MATERIAL
PROCUREMENT PROCESS (Presently Sequential) Indent Tendering Purchase Order Supply of Rails. (Switches, SEJ, GJ) Contract Handling Supply of Material Appearing of Track Renewal work in Pink/Law Book. Sanction of Detail estimate. Preparation of Indent. Vetting of Indent.
PROCUREMENT PROCESS (Presently Sequential) Indent Tendering Purchase Order Supply of Rails. (Switches, SEJ, GJ) Contract Handling Supply of Material Preparation of Schedule. Approval for Tender calling. Tender invitations. Preparation of Briefing note & comparative statement. Vetting of ‘B’ note & comparative statement. T. C. consideration. Acceptance. Advance acceptance letter to firm. Firm’s confirmation.
PROCUREMENT PROCESS (Presently Sequential) Indent Tendering Purchase Order Supply of Rails. (Switches, SEJ, GJ) Contract Handling Supply of Material Submission of SD Preparation of P. O. Vetting of P. O. Issue of P. O.
PROCUREMENT PROCESS (Presently Sequential) Indent Tendering Purchase Order Supply of Rails. (Switches, SEJ, GJ) Contract Handling Supply of Material Submission of B. G. by firm. Verification of BG. Board’s allotment for supply of rail. Advice to Railway concern for issue. Handling over of Rail to the Firm.
PROCUREMENT PROCESS (Presently Sequential) Indent Tendering Purchase Order Supply of Rails. (Switches, SEJ, GJ) Contract Handling Supply of Material Change in P. O. condition: Ø Issue of M. A. ( Mod. Advice) Ø D. P. extension. Ø Change in Tax structure. Ø Failure of material in field. Ø Monitoring supply.
PROCUREMENT PROCESS Ø Rubber pads Ø ERC (Pandrol clip) Ø Polyethylene dowel Ø Concrete sleepers Ø- Spring setting device Ø GFN 66 liners Ø CMS crossings Ø Elastomeric pads Improved SEJ RDSO Railways Ø Switches Ø- SGCI inserts Ø SEJs Ø Glued joint Ø Metal Liners Ø Plate & Rail screw Ø Fish plate , fish bars Ø Fish bolts , Fittings RITES
Risk Management in Procurement Risk Contingency Plan Delisting of supplier Failure of material in inspection. Multiple or at least two suppliers for every track material. Failure of material in field. Non-extension of validity of offer by Finalization within validity. lowest Tenderer. Change in Specification. Change in Tax structure. 1. Timely initiate procurement process 2. Suitable explicit clause in contract Delay in Inspection. Regular chasing. Delay in arranging rail. Regular chasing.
Public Procurement policy on MSE • • Vendors registered with MSEs. (Bd letter No 201/RS(G)/363/1 dt 05 -7 -12) District Industries Centres Khadi and village Industries Commission. Khadi and Village industries Board. Coir Board National Small Industries Corporation Directorate of handicraft and Handloom Online registered Micro and Small Enterprise (MSE) having Udyog Aadhaar w. e. f. 18. 09. 2015 • Any other body specified by MSME The Goal of 20% of value of procurement on MSEs to be reached by April 2015. 20% of this 20% (i. e. , 4% overall) should be from firms owned by SC / ST entrepreneurs
Public Procurement policy on MSE • Orders up to 20% of procurable quantity on a firm registered with any of the above agencies for tendered item provided the quoted rate of the firm is within a band of L 1 +15% by bringing down their price to that being offered to the L 1 firm • This provision shall be applicable only when L 1 price is from someone other than a MSE and such MSEs can be together ordered up to 20% of the total tendered value.
Latest orders from Railway Board on MSE Railway Board Letter No 2010/RS(G)/363/1/Pt 1 dated 28 -12 -2018 1. Procurement of Goods and Services from MSEs increased from the existing 20% to 25% of total procurement 2. A minimum of 3% reservation for Women owned MSEs within the above mentioned 25% reservation
Latest orders from Railway Board on stores tender Letter No 2018/Trans Cell / Store Procurement dated 02 -01 -2019 EMD- No Exemption except • Tender cases of value upto 1 lakh • MSEs registered for the tendered item • Other Rly and Govt Dept, Indian Ordinance factories • PSUs owned by Min of Rly EMD shall be 5% of estimated value (nearest ₹ 10/-) Automatic release of EMD of unsuccessful tenderers after finalization of tender without any additional action required from the purchaser SD / PG same as above for EMD except MSEs – valid for 60 days beyond all contractual obligations. – to be deposited within 14 days of LOA – No extension in time limit – In case of failure to deposit SD as above, EMD if paid shall be adjusted towards SD – If EMD is insufficient, EMD shall be forfeited and offer considered to be resiled – In case MSE fails to furnish SD as above, same action to be taken and the due SD amount to be treated as recoveries outstanding.
Latest orders from Railway Board on stores tender Letter No 2018/Trans Cell / Store Procurement dated 02 -01 -2019 • AAL / Counter offers to be issued without Finance Vetting • DP is reckoned from the date of Advance PO / Letter of Advance Acceptance / Letter of Acceptance • LD shall be 0. 5% of the price of the store per week or part thereof during which delivery is accepted. • Upper limit for recovery of LD is 10% of the value of the contract irrespective of delays unless otherwise provided specifically in the contract.
Guidelines on Tenders • Railway Board letter No. 2012/TK-II/7/3/Track Fittings dt 10 -112014 • Validity of offer: - Quoting lesser validity than specified in Tender Document (120 days), shall be summarily Rejected. • Delivery Period / schedule: - Quoting Longer DP / not agreeing to the stipulated Delivery Schedule shall be summarily Rejected. • Quoting Different PVC formula: quoting deviations to stipulated PVC formula - summarily Rejected. • Minimum Quantity to be quoted: - Offer with less than 50% of tendered quantity or less than minimum specified quantity in tender shall be treated as Unresponsive.
Guidelines on Tenders • Railway Board letter No. 2012/TK-II/7/3/Track Fittings dt 10 -112014 • PVC Base Month: - shall be the month preceding the month of the date of opening of tender. • Court Jurisdiction: - For all disputes arising out of the contract, the Court Jurisdiction shall be the HQ of the Zonal railway where the contract agreement has been signed. • Consignee End Policy: - Supplier being RDSO approved, shall abide by all the “Guidelines for Vendor Development” as published by RDSO.
Recent Guidelines on Tenders • Railway Board lr No. 2014/RS(G)779/12 dt 3 -12 -2014 • Min Time opening of Adv. Tender – The minimum time limit for opening of Adv Open Tender shall be 21 days instead of 30 days from date of advertisement in print media, provided complete tender document is uploaded in IREPS before advertisement in print media. • The corresponding time for Global tender is 30 days. Railway Board Letter No 2014/RS(G)/779/12 dated 21 -2 -2018 1. The 21/30 days time for tender publication shall be from the date of publication of tender on IREPS 2. Railways shall publish a fortnightly advertisement in Newspapers showing the website address where tender documents are available.
Guidelines on Tenders Railway Board lr No 2014/RS(G)779/11 dt 24 -11 -2014 • Post Contract Amendments in Contract– The following amendments shall not require Finance Concurrence – (a) Change in name of firm where CA is satisfied about the legal aspects of change in name of fir and / or vendor approving authority has approved the change of name. (b) To correct typographical errors in contract. If existing errors are not clear, leading to interpretational differences, or in Calculation of amount / tax / freight etc, Finance should be consulted.
Tender Opening on IREPS
- Slides: 79