USE OF DSC

Digital Signature Certificate (DSC) is affixed on

documents submitted in electronic form by the
authorised person. It ensures the security and
authenticity of the documents submitted
electronically. DSC is used for online transactions
such as Incorporation of company or LLP,
documents filed on the Ministry of Corporate
Affairs (MCA) portal, Income Tax e-filing is
validated using DSC.
 KINDS OF DSC

• Class 1 certificate: It is not legally recognized.

• Class 2 certificate: It is based on the identification of
the person that is required to be verified against a
reliable pre-verified database.
• Class 3 certificate: It is highest verification in this case.
Verifies a person in the presence of the Registration
Authority proves his identity.
• Lastly, businesses in India are using Digital Signatures
to sign documents like invoices, reports, contracts,
agreements, HR letters, and other such documents.
 Requirements for applying for a Digital
Signature Certificate

• Submission of DSC Application form duly filled

in by the applicant. Any individual applying for
a Digital Signature Certificate is required to fill
an Application Form for online submission and
verification of personal details by the certifying
authority.
• Producing Photo ID proof.
• Producing Address proof.
 STEP 1: Log on and select your type of entity

• Log on to the website of a Certifying Authority

licensed to issue Digital Certificates in India. Having
accessed the page, you will be guided to the “Digital
Certification Services” section. Now under the
“Digital Certification Services” section, click on the
type of entity for which you want to obtain the DSC:
“individual or organization”, etc.
• In case you are applying for an individual DSC, click
on “individual”. A new tab containing the DSC
Registration Form will appear. Download the DSC
Registration Form on your PC.
 STEP 2: Fill the necessary details

• Class of the DSC.

• Validity.
• Type: Sign & Encrypt.
• Applicant Name & Contact Details.
• Residential Address.
• GST Number & Identity Details of Proof Documents.
• Declaration.
• Document as proof of identity.
• Document as proof of address.
• Attestation Officer.
• Payment Details.
On filling up all the necessary details you must affix your recent
photograph and put your signature under the declaration. Check
thoroughly for completion of the form. Take a print of the
completed form and preserve it.

STEP 3: Proof of identity and address

The supporting document provided
as proof of identity and address must be
attested by an attesting officer. Ensure the sign
and seal of the attesting officer is visibly clear on
the supporting proof documents.
 STEP 4: Payment for DSC

A demand draft or cheque

must be obtained towards payment
for application of DSC in the name of
the Local Registration Authority
where you are going to submit your
application for verification. You can
find the details of the Local
Registration Authority according to
your city of residence by searching for
a Certifying Authority licensed to
issue Digital Certificates online.
 STEP 5: Post the documents required

 Enclose the following in an envelope:

• DSC Registration Form duly completed - Supporting
document for Proof of Identity and proof of address
attested by the attesting officer.
• Demand Draft/Cheque for payment.
• Address the enclosed envelope to the Local
Registration Authority (LRA) and post it to the
designated address of the LRA for further
processing.
• On completion of the above mentioned steps by
filling in the DSC Form and providing necessary
documents and payment, you have successfully
completed the application process for your Digital
Signature Certificate.
 Disadvantages of Digital Signature

• EXPIRE
Just like any other electronic device or technology it is based
and dependent on specific-type technology. In times of rapid
growth of sophisticated technology, many such products
have a short life.
• SOFTWARE
The sender and the recipient have to purchase the verification
software for the working of digital signature. It can be a
costly affair.
• COMPATIBILITY
The standards of digital signature are different and most of
them are contradictory to each other and create confusion
while sharing digitally signed documents.
DSC TOKEN
 The term “Electronic
Signature” is defined under
section 2(1) (ta) of the IT Act as
“authentication of any electronic
record by a subscriber by means
of the electronic technique
specified in the Second Schedule
and includes digital signature”.
Second Schedule lays down the
ES or electronic authentication
technique and procedure.
It includes:
• Second Schedule lays down the Electronic Signature
or electronic authentication technique and
procedure. It includes:
• e-authentication technique using Aadhar or other e-
KYC services.
• E-authentication technique or procedure for
creating and accessing subscriber’s signature key is
facilitated by a trusted third party (TTP). Here, the
Certifying Authorities (“CA”) have to ensure the
subscriber identity verification, secure storage of the
key by the trusted third party (TTP) and subscribers’
sole authentication control to the signature key.
• SECTION 2(1)(d):- Affixing [electronic
signature] with its grammatical variations
and cognate expressions means adoption of
any methodology or procedure by a person
for the purpose of authenticating an
electronic record by means of digital
signature.
• SECTION 2(1)(tb):- Electronic Signature
Certificate means an Electronic Signature
Certificate issued under section 35 and
includes Digital Signature Certificate.
• SECTION 2(1)(zg):- Subscriber means a person in
whose name the electronic signature Certificate
is issued.
• The “subscriber” is the person whose name
appears in an Electronic Signature Certificate.
Therefore, a subscriber refers to a person who is
authorized by the Certifying Authority with
respect to the electronic signature. With
reference to a DSC, the subscriber is the person
who is authorized to use that key pair.
 Section 3A of the I.T ACT
Act has been enacted keeping in mind these requirements under the Model Law
on E-Commerce and the need for maintaining technological neutrality:
(1) Notwithstanding anything contained in section 3, but subject to the
provisions of sub-section (2), a subscriber may authenticate any electronic
record by such electronic signature or electronic authentication technique
which—
(a) is considered reliable; and
(b) may be specified in the Second Schedule.
(2) For the purposes of this section any electronic signature or electronic
authentication technique shall be considered reliable if—
(a) the signature creation data or the authentication data are, within the context
in which they are used, linked to the signatory or, as the case may be, the
authenticator and to no other person;
(b) the signature creation data or the authentication data were, at the time of
signing, under the control of the signatory or, as the case may be, the
authenticator and of no other person
(c) any alteration to the electronic signature made after affixing such
signature is detectable;
(d) any alteration to the information made after its authentication by
electronic signature is detectable; and
(e) it fulfils such other conditions which may be prescribed.

(3) The Central Government may prescribe the procedure for the purpose
of ascertaining whether electronic signature is that of the person by
whom it is purported to have been affixed or authenticated.
(4) The Central Government may, by notification in the Official Gazette,
add to or omit any electronic signature or electronic authentication
technique and the procedure for affixing such signature from the
Second Schedule: Provided that no electronic signature or
authentication technique shall be specified in the Second Schedule
unless such signature or technique is reliable.
(5) Every notification issued under sub-section (4) shall be laid before
each House of Parliament.
 Use of Electronic
Signatures
(i) Click - Wrap Agreements - 'I accept' button on websites.

(ii) PIN Numbers - ATM cards, etc.

(iii) Digitized Image of Handwritten Signature.

(iv) Biometric Signatures - Electronic devices which scan fingerprints, hand

geometry, retina scans, voice recognition, etc.

(v) Signature Capture Devices - Devices such as tablets, signature pads, etc.
which capture handwritten signatures.

(vi) Identity Verification Services - E-mail validation, ID verification, etc.

Concept of Secure Electronic Signature.
Under Section 15 of the IT Act, an electronic signature is deemed to be
secure, if

(i)The data used to create the signature, i.e., a private key in the case of
digital signature, was, at the time of affixing the signature, under the
exclusive control of the subscriber only.

(ii)The data used to create the signature was stored and affixed in
prescribed, exclusive manner.

The concepts of secure electronic signature and secure electronic record

have been introduced to indicate the requirement of adoption of safety
practices by the parties involved. This is crucial for the maintenance of
security and integrity of information, especially from the perspective of
digital evidence.
 PUBLIC KEY INFRASTRUCTURE

• Public Key Infrastructure ("PKI") refers to the entire organizational structure that is
responsible for the establishment and maintenance of a reliable system of public key
cryptography. It has been defined under Schedule V of the CA Rules as follows:
• "The architecture, organization, techniques, practices, and procedures that collectively
support the implementation and operation of a certificate-based public key
cryptographic system. It includes a set of policies, processes, server platforms,
software and workstations, used for the purpose of administering Digital Signature
Certificate and keys.“
• The purpose of the PKI is to generate trust in the electronic environment. In the
absence of trust in the security of the transmission and the content of the
communication, e-commerce and e-governance will not find acceptance among
parties.
• The PKI is the medium that establishes the validity and legality of the digital
signatures being used by subscribers and of the bodies issuing digital signatures to
subscribers. It guarantees the authenticity of the electronic signatures, thereby
guaranteeing the enforceability of the electronic transaction for which the signature is
used. Its role in the electronic world is equivalent to that of a notary in the real world.
The legal basis for the PKI in India is found under Chapter VI of the IT Act, along
with various rules issued by the Government, such as the CA Rules and the IT
(Certifying Authority) Regulations, 2001. The hierarchy of the PKI which is
established hereby is as follows:

Controller of Certifying Authorities

Certifying Authorities

Subscriber
The Controller has set up two subsidiary bodies, the Root Certifying Authority
of India and the National Repository of Digital Certificates.

1. The Root Certifying Authority of India: The Root Certifying Authority of

India (the "RCAI") has been established by the Controller to perform it’s
function of licensing of CAs. This licensing is done through the issue of a
X.509 certificate, known as a Root certificate. It is the highest level of
certification in India. The license of a CA can be verified by a subscriber
through this certificate on the website of the Controller.

The RCAI issues the Certification Practice Statement (the "CPS")

which is adopted by the Controller, which is defined as follows:
“Certification Practice Statement means a statement issued by a
Certifying Authority to specify the practices that the Certifying Authority
employs issuing Electronic Signature Certificates.”
The CPS is a comprehensive document on the policies
adopted for the issuance and management of digital signature services.
 E-Governance
• E-Governance refers to the use of information technologies
by government, that have the ability to transform relations
with citizens, businesses and other arms of government.

• E-Governance in India has been initiated with the

following goals:
• i)Better service delivery to citizens
• ii)Ensuring transparency and accountability
• iii)Improved efficiency within Governments
• iv)Enhance interface with business and industry
• v)Empowering people through information
• Chapter III - (Section 4 - 10A) deal with E-Governance

 Following provisions create Functional Equivalence between Electronic &

Paper-Based Documents:

• Section 4:- Legal Recognition of Electronic Records

It recognizes electronic records and creates functional equivalence between
electronic records and paper based records.
• Section 5:- Legal Recognition of Electronic Signature
It recognizes electronic signatures and creates functional equivalence between
electronic signatures and handwritten signatures on paper based records.
• Section 7:- Retention of Electronic Records
• This provision aims to create functional equivalence between electronic records
and paper based records. It provides that a requirement under law for retention of
documents/records is deemed to be satisfied if such documents/records are
retained in electronic form such that the same can be accessed for future use
and it must be retained in the same format as when it was originally
generated. Details regarding the e-documents/records regarding its origin,
time of dispatch and receipt are available in electronic form.
• Section 7A:- Audit of Electronic Documents
This section ensures that the level of security & transparency that
is prescribed by law with regard to a paper based record will also
be applicable to an electronic record.
• Section 10A:- Legal Recognition of E-Contracts
This section merely provides that the validity of such a contract
cannot be denied solely on the ground that it has been formed
using electronic means at any stage. The contract will continue to
be subject to every other law that is applicable to it for the
purpose of determining its validity.
 Following provisions establish a framework for an E-Governance
System:
• Section 6:- E-filing of forms, etc.
This section enables government agencies to accept forms &
payments for various services and to issue permits or licenses in
an electronic form.
• Section 6A:- Electronic Service Delivery
It provides for the delivery of various public services by
electronic means through third party service providers.
• Note:- E-Governance services require certain level of
technical expertise, creation of new digital infrastructure and
financial infusion. Thus this section enables the Govt to
authorize independent service providers to set up, maintain,
or upgrade the facilities required for the efficient provision of
e-government services.
• Section 8:- Electronic Gazette
This section provides for the publication of rules, regulations,
orders, bye-laws etc in the electronic gazette.
 Key point:- India’s Electronic Gazette can be found in the site,
“www.egazette.nic.in”
 Electronic Signature & Digital Signature (Imp.
Provisions)
• Section 14:- Secure electronic record
• Section 15:- Secure electronic signature - An
electronic signature shall be deemed to be a
secure electronic signature if –
• (i) the signature creation data, at the time of
affixing signature, was under the exclusive control
of signatory and no other person; and
• (ii) the signature creation data was stored and
affixed in such exclusive manner as may be
prescribed. (signature creation data means the
private key of the subscriber)
• Section 35:- Certifying authority to issue Electronic
Signature Certificate
• Section 37:- Suspension of Digital Signature
Certificate
i) Upon request made by subscriber or any other
person authorised by him
ii) It is so done in public interest
iii) Opportunity of being heard; and suspension shall
not exceed 15 days
• Section 38:- Revocation of Digital Signature
Certificate