ACKNOWLEDGEMENT

The attitude of the people close to me is what made this assignment successful. I therefore
acknowledge their faith, trust, loyalty and honesty.
Secondly I thank a person who made the assignment into a success. Your earlier experience
and strong scientific approach and personality contributed greatly to the outcome of this
assignment. My gratitude goes to the professors and friends for their support, guidance,
conversations and theoretical discussions. Thank you DR. ANIL KUMAR MAURYA for
your sincere interest in the topic of research and for allowing me to approach this research
my way and provided me with the necessary guidance and support. Thank you for your
comments and for your support throughout this assignment. I thank everyone for their
supervision in the final stage of writing the assignment. Several friends have assisted me. I
thank those who welcomed me for their help. Friends and family at home have
furthermore contributed to this assignment.
BHANU PRAKASH PANDEY

Page | 1
 INDEX

S. NO. CONTENTS PAGE NO.

1 INTRODUCTION 3

2 WHO IS THE CONTROLLER OF CERTIFYING 4

AUTHORITIES ?
3 PUBLIC KEY INFRASTRUCTURE (PKI) 7

4 APPOINTMENT OF CONTROLLER 7

5 FUNCTIONS OF CONTROLLER 8

6 POWERS OF CONTROLLER 12

7 CONCLUSION 17

BIBLIOGRAPHY 18

Page | 2
INTRODUCTION

Internet is an infrastructure that links hundreds and thousands of networks to one another, that is linking businesses,
educational institutions, government agencies and individuals together. In this electronic environment,
trust is central to the growth of e-commerce and e-governance; and the future of online transactions and
contracts depends upon the trust that the transacting parties place in the security of transmission and the data or
content of communication. The working of the computer, computer network and computer system is
more process based than personalized, therefore, it is necessary to have an identification strategy,
that is, a system of identity authentication is required to ascertain the integrity, confidentiality
and authentication of communication channels and processes. Before starting electronic
communications, one must check the following basic requirements viz:

Authenticity

It means that the authenticity of the sender of the message must be determined by the recipient.

Message integrity

 It determines, whether the message that has been received is modified, altered or is incomplete.

Non-repudiation

It means the sender cannot deny sending the message.

Privacy

The message must be secure from an unauthorized person.

Electronic environment uses digital signature to identify and prove transactions. A system is
required for identity authentication that has to be in the form of one or more trusted third parties
which will not only authenticate that a digital signature belongs to a specific signer, but also
dispense the public keys. The following are the trusted parties enumerated below:

The “Certifying Authority” issues Digital Signature Certificates by authenticating the

subscriber’s identity.

Page | 3
The IT Act provides for the ‘Controller of Certifying Authorities (CCA)’ to license and regulate
the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.

The Controller of Certifying Authorities (CCA) is appointed by the Central Government under
section 17 of the Act for purposes of the IT Act. The Office of the CCA came into existence on
November 1, 2000. It aims at promoting the growth of E-Commerce and E- Governance through
the wide use of digital signatures.

The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority
(RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying
Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the
Act.

The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India(RCAI). The CCA also maintains the Repository
of Digital Certificates, which contains all the certificates issued to the CAs in the country.

WHO IS THE CONTROLLER OF CERTIFYING AUTHORITIES??

“Section-17:- Appointment of Controller and other officers.

(1) The Central Government may, by notification in the Official Gazette, appoint a Controller of
Certifying Authorities for the purposes of this Act and may also by the same or subsequent
notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit.

(2) The Controller shall discharge his functions under this Act subject to the general control and
directions of the Central Government.

(3) The Deputy Controllers and Assistant Controllers shall perform the functions assigned to
them by the Controller under the general superintendence and control of the Controller.

(4) The qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers and Assistant Controllers shall be such as may be prescribed by the Central
Government.

Page | 4
(5) The Head Office and Branch Office of the office of the Controller shall be at such places as
the Central Government may specify, and these may be established at such places as the Central
Government may think fit.

(6) There shall be a seal of the Office of the Controller.”1

The Information Technology Act 2000 (IT Act) provides for the Controller of Certifying
Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying
Authorities (CAs) issue digital signature certificates for electronic authentication of users.

The Controller of Certifying Authorities (CCA) is appointed by the Indian Central Government
under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into
existence on November 1, 2000. It aims at promoting the growth of E-commerce and E-
governance through the wide use of digital signatures.

The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority of
India (RCAI) under section 18(b) of the IT Act to digitally sign the public keys of Certifying
Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the
IT Act.

The CCA certifies the public keys of CAs using its own private key, which enables users in
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates the RCAI. The CCA also maintains the Repository of Digital Certificates, which
contains all the certificates issued to the CAs in the country.

1
THE INFORMATION TECHNOLOGY ACT, 2000; sec-17

Page | 5
Page | 6
PKI (Public Key Infrastructure)

Public key infrastructure (PKI) provides for encryption (public key) and digital signature for

verifying and authenticating user identities. The main task of PKI is to secure electronic
transactions by making use of various software’s and encryption techniques by combining it with
digital signature on network structure, thus providing a secured and trustworthy
electronic environment. PKI must include the items such as public key certificates, updation
of public and private keys, aback up of keys and their recoveries, a digital signature certificate
repository etc.

APPOINTMENT OF CONTROLLER

Section 17 of the Act deals with the Appointment of Controller and other officers.The Central
Government appointed the Controller of Certifying Authority on Nov.1, 2000.The office of the
Controller of Certifying Authority has three main functional departments(a) Technology (b)
Finance and Legal(c) Investigation. Each department has Deputy and Assistant Controller, who
works under the superintendence and control of the Controller Of Certifying Authority.

(1) “The Central Government may, by notification in the Official Gazette, appoint a Controller
of Certifying Authorities for the purposes of this Act, and may also by the same or subsequent
notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit.

(2)The Controller shall discharge his functions under this Act, subject to the general control and
directions of the Central Government.

(3) The Deputy Controllers and Assistant Controllers shall perform the functions assigned to
them by the Controller under the general superintendence and control of the Controller.

(4) The qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers and Assistant Controllers shall be such, as may be prescribed by the Central
Government.

Page | 7
 (5) The Head Office and Branch Office of the office of the Controller shall be at such places as
the Central Government may specify, and these may be established at such places as the Central
Government may think fit.

(6)There shall be a seal of the Office of the Controller.”

Therefore, Section 17 has the following basic ingredients: Central Government appoints the
controller of certifying authority and other officers, who will discharge the duties assigned to
them under the Act. It also prescribes the qualifications and terms and conditions of the
controller and all other personnel working therein along with the description of the places at
which their Head office and branch office will be located.

FUNCTIONS OF CONTROLLER OF CERTIFYING AUTHORITY

Section 18 of the Act enumerates fourteen functions of the controller. The Controller may perform all or any of
these functions.

1. Exercising supervision over the activities of the Certifying Authorities :

Controller’s supervision over the activities of the Certifying Authority stem from the fact that as
a Licensee Certifying Authority has to fulfill all the condition stipulated by the Controller. As per
Rule 31 of the Information technology (Certifying Authority) Rules, 2000, Certifying Authority
shall have to conduct half yearly/quarterly audit and submit each audit report to the Controller
within four weeks of the completion of such audit. It should be pointed out that the Information
Technology Security Guidelines under rule 19(2) lays down parameter for capturing audit
trails[Para 10], whereas details of System Security Audit Procedure are given in Para 9 of
Security Guidelines for Certifying authority.
2. Certifying public keys of the Certifying Authorities :
The controller has established the Root Certifying Authority of India (RCAI) to certify public
keys of all CAs in India. The RCAI is responsible for:
 Issue of license means of an X.509 certificate
 Digitally signing the public key of the licensed CA.
 Generating Certificate Revocation List(CRLs) for the licenses issued.

Page | 8
 The RCAI root certificate is the highest level of Certification in India. It is being used to signed
the public key of licensed CA in India. One of the condition under rule 20(b) of the Information
Technology(Certifying Authority) Rules, 2000 is that the licensed Certificate Authority shall
commence its commercial operation of generation and issue of digital signature only after it has
generated its key pair (private and corresponding public key) and submitted the public key to the
controller.
However it is important to note that RCAI is a functional Aspect of the operations of the
Controller of Certifying Authority. It is not a kind of separate organizational unit.
3. Laying down the standards to be maintained by the Certifying Authorities:
Rule 6 of the Information Technology(Certifying Authority) Rules, 2000 refers to the standards
that may be considered for the different activities associated with the Certifying Authority
function.
Regulation 4 of the Information Technology(Certifying Authority) Regulation, 2001 provides
detail of various standard like Public Key Infrastructure, Public Key Cryptography, Key
Agreement Schemes, Form and size of the key pairs, Directory Services, Public Key Certificates
and Certificate Revocation List(CRL).
4. Specifying the qualifications and experience which employees of the Certifying
Authorities should possess :
It has not been specified in either Rules or Regulations about the specific qualifications and
experience that should be possessed by the employees of the Certifying Authorities. Para 5.1 of
'Information Technology Security Guidelines' does mention that each organization shall
designate a properly trained "System Administrator" who will ensure flat the protective security
measure of the system are functional. Similarly, Para 20 talks about the role of Network
Administrator will be responsible for operation, monitoring security and functioning of the
network.
5. Specifying the conditions subject to which the Certifying Authorities shall conduct
their business. :
A Certifying Authority has to fulfill all the specified term and conditions to obtain a license to
issue Digital Signature Certificate. Regulation 3 of the Information Technology (Certifying
Authorities) Regulations, 2001 lays down those terms and conditions.

Page | 9
6. Specifying the contents of written, printed or visual materials and advertisements
that may be distributed or used in respect of a Digital Signature Certificate and the public
key :
In order to bring uniformity and harmonization in Certifying Authorities practice, the Office of
Controller of Certifying Authorities specifies the contents of written, printed or visual materials
and advertisements that may be distributed or used in respect of a Digital Signature Certificate
and the public key in its Certification Practice Statement (CPS). However, it is significant to note
that as on November 15, 2009, no such guidelines related to Electronic Signature Certificate has
been framed by the Office of Controller of Certifying Authorities.
7. Specifying the form and content of a Digital Signature Certificate and the key :
Rule 7 of the Information Technology (Certifying Authorities) Rules, 2000 provides that all
Digital Signature Certificate issued by the Certifying Authorities shall conform to ITU X.509
version 3 standard and to have data, like: Serial Number, Signature Algorithm Identifier (used by
the Certifying Authority to sign the Certificate), Issuer Name, Validity period of the Certificate,
Name of the subscriber and Public key information of the subscriber.
8. Specifying the form and manner in which accounts shall be maintained by the
Certifying Authorities.
Under Regulation 3(vi) of the Information Technology (Certifying Authorities) Regulations,
2001, every Certifying Authority shall comply with all the financial parameters during the period
of validity of the license, issued under the Act. Importantly, it further states that any loss to the
subscriber, which is attributable to the Certifying Authority, shall be made good by the
Certifying Authority.
9. Specifying the terms and conditions subject to which auditors may be appointed and
the remuneration to be paid to them :
Rules 31 and 32 of the Information Technology (Certifying Authorities) Rules, 2000 set the
terms of audit and auditor's relationship with Certifying Authority respectively. The CCA has
currently six auditors in its panel.
Moreover, under Regulation 3 (vii) of the Information Technology (Certifying Authorities)
Regulations, 2001, every Certifying Authority shall subject itself to Compliance Audits carried
out by one of the aforesaid empanelled auditors. Such audits shall be based on the Internet

Page | 10
 Engineering Task Force document RFC 2527-Internet X.509 PKI Certificate Policy and
Certification Practices Framework.
Scope of audit vis-a-vis licensed Certifying Authorities includes: (a) Adequacy of security
policies and implementation thereof, (b) Existence of adequate physical security, (c) Evaluation
of functionalities in technology as it supports CA operations CA's services administration
processes and procedures, (d) Compliance to relevant CPS as approved and provided by the
Controller, (e) Adequacy of contracts/agreements for all outsourced CA operations, and (f)
Adherence to Information Technology Act, 2000, the rules and regulations thereunder, and
guidelines issued by the Controller from time-to-time
10. Facilitating the establishment of any electronic system by a Certifying Authority
either solely or jointly with other Certifying Authorities and regulation of such systems :
The security guidelines given under Rule 19(2) of the Information Technology (Certifying
Authorities) Rules, 2000 are aimed at protecting the integrity, confidentiality and availability of
services, data and systems of Certifying Authorities.
11. Specifying the manner in which the Certifying Authorities shall conduct their
dealings with the subscribers :
A CA shall have to comply with the procedures of generation, issue, archival, compromise, and
revocation of Digital Signature Certificate as defined in its Certification Practice Statement
(CPS). It has to notify its subscribers about its cessation as CA [Rule 21]
Under Regulation 3 of the Information Technology (Certifying Authorities) Regulations, 2001, a
CA shall use methods, which are approved by the Controller, to verify the identity of a
subscriber before issuing or renewing any public key certificate; provide time stamping service
for its subscribers; assure the confidentiality of subscriber information; and ensure the continued
accessibility and availability of its Public Key Certificates and Certificate Revocation Lists in its
repository to its subscribers and relying parties.
12. Resolving any conflict of interests between the Certifying Authorities and the
subscribers :
The Office of Certifying Authority is competent to resolve any dispute between CM and
subscribers. It is important to note that as per its Certification Practice Statement, the CCA can
mediate between CM and subscribers directly or through an arbitrator. For this purpose he can
request any information or materials from both the parties, which are in order as per their CPS,

Page | 11
 and the provisions of the Ad. Also, under Rule 12 of the Information Technology (Certifying
Authorities) Rules, 2000, any dispute arising as a result of any cross certification arrangement
between the Certifying Authorities or between Certifying Authority and the Subscriber, shall be
referred to the Controller for arbitration or resolution.
13. Laying down the duties of the Certifying Authorities :
The practices described in the CPS of Controller of Certifying Authorities are applicable to all
the licensed CM within India. It highlights their obligations, liability, operational procedures and
security controls.
14. Maintaining a data base containing the disclosure record of every Certifying
Authority containing such particulars as may be specified by regulations, which shall be
accessible to public :
The Act establishes the National Repository of Digital Certificates (NRDC)1. It is responsible
for (a) publishing Digital Signature Certificates and CRL issued by the RCAI and (b) publishing
digital signature certificates and CRLs of subscribers issued by all licensed CM. Moreover, Rule
22 of the Information Technology (Certifying Authorities) Rules, 2000 refers to Database of
Certifying Authorities. The Rule states that the Controller shall maintain a database of the
disclosure record of every Certifying Authority, Cross Certifying Authority and Foreign
Certifying Authority.

POWERS OF CONTROLLER OF CERTIFYING AUTHORITY

According to the Act, following powers have been conferred on the controller of certifying authority. These
powers are enumerated as below:

 POWER TO DELEGATE

According to section 27 of the Act, the controller can delegate any of his powers, and may authorize the Deputy
and Assistant Controller or any officer to exercise the same.
The aforesaid section is to be understood and read with the Section 17 of the Act, where
Controller has a team of Deputy Controllers, Assistant Controllers, other officers and employees.
Keeping in view the present organizational structure of the Office of the Controller, it seems that
Page | 12
the Controller has created three separate departments, (a) Technology; (b) Finance & Legal; and
(c) Investigation. Each department is currently being headed by one Deputy Controller and by
Assistant Controllers and other such officers and employees. Interestingly, the Controller may
delegate his administrative powers, including power to investigate contraventions under sections
28 and 29 of the Act. However, his quasi-judicial power to resolve any dispute between the
Certifying Authorities and the subscribers (sect. 18) cannot be delegated.

 POWER TO INVESTIGATE CONTRAVENTIONS

(1) The Controller or any officer authorized by him in this behalf shall take up for investigation
any contravention of the provisions of this Act, rules or regulations made there under.

(2) The Controller or any officer authorized by him in this behalf shall exercise the like powers
which are conferred on Income-tax authorities under Chapter XIII of the Income-tax Act, 1961
and shall exercise such powers, subject to such limitations laid down under that Act.

The power granted by the aforesaid section is only investigative in nature only.As given in S. 27,
the Controller may delegate the power of investigation to the Deputy Controllers, Assistant
Controllers or other officers. It is important to note that the sub-section (I) of S. 28 authorizes the
said officer to investigate any contravention of the provisions of this Act, rules or regulations
made thereunder.

One view is that aforesaid sub-sect. (1), if read with S. 75 of the Act grants power to the
Controller or any officer authorized by him to investigate any, offence Of contravention
committed outside India by any person irrespective of the nationality, if the act or conduct
constituting the offence or contravention involves a computer, computer system or computer
network located in India. Based on this view, the office of the controller has been inundated with
numerous complaints, praying that the Controller should investigate all contraventions related to
data theft, privacy violations, defamation, spamming etc.

Another view is that the Controller’s power to investigate contravention is restricted to the
licensed certified Authorities and subscribers. Interpreting the statue and applying strict

Page | 13
construction rules, one may find that the aforesaid power of the Controller only be used to
investigate contraventions related to licensed Certifying Authorities, Subscribers and Electronic
Signature Certificates (including digital Signature Certificates), This view, is further
complemented the recent amendments In sect. 29 and 69 of the Act.

Further the sub-section (2) grants the Controller or any other officer authorized by him, power
which are similar to those already conferred on Income-tax authorities under Chapter XIII of the
ninny- Act, 1961

Under the aforesaid Chapter, the Controller or any other officer authorized by him, has the power
to impound and retain in its custody for such period as he think fit, any books of account or other
documents produced before it in any proceeding [Section 131]; search and seizure of books of
account and other documents, money, bullion, jewellary, or other valuable article or thing found
as a result of such search; also, the authorized officer may, during the course of the search or
seizure, examine on oath any person who is found to be in possession or control of any book of
account, other documents, money, bullion, jewellary or other valuable article or thing and any
statement made by such person during such examination may thereafter be used in evidence in
any proceeding[section 132] under the Indian Income-tax Act, 1922, or under Income-Tax Act,
1961; power to call for information [section 133]; power of survey [section 133A]; power to
collect certain information [section 133B] and proceedings as judicial proceedings [section 136].

The first judicial test examining the power of Controller of Certifying Authorities under Section
28 came before the High court of Delhi in Yahoo India Pvt. Ltd. v. Union of India2 The brief
facts of this case are as follows:

a. There was eleven notice (January- July 2011) issued by the CCA (Respondent no. 20) to
the Yahoo India over a period of time seeking details from to provide details certain
suspect e-mail Ids. These notices clearly pointed out that (a) a suspected contravention of
the provision of the Act, rules or regulation made thereunder having a bearing on national
security is underway and (b) by virtue of Section 28 of the Act the controller or any

2
WP(C) 6654/2011

Page | 14
 office authorized by him in this behalf has power “to take up for investigation”
contravention of the provision of the Act, rules or regulations made thereunder.

b. CCA not satisfied with the response of Yahoo India issue a show cause notice.

c. Subsequently , CCA by way of a speaking order dated 26-8-2011 imposed a fine of Rs.
11 lakhs on Yahoo India under section 44(a) of the Act for not furnishing
information/document as directed by the controller or any office authorized by him in this
behalf.

d. Aggrieved by the order of CCA, Yahoo India filed a civil writ petition before the Delhi
High Court. It also challenged the constitutional validity of rule 3(7) of the Information
Technology (Intermediary Guidelines) Rules, 2011.

e. The court held:

“….. The impugned order has been issued by the Controller of Certifying Authorities,
Department of Information Technology, Ministry of Communications and Information
Technology, Government of India. It purports to be an order under section 44(a) of the
Information Technology Act, 2000. Section 46 of the said Act makes provision with
regard to the power to adjudicate. Section 46(1) of the said act reads as under:

For the purpose of adjudging under this Chapter whether any person has committed a
contravention of any act of the provision of this act or of any rule, regulation, direction or
order made thereunder which renders him liable to pay penalty or compensation the
central government shall. Subject to the provision of sub section (3), appointed any
officer not below the rank of a Director to the Government of India or an equivalent
officer of a state Government to be an adjudicating officer for holding an inquiry in the
manner prescribed by the central government.

The ministry of Communication and Information Technology to the Government of

India, in exercise of the powers conferred under section 46(1) of the said Act, notified by
of an order date 25-03-2003 that the secretary of Department of Information Technology

Page | 15
 of each of the states or of the Union Territories would be the adjudicating officer for the
purpose of the Information Technology Act, 2000. It is therefore clear that the
adjudicating authorities under section 46 insofar as the present matter is concerned would
not be the Controller of Certifying Authorities who has issued the impugned order dates
26-8-2011. The said order is clearly, therefore, without jurisdiction. Consequently, the
impugned order is set aside”.

f. It is important to note that the aforesaid judgment did not touch upon the
constitutionality of rule 3(7) of the Information Technology (Intermediary Guidelines)
Rules, 2011. Moreover, the right CCA to investigate any contravention under section 28
of the act was not disturbed by the court.

 ACCESS TO COMPUTERS AND DATA

According to section 29 of the Act, the controller may have access to any computer resources,
computer system of any person to acquire any information, during the course of exercising his
duties helpful in further investigations

(1) Without prejudice to the provisions of sub-section (1) of section 69, the Controller or any
person authorized by him shall, if he has reasonable cause to suspect that any contravention of
the provisions of this Act, rules or regulations made there under has been committed, have access
to any computer system, any apparatus, data or any other material connected with such system,
for the purpose of searching or causing a search to be made for obtaining any information or data
contained in or available to such computer system.

(2) For the purposes of sub-section (1), the Controller or any person authorizes by him may, by
order, direct any person in charge of, or otherwise concerned with the operation of the computer
system, data apparatus or material, to provide him with such reasonable technical and other
assistance as he may consider necessary.

The aforesaid sub-section (1) grants the Controller or any person authorized by him sweeping
power to access to any computer system, any apparatus, data or any other material connected
with such system, to search for obtaining any information or data contained in or available to
such computer system if he has reasonable cause to suspect that any contravention under this

Page | 16
chapter has been committed. The power to access any such computer and data is physical as well
as virtual.

Further, the authority to search any such computer system, any apparatus, data or any other
material connected with such system has been limited to any contravention under this Chapter of
Act only.

Since, the Act has not defined the word Apparatus. Hence, it would be proper to include input
device (scanners, digital camera, microphone etc.), output devices (monitor, printer, speaker
etc.), communication devices(modems, network interface cards) and storage devices(tap device,
CD ROM drives, optical drives, removal hard drives etc.) with in the definition of apparatus.

Under the sub-section(2), the controller or any person authorized by him has the power to order,
direct any person in-charge of, or otherwise concerned with the operation of, the computer
system , data apparatus or material, to provide him with such reasonable technical and other
assistance as he may consider necessary. It may include access to password(s) to such computer
system, data or any other material connected with such system.

CONCLUSION

A certificate authority (CA) is a trusted entity that issues electronic documents that verify a
digital entity’s identity on the Internet. The electronic documents, which are called digital
certificates, are an essential part of secure communication and play an important part in the
public key infrastructure (PKI). Certificates typically include the owner's public key, the
expiration date of the certificate, the owner's name and other information about the public key
owner. Operating systems (OSes) and browsers maintain lists of trusted CA root certificates to
verify certificates that a CA has issued and signed.

In cryptography, a certificate authority or certification authority (CA) is an entity that issues

digital certificates. A digital certificate certifies the ownership of a public key by the named
subject of the certificate. This allows others (relying parties) to rely upon signatures or on
assertions made about the private key that corresponds to the certified public key. In this model
of trust relationships, a CA is a trusted third party—trusted both by the subject (owner) of the

Page | 17
certificate and by the party relying upon the certificate. The most commonly encountered public-
key infrastructure (PKI) schemes are those used to implement https on the world-wide web.

BIBLIOGRAPHHY

BOOKS :
 Sharma Vakul (2007) Information Technology Law and Practice law and emerging
technology cyber law and E-commerce, Universal Publishing Company, Delhi, India
(Chapter1-9)

Web Sources
 http://www.cca.gov.in
 https://iltb.net/y
 http://www.nielit.gov.in
 http://www.indiapki.org/ca-and-certificates-in-india.php
 www.wipo.in
 http://shodhganga.inflibnet.ac.in

Page | 18