India's National Digital Locker System - DigiLocker
In 2015 Govt of India had launched an Aadhaar based, centralized secured National Digital Locker System. With this a user can store the digitally formatted documents and agencies can verify this in a fast and easy manner. Those having an Adhar card can login to www.digilocker.gov.in and upload their scanned copies of all important documents like education certificates, bills, marklists, Id Proofs etc.
You can upload pdf, JPG, JPEG, png, gif types of files. So when ever you will need those documents for verification by Government / recruitment agencies while applying for servcie or job, you can directly give your DigiLocker number.
Recently I created a Digilocker account and uploaded some docs. It was simple and easy process. One time Password (OTP) security is implemented in several steps to improve the security of the system. Storing documents digitally in a central store is really cool idea, it will really save papers.
Along with this some concerns disturbed me. It was with the files we share through email using the "Share" option associated with each uploaded documents. When clicking the share link we are asked to enter an Email Id to which a Url to access our digital document is sent. Suppose if we unknowingly share document links to a person who is a fraudster, he can simply forward that link to other people and they can easily view and download our document and can use it for any illegal activities. For example they can use our aadhar document for getting SIM cards. How can we track that?
Security issue with Email sharing option for sharing digilocker documents
I think the simple email share option with out any verification is not at all secure. One thing you can do is to allow the access of the documents only to a person or institution registered with digilocker, by this we can atleast track the user who had accessed that document. Instead of simply sharing the document link, a user should be given an option to select the registered receiver and allow the receiver to access the document. After allowing the access send a notification to the receiver via mobile or email regarding the access privilege. Also the owner of the user should have the option to revoke the access permission.
Water Marking and login check
If you are sharing a link via email, then the received should first login to the digilocker portal (digilocker.gov.in) and then only they should view or download the document.
Also on the docs displayed / downloaded at receiving end, please add a DigiLocker water mark and also put the user id or any other identification data of receiving end user .
If you have any queries related to DigiLocker system, please contact at the address given at DigiLocker Contact Page or send email to support[at]digitallocker[dot]gov[dot]in.
DigiLocker Address
DigiLocker Project
National E-Governance Division,
Ministry of Electronics & Information Technology,
4th Floor, Electronics Niketan, 6, CGO Complex,
New Delhi -110003, INDIA
Web: www.digilocker.gov.in
Email : support@digitallocker.gov.in
There a lots of things you should take care of before giving your Personal ID proof copies to a service provider.Check Remember this before passing copies of your KYC documents to others to know more about safe guarding your documents.
Please comment your suggestions to make the digilocker system more secure.
In 2015 Govt of India had launched an Aadhaar based, centralized secured National Digital Locker System. With this a user can store the digitally formatted documents and agencies can verify this in a fast and easy manner. Those having an Adhar card can login to www.digilocker.gov.in and upload their scanned copies of all important documents like education certificates, bills, marklists, Id Proofs etc.
Recently I created a Digilocker account and uploaded some docs. It was simple and easy process. One time Password (OTP) security is implemented in several steps to improve the security of the system. Storing documents digitally in a central store is really cool idea, it will really save papers.
Along with this some concerns disturbed me. It was with the files we share through email using the "Share" option associated with each uploaded documents. When clicking the share link we are asked to enter an Email Id to which a Url to access our digital document is sent. Suppose if we unknowingly share document links to a person who is a fraudster, he can simply forward that link to other people and they can easily view and download our document and can use it for any illegal activities. For example they can use our aadhar document for getting SIM cards. How can we track that?
Security issue with Email sharing option for sharing digilocker documents
I think the simple email share option with out any verification is not at all secure. One thing you can do is to allow the access of the documents only to a person or institution registered with digilocker, by this we can atleast track the user who had accessed that document. Instead of simply sharing the document link, a user should be given an option to select the registered receiver and allow the receiver to access the document. After allowing the access send a notification to the receiver via mobile or email regarding the access privilege. Also the owner of the user should have the option to revoke the access permission.
Water Marking and login check
If you are sharing a link via email, then the received should first login to the digilocker portal (digilocker.gov.in) and then only they should view or download the document.
Also on the docs displayed / downloaded at receiving end, please add a DigiLocker water mark and also put the user id or any other identification data of receiving end user .
If you have any queries related to DigiLocker system, please contact at the address given at DigiLocker Contact Page or send email to support[at]digitallocker[dot]gov[dot]in.
DigiLocker Address
DigiLocker Project
National E-Governance Division,
Ministry of Electronics & Information Technology,
4th Floor, Electronics Niketan, 6, CGO Complex,
New Delhi -110003, INDIA
Web: www.digilocker.gov.in
Email : support@digitallocker.gov.in
There a lots of things you should take care of before giving your Personal ID proof copies to a service provider.Check Remember this before passing copies of your KYC documents to others to know more about safe guarding your documents.
Please comment your suggestions to make the digilocker system more secure.
