Home   Best Sellers   Blogging   Coding & Design   Technology   SEO   Travel & living   Career   Videos   Tips   Calculators     
Home  »     »     »  Is the documents uploaded to DigiLocker fully secure - Some concerns about Digilocker security

Is the documents uploaded to DigiLocker fully secure - Some concerns about Digilocker security

Wednesday, September 7, 2016

India's National Digital Locker System - DigiLocker

In 2015 Govt of India had launched an Aadhaar based, centralized secured National Digital Locker System. With this a user can store the digitally formatted documents and agencies can verify this in a fast and easy manner. Those having an Adhar card can login to www.digilocker.gov.in and upload their scanned copies of all important documents like education certificates, bills, marklists, Id Proofs etc.

 You can upload pdf, JPG, JPEG, png, gif types of files. So when ever you will need those documents for verification by Government / recruitment agencies while applying for servcie or job, you can directly give your DigiLocker number.

Recently I created a Digilocker account and uploaded some docs. It was simple and easy process. One time Password (OTP) security is implemented in several steps to improve the security of the system. Storing documents digitally in a central store is really cool idea, it will really save papers. 


Along with this some concerns disturbed me. It was with the files we share through email using the "Share" option associated with each uploaded documents. When clicking the share link we are asked to enter an Email Id to which a Url to access our digital document is sent. Suppose if we unknowingly share document links to a person who is a fraudster, he can simply forward that link to other people and they can easily view and download our document and can use it for any illegal activities. For example they can use our aadhar document for getting SIM cards. How can we track that?

Security issue with Email sharing option for sharing digilocker documents

I think the simple email share option with out any verification is not at all secure.   One thing you can do is to allow the access of the documents only to a person or institution registered with digilocker, by this we can atleast track  the user who had accessed that document.  Instead of simply sharing the document link, a user should be given an option to select the registered receiver and allow the receiver to access the document. After allowing the access send a notification to the receiver via mobile or email regarding the access privilege. Also the owner of the user should have the option to revoke the access permission.


Water Marking and login check

If you are sharing a link via email, then the received should first login to the  digilocker portal (digilocker.gov.in)  and then only they should view or download the document.

Also on the docs displayed / downloaded at receiving end, please add a DigiLocker water mark and also put the user id or any other identification data of receiving end user .

If you have any queries related to DigiLocker system, please contact at the address given at   DigiLocker Contact Page or send email to  support[at]digitallocker[dot]gov[dot]in.

DigiLocker Address
DigiLocker Project
National E-Governance Division,
Ministry of Electronics & Information Technology,
4th Floor, Electronics Niketan, 6, CGO Complex,
New Delhi -110003, INDIA
Web: www.digilocker.gov.in
Email : support@digitallocker.gov.in

There a lots of things you should take care of before giving your Personal ID proof copies to a service provider.Check Remember this before passing copies of your KYC documents to others to know more about safe guarding your documents.

Please comment your suggestions to make the digilocker system more secure.



How to link to this page?
If you wish to link to this page from your website, simply Copy and paste the above HTML code to your web page. It will appear on your page as:
Is the documents uploaded to DigiLocker fully secure - Some concerns about Digilocker security.




Share this!




comments powered by Disqus

This Weeks 7 Popular Posts


Subscribe to Recent Posts by Email
Stay connected to CROZOOM with regular Email notices of new Techie articles and IT Jobs. Updates will be delivered to your Inbox as soon as they are posted online.

Enter Your Email Address:  

Delivered by FeedBurner   RSS Feed

Search this Blog   



Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »