Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015
In exercise of the powers conferred by sub-section (4) of Section 3-A of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely
Section 1. Short title and commencement
(1) These rules may be called the Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015.
(2) They shall come into force on the date of their publication in the Official Gazette.
Section 2.
2. In the Information Technology Act, 2000 (21 of 2000), in the Second Schedule, under column numbers (1), (2) and (3), the following entries shall be inserted, namely
| Sl. No. |
Description |
Procedure |
|
| (1) |
(2) |
(3) |
|
| 1. |
e-authentication technique using Aadhaar e-KYC services |
Authentication of an electronic record by e-authentication Technique which shall be done by |
|
| (a) |
the applicable use of e-authentication, hash, and asymmetric crypto system techniques, leading to issuance of Digital Signature Certificate by Certifying Authority |
||
| (b) |
a trusted third party service by subscriber's key pair-generation, storing of key pairs on hardware security module and creation of digital signature provided that the trusted third party shall be offered by the certifying authority. The trusted third party shall send application form and certificate signing request to the Certifying Authority for issuing a Digital Signature Certificate to the subscriber. |
||
| (c) |
Issuance of Digital Signature Certificate by Certifying Authority shall be based on e-authentication, particulars specified in Form C of Schedule IV of the Information Technology (Certifying Authorities) Rules, |
||
| 2000, digitally signed verified information from Aadhaar e-KYC services and electronic consent of Digital Signature Certificate applicant. |
|||
| (d) |
The manner and requirements for e-authentication shall be as issued by the Controller from time to time. |
||
| (e) |
The security procedure for creating the subscriber's key pair shall be in accordance with the e-authentication guidelines issued by the Controller. |
||
| (f) |
The standards referred to in Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant. |
||
| (g) |
The manner in which information is authenticated by means of digital signature shall comply with the standards specified in Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 in so far as they relate to the creation, storage and transmission of Digital Signature Certificate. . |
||
1. Ministry of Communications and Information Technology (Deptt. of Electronics and Information Technology), Noti. No. G.S.R. 61(E), dated January 27, 2015, published in the Gazette of India, Extra., Part II, Section 3(i), dated 28th January, 2015, pp. 2-3, No. 59.