CONTROLLER, CERTIFYING

AUTHORITIES, SUBSCRIBER
Controller SABARI JAYARAMAN
Certifying
authorities

Subscribers
Regulation of certifying
authorities
CHAPTER VI
Controller
Regulation Appointment
of certifying
Functions
authorities
Recognition of foreign certifying authorities
Licence to issue ESC
Application for licence
Renewal
Grant/rejection of licence
Suspension/revocation of licence
Powers of controller
Controller-
powers Delegation

Investigate contraventions

Access computers and data

Duties of certifying authority

Certifying Follow the procedures

authority
Comply with the act
Display of licence
Licence- surrender
Disclosure statements
Controller
• Section 17-Appointment of CCA
Central Govt. Controller

Deputy
controllers

Assistant
controllers

Technical
officers

Other
staffs
Controller functions

• Section 18

• Supervision over Certifying Authorities

• Certification of the public keys of the Certifying Authorities

• laying down the standards to be maintained by the Certifying Authorities

• Specify the qualifications & experience to be possessed by the employees

of certifying authority
Cont’d

• Specify the form and content of E-Signature certificates

• How the accounts should be maintained

• Resolve conflict of interest between the authorities and subscribers

• List out the duties of certifying authorities

• Maintain database of disclosure records

 Controller with the
19- recognition of Recognize foreign
approval of
foreign certifying certifying
cent.govt/notify in
authorities authority
official gazette

Contraventions by FCA- issue valid E-

FCA- revocation of signature
licence certificates
Licence to issue Electronic signature
certificates
• Considerations before issuing licence – section 21

• Qualification

• Manpower

• Expertise

• Financial resources

• Infra structure facilities

Application for licence
•. Section 22

Application in prescribed format

Individuals
Certification practice statement (sec2(1)(h))
Company
Procedures- identification of applicant Firm

Fees

Other documents
Renewal of licence

• Section 23

• In prescribed form

• Renewal fee

• To be made – 45 days before the expiry of existing licence

Grant or rejection
• Section 24
• Consideration of the submitted documents
• Opportunity – to present the case
Within 4 weeks from the receipt of
application/extension allowed

Grounds of refusal
Info – not provided
Liquidation/closing
Conviction…
Suspension of licence
• Section 25
• Incorrect, false statement – provided
• Failure- comply with the terms and conditions of the licence
• Failure to comply with sec 30
Procedures to be followed
 Use of hardware, software and procedures that are secure from
intrusion and misuse
 Provide a reasonable level of reliability in its services
 Adhere to security procedures to ensure that the secrecy and
privacy of the electronic signatures
 Be the repository of all electronic signature certificates
 Publish information regarding its practices, electronic signature
certificates and current status of such certificates
Cont’d

• Reasonable grounds- suspend the licence during the pendency of

enquiry

• Not to issue DSC during suspension of licence

• Section 26- Notice of suspension or revocation

• Notice of suspension or revocation – published in database

Certifying authority rules

• Security guidelines for certifying authorities

• Sole responsibility of the certifying authority- to Maintain integrity

and confidentiality and protection of information employed in their
operations

• Formulate security policies based on the guidelines and submit to the

controller
Commencement and cessation of certifying
authority
• Commencement
• CPS confirmed with the controller
• Generated its key pair
• Public key submitted to controller
• Installed the necessary infrastructure
Cont’d

• Cessation

• Notice to controller

• Notice period – 90 days

• Advertise in the newspaper- 60 days prior to expiry of license / ceasing to exist

• Notify the subscribers about unrevoked certificates

• Notify the controller about the subscribers- who would be affected

Cont’d

• Revoke all the DSC during the notice period

• Take efforts to minimize the discomforts of its subscribers

• Preserve the records for 7 years

• Last- destroy the private key- notify it to the controller

Powers of controller

S-27 • Delegation powers

S-28 • Investigate contraventions

• Contravention of the provisions of this

S- 29 particular chapter- CCA- access to computer,
data..- to obtain information
Delegation powers

• Section 27

• Delegate to
• Deputy controller
• Assistant controller
• Any officer- to exercise his powers
Cont’d

• Section 28

• Power to investigate contraventions

• The Controller or any officer authorised by him - shall take up for

investigation any contravention

• Section 29

• Access to computers and data

Cont’d

• Suspicion – contraventions

• Controller / authorized person- access to

• Computer system, any apparatus, data…

• Technical and other assistance can be sought

Duties of certifying authorities

• Section 30 – follow the procedures

• Section 31- comply- Act, rules, regulations…

• Section 32- display of licence

• Conspicuous places

• Place of business
Cont’d
• Section 33- Surrender of licence

• Licence- suspended/revoked

• Must immediately surrender the licence to the CCA

• Failure
• Imprisonment- May extend to 6 months
• Or fine- up to 10,000 , or both
Cont’d

• Section 34- Disclosure

• Its DS certificate

• Certification practice statement

• Status of- suspension , revocation of its licence

• Other issues that adversely affects reliability of its certificates

• Notify the parties
• Measures to deal with the incident
Electronic Signature
Certificates
CHAPTER- VII
Electronic Signature Certificates
Electronic S- 35- Certifying authority- issue E-Signature certificate
Signature
Certificates S- 36- Representations upon issuance of certificates
(S- 35-39)
S- 37- suspension of certificate

S- 38- Revocation of certificate

S- 39- Notice of suspension or revocation

Certifying authority- issue E-Signature
certificate
• Any person can make an application to the certifying authority with
prescribed fee

• Certifying authorities may grant or reject the application

• Rejection- to be recorded in writing

• Opportunity to the applicant to explain his side

Representations upon issuance of certificates

• Certifying authority- while issuing the DSC- certifies the following

• It has complied with the act, rules, regulations

• Published the DSC

• Subscriber has the private key

• Info in DSC is accurate

Suspension of Digital Signature Certificate

• Section 37

• Request from the subscriber

• Request by the person authorized by the subscriber

• Suspended – public interest

• Not to be suspended for a period exceeding 15 days unless opportunity is given to

the subscriber to explain his side

• Suspension of DSC- Must be communicated to the subscriber

Revocation of Digital Signature Certificate

• Section 38

• When certifying Authority may revoke a Digital Signature Certificate?

• Request by subscriber, a person authorized by the subscriber

• Subscriber is dead

• Dissolution of the firm/ winding up of the company

Sec- 38 – cont’d

• Concealment of facts, false representation of facts

• Requirements for issuing the DSC – not satisfied

• Security system of the certifying authorities – compromised

• Subscriber- insolvent, dead, dissolved, wound up.

• Revocation- communicated to the subscriber

Notice of suspension/revocation
• Section 39
• Notice of such suspension or revocation – published in the repository
Duties of Subscribers
CHAPTER- VIII
Duties of subscribers

• Section 40

• Generate the key pair by applying the security procedure

• Section 41

• A subscriber shall be deemed to have accepted a Digital Signature Certificate

if he publishes or authorizes the publication of a Digital Signature Certificate
• To one or more persons,

• In a repository
Cont’d

• By accepting a Digital Signature Certificate the subscriber certifies to

all who reasonably rely on the information contained in the Digital
Signature Certificate that
• He holds the private key and he is entitled to hold it
• Representations to certifying authority and the facts made in the
DSC are true
Cont’d

• Section 42

• Control of Private Key

• Exercise reasonable care to retain control of the private key

• Take all steps to prevent its disclosure

• If the private key is compromised- must communicate it to the

certifying authority immediately