1.

Minimizing usage of physical documents (no scan/photocopies, no physical

papers)

via electronic formats and sharing across agencies; and

2. Eliminating usage of fake documents (no fake govt/degree certificates, no fake

usage

Digital Locker Technology Specification (DLTS) – Version 2.3

Page 2 of 16

of someone else’s certificate) via a mechanism to verify “authenticity” of government

issued documents online.

3. Provide a default “digital locker” for people to store and access Government
issued

documents in the Government cloud if they wish to subscribe.

An Initiative towards Paperless Governance

DigiLocker is a key initiative under Digital India, the Indian Government’s
flagship program aimed at transforming India into a digitally empowered
society and knowledge economy. DigiLocker ties into Digital India’s
visions areas of providing citizens a shareable private space on a public
cloud and making all documents / certificates available on this cloud.
Targeted at the idea of paperless governance, Digi Locker is a platform
for issuance and verification of documents & certificates in a digital way,
thus eliminating the use of physical documents. Indian citizens who sign
up for a DigiLocker account get a dedicated cloud storage space that is
linked to their Aadhaar (UIDAI) number. Organizations that are
registered with Digital Locker can push electronic copies of documents
and certificates (e.g. driving license, Voter ID, School certificates)
directly into citizens lockers. Citizens can also upload scanned copies of
their legacy documents in their accounts. These legacy documents can
be electronically signed using the eSign facility.

Digi Locker can be accessed at https://digilocker.gov.in

Senior citizen unable to connect
Small investment like internet , computer or smart ph ,
Rural area very less internet connectivity
Only Aadhar cardholders can use the DigiLocker app- For
making an account on DigiLocker, it is necessary to provide the
Aadhar number of an individual
NRIs cannot use the DigiLocker app- For creating an account
with DigiLocker, the mobile number must be registered in India

Objectives of such digital repository solution are:

1. Eliminate need for the residents to maintain hard copy of
government issued documents.
2. Eliminate need for the residents to produce (in hard
format) government issued documents, while applying for
services.
3. Provide secure and consented access of government
issued documents to user agencies.
4. Reduce administrative burden, service fulfillment time,
and costs by enabling paperless transactions.
5. Ensure all the documents issued to the residents are
available to him/her anywhere anytime, in a standard format
which can be shared with any other department.
6. Provide an open, interoperable, multi-provider
architecture to ensure departments and states have flexibility
to use best document repository for their purposes.
7. Provide an architecture that can support well-structured
future documents as well as a mechanism to digitize older
documents that may not have machine readable formats. 8.
Provide a default portal and mobile application for residents
to view their documents in a consolidated way

 Benefits to Citizens

1. Important Documents Anytime, Anywhere!

2. Authentic Documents, Legally at Par with Originals.

3. Digital Document Exchange with the consent of the citizen.

4. Faster service Delivery- Government Benefits, Employment, Financial

Inclusion, Education, and Health.

 Benefits to Agencies

1. Reduced Administrative Overhead: Aimed at the concept of paperless

governance. It reduces the administrative overhead by minimizing the
use of paper and curtailing the verification process.

2. Digital Transformation: Provides trusted issued documents. Issued

Documents available via DigiLocker are fetched in real-time directly
from the issuing agency.

3. Secure Document Gateway: Acts as a secure document exchange

platform like payment gateway between trusted issuer and trusted
Requester/Verifier with the consent of the citizen.

4. Real Time Verification: Provides a verification module enabling

government agencies to verify data directly from issuers after
obtaining user consent.

Safe and secure ensure your data is protected and uncompromised.

We adopt following practices:

i. Standard Practices: Digi Locker follows standard software development

practices of uniform coding standards, guidelines and reviews. Every release
is reviewed and tested internally for security and penetration vulnerabilities
before getting deployed on our servers.
ii. 256 Bit SSL Encryption: Digi Locker uses 256 bit secure socket layer
(SSL) Encryption for information transmitted during any activity.
iii. Mobile Authentication based Sign Up: Digi Locker uses mobile
authentication based signup via OTP (one time password) for authenticating
users and allowing access to the platform.
iv. ISO 27001 certified Data Centre: The application is hosted on ISO 27001
security certified data centre.
 v. Data Redundancy: Data is backed up in secure environment with proper
redundancy.
vi. Timed Log Out: To protect citizen’s account from unauthorized access, our
system is designed to terminate session automatically if extended inactivity
is detected.
vii. Security Audit: Digi Locker audited by recognized audit agencies and the
application security audit certificate are obtained at regular intervals.
viii. User Consent Based System: The data from DigiLocker is shared only with
the citizen's explicit consent. All sharing and access activities are logged and
conveyed to the citizen. Organizations that need access to citizens'
certificates need to register on DigiLocker and seek explicit consent from the
citizen.

ix. Repository: Collection of e-documents that is exposed via standard APIs for
secure, real-time access.

x. Access Gateway: Secure online mechanism for requesters to access e-

documents from various repositories in real-time using URI (Uniform
Resource Indicator).

Proposed Architecture

This section covers solution architecture in detail including terminology used, high
level

architecture diagram, document identification scheme, document issuance lifecycle,

document

sharing scheme, and some examples.

Key Terminology

1. Electronic Document or E-Document – A digitally signed electronic document in

XML

format issued to one or more individuals (Aadhaar holders) in appropriate format

Compliant to DLTS specifications. Examples:

· Degree certificate issued to a student by a university.

· Cast certificate issued to an individual by a state government department.

· Marriage certificate issued to two individuals by a state government department.

2. Digital Repository – A software application complying with DLTS specifications,
hosting

a collection (database) of e-documents and exposing a standard API for secure real-
time

Access.

· While architecture does not restrict the number of repository providers, it is

recommended that few highly available and resilient repositories be setup and

encourage everyone to use that instead of having lots of repositories.

3. Digital Locker- A dedicated storage space assigned to each resident, to store

authenticated documents. The digital locker would be accessible via web portal or

mobile application.

4. Issuer – An entity/organization/department issuing e-documents to individuals in

DLTS

compliant format and making them electronically available within a repository of their

choice.

5. Requester – An entity/organization/department requesting secure access to a

particular e-document stored within a repository. Examples:

· A university wanting to access 10th standard certificate for admissions

· A government department wanting to access BPL certificate

· Passport department wanting to access marriage certificate

6. Access Gateway – A software application complying with DLTS specifications

providing

an online mechanism for requesters to access an e-document in a uniform way from

various repositories in real-time.

· Gateway services can be offered by repository providers themselves.

· While architecture does not restrict the number of repository providers, it is

suggested that few resilient and highly available central gateway systems be

setup and requesters can signup with any one of the gateways for accessing

documents in the Digital repositories.

7. Document URI – A unique document URI mandatory for every document. This
unique

Digital Locker Technology Specification (DLTS) – Version 2.3

Page 5 of 16

URI can be resolved to a full URL to access the actual document in appropriate

repository.

· Document URI is a persistent, location independent, repository independent,

issuer independent representation of the ID of the document.

· The existence of such a URI does not imply availability of the identified resource,

but such URIs are required to remain globally unique and persistent, even when

the resource ceases to exist or becomes unavailable.

· While document URI itself is not a secret, access to the actual document is secure

and authenticated.