Professional Documents
Culture Documents
Module VII
Module VII
(i) the applicant has not provided the Controller with such
information relating to its business, and to any
circumstances likely to affect its method of conducting
business, as the Controller may require; or
(ii) the applicant is in the course of being wound up or
liquidated; or
(iii) a receiver has, or a receiver and manager have, been
appointed by the court in respect of the applicant; or
(iv) the applicant or any trusted person has been convicted,
whether in India or out of India, of an offence the conviction
for which involved a finding that it or such trusted person
acted fraudulently or dishonestly, or has been convicted of
an offence under the Act or these rules; or
(v) the Controller has invoked performance bond or banker's
guarantee; or
(vi) a Certifying Authority commits breach of, or fails to observe
and comply with, the procedures and practices as per the
Certification Practice Statement; or
(vii) a Certifying Authority fails to conduct, or does not submit,
the returns of the audit; or
(viii) the audit report recommends that the Certifying Authority is
not worthy of continuing Certifying Authority's operation; or
(ix) a Certifying Authority fails to comply with the directions of
the Controller.
Section 25 of the Act and Rule 14 of Information Technology (Certifying
Authorities) Rules, 2000 deals with ‘Suspension of licence’, it is provided
that, the Controller may revoke the licence, if he is satisfied after making
an inquiry, that a Certifying Authority has:
a) made a statement in, or in relation to, the application for the issue
or renewal of the licence, which is incorrect or false in material
particulars;
b) failed to comply with the terms and conditions subject to which the
licence was granted;
c) failed to maintain the procedures and standards specified in
section 30;
d) contravened any provisions of this Act, rule, regulation or order
made.
However, he cannot revoke a licence unless the Certifying Authority has
been given a reasonable opportunity of showing cause against the
proposed revocation.
Further, the Controller may by order suspend such licence pending the
completion of any enquiry ordered by him, if he has reasonable cause to
believe that there is any ground for revoking a licence. However, he
cannot suspend a licence for a period exceeding ten days unless the
Certifying Authority has been given a reasonable opportunity of showing
cause against the proposed suspension.
Any Certifying Authority shall not issue any electronic signature Certificate
during such suspension.
Section 35 of the Act deals with the issuance of the Electronic Signature
Certificate, it provides that, any person can make an application,
accompanied by fees, not exceeding twenty five thousand, to the
Certifying Authority for the issue of an Electronic Signature Certificate.
It is further provided that the application shall be accompanied by
certification practice statement or where there is no such statement, a
statement containing such particulars, as may be specified by regulations.
It is also provided that on receiving an application the Certifying
Authority may grant the electronic signature Certificate or for reasons to
be recorded in writing, reject the application, after consideration of the
certification practice statement or the other statement and after making
such enquiries.
[The certificate grated under Section 35(4) is a Digital Signature
Certificate, as defined in Section 2 (1) (q)]
However, the Certifying Authority cannot reject the application unless the
applicant has been given a reasonable opportunity of showing cause
against the proposed rejection.
Under Section 36, while issuing a Digital Signature Certificate, the
Certifying Authority shall certify that:
a) it has complied with the provisions of this Act and the rules and
regulations;
b) it has published the Digital Signature Certificate or otherwise
made it available to such person relying on it and the subscriber
has accepted it;
c) the subscriber holds the private key corresponding to the public
key, listed in the Digital Signature Certificate;
(ca) the subscriber holds a private key which is capable of creating
a digital signature;
(cb) the public key to be listed in the certificate can be used to
verify a digital signature affixed by the private key held by the
subscriber;
d) the subscriber's public key and private key constitute a functioning
key pair;
e) the information contained in the Digital Signature Certificate is
accurate; and
f) it has no knowledge of any material fact, which if it had been
included in the Digital Signature Certificate would adversely affect
the reliability of the representations in clauses (a) to (d).
Section 37 deals with the ‘Suspension of Digital Signature Certificate’, it
provides that, the Certifying Authority may suspend the issued Digital
Signature Certificate:
a) on receiving request from:
i. the subscriber listed in the Digital Signature
Certificate; or
ii. any person duly authorised to act on he behalf of
that subscriber.
[‘Subscriber’ is defined under Section 2(1) (zg) as subscriber means a
person in whose name the electronic signature Certificate is issued]
b) or if it is of the opinion that the Digital Signature Certificate
should be suspended in public interest.
However, the Digital Signature Certificate shall not be suspended for a
period exceeding fifteen days unless the subscriber has been given an
opportunity of being heard in the matter.
The suspension of such certificate shall be communicated to the
subscriber.
Section 38 deals with ‘Revocation of digital signature certificate’, it
provides that, the Certifying Authority may revoke a Digital Signature
Certificate:
a) where the subscriber or any other person authorised by him makes
a request to that effect; or
b) upon the death of the subscriber; or
c) upon the dissolution of the firm or winding up of the company
where the subscriber is a firm or a company.
Without prejudice to the previous sub-section and subject to sub-section
(3), the Certifying Authority may revoke a Digital Signature Certificate,
if:
a) a material fact represented in the Digital Signature Certificate is
false or has been concealed;
b) a requirement for issuance of the Digital Signature Certificate was
not satisfied;
c) the Certifying Authority's private key or security system was
compromised in a manner materially affecting the Digital
Signature Certificate's reliability;
d) the subscriber has been declared insolvent or dead or where a
subscriber is a firm or a company, which has been dissolved,
wound-up or otherwise ceased to exist.
Sub-section (3) provides that a digital Signature Certificate shall not be
revoked unless the subscriber has been given an opportunity of being
heard in the matter.
The suspension of such certificate shall be communicated to the
subscriber.
Section 39 provides that, the notice of such suspension and revocation of
the certificate shall be published in the repository specified in the Digital
Signature Certificate for publication of such notice.