Documente Academic
Documente Profesional
Documente Cultură
ELECTRONIC TENDER
Manik Aggarwal
CONTENTS
Process Flow for Government Tender
Manipulation in Tendering Process
E- Tendering
Encryption
STEPS INVOLVED IN TENDERING
PROCESS
Tender Flow.doc
MANIPULATION IN TENDERING
PROCESS
Changing of the technical specification to suit
the product favored
Application to the tender by several group
companies.
Stopping the notices go to other registered
parties.
E-TENDERING COMPONENTS
1
Publish
3 Requirements 2 Consolidate EBP
Tender fee payment
Requirement
Payment Gateway
Download Tender 4 ERP
5 6
Upload Bid Supporting
documents
7
(Secure
Bid opening &
Network)
Reverse Auction
Comparision
8 Enhanced Supply base
Tender Award
9 Reduced Spend
WHAT E TENDERING CAN DELIVER ?
Digital signatures
Based on a variation of public key encryption
SYMMETRIC ENCRYPTION
Key must be distributed
Vulnerable to interception (an important weakness)
Key management – a challenge
Strength of encryption
Length of the secret key
Longer keys more difficult to crack (more
combinations to try)
Not necessary to keep the algorithm secret
11 - 10
3
Cop
No security hole is created
yrig
by distributing the public
ht
200
key, since B’s private key
5
has never been distributed.
Joh
message recipient n
Wil
ey
&
DIGITAL SIGNATURES
Provide secure and authenticated message
transmission (enabled by PKE)
Provides a proof identifying the sender
Important for certain (legal) transactions
Digital Signature:
Includes the name of the sender and other key
contents (e.g., date, time, etc.,)
Use of PKE in reverse (applied to Digital
Signature part of the message only)
Outgoing: Encrypted using the sender’s private key
Incoming: Decrypted using the sender’s public key
Providing evidence who the message originated
from
TRANSMISSION WITH DIGITAL
SIGNATURES
11 - 12
Organization A
Organization B
Cop
yrig
ht
200
5
Joh
n
Wil
ey
&
PUBLIC KEY INFRASTRUCTURE (PKI)
Set of hardware, software, organizations, and
policies to make PKE work on Internet
Solves the problem with digital signatures
How to verify that the person sending the message
Elements of PKI
Certificate Authority (CA)
A trusted organization that can vouch for the
authenticity of the person of organization
Certificate
A digital document verifying the identity of a digital
signature’s source
Fingerprint
A unique key issued by the CA for every message
sent by the user (for higher security certification)
PROCESS WITH CERTIFICATE AUTHORITY
User registers with a CA (e.g., VeriSign)
Must provide some proof of Identity
Levels of certification: Examples:
Simple confirmation of an email address