1|Page

UNIVERSITY INSTITUTE OF LEGAL STUDIES

PANJAB UNIVERSITY, CHANDIGARH

PROJECT

INFORMATION TECHNOLOGY
LAWS
SESSION 2023-2024

TOPIC- Electronic Signature Certificates

SUBMITTED BY: SUBMITTED TO:

Pooja Ms. Atambir
B.Com.LL.B. (Hons.)
Roll No. – 208/19
Section – D
Semester – 10th
2|Page

ACKNOWLEDGEMENT

I would like to express my special thanks of gratitude to my teacher Ms. Atambir

for their able guidance and support in completing my project within the time limit
as assigned.
I would also like to extend my gratitude to the director of the department Dr.
Shruti Bedi for providing me with all the facility that was required. I would like
to thank them for providing me this wonderful opportunity of making this project.
It helped me a lot to learn new things and research on the topic allotted to me.

Pooja
B.Com.LL.B. (Hons.)
Roll No. – 208/19
Section
3|Page

INDEX
S.No. Title Page No.

1. Introduction 4

2. Electronic signature certificate (ESC) 5

-Concept

-Who grants it?

-Role of authority

3. Key elements 7

4. Process to obtain ESC 8

5. Suspension & Revocation 10

6. Conclusion 12

7. References 13
4|Page

INTRODUCTION
Internet usage has increased, and so has cyber crimes. There are several stories of cyber
crimes in the media today ranging from identity theft, child pornography, cyber terrorism etc.
In cyber crimes, the computer is used either as a tool or a target, or both, in order to commit
unlawful conduct. In our fast-moving digital age, there has been a phenomenal surge in
electronic commerce (e-commerce) and online stock trading, leading to more cyber
crimes. Cyber law is a legal system that deals with the internet, computer systems,
cyberspace, and all matters related to cyberspace or information technology. the system
provides a structure for electronic commerce transactions and electronic filing of forms. To
put it simply, it is a law that deals with cyber crimes. As e-commerce has increased in
popularity, it has become important to ensure there are proper regulations in place to prevent
malpractices. With the advent of the industrial age, the United Nations noted in 1998
that a legal framework addressing e-signatures was important due to the rise in online
transactions in recent years. The creation of cyber laws and strict e-signature regulations were
viewed as urgently needed.
The use of signatures has given people a clear sense of identification and enabled the
business world and other people to work more quickly while keeping up with the latest
technological advancements. By far, the signatures have had a significant impact on people's
ability to make decisions and enable consent at a significantly higher value. The authorised
signatory may provide his consent even if he is not at that location.
5|Page

ELECTRONIC SIGNATURES
CERTIFICATE (ESC)
CONCEPT -

Electronic Signature Service is an innovative initiative for allowing easy, efficient, and
secure signing of electronic documents. With this service, any eSign user can digitally sign an
electronic document without having to obtain a physical digital signature dongle. Application
Service Providers can integrate this service within their application to offer eSign user a way
to sign electronic forms and documents. The need to obtain Electronic Signature Certificate
or ESC through a printed paper application form with ink signature and supporting
documents will not be required. The Electronic Signature Certificate issuance and applying of
signature to electronic content is carried out in few seconds with eSign.

For creating electronic signatures, the signer is required to obtain a Electronic Signature
Certificate (ESC) from a Certifying Authority (CA) licensed by the Controller of Certifying
Authorities (CCA) under the Information Technology (IT) Act, 2000. Before a CA issues a
ESC, the identity and address of the signer must be verified. 1

Who grants ESC?

ESC is a method to prove the authenticity of an electronic document. It can be presented

electronically to prove the identity, to access information or sign certain documents digitally.
The Central Government has appointed a Controller of Certifying Authorities who grants a
license to the Certifying Authorities to issue digital signature certificates to the subscriber.

Any person may make an application to the Certifying Authority for the issue of a Electronic
Signature Certificate in such form as may be prescribed by the Central Government.2

1
E-Sign, available at https://cca.gov.in/eSign.html , (Last visited on 20-03-2024)
2
Section 35(1) of the Information Technology Act, 2000
6|Page

Role of Certifying Authorities-

Certifying Authorities play a crucial role in the issuance and revocation of Digital Signature
Certificates in India. Under the Information Technology Act, 2000, Certifying Authorities are
entities authorized to issue and manage digital signatures. They are responsible for verifying
the identity of certificate applicants, ensuring the security of the issuance process, and
maintaining the CRL.

Certifying Authorities issue Digital Signature Certificates to individuals, organizations, and

government entities after conducting necessary authentication and verification procedures.
They also regularly update the CRL or provide real-time OCSP responses to reflect the current
status of revoked certificates, enabling relying parties to ascertain the validity of digital
signatures.
7|Page

KEY ELEMENTS
Elements of Electronic Certificate

1. Owner’s public key.

2. Owners name.
3. The expiration date of Public Key.
4. Name of the issuer.
5. Serial Number of the certificate.
6. A digital signature of the user.

Elements of the Certification under Section 36

The certifying authority issues the ESC to the applicant after all legal formalities are duly
complied with as per the provisions of the act. While granting the certificate the authority has
toensure that it has certified the following main points in it -
a) Compliance with the priovisions of the act -It has complied with the provisions of
this Act and the rules and regulations made thereunder;
b) Access to the certificate- it has published the Digital Signature Certificate or
otherwise made it available to such person relying on it and the subscriber has
accepted it;
c) Holder of the private key- the subscriber holds the private key corresponding to
thepublic key, listed in the Digital Signature Certificate. Also, that the subscriber
holds a private key which is capable of creating a digital signature;
d) Public key- the public key to be listed in the certificate can be used to verify a digital
signature affixed by the private key held by the subscriber and that the subscriber's
public key and private key constitute a functioning key pair;
e) Accuracy of the information- the information contained in the Digital Signature
Certificate is accurate; and
8|Page

f) Lack of knowledge- It has no knowledge of any material fact, which if it had been
included in the Digital Signature Certificate would adversely affect the reliability of
the representations made as above.

PROCESS TO OBTAIN ESC

(Section 35)

1.) Application to the authority: Anybody may submit an application in the format that
the Central Government may provide to the Certifying Authority in order to have a
56[Electronic Signature] Certificate issued.
2.) Deposit of fees- The Certifying Authority shall receive a fee, not to exceed twenty-
five thousand rupees, with each application. The Central Government may prescribe
fees under sub-section (2) of section 35. Along with that the government may notify
different fees, prescribed for distinct applicant classes.
3.) Certification practice statement- A certification practice statement, or in the
absence of one, a statement with the specific information prescribed by regulations,
must be submitted with each application of this kind.
4.) Reviewing applications -Following receipt of an application, the Certifying
Authority carefully reviews it to ensure that all legal requirements have been met. It
may award the Certificate after taking into account the certification practice statement
or the other statement and conducting any necessary inquiry.
5.) Grant or rejection of certificate- When theauthority is satisfied that all legal
compliances are met with it may grant the ESC to the applicant. If the authority is not
satisfied it may even reject the application and refuse to grant the ESC.
6.) Opportunity to hear- As per proviso to this section, no application shall be rejected
unless the applicant has been given a reasonable opportunity of showing cause against
the paroposed rejection.

In addition to the requirements given in section 35 of the act the certifying authority has to
ensure that the certificate is issued in accordance with the IT Act Rules. Rule 23 of the Rules
provide certain guidelines to be followed by the Certifying Authority while issuing a DSC to
the applicant under section 35. These are as follows-
9|Page

a. The certificate must be issued after a subscriber submits an application form provided
by the Certifying Authority, which must include the details provided in the modal
Form.
b. No interim Digital Signature Certificates are issued.
c. The certificate is generated upon receiving a valid request for a new or the renewal of
Digital Signature Certificates.
d. The certificate must contain information that can be used to identify repositories for
revocation or suspension.
e. The subscriber identity verification method must be specified in the Certification
Practice Statement and approved by the Controller during the license application.
f. If a new Digital Signature Certificate is issued based on another valid Digital
Signature Certificate, the Certifying Authority must investigate whether to suspend or
revoke the new certificate as well.
g. The certificate must be verified before acceptance, and if accepted, a signed copy
must be published in a repository.
h. If the certificate is deemed invalid or reliable, the Certifying Authority must notify the
subscriber immediately.
i. All Digital Signature Certificates must have a designated expiry date.

DURATION OF DSC

A Digital Signature Certificate is issued for a specific period of time. It cannot be used after the
expiry of that period. The only provision is to get it re issued from the authority. Rule 26 of the IT
Act Rules provides details about the duration of the DSC as follows-

(a) IT shall be issued with a designated expiry date;

(b) A DSC which is suspended shall return to the operational use, if the
suspension is withdrawn in accordance with the provisions of section 37 of the Act;
(c) It shall expire automatically upon reaching the designated expiry date at
which time the Digital Signature Certificate shall be archived;
(d) On expiry, it shall not be re-used.
(e) The period for which a Digital Signature Certificate has been issued shall
not be extended, but a new Digital Signature Certificate may be issued after the
expiry of such period.
10 | P a g e

SUSPENSION & REVOCATION OF

ESC

NOTICE UNDER SECTION 39-

If a Digital Signature Certificate is either suspended or revoked under the rules of section 37
or 38, the organization that issued the certificate (Certifying Authority) must post a public
notice about this suspension or revocation. This notice should be placed in the online
database (repository) that was mentioned in the Digital Signature Certificate for sharing such
information. If there are multiple online databases (repositories) where this information can
be shared, the Certifying Authority is required to post the notice about the certificate's
suspension or revocation in each one of these databases.

SUSPENSION (Section 37)

Subject to subsection (2), the Certifying Authority may suspend a Digital Signature
Certificate at the request of the subscriber specified in the certificate or any authorised
representative acting on their behalf. If the subscriber hasn't been given a chance to be heard,
the certificate could be suspended only for up to fifteen days. As soon as the subscription is
suspended, the Certifying Authority is required to notify the subscriber. There must be a
public interest in the suspension.

REVOCATION
A DSC must not be revoked by the Certifying Authority (CA) without communication about
the revocation to the concerned person and also giving him a reasonable opportunity to be
heard. Revoking a Digital Signature in DSC in India involves the following key steps and
considerations:
11 | P a g e

1. Revocation request
To initiate the revocation process, the holder of the Digital Signature Certificate must submit a
revocation request to the respective Certifying Authority (CA). This request should provide
valid reasons for revocation, such as compromise, expiration, or voluntary revocation.
2. Verification and validation
Upon receiving the revocation request, the CA undertakes a verification process to authenticate
the request’s validity. This step ensures that unauthorized or false revocations are prevented,
maintaining the integrity and reliability of the revocation process.
3. Revocation confirmation
After verifying the revocation request, the CA issues a revocation confirmation to the
certificate holder. This confirmation serves as proof that the Digital Signature Certificate has
been revoked and should no longer be considered valid for authentication or verification
purposes.
4. Publication of revocation information
The CA updates the Certificate Revocation List (CRL) with the relevant details of the revoked
Digital Signature Certificates. This includes the certificate’s serial number, revocation date,
and reasons for revocation. The CRL acts as a public repository that allows relying parties to
verify the validity of digital signatures.

Situations leading to revocation of DSC?

a) where the subscriber or any other person authorised by him makes a request to that
effect; or
b) upon the death of the subscriber; or
c) upon the dissolution of the firm or winding up of the company where the subscriber is a
firm or a company.
d) a material fact represented in the Digital Signature Certificate is false or has been
concealed;
e) a requirement for issuance of the Digital Signature Certificate was not satisfied;
f) the Certifying Authority's private key or security system was compromised in a manner
materially affecting the Digital Signature Certificate's reliability;
12 | P a g e

g) the subscriber has been declared insolvent or dead or where a subscriber is a firm or a
company, which has been dissolved, wound-up or otherwise ceased to exist.3

CONCLUSION
With the advancement in technology, the usage of the digital signature in place of the
conventional signature has widely increased. The Information Technology Act, 2000 talks
widely about the concept of Digital Signature, the authorities who have been given the power
of issuing the digital signature certificate and the circumstances which require affixation of the
digital signature. The issuance of DSC brings more reliability and authenticity to the concept
and usage of eSigns.

3
Section 38 of the Information Technology Act, 2000
13 | P a g e

REFERENCES
BAREACT-

1. Information Technology CT, 2000

2. Information Technology Rules

BOOKS-

1.) Dr. Jyoti Rattan, Cyber Laws & Information Technology, Bharat Law House, Jaipur,
3rd edition
2.) Dr. Farooq Ahmad, Cyber Law in India, Allahabad Law Agency, Faridabad

WEBSITES-

1. https://www.mca.gov.in/MinistryV2/digitalsignaturecertificate.html
2. https://kanoongpt.in/bare-acts/the-information-technology-act-2000/section-39
3. https://ebizfiling.com/blog/revoke-a-digital-
signature/#:~:text=To%20initiate%20the%20revocation%20process,%2C%20expirati
on%2C%20or%20voluntary%20revocation.
4. https://cleartax.in/s/digital-signature-certificate-get-dsc
5. https://ipronline.ipindia.gov.in/epatentfiling/Extras/Digital_Signatures_Information.as
px
14 | P a g e

6. https://cca.gov.in/digital_signature.html
7. https://www.meity.gov.in/content/rules-information-technology-act-2000