Certifying authorities
As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity
to the digital signatures based on asymmetric cryptosystems. The digital signatures are now
accepted at par with handwritten signatures and the electronic documents that have been
digitally signed are treated at par with paper documents.
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the
working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.
The Controller of Certifying Authorities (CCA) has been appointed by the Central Government
under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into existence
on November 1, 2000. It aims at promoting the growth of E-Commerce and E- Governance
through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority
(RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying
Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the
Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India(RCAI). The CCA also maintains the Repository of
Digital Certificates, which contains all the certificates issued to the CAs in the country.
Appointment
Controller of certifying authorities appointed by central govt by notification in the
official gadget and assistant controllers may also be appointed as the government
think fit. (under sec 17)
Functions (section 18)
Exercising supervision over the activities of the Certifying Authorities.
Certifying public keys of the Certifying Authorities
Laying down the standards to be maintained by the Certifying Authorities;
Specifying the qualifications and experience which employees of the Certifying
Authorities should possess;
Specifying Authorities shall conduct their business Specifying the content of written,
printed or visual material and advertisements that may be distributed or used in respect
of a Electronic Signature Certificate and the Public Key;
� Specifying the form and content of a Electronic Signature Certificate and the key.
Specifying the form and manner in which accounts shall be maintained by the Certifying
Authorities;
Specifying the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them.
Facilitating the establishment of any electronic system by a Certifying Authority either
solely or jointly with other Certifying Authorities and regulation of such systems;
Specifying the manner in which the Certifying Authorities shall conduct their dealings
with the subscribers;
Resolving any conflict of interests between the Certifying Authorities and the
subscribers;
Laying down the duties of the Certifying Authorities;
Maintaining a data-base containing the disclosure record of every Certifying Authority
containing such particulars as may be the conditions subject to
which the Certifying specified by regulations, which shall be accessible to public.
Recognition of foreign Certifying Authorities (under section 19)
The Controller may recognise any foreign Certifying Authority as a Certifying Authority for the
purposes of this Act with the prior approval by central government.
Controller may revoke the recognition by notification in official gadget ,if the certifying authority
contravenes any regulation or restriction.
Controller is the repository of all digital signature certificates issued under the act.
(section 20)
(section 22) Application shall be in the form as prescribed by the central government.
Every application for issue of a licence shall contain:
(a) a certification practice statement; (b) a statement including the procedures with
respect to identification of the applicant; (c) payment of such fees, not exceeding
twenty-five thousand rupees as may be prescribed by the Central Government; (d) such
other documents, as may be prescribed by the Central Government.
