Digital signature can be easily known as the electronic equivalent to the handwritten signature or stamps and seals. It is indeed a technique that mathematically validates the authenticity of a message, document and so on. It has some special features or benefits such as better inherent security and indeed solves the various issues such as tampering and impersonation. By authenticity, we get to know about the creator or signatory of the documents and that the same has not been edited or altered in any way since its creation. These digital signatures operate through a mechanism called encryption where the data is transferred from one computer to another in a certain code language such that it can be decoded only by the other computer. These are issued in the form of USB tokens to the individuals.
In India, the Ministry of Corporate Affairs issues Digital Signature Certificates (DSC). These certificates are equal to the physical certificates that are issued. They serve as a proof of one’s identity and help the individual to access the information and services and also affix their electronic signatures. These digital signature certificates are issued by a licensed certifying authority that has been expressly entrusted with this power as per Section 24 of the Information Technology Act, 2000.
Section 24 of the Information Technology Act of 2000 states that the certifying authority can grant or reject license for the digital signature certificates upon consideration and satisfaction that the documents filed by the applicant are in order. A proviso appended to the provision also states that the application shall not be rejected without giving a reasonable opportunity to the applicant to be heard and presenting his case.
The Ministry of Corporate Affairs issues three different types of digital signature certificates. The class 1 certificates are issued for both industrial and business use. These certificates are issued in order to confirm that the information and details provided in the application do not contradict with the information that has been updated to the recognized customer database.
The class 2 certificates also operate similar to that of class 1 certificates. These certificates are generally used in the cases of moderate risks and consequences of data compromise are there. The term moderate risk of data compromise includes risk of fraud, access to private information, transactions involving substantial monetary value and so on.
Class 3 certificates are called as the high assurance certificates and are issued to organizations as well as individuals. These certificates are mainly intended for E-Commerce applications. The special feature of this certificate is that these certificates are issued only upon the physical presence of the applicant before the certifying authority. These certificates are generally used for transactions that have high risk and threat of data compromise. These are also used in the case of transaction where the chances of the failure of security services are highly probable.
In the case of the Class 2 certificates, the verification of the identity of the person is done through pre-verified database. But in the case of Class 3 certificates, the individual must be physically present before the Registration Authority in order to verify their identity. This is one of the reasons why this class of digital signature certificates is considered to be one of the highest levels. Any one of the above two classes of certificates have to be obtained in order to undertake E-Filing of various requirements of the Government such as GST, etc.
The digital signatures are issued by various entities that undertake the process of compliance of all the requirements of law and application to obtain the digital signature certificates. In general, the digital signature certificate is issued within three to seven working days from the date of application for obtaining the certificate. These certificates are usually issued by the certifying authority with validity period of one to two years. The same can be renewed after the expiry of the validity period by the payment of the appropriate fee. Same as the renewal of the digital signature, the user can also revoke the digital signature within the validity period or subsequent to the expiry of the validity period upon the necessary application to the certifying authority and payment of the required fee. The banks can also avail this benefit and cal register their bank official digital signature.
Emudhra limited is one of the certifying authorities that issues digital signature certificates upon the authority given to by the Government of India and is licensed by the Controller of Certifying Authorities. They issue digital certificates and signature for various portals such as banking, railways, foreign trade, income tax, GST, etc.
Recently the Bombay Stock Exchange directed its registered brokers to submit digital signatures of the designated officers. This was an initiative in order to maintain a risk-based supervision system. The Lucknow University also made an announcement that all the mark sheets that are uploaded on the university website will contain digital signatures. This was undertaken as a measure to curb the making of fake certificates and documents.
The process of obtaining digital signature certificate from the certifying authority is as follows. The applicants along with the original supporting documents and self attested copies can approach the certifying authority. In a case where the certifying authority issues the digital signature certificate using the Aadhar E-KYCs, the supporting documents need not be submitted to the certifying authority. In turn, the applicant can also produce a certificate or a letter that has been duly certified by the Bank Manager, containing the information and details of the applicant as per the bank records.