Electronic Signature Certificates

Written By BareMinLaw

Section 35. Certifying authority to issue electronic signature Certificate.

35(1).

  • Any person is permitted to apply for an Electronic Signature Certificate.

  • There is no restriction on who may apply.

  • The application must be made to a Certifying Authority.

  • The application is for the issue of an Electronic Signature Certificate.

  • It must be submitted in the form specified by the Central Government.

35(2).

  • An application for an Electronic Signature Certificate must be filed along with a fee.

  • The amount of the fee is prescribed by the Central Government.

  • The fee cannot exceed ₹25,000.

  • The payment is to be made to the Certifying Authority.

    1. The Government can charge different fees to different types of applicants.

    2. When fixing the fee under 35(2):

      1. The Central Government is not required to prescribe a single uniform fee.

      2. It may set different fee amounts for different categories or classes of applicants.

35(3).

  • Each application must include certain supporting documents.

  • Every application must be submitted along with a Certification Practice Statement (CPS).

  • If a Certification Practice Statement does not exist,

  • the applicant must instead submit a statement containing the required details.

  • The details to be included are those specified by regulations.

35(4).

  • Once the Certifying Authority receives an application under 35(1), it will examine the application.

  • It will consider the Certification Practice Statement or the alternative statement submitted under 35(3).

  • The Certifying Authority may also conduct any enquiries it thinks necessary.

  • After this examination, it may either:

    1. Grant the Electronic Signature Certificate.

    2. Reject the application.

  • If the application is rejected, the Certifying Authority must record the reasons for rejection in writing.

  • An application cannot be rejected without giving the applicant a fair chance to respond.

    1. The Certifying Authority cannot directly reject an application.

    2. Before rejection, the applicant must be given a reasonable opportunity.

    3. This opportunity allows the applicant to explain, justify, or correct issues.

    4. The applicant can show cause why the application should not be rejected.

Section 36. Representations upon issuance of Digital signature Certificate.

  • When a Certifying Authority issues a Digital Signature Certificate, it must officially confirm certain facts which includes:

  • (a).

    1. The Certifying Authority declares that it has complied with the Act.

    2. It has also followed all rules and regulations made under the Act.

    3. The Certifying Authority certifies that the certificate is issued strictly in accordance with the law.

  • (b).

    1. The Certifying Authority confirms proper publication and acceptance of the certificate.

    2. The Certifying Authority has published the Digital Signature Certificate or has made it available to people who rely on it.

    3. The subscriber has accepted the Digital Signature Certificate.

  • (c).

    1. The Certifying Authority certifies that the subscriber possesses the correct private key.

    2. The subscriber holds the private key.

    3. This private key corresponds to the public key mentioned in the Digital Signature Certificate.

    4. The key pair therefore belongs to the subscriber.

  • (ca).

    1. The Certifying Authority certifies the usability of the subscriber’s private key.

    2. The subscriber possesses a private key.

    3. That private key is capable of generating a digital signature.

    4. In other words, the key is valid and functional for signing electronic records.

  • (cb).

    1. The Certifying Authority certifies that the key pair works correctly.

    2. The public key mentioned in the certificate can be used to verify a digital signature.

    3. That digital signature must be one created using the subscriber’s private key.

    4. This confirms that the public and private keys are correctly linked.

  • (d).

    1. The Certifying Authority confirms that the subscriber’s keys properly work together.

    2. The subscriber’s public key and private key are mathematically linked.

    3. They together form a valid and functioning key pair.

  • (e).

    1. The Certifying Authority confirms the correctness of the certificate details.

    2. All the details mentioned in the Digital Signature Certificate are correct.

    3. The information has been verified for accuracy.

    4. There are no false or misleading details in the certificate.

  • (f).

    1. The Certifying Authority confirms there is no hidden issue affecting the certificate’s reliability.

    2. The Certifying Authority states that it is not aware of any important fact.

    3. Such a fact, if it were included in the Digital Signature Certificate, would reduce or harm the reliability of the assurances given earlier clauses ( a-d).

Section 37. Suspension of Digital Signature Certificate.

37(1).

  • A Digital Signature Certificate can be temporarily stopped from being used.

  • This power is subject to 37(2).

  • The Certifying Authority that issued the Digital Signature Certificate has the authority to act.

  • It may suspend the Digital Signature Certificate in the following cases:

  • (a).

    1. Suspension may be done on receiving a request from:

    2. (i). The subscriber whose name appears in the Digital Signature Certificate.

    3. (ii). Any person who is properly authorised to act on behalf of that subscriber.

  • (b).

    1. if it believes that suspending the Digital Signature Certificate is necessary in the public interest.

37(2).

  • A Digital Signature Certificate cannot be suspended for more than 15 days.

  • If it is to be suspended beyond 15 days, the subscriber must first be given an opportunity to be heard.

  • This allows the subscriber to present their side or explanation.

37(3).

  • The subscriber must be informed if their Digital Signature Certificate is suspended.

  • When a Digital Signature Certificate is suspended, the Certifying Authority must inform the subscriber.

Section 38. Revocation of Digital Signature Certificate.

38(1).

  • A Certifying Authority may revoke (cancel) a Digital Signature Certificate issued by it in the following cases:

    1. (a). When the subscriber, or any other person authorised by the subscriber, requests revocation.

    2. (b). When the subscriber dies.

    3. (c). When the subscriber is a firm or a company, and that firm is dissolved or the company is wound up.

38(2).

  • A Certifying Authority can revoke a Digital Signature Certificate on its own decision.

  • This power is subject to 38(3).

  • It is in addition to, and does not limit, the grounds mentioned in 38(1).

  • The Certifying Authority that issued the Digital Signature Certificate may revoke it at any time.

  • Revocation can be done if the Certifying Authority believes that the following conditions exist:

  • (a).

    1. A significant fact stated in the Digital Signature Certificate is false or has been hidden or not disclosed.

  • (b).

    1. One or more conditions required for issuing the Digital Signature Certificate were not actually met.

  • (c).

    1. The Certifying Authority’s private key or security system has been compromised.

    2. This compromise seriously affects the reliability of the Digital Signature Certificate.

  • (d).

    1. The subscriber has been declared insolvent so they are legally unable to pay their debts.

    2. The subscriber has died or of the subscriber is a firm or a company:

      1. The firm or company has been dissolved.

      2. The company has been wound up.

      3. The firm or company has otherwise stopped existing legally.

38(3).

  • A Digital Signature Certificate cannot be cancelled without hearing the subscriber.

  • The Certifying Authority cannot revoke a Digital Signature Certificate straight away.

  • Before revocation, the subscriber must be given an opportunity to be heard.

  • This allows the subscriber to explain or defend their position.

38(4).

  • When a Digital Signature Certificate is revoked under this section, the Certifying Authority must inform the subscriber of the revocation.

Section 39. Notice of suspension or revocation.

39(1).

  • When a Digital Signature Certificate is suspended or revoked under Section 37 or Section 38, then:

    1. The Certifying Authority must publish a notice of that suspension or revocation.

    2. The notice must be published in the repository specified in the Digital Signature Certificate.

    3. This repository is the place meant for public access to such status information.

39(2).

  • The suspension or revocation must be widely and properly communicated.

  • Sometimes, more than one repository is mentioned in the Digital Signature Certificate then In such cases:

    1. The Certifying Authority must publish the notice of suspension or revocation in every repository specified, not just one.

BareMinLaw https://bareminlaw.com
Previous

Regulation of Certifying Authorities

Next

Duties of Subscribers & Penalties , Compensation & Adjudication