DIGITAL SIGNATURE


Digital Signature nowadays a most important but highly unprotected personal property of an individual just next to his figure prints and unprotected payment instruments – UPIs, credit or debit cards or cheque books. If no fraud has been committed misusing a Digital Signature in last 10 days it is because no fraudster know the true power of a Digital Signature or you have placed your digital signature certificate in a hand of a person of integrity.

Fraud using the digital signature is not new or unheard. This is the reason why government has improved security features and way of issuing Digital Signature certificates in the last 15-20 years.

There are many laymen who think digital signatures are scanned copy of the physical signature. Please call these as Scanned Signature are not Digital Signature. There is something else also called Electronic Signature in public parlance which is being used in commercial contracts of basic nature. For example, the use of the software generated design of your name on an online contract. These are not valid signature under the Information Technology but the contract so signed may be a valid contract under the Indian Contract Act, 1872.

Digital Signature and Digital Signature Certification are defined under the Information Technology Act, 2000. “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3 of Information Technology Act, 2000. The authentication of the electronic record shall be effected by the use of the asymmetric cryptosystem and hash function which an envelop and transform the initial electronic record into another electronic record.

Digital signature certificates are issued by one of “Certifying Authorities” on the basis of PAN (or Passport in case of foreigners) and Address proof. These Certifying Authorities are regulated by Controller of Certifying Authorities (CCA).

CONTROLLER OF CERTIFYING AUTHORITIES (CCA)

The Controller of Certifying Authorities (CCA) has been appointed by the Central Government under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promoting the growth of E-Commerce and E-Governance through the wide use of digital signatures.

The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the Act.

The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. The CCA also maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.

As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now under the Information Technology Act, 2000 accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents.

LICENSED CERTIFYING AUTHORITIES

Presently, there are 15 Licensed Certifying Authorities which issues various classes of digital signature certificates to natural and legal persons. These licensed certifying authorities included the Indian Air Force and Indian Army, which issue these signatures to their officers only.

For offering fully paperless citizen services, mass adoption of the digital signature is necessary. Simple to use online service is required to allow everyone to have the ability to digitally sign electronic documents.

Issuing a Digital Signature Certificate

To sign a legally valid contract with a legally valid digital signature, a person the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA) licensed by the Controller of Certifying Authorities (CCA) under the Information Technology (IT) Act, 2000. Before a CA issues a DSC, the identity and address of the signer must be verified.

There are three classes of Digital Signature Certificates. For the personal and commercial purpose, we require either class two or class three Digital Signature Certificates. Ideally, one person needs only one Digital Signature Certificates.

However, a person holding lower assurance Class 2 certificate may require higher assurance Class 3 certificates for certain application or purposes. The higher assurance Class 3 certificates can be used where ever application requires lower assurance Class2 certificate.

Documentary Requirement

  • Class 1: The verification requirements are (i) Aadhaar eKYC Biometric or (ii) paper-based application form and supporting documents or (iii) Aadhaar eKYC OTP + Video Verification. The Private Key generation and storage can be in software mean with or without e-token.
  • Class 2: The verification requirements are (i) Aadhaar eKYC Biometric or (ii) Paper-based application form and supporting documents or (iii) Aadhaar eKYC OTP + Video Verification. The Private Key generation and storage should be in Hardware cryptographic device validated to FIPS 140-2 level 2 means an e-token only.
  • Class 3: The verification requirements are (i) Aadhaar eKYC Biometric or (ii) Paper-based application form and supporting documents and (physical personal appearance before CA or Video verification) or (iii) Aadhaar eKYC OTP + Video Verification. The Private Key generation and storage should be in Hardware cryptographic device validated to FIPS 140-2 level 2 means an e-token only.

LEGAL IMPACT OF DIGITAL SIGNATURE

A contract signed using Digital Signature Certificate is a legally valid contract. Almost all government contracts, tenders, sensitive application and licenses are signed with higher assurance Class 3 certificates.

Most of us have uses these digital signature certificates for filing of various forms with various regulators and tax authorities like Ministry of Corporate Affairs, Tax authorities, SEBI,  RBI and few others. Whiling doing so we do not realize highly sensitive nature of these digital signatures.

We do not realize that digital signature was originally and still aims to sign sensitive property contracts, high-value government contracts, inter-corporate contracts, loan and mortgage documentation, promissory notes, etc not just for so-called routine forms.

Presently one of the most sensitive contract we sign using digital signature is the formation of companies and Limited Liability Partnerships.

In case, you or your company secretary think that inserting your digital signature certificate is a routine task to delegate, this is dangerous thinking.

Aishwarya Mohan Gahrana

Bibliography: http://cca.gov.in/

Subscribe on WhatsApp; Send a WhatsApp message “Subscribe AishMGhrana” to +91 96503 38103. For Email Subscription use this form –

Enter your email address to follow this blog and receive notifications of new posts by email.

No professional query in comments (but in mail). Only academic discussion here. Comments moderated. Sometime, I reply to your mail ID.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.