Federated Personal Health Records – The Quest For Use Cases

Last week we wrote about India’s Health Leapfrog and the role of Health Stack in enabling that (you can read it here). Today, we talk about one component of the National Health Stack – Federated Personal Health Records: its design, the role of policy and potential use cases.


A federated personal health record refers to an individual’s ability to access and share her longitudinal health history without centralised storage of data. This means that if she has visited different healthcare providers in the past (which is often the case in a real life scenario), she should be able to fetch her records from all these sources, view them and present them when and where needed. Today, this objective is achieved by a paper-based ‘patient file’ which is used when seeking healthcare. However, with increasing adoption of digital infrastructure in the healthcare ecosystem, it should now be possible to do the same electronically. This has many benefits – patients need not remember to carry their files, hospitals can better manage patient data using IT systems, patients can seek remote consultations with complete information, insurance claims can be settled faster, and so on. This post is an attempt to look at the factors that would help make this a reality.

What does it take?

There are fundamentally three steps involved in making a PHR happen:

  1. Capture of information – Even though a large part of health data remains in paper format, records such as diagnostic reports are often generated digitally. Moreover, hospitals have started adopting EMR systems to generate and store clinical records such as discharge summaries electronically. These can act as starting points to build a PHR.
  2. Flow of information- In order to make information flow between different entities, it is important to have the right technical and regulatory framework. On the regulatory front, the Personal Data Protection Bill which was published by MeitY in August last year clearly classifies health records as sensitive personal data, allows individuals to have control over their data, and establishes the right to data portability. On the technical front, the Data Empowerment and Protection Architecture allows individuals to access and share their data using electronic consent and data access fiduciaries. (We are working closely with the National Cancer Grid to pilot this effort in the healthcare domain. A detailed approach along with the technical standards can be found here.)
  3. Use of information – With the technical and regulatory frameworks in place, we are now looking to understand use cases of a PHR. Indeed, a technology becomes meaningless without a true application of it! Especially in the case of PHR, the “build it and they will come” approach has not worked in the past. The world is replete with technology pilots that don’t translate into good health outcomes. We, in iSPIRT,  don’t want to go down this path. Our view is that only pilots that emerge from a clear focus on human-centred design thinking have a chance of success.

Use cases of Personal Health Records

Clinical Decision Making

Description: Patient health records are primarily used by doctors to improve quality of care. Information about past history, prior conditions, diagnoses and medications can significantly alter the treatment prescribed by a medical professional. Today, this information is captured from any paper records that a patient might carry (which are often not complete), with an over-reliance on oral histories – electronic health records can ensure decisions about a patient’s health are made based on complete information. This can prove to be especially beneficial in emergency cases and systemic illnesses.

Problem: The current fee-for-service model of healthcare delivery does not tie patient outcomes to care delivery. Therefore, in the absence of healthcare professionals being penalised for incorrect treatment, it is unclear who would pay for such a service; since patients often do not possess the know-how to realise the importance of health history.

Chronic Disease Management

Description: Chronic conditions such as diabetes, hypertension, cardiovascular diseases, etc. require regular monitoring, strict treatment adherence, lifestyle management and routine follow-ups. Some complex conditions even require second opinions and joint decision-making by a team of doctors. By having access to a patient’s entire health history, services that facilitate remote consultations, follow-ups and improve adherence can be enabled in a more precise manner.

Problem: Services such as treatment adherence or lifestyle management require self-input data by the patient, which might not work with the majority. Other services such as remote consultations can still be achieved through emails or scanned copies of reports. The true value of a PHR is in providing complete information (which might be missed in cases of manual emails/ uploads, especially in chronic cases where the volume and variety of reports are huge) – this too requires the patient to understand its importance.


Description: One problem that can be resolved through patient records is incorrect declaration of pre-existing conditions, which causes post-purchase dissonance. Another area of benefit is claims settlement, where instant access to patient records can enable faster and seamless settlement of claims. Both of these can be use cases of a patient’s health records.

Problem: Claim settlement in most cases is based on pre-authorisation and does not depend solely on health records. Information about pre-existing conditions can be obtained from diagnostic tests conducted at the time of purchase. Since alternatives for both exist, it is unclear if these use cases are strong enough to push for a PHR.


Description: Clinical trials often require identifying the right pool of participants for a study and tracking their progress over time. Today, this process is conducted in a closed-door setting, with select healthcare providers taking on the onus of identifying the right set of patients. With electronic health records, identification, as well as monitoring, become frictionless.

Problem: Participants in clinical trials represent a very niche segment of the population. It is unclear how this would expand into a mainstream use of PHR.

Next steps

We are looking for partners to brainstorm for more use cases, build prototypes, test and implement them. If you work or wish to volunteer in the Healthtech domain and are passionate about improving healthcare delivery in India, please reach out to me at [email protected].

What lies beyond the horizon: Digital Sky & the future of drones in India

Drones have been around for a long time, going back as far as World War II. For most of their history, they were considered part of the military arsenal and developed and deployed almost exclusively by the military.

However, the past decade has seen a tremendous amount of research and development in the area of using drones for civilian purposes. This has led industry experts to predict that drones will be disrupting some of the mainstay industries of the global economy such as logistics, transportation, mining, construction and agriculture to name a few. Analysts estimate a $100 billion market opportunity for drones in the coming few years  [1]. In spite of the overwhelming evidence in favour of the value created by drones, it has taken quite a few years for the drone industry to take off in a commercial sense globally.

The main reason for this has been the regulatory challenges around what is allowed to fly in the air and where is it allowed to fly. A common theme around the world is the unconventional challenges that old governmental structures have to face as they try to understand and regulate new technologies. Hence the default approach so far for governments has been reactionary caution as they try to control what are, essentially, flying robots in the sky.

However, with electronic costs coming down, the hardware becoming more accessible and the software interpreting data becomes more powerful a number of humanitarian, civilian and industrial application have emerged and as governments across the world are realizing the potential of drones, we are starting to see the first version of regulations being drafted and adopted across the globe.[2]

Closer home India has a relatively adverse approach to drones or more lackadaisical rather. [3]

But as India continues to drive to become a more technology-oriented economy the role of drones in the worlds fastest growing economy and the potential benefits it can bring are hard to ignore.[4]

However, India’s approach to drone regulations cannot be that of other major economies that have the luxury of friendly neighbours and a large network of monitoring apparatus, India has had to take an approach that has to be novel and robust. Something that balances the security landscape while also being designed to allow maximum utilization of the potential that drones offer. Out of this need to both regulate secure how and where a drone can fly and keep multi-ministerial stakeholder interests accounted for was born the Digital Sky, India’s foundational framework for all things drones.

What is the Digital Sky and how does it work?

What the Digital Sky accomplishes beautifully is to fill the institutional void that needs to be collectively fulfilled by so many institutions and make it easier for the industry and consumers to interface with the government legally through one platform. Permission to fly drone no longer requires a 90-day intimation with an arbitrary number of NOCs to be approved by umpteen number of ministerial bodies at the central and federal level. The industry and the public now know one place to interact with in order to register their drone, get recognised as a certified operator and apply for permissions and all concerned government agencies ensure their overarching interests do not interfere with the large-scale adoption of drones.  

There are crucial components required for the Digital Sky concept to work, the most central being that drone operators should not be able to fly drones if they are not approved by the government. To accomplish this the Drone 1.0 regulations revolve around the concept of No-Permission-No-Takeoff (NPNT).

Our maven Tanuj Bhojwani explaining NPNT at the DigitalSky RoundTable on 4 Dec 2018 in Bengaluru

What this implies is that unless a drone has got valid permission for a particular flight through tamper-proof digitally signed permission tokens, it will not be able to take off. The Digital Sky is the platform to automate the processing of these permission tokens as they flow in from different parts of the country without overwhelming the authorities through a flight information management system (one of only three countries to build this nationally after China and the USA). In order for this vision to come true, there will be an enormous change in the way drones are manufactured and operated. Entire new industry verticals around getting existing drones compliant, developing interfaces that interact with the Digital Sky platform and making applications for India’s needs will develop. Hence this begs the question.

How are the current state of the industry are changing with 1.0 regulations

Until the introduction of the regulations companies especially in the UAV operations were doing non-restricted work and end up becoming the jack-of-all-trades. Companies in the manufacturing domain were unclear of who is their target customer and what they needed to build. All the companies in this domain were working with no clarity on the safety and permissions.

With the introduction of the Drone Policy 1.0, there is a buzz which has been created and efforts are being made to understand the regulations by all the entities who are set to gain from it. They understand that there will be a new aspect that needs to cater to i.e. the sense of accountability.

For manufacturer’s The NP-NT mandate will be the most immediate requirement, the most common route to implement the mandate will be through changes to existing firmware architecture. The changes themselves are being driven by open source initiatives with various operators, system integrators and manufacturers contributing to the shift to NP-NT for all major drone platforms in the country. The Digital Sky has inadvertently catalysed the first industry-wide initiative to bring together all members of the ecosystem. Other requirements such as ETA bring in much-needed standardisation in the hardware space, this allows benchmarking of products, easier availability of information about the standards to look out for end users.

For operators, a massive increase in the volume of business is expected as they can now focus on getting certified drones into the air, and not so much on getting approvals. The Digital Sky brings in much-needed certainty and predictability into an industry that will be focused on balancing demand and supply of drone-related operations in a market that has a huge need for drones and their data but limited expertise to acquire and process it. This also puts onus an industry to become security and privacy conscious and insurance agencies will play an important role in this regard. It will also immensely help in changing the thought process of the companies providing services and their customers. Customers will start understanding that they also need to have a defined plan, process and execution instead of a haphazard existing process of execution.

How industry/playground will change over the coming years?

With the introduction on the regulations and a platform like Digital sky enabling the ease of doing business for the companies who are serious stakeholders in this domain, there is no limit to what developments will occur in the coming years. It opens up possibilities for utilization of Drone and its related technologies in Agriculture, Medical, Energy and Infrastructure and transportation.

The existing players will become more mature and more focused. They will understand that with regulations in place a more focused approach is the key to scale. They will look at opportunities to compete with the global market also as the solutions that are developed around the Drone Regulations 1.0 and 2.0 will be key factors that contribute to the Indian ecosystem to becoming a global standard to test, adapt and innovate drone applications and management.

What are the opportunities? What does that mean for the current and new players?

UAV/ Drones as a business was a far-fetched thought for many entrepreneurs and has been a struggling industry in the past in India. Going forward it is guaranteed that it will be one of the biggest markets in the world for UAV as a business. What the regulations and Digital Sky platform will enable is a new levelled playground ground for the UAV companies to initiate good scalable business models both existing and the ones entering new to the sector.

The existing companies with the right resources can now plan to scale their operations and also have the added advantage of doing work for the private sector in India. Due to the restrictive method of operations adapted previously the solutions to private agencies was unavailable. Now going forward the companies will shift their focus from being a B2G entity to a B2B entity. Many new businesses for UAV air traffic management, surveillance, AI and ML-based UAV solutions and deliveries will emerge out of India with technology specific to India.

If you want to join our future roundtable sessions on Digital Sky and more, please register your interest here.

The blog is co-authored by Anurag A Joshi from INDrone Aero systems, Abhiroop Bhatnagar from Algopixel Technologies and Gokul Kumaravelu from Skylark Drones

The coming revolution in Indian banking

Increasing penetration of smartphones, Aadhaar-linked bank accounts and a host of powerful open and programmable capabilities is set to create the ‘WhatsApp moment’ for Indian banking.

Once in a while a major disruption or discontinuity happens which has huge consequences. In 2007, the internet and the mobile phone came together in a whole new product called the smartphone. This phone, with its own operating system, such as the iOS or Android, could support over the top (OTT) applications. The messaging solution for the smartphone did not come from the giant telecom or internet companies. Instead, it came from WhatsApp, a start-up. WhatsApp does 30 billion messages a day, whereas all the telecom companies put together do 20 billion SMS messages per day. Such is the power of disruption!

Such a “WhatsApp moment” is now upon us in Indian banking. This discontinuity has been caused by several things coming together. Smartphones are growing dramatically and are expected to reach a penetration of 700 million by 2020. Over 1 billion Indian residents now have Aadhaar, an online biometric identity. The government promoting financial inclusion through the Jhan Dhan Yojana has led to over 200 million new bank accounts being opened. With the RBI giving licences to over 20 new banks, including small banks and payment banks, the competitive intensity of the sector is set to increase. One can visualise a future where every adult Indian has an Aadhaar number, a smartphone and a bank account. Already over 280 million Indian residents have an Aadhaar-linked bank account and around 1 billion direct benefit transfer (DBT) transactions have happened, whose value is in the billions of dollars.

On top of this, a set of powerful open and programmable capabilities, that are collectively referred to as the “India Stack” by the think-tank iSPIRT, has been created over the last seven years. Aadhaar provides online authentication using one’s fingerprint or iris, which can be done from anywhere. This can make transactions “presence less”. The e-KYC (know your customer) feature of Aadhaar enables a bank account to be opened instantly, just by using the Aadhaar number and one’s biometric. The e-sign feature enables online documents to be digitally signed with Aadhaar. The “digital locker” system enables the storage of such electronic documents safely and securely. All this can make the entire banking process “paperless”.

The final two layers of the “India Stack” have great relevance to the future of banking. The Unified Payment Interface (UPI) layer, a product built by the National Payment Corporation of India (NPCI), a non-profit company collectively owned by banks and set up in 2009, will revolutionise payments and accelerate the move towards a “cashless” economy. So “pushing” or “pulling” money from a smartphone will be as easy as sending or receiving an email. This product from NPCI is the latest in several payment systems that they have developed, from the National Financial Switch, National Automated Clearing House, and RuPay cards, to the Aadhaar Payment Bridge, the Aadhaar-enabled Payment System and IMPS, a real-time payment system.

The move to a “cashless” economy will be accelerated by the Aadhaar-enabled biometric smartphones. So credential checking in banking will move from “proprietary” approaches (debit card and PIN) to “open” approaches (mobile phone and Aadhaar authentication). As such, the holy grail of one-click two-factor authentication, now available only to giants like Apple, will be available to kids in a garage to develop innovative solutions.

Finally, as India goes from being a data-poor to a data-rich economy in the next two to three years, the electronic consent layer of the “India Stack” will enable consumers and businesses to harness the power of their own data to get fast, convenient and affordable credit. Such a use of digital footprints will bring millions of consumers and small businesses (who are in the informal sector) to join the formal economy to avail affordable and reliable credit.

As data becomes the new currency, financial institutions will be willing to forego transaction fees to get rich digital information on their customers. The elimination of these fees will further accelerate the move to a cashless economy as merchant payments will also become digital.

This will also shift the business models in banking from low-volume, high-value, high-cost, and high fees, to high-volume, low-value, low-cost, and no fees. This will lead to a dramatic upsurge in accessibility and affordability, and the market force of customer acquisition and the social purpose of mass inclusion will converge.

These gale winds of disruption and innovation brought upon by technology, regulations and government action, will fundamentally alter the banking industry. Payments, liabilities and assets will undergo a dramatic transformation as switching costs reduce and incumbents are threatened. As the insightful report from Credit-Suisse has so well explained, there is a $ 600 billion market capitalisation opportunity waiting to be created in the next 10 years. This will be shared between existing public and private banks, the new banks and new-age NBFCs. It may even go to non-banking platform players, which use the power of data to fine-tune credit risk and pricing, and make money from customer ownership and risk arbitrage.

The public sector banks, which occupy the commanding heights of the economy with a 70 per cent market share, will be particularly challenged. Even as they deal with the inheritance of their losses, they will have to cope with, and master, enormous digital disruption. This will require their owners, the government, to give them the autonomy and freedom to experiment and innovate.

To quote Shakespeare, “There is a tide in the affairs of men, which, taken at the flood, leads on to fortune”. The $ 600-billion opportunity is here. The WhatsApp revolution went unnoticed by incumbents. Normally such disruptive changes (like bubbles) are only recognised after they have happened. In this case, the forces of change are evident and can be anticipated. The opportunity for the banking sector has been called, and it is equally accessible to incumbents, both in the public and private sector, to the new banks, to the NBFCs and the tech companies. The future will belong to those who show speed, imagination and the boldness to embrace change.

This article was written as foreword to a Credit-Suisse report on the Indian banking sector

An Indian Fintech Entrepreneur’s Views on UPI

Ever since UPI (Unified Payments Interface) alpha launched on 11th April 2016, I see much confusion amongst various stakeholders. For me, the most relevant question is will UPI kill payment gateway aggregators and PSPs (payment service providers) ?

My answer is No. If you’re interested to know more, please read on…

To understand in detail, let’s understand below 5 pointers:(1) What is UPI (Unified Payments Interface) & what is it’s objective ? And who is an Aggregator /PSP & what is their objective?

For the uninitiated, UPI is a layer on top of the IMPS etc (see image above) which will work on a network of banks, facilitating account-to-account transfers in a simple and secure manner .

In other words, UPI (standalone) will just be another way of transferring funds from ones’ bank account to another without going through the hassles of adding someone as a beneficiary / IFSC / account no (NEFT) or entering MMID / mobile no (IMPS) . The objective is to simplify the payment process vis-a-vis NEFT / IMPS which didn’t reach critical mass required to make India cashless — both from person-to-person (P2P) and merchant payments standpoint.

Whereas, a n aggregator /PSP is one which continuously works towards empowering its customers aka Merchants ( in our case, mostly long-tail online merchants and individuals desirous of collecting online payments) with as many payment options possible & more. For example, debit cards, credit cards, net-banking, cash-on-delivery, IMPS, cash deposits, prepaid wallets etc. The objective is to provide one stop payment collection solution that encompasses all possible payment instruments in one bucket. But that is not all. The PSPs also supports its clients by creating new products & features to enhance their business outcome too!

Now here is what a PSP brings to the table which UPI does not today :

  • Provide other payments instruments which comprises a significant majority portion (~ 60 -80 %) of the total online payments. May be, UPI might become the new net-banking, by replacing it as a payment mode.
  • Detailed information on received payment (who paid & for what), apart from providing transaction management, reconciliation, insights etc.
  • Customisation at every level (payment options, payment page, etc) which is beyond a simple push-n-pull movement of money via UPI.
  • Trust custodian — one who provides protection against any dispute between merchant & consumer (this is completely missing in UPI today).

(2) What UPI adds to existing systems & processes?

The apps that will be built on top of UPI architecture might not only be easy to use — but the mobile first, secure & interoperable ( any bank to any bank) nature of UPI makes it one of a kind. With the learnings of digital wallets and IMPS adoption in the past , NPCI now has all the ingredients to revolutionise the the way Indians pay one another.

(3) Can UPI act as a catalyst and benefit Indian Fintech ecosystem?

We at Instamojo will add “UPI as a payment option” in the checkout page (representation image below) along with other available payment instruments and ride the wave of consumer adoption.

(4) Can UPI adversely affect anyone in the Fintech space?

Launch of UPI at this time is actually a blessing in disguise for payment agnostic players like Instamojo. Because the likely causalities of UPI will be those who have invested time & money in building non-interoperable and siloed products. Namely,

  • Digital wallets — UPI doesn’t allow interoperability of wallets on its platform today. Hence, P2P payments might shift entirely via UPI.
  • Net-banking network providers — Many players in the ecosystem had long enjoyed the relationship they had with each banking partner to put the net-banking infrastructure in place. If UPI picks up, it might become a one stop solution to get connected to all the network of banks due to inter-operability. Thus making all their hard work redundant. Now simply getting connected with UPI architecture via one banking partner will give exposure to all others banks required to process merchant payments.
  • Card network providers — If UPI is going to hurt anyone in a meaningful way, it will be the card networks like VISA/MC which will loose out of the Debit Card interchange to some degree, provided RuPay card become predominant.

Moreover, this revolutionary approach might make more consumers “online payment ready” in a very short span of time. And I hope, what Telecom revolution did for communication, UPI does the same for the Fintech space in India.

(5) What happens if UPI takes off massively?

Most digital wallets will lose relevance in the P2P payments space and will ultimately phase out and die like good old pagers . However, there can be a counter argument that in a winner-take-all or winner-take-most market, the digital wallet provider with largest merchant acceptance network might win due to inter-operability as consumers would gravitate towards the player which provides max fungibility for one’s wallet balance.

So, merchant payment collections via net-banking and wallets will be replaced by UPI. VISA / MasterCard will loose it’s share of revenues from debit card processing since RuPay (India’s own VISA/Mastercard) will share the interchange nuggets which is part of UPI now.

However, aggregators and PSPs will still be central to a Merchant, since such players bring other modes of payment collections too e.g. credit card, unified reconciliations of orders with payments, integration & APIs, customization, industry specific pricing & features, data and analytics and possibly discovery — apart from UPI enabled payments too!

On top of above, an online Merchant who is shifting from NEFTs / Cheque / Cash to PSPs for their payments need, will still turn t o the PSP as the pain-points still remains the same , with or without UPI coming into play i.e.

  • Integration & APIs
  • Order and transaction management
  • Unified reconciliations — orders with payments
  • Refund management
  • Dispute resolution
  • Customization — at every level
  • Industry specific pricing & features
  • Data & analytics
  • Support management
  • Risk management

Even if UPI solves all the above issues for an Online Merchant, they will still solve a portion of their payment collection needs, as UPI does not support VISA / Mastercard led credit card processing which stands at 20–25 Mn active users in India today.


It is evident that UPI is a boon and might be the much needed catalyst to increase the digital shopper base of India and in the process, might take a stab at the real enemy — CASH or unaccounted money exchanging hands; thus hurting the progress of our economy!

Hence, UPI is working very closely with banks under the guidance of RBI. In turn, banks are partnering with various players to take this new payment instrument to merchants & consumers.


  • For an aggregator/PSP , it will all be the same — only the graph of the credit card processing will dip while a new segment will rise.
  • Lastly, if someone thinks that banks will themselves act as an aggregator and offer UPI directly to the Merchants. W ell , they tried that before by offering IMPS to merchants which did not work . For argument s sake if one says it failed because of the complex MMID etc and now with a simpler process it will work, it won’t work for entire suite of payment instruments that a merchant needs.
  • And finally, if one believes that banks would offer a bundled solution of Cards + UPI — well I would say its will be a good debate to be a part of but end of the day, even banks know what they are good at i.e. retail banking / CASA / lending & deposit arbitrage!


Guest blog post by Sampad Swain, Instamojo. The original article can be accessed here

Digital India: What Is eSigning & How It Works

Digitising India is the only sure-shot way to reach the benefit of growth to India’s masses and that then will create the multiplier to ensure the target 8 to 10% sustained GDP growth… [Digital India is] certainly the most appropriate call for transforming India into a vibrant and strong global economy.

– Pramod Saxena, Chairman & MD, Oxigen Services.

And we agree. Digital India has the potential to become one of the most meaningful reforms for Indian businesses in recent history.

As we’ve mentioned in the past, India can fulfill the promise of reaching a double-digit growth for businesses in the near future. But, as the Doing Business reports keep not-so-subtly pointing out, our infrastructure moves like a burdened elephant, rather than a ferocious tiger.

If we want to compete with the swift eagle (U.S) & the nimble dragon (China),we need to adopt tech-savvy practices which help us speed up business in every way – like digital signature certificates to attest the soft copies of documents & invoices. Yet, for many business owners, such practices are either too time-consuming to implement, or have little accessible information about their benefits for them to be understood well.

This is where Digital India can help. Last time, we had a chat about the DigiLocker service, and its possible benefits to Indian SMBs.

This next service which we address today birthed from a realization that digitally signing documents is an important basic amenity in the 21st century. But, it can’t be scaled if the plan calls for a billion people to be provided their own USB pen drive – which is what was required with the Digital Security Certificate system.

This week, let’s talk about eSigning.

This article will answer the following questions:

  • How does eSigning work?
  • How does it differ from regular Digital Security Certificates (DSCs)?

We will continue our conversation on how this impacts businesses in India in the next article of this week.

What Is eSigning?

Before we get into the ‘how’, we need to clear the ‘what’. And no – eSigning is not the same as getting a digital signature from a government-approved authority.

An eSign is an electronic signature which requires no prior paperwork, as long as you’re a registered Aadhar user. It can be instantly applied for, and approved for, a single-use validity of half an hour.

This differs from an issued long-term Digital Signature Certificate,which has a validity of one to three years, and is usually carried around in a dedicated USB device.

If you’re a user of eSign, this is how the process will seem to you:

  • You sit at a regular computer terminal, or a specific one installed by the service provider if you want to provide biometric data.
  • You verify your biometrics through the hardware installed by the provider, or through a One-Time Password (OTP).
  • You instantly receive a single-use eSignature to affix to whichever document you wish, as long as you use it within the next half an hour.
  • That’s it. You’re done. No, we’re not kidding.

Unlike the usual use of the term ‘eSigning’, however, the eSignature services launched under the Digital India campaign do not refer to a traced, handwritten signature on a digital screen or pad.

Instead, these eSignatures are highly regulated, legally binding, valid identity proxies which are issued only after the confirmation of biometric data such as fingerprints or iris scans, or through OTPs sent to the mobile number registered to the user’s Aadhar card.

Of course, there’s a lot more which goes on behind the scenes.

How eSigning Works

The biggest advantage of eSigning as a technological tool is that it’s absurdly simple to use for the end-consumer. However, since it’s a highly regulated service, the behind-the-scenes machinations are significantly more complex.

In the beginning, the architecture of the system is heavily derived from the Application Service Provider (ASP) which is choosing to provide this service to its users. One example of such a service is eMudhra’s emLocker service, which is currently allowing its users to eSign their documents. Another is the Indian government’s DigiLocker.

When a user accesses the eSignature service, the ASP creates the application interface – which acts like an application form. This API is used to access a partner eSign Service Provider (ESP), which is a government-approved entity that is registered as an eKYC authentication user under the UIDAI.

When this connection is established, the user provides an authentication of their identity based on the information saved under their Aadhar profile – either through fingerprint or iris scans, or through an OTP verification code sent to the mobile registered to their Aadhar. As soon as this information matches the saved KYC information in the Indian government’s database, a Certifying Authority – another government-regulated and approved entity –issues a temporary Digital Signature Certificate (DSC). In cases of entities like eMudhra, the Certifying Authority may also be an ESP.

A key pair is generated for that DSC, and an audit trail containing the authentication response and timestamp are created. The ASP finally receives the eSignature from the ESP, which can then be attached to the document. Once received, the user can now fix the signature to the document, and the key is then automatically destroyed after a one-time use.

What Does This Mean For The Future? In Closing

What this means for the future, Ladies & Gentlemen, is rather simple. Imagine a future India where the small-time farmer can self-attest documents online to receive faster access to government services and programs, or where his buyers sign and return invoices online to speed up his receivables due.

Imagine a future where, instead of having to attest twenty copies in thirty different departments when setting up a business, small-time entrepreneurs can simply save their documents on DigiLocker and attest them using eSign services – thus saving them days’ worth of physically running around, eventually helping them set up faster.

Imagine a future where a mistyped document submitted for a business visa would no longer require another appointment and a day at the relevant authorities. Instead, you self-attest the correct document online and send them a link.

Or an India where eInvoicing becomes the norm, like so many developed and developing countries in the world. Psst, by the way, eInvoicing can help cut as many as five days from the invoicing process, and so get you paid much faster. But more on that later.

Getting back to the point, that India isn’t so far ahead in the future. In fact, with eSigning and Digital Locker integration within services such as emLocker and DigiLocker, that India is already at our doorstep.

But then, we are but one voice. How helpful do you believe eSigning to be in the larger picture? Let us know in the comments section below.

with Inputs from Aniket Saksena 

Era of Open APIs

APIs are important public goods that must be done right. They must not be held captive to commercial interests. This is why iSPIRT is helping Government in this area. iSPIRT’s work is inspired by Open Source movement and IETF methods. It fits with our charter of creating public goods without public money.
GSTN teamOur Open API effort is based on some core principles:
– Like IETF, iSPIRT is not a member organization. Participation is “People, not companies”.
– “Design is a team sport”. Focus is on building a modern architecture for country-scale technology systems.
– iSPIRT API Teams have people who are “Competent experts that are completely free of conflicts”.
– Technical decisions emerge from intense discussion. They are informed by prototypes, not theory. Motto is: “Code walks, bullshit talks”.
Today Economic Times carries an article about this Open API effort.  The article conveys the progress that we are making. More is on its way.
Source: Economic Times

We will soon be launching a micro-site to build engagement with your community. Watch this space.