Public Announcement
Hi everyone
This is to inform you that the Government of India has issued a notification and come up with new rules and regulation for digital signature certificate (DSC). The latest and most recent rules and guidelines ensure that the digital signature certificate is not misused by any individual or organization.
The rules have come in effect from 01 July 2015.
Please go through below all the rules and regulations, latest news and updates on digital signature certificate (DSC) in India.
- For the purpose of DSC application to CA (paper), all signatures including DSC subscriber & authorized person should be with blue-ink only.
- Photo ID proof and Address proof can be attested only by Banker, Gazetted officer or Post Master. The attestation can happen in any ink other than BLACK.
- The Name, designation, office address and contact number of the attesting officer should be clearly visible. With this, SafeScrypt should able to trace and contact the attesting officer if required. Only the clear and complete attestation should be accepted. Attestation is applicable for paper documents only. If seal is not visible, the self-attested copy of organisational Identity card of attesting officer should be enclosed.In case subscriber’s signature is different from that in ID Proof, a physical verification needs to be carried out.
- The biometric authentication carried out using Aadhaar e-KYC service to establish identity of the applicant, shall be treated as physical verification of subscriber .The (signed) response from UIDAI should be preserved as evidence.
- Email addresses that are included in Digital Signature Certificates (DSC) should be unique. However provisions will be made for issuance of multiple DSC with a single email Id where it is established that these multiple DSC’s are being issued to a unique DSC applicant.
- Class 2 or Class 3 Signing DSCs key pair can be stored only on FIPS 140-1/2 level validated Hardware cryptographic module. In respect of Class 1 certificate, if the subscriber prefers to use Non FIPS 140-1/2 Level 2 validated Hardware cryptographic module/ Software token, the corresponding risk should be made known to the DSC applicant and an undertaking should be taken to the effect that the DSC applicant is aware of the risk associated with storing private keys on a device other than a FIPS 140-1/2 Level 2 validated cryptographic module
- Power of attorney is not allowed for the purpose of DSC.
- For all Classes of certificates, other than identity & address proof, the identity credentials which appear in the certificate, like PAN number, e-mail, mobile number etc should be verified.
- The mobile number of DSC applicant in the DSC application form is mandatory (other than Banking). RA’s should call the subscriber on mobile provided on DSC the application form and confirm that he or she has applied for the DSC. CA should approve the DSC issuance only after the confirmation of DSC applicant.
- DSC shall be issued only after the application form (with ink signature) and copy of supporting document(s) (duly attested) have been physically received. Identity Validation Guidelines 3
- Each applicant for a personal digital signature certificate must provide proof of Identity and proof of address.
- The biometric authentication carried out using Aadhaar e-KYC service to establish identity of the applicant, shall be treated as physical verification of subscriber. The (signed) response from UIDAI should be preserved as evidence.
- For issuing a Class 3 DSC, not only the physical verification of original documents against the documents submitted is mandatory but physical verification of person is also compulsory.
- In respect of Class 1 certificate, if the subscriber prefers to use Non FIPS 140-1/2 Level 2 validated Hardware Cryptographic module/ Software token, the corresponding risk should be made known to the DSC applicant and an undertaking should be taken to the effect that the DSC applicant is aware of the risk associated with storing private keys on a device other than a FIPS 140-1/2 Level 2 validated cryptographic module.
- A list of approved cryptographic device manufacturers / suppliers and information relating to their FIPS 140-2 validated tokens must be published on the website of the CA.
- A digitally signed application form can be accepted for new DSC prior to expiry of existing DSC, provided that CA has infrastructure for archiving such electronic application and validating the signature during the archival period. Identity shall be established through the initial identity-proofing process for each assurance level as per 3.3.1 of India PKI CP. Also such DSC used to sign the application form should have been issued after Jan 2014.
- DSC shall be issued by CAs only after the application form (with ink signature) and copy of supporting document(s) (duly attested) have been physically received and verified at the CA premises.
- For Class 3 Physical verification, a CA should make available a tamper proof video capture facility in their application. The video recording of interactive session with DSC applicant by using the facility provided by CA application should be not less than 20 seconds. The CA should verify the same prior to issuance of DSC to DSC applicant.
- SafeScrypt CA may ask for more supporting documents, if required.
Digital Signature Certificate (08866029633) |
You can keep on visiting this blog for more recent updates on digital signature certificate (DSC), current happenings for digital signature certificate in India, trending in digital signature certificate, tender tags, latest news on Digital signature certificate. You can also visit http://www.tenderscertificate.com