MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY
New Delhi, the 29th September, 2020
S.O. 3472(E).―In exercise of the powers conferred by sub-section (4) of section 3A of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following amendment to the Second Schedule to the said Act, namely:―
1. In the Information Technology Act, 2000 (21 of 2000), in the Second Schedule,—
(i) under column numbers (1), (2) and (3), after serial number 1 and entries relating thereto the following serial number and entries shall be inserted, namely: ―
|“2.||e-authentication technique and procedure for creating and accessing subscriber’s signature key facilitated by trusted third party||Authentication of an electronic record by e-authentication technique which shall be done by-
(a) the applicable use of e-authentication ,hash and asymmetric crypto system techniques leading to issuance of Digital Signature Certificate by Certifying Authority, provided that Certifying Authority shall ensure the subscriber identity verification, secure storage of the keys by trusted third party and subscriber’s sole authentication control to the signature key.
(b) Identity verification of Digital Signature Certificate applicant shall be in accordance with the Identity Verification Guidelines issued by Controller from time-to-time.
(c) The requirement to operate as trusted third party shall be specified under e-authentication guidelines issued by the Controller.
(d) a trusted third party shall
i) facilitate Identity verification of Digital Signature Certificate applicant;
ii) establish secure storage for subscriber to have sole control for creation and subsequent usage of subscriber’s signature key by sole authentication of subscriber;
iii) facilitate key pair-generation, secure storage of subscriber’s signature key and facilitate signature creation functions;
iv) facilitate the submission of DSC application form and certificate signing request to the Certifying Authority for issuing a Digital Signature Certificate to the DSC applicant, and
v) facilitate revocation of Digital Signature Certificate and destruction of subscriber’s signature key.
(e) Issuance of Digital Signature Certificate shall be based on verification of credentials of Digital Signature Certificate applicant by Certifying Authority as per the provisions of the Information Technology Act and Rules made thereunder.
(f) The manner and requirements for authentication and storage of keys shall be as issued by the Controller from time to time under e-authentication guidelines
(g) The security procedure for creating the subscriber’s key pair shall be in accordance with the e-authentication guidelines issued by the Controller.
(h) The standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant.
(i) The manner in which information is authenticated by means of digital signature shall comply with the manner and standards specified in rule 3 to 12 of Digital Signature (End entity) Rules, 2015 in so far as they relate to the creation, storage and verification of Digital Signature.”
[F. No. 12(8)/2020-CCA]
Dr. RAJENDRA KUMAR, Addl. Secy.
Note : The Second Schedule to the Information Technology Act , 2000 was amended vide notification number G.S.R. 61(E), dated the 27th January, 2015, G.S.R. 539 (E), dated the 30th June 2015, G.S.R. 446(E), dated the 27th April 2016 and S.O. 1119(E), dated 1st March, 2019.