KEMBAR78
Ch-29 Regulation of Certifying Authorities | PDF | License | Justice
Scribd
Upload
48 views11 pages

Ch-29 Regulation of Certifying Authorities

The document discusses the regulation of certifying authorities in India. It describes how the Central Government appoints a Controller of Certifying Authorities to license and regulate Certifying Authorities, which then issue Electronic Signature Certificates. It outlines the roles and responsibilities of the CCA and Certifying Authorities.

Uploaded by

Rashi singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views11 pages

Ch-29 Regulation of Certifying Authorities

The document discusses the regulation of certifying authorities in India. It describes how the Central Government appoints a Controller of Certifying Authorities to license and regulate Certifying Authorities, which then issue Electronic Signature Certificates. It outlines the roles and responsibilities of the CCA and Certifying Authorities.

Uploaded by

Rashi singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Chapter- 29

Regulation of Certifying Authorities

Central Government à Appoints Controller


of Certifying Authorities (CCA) à Gives
licence and regulates Certifying Authorities
(CA) à Certifying Authorities (CA) issues
Electronic Signature Certificate (ESC) i.e
Digital Signature Certificate to subscribers/
owners

Controller of Certifying Authorities (CCA)

The Controller of Certifying Authorities (CCA) is appointed by


the Central Government.

à CCA gives licence and regulates the working of Certifying


Authorities (CA)

à CCA also makes sure that none of the provisions of the IT


Act are violated
Appointment of CCA (Controller of Certifying
Authorities) and Other Officers

1. The Central Government may, by notification in the Official


Gazette, appoint a Controller of Certifying Authorities for the
purposes of this Act and may also by the same or subsequent
notification appoint such number of Deputy Controllers and
Assistant Controllers, other officers and employees as it
deems fit.

2. The Controller has to function under the general control


and directions of the Central Government.

3. The Deputy Controllers and Assistant Controllers shall


perform the functions assigned to them by the Controller
under the general superintendence (supervision) and control
of the Controller.

4. The Controller shall have the head office at a place


prescribed by the Central Government.

5. There shall be a seal of the office of the Controller.


Functions of CCA

1. To act as regulator of certifying authorities (CA)

à Exercising supervision over the activities of the Certifying


Authorities

à Certifying public keys of the Certifying Authorities

à Laying down the standards to be maintained by the


Certifying Authorities

à Specifying the qualifications and experience which


employees of the Certifying Authorities should possess

à Specifying the conditions subject to which the Certifying


Authorities shall conduct their business

à Specifying the form and manner in which accounts shall


be maintained by the Certifying Authorities

à Specifying the terms and conditions subject to which


auditors may be appointed and the remuneration to be paid
to them

à Facilitating the establishment of any electronic system by


a Certifying Authority either solely or jointly with other
Certifying Authorities and regulation of such systems

à Specifying the manner in which the Certifying Authorities


shall conduct their dealings with the subscribers
à Resolving any conflict of interests between the Certifying
Authorities and the subscribers

à Laying down the duties of the Certifying Authorities

à Maintaining a data-base containing the disclosure record


of every Certifying Authority containing such particulars as
may be specified by regulations, which shall be accessible to
public.

2. To recognize the foreign certifying authority

Controller can recognize any foreign certifying authority.

3. To grant licence to CA’s

So, that CA’s can issue Electronic Signature Certificate such as


DSC (Digital Signature Certificate) to subscribers.

4. CCA can suspend the license of CA

à If CA fails to maintain acceptable standards

à If CA fails to follow terms and conditions

à If CA contravenes any provisions of IT Act

à If CA makes any false statement in relation to the issue or


renewal of license issued by CCA
Powers of CCA:

CCA can

à Authorize in writing, the deputy or the assistant controller


or any officer to exercise any of his powers

à Investigate any contravention of the act

à Can instructs CA or any of its employee to follow the


provisions of this act

à Can direct any agency of the government to take action


against any wrong information transmitted through any
computer resource

à Power to make regulations for fulfilling the purpose of the


act
Rules Regarding Issue of Licence by CCA to CA

1. Application for licence & Submission of application

Application form needs to be filled as may be prescribed.

And same needs to submitted to the relevant authorities


with the payment of non-refundable fee, Rs. 25,000 along
with the required statements.

2. Validity of licence

A licence shall be valid for a period of 5 years from the date


of issue and its non-transferrable.

3. Issuance of licence

If controller is satisfied that all the conditions and


qualifications are met then CCA issues a licence to CA.

CCA can also reject the application if applicant fails to


present his case to CCA in case required.

4. Renewal of licence

A non-refundable fee of Rs. 25,000 along with the relevant


application as may be prescribed by the Central Government
need to be submitted not less than 45 days before the expiry
of the period of validity of licence.
5. Suspension of licence

CCA can suspend the license of CA

à If CA fails to maintain acceptable standards

à If CA fails to follow terms and conditions

à If CA contravenes any provisions of IT Act

à If CA makes any false statement in relation to the issue or


renewal of license issued by CCA

No CA whose licence has been suspended shall issue any ESC


(Electronic Signature Certificate i.e Digital Signature
Certificate) during such suspension.
Definition and Role/ Functions of Certifying
Authority (CA)

Certifying Authority (CA) means a person who has been


granted a licence to issue an Electronic Signature Certificate
that is Digital Signature Certificate.

Role of Certifying Authority (CA)

Certifying Authority (CA):

à Verifies the identity of the subscriber

à Issues digital certificates

à Maintains Certificate Revocation List (CRL)

This is the list of digital certificates which are no longer valid


and have been revoked and therefore should not be relied by
anyone.
Duties of Certifying Authority (CA)

1. To follow certain procedures regarding security system

à Hardware and software should be secured/ there should


be no misuse

à Services provided should be reliable

à To ensure the privacy of the subscribers

à To follow specific required standards


2. To ensure the compliance of the Act

3. To display the licence

CA must display its licence at a conspicuous (clearly visible)


place in the premises in which it carries on its business.

4. To surrender its licence

On suspension or revocation of licence CA must surrender its


licence to controller.

5. To make certain disclosures

CA needs to disclose:

à Its Electronic Signature Certificate


à Any relevant certification practice statement

Certification practice statement shows the practices CA


adopts in issuing Electronic Signature Certificates i.e Digital
Signature Certificate.

à Notice of suspension of its Certifying Authority licence, if


any

à Any other fact that materially and adversely affects either


the reliability of an Electronic Signature Certificate, which
that authority has issued, or the Authority’s ability to
perform its services
Electronic Signature Certificates (ESC)

It includes Digital Signature Certificate (DSC).

There are basically three types of DSC’s:

à Class I
à Class II

à Class III

Each class provides different level of security.

Purpose of Digital Signature Certificate (DSC)

(Purpose of DSC is same as the main uses of affixing of


“Digital Signature”- Chapter 26, PDF page no 1)
1. To authenticate the identity of sender

2. To authenticate the document sent

3. Non Repudiation

This means if an entity has signed some document then the


entity can’t deny the responsibility and liability arising out of
the document later on.

You might also like