eSign (India)
   HOME

TheInfoList



Click Here for Items Related To - eSign (India)
OR:
eSign (India) on:   [Wikipedia]   [Google]   [Amazon]

Aadhaar eSign is an online
electronic signature An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as i ...
service in
India India, officially the Republic of India (Hindi: ), is a country in South Asia. It is the seventh-largest country by area, the second-most populous country, and the most populous democracy in the world. Bounded by the Indian Ocean on the so ...
to facilitate an
Aadhaar Aadhaar ( hi, आधार, ādhār, lit=base, foundation, bn, আধার) is a 12-digit unique identity number that can be obtained voluntarily by the citizens of India and resident foreign nationals who have spent over 182 days in twelve ...
holder to digitally sign a document. The signature service is facilitated by authenticating the Aadhaar holder via the Aadhaar-based e-KYC (electronic Know Your Customer) service. To eSign a document, one has to have an Aadhaar card and a mobile number registered with Aadhaar. With these two things, an Indian citizen can sign a document remotely without being physically present.


Procedure

The notification issued by
Government of India The Government of India (ISO: ; often abbreviated as GoI), known as the Union Government or Central Government but often simply as the Centre, is the national government of the Republic of India, a federal democracy located in South Asia, c ...
in this regard stipulates the following procedure for the e-authentication using Aadhaar e-KYC services. Authentication of an electronic record by
e-authentication Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication proc ...
technique which shall be done by #the applicable use of e-authentication,
hash function A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually u ...
, and
asymmetric cryptosystem Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...
techniques, leading to issuance of
digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...
certificate by Certifying Authority, #a
trusted third party In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all critical transaction communications between the parties, based on the ease of c ...
service by subscriber's key pair generation, storing of the key pairs on hardware security module and creation of digital signature provided that the trusted third party shall be offered by the certifying authority (the trusted third party shall send application form and certificate signing request to the Certifying Authority for issuing a digital signature certificate to the subscriber), #issuance of digital signature certificate by Certifying Authority shall be based on e-authentication, particulars given in the prescribed format, digitally signed verified information from Aadhaar e-KYC services and electronic consent of digital signature certificate applicant, #the manner and requirements for e-authentication shall be as issued by the Controller from time to time, #the security procedure for creating the subscriber’s key pair shall be in accordance with the e-authentication guidelines issued by the Controller, #the standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant, and #the manner in which information is authenticated by means of digital signature shall comply with the standards specified in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 in so far as they relate to the creation, storage and transmission of Digital Signature.


eSign Service Providers

Organisations and individuals seeking to obtain the eSigning Service can utilize the services of various service providers. There are empanelled service providers with whom organisations can register as an Application Service Prover after submitting the requisite documents, getting UAT access, building the application around the service and going through an IT Audit by an CERT-IN empanelled auditor. However, the process of registering as an Application Service Provider is cumbersome, and requires huge investments of time, money and resources in complying with the regulations and building a suitable application. Most organisations prefer using services of plug-n-play gateway providers who take the responsibility of complying with the regulations, hence simplifying the process for the market.


See also

*
DigiLocker DigiLocker is an Indian digitization online service provided by Ministry of Electronics and Information Technology (MeitY), Government of India under its Digital India initiative. DigiLocker provides an account in cloud to every Aadhaar holder ...


References

{{reflist Authentication methods Biometrics Cryptography Computer law E-commerce in India