A

Project on
CERTIFYING AUTHORITY

Submitted in the partial fulfillment of

B.Com.LL.B (8th semester)

Session: 2020-2021

INFORMATION TECHNOLOGY

SUBMITTED TO: SUBMITTED BY:

Sushil Jain sir Neelam Rathore

Puja Chowdhary

B.Com.LL.B 8th sem

 ACKNOWLEDGEMENT
I would like to express my earnest and deepest gratitude to Mr. sushil Jain sir a faculty
for information technology, to give me opportunity to do a project on such a valuable
topic of ‘certifying authority’. I am grateful for the assistance, guidance and support
that were extended during the course of excellent research. I am also thankful to the
college administration for providing him resources necessary for the research work. I
thank my parents and my friends for their moral support and love throughout my
research work and projects operation. Above all I thank the God almighty for the
blessing me with the health vitality to complete this projects.

Neelam Rathore

Puja chowdhary

B.Com.LL.B VII SE
 CERTIFICATE

I am to glad to submit this project report on “certifying athority” as a part of my

academic assignment. This project is based on research methodology. It further
studies making sources and method of research methodology and further discusses the
interview method. I hope this would be significant for a cadmic for academic purpose
as well as prove information to all readers.

Here through I declare that this paper is an original piece of research and all the
borrowed text and ideas have been duly acknowledged.

SUBMITTED BY

Neelam Rathore

Puja chowdhary
 DECLARATION
Neelam Rathore, ROLL. NO.21 B.Com.LL.B VII Semester, OF GURU GHASI
DAS UNIVERSITY does hereby declare that, this project is my original work and I
have not copied this project or any pert there from any sources without any
acknowledgement. I am highly indebted to the author of the book that I have preferred
in my book as well as all the writers of the articles and the owner of the information
taken from website to it. It is only because of their contribution and proper guidance
of my faculty adviser Mr.SUSHILJAIN Sir, that I was able to gather light on the
subject.

Neelam Rathore

Puja chowdhary

B.Com.LL.B IV SEM.
 SYNOPSIS
TOPIC: Certifying authority
PROJECT AIMS:

its main aims at promoting the growth of e-commerce and e-governance through the which
use digital signature. And it facilitate authentication and integrity of electronic transaction
performed in the electronic transactions. Certifying authorities build a trust between the user
and the providers because they can ensures the validity of each others identities and
authorities.

OBJECTIVES :

The specific objectives are as follows

• To provide implementation of authentication in the electronic environment through public

key infrastructure (PKI)

• To create trust in electronic environment

• To regulate electronic transactions

• Provide secure and trusted e-communication environment

• To verifies the information provided by a requester of digital certificates

• To verify issue us domain name, personal information and business information

• Once the certifying authority verifies domain and business it indicates the website is
legitimate

and their will no hard or misuse of users data information

• Provide protection from malicious hackers

SCOPES:

According to section 1(2)act extends to the entire country which also includes jammu and
Kashmir it does not take citizenship into account and provides extra- territorial jurisdiction it
is applicable any offense or contravention committed outside India as well. If the conduct of
person constituting the offense involves a computer or a computerized system or network
located in India, the irrespective of his/her nationality the person is punishable under the Act
lack of international cooperation is the only limitation of this provisions.

RESEARCH QUESTION.

*What does a certifying authority certify, while issuing the digital signature certificates?

*Why do we needs certifying authority?

RESEARCH METHODOLOGY

The use of both the primary and secondary source held in the compilation of the project.

Primary source includes the books and articles. Secondary source includes many websites,
newspaper

doctrinal method is totally used in their completion of this project the analysis of the project
is done via

help of books, websites,authentic statistics etc.

CHAPTERZIATION : -

CHAPTER I : Introduction

CHAPTER II : public key infrastructure (PKI)

CHAPTER III : Controller of certifying authorities (CCA)

• Appointment of controller and other officers (section-17)

• function of controller (section-18)

• recognition of foreign certifying authorities (section-19)

• license to certifying authorities is issue digital signature certificate (section-

21)

CHAPTER IV :who can apply for grant of license to act as a certifying authority (CA) ?

CHAPTER V: Grant of license to the subscriber

• Application of license (section-22)

• renewal of license (section-23)

• suspensions of license (section-25)

CHAPTER VI: Notice of suspension or revocation of license (section-26)

CHAPTER VII: Power of controller of certifying authority

• power to delegate

• power to investigate

• access to computer and date

CHAPTER VIII: Procedure to be followed by certifying authority

• Display of license

• surrender of license

• disclosure

CHAPTER XI : Functions and power of certifying authority

CHAPTER X : list of certifying authority certificates

CONCLUSION

REFERENCE
INTRODUCTION
Internet is an infrastructure that links hundred and thousand or networks to one another, that
is linking business, educational institution, government agencies and individuals together. In
this electronic environment, trust is central to the growth of e-commerce and e-governance;
and the future of online transaction and contracts depends upon the trust that the transaction
parties place in the security of transmission and the data or consent of communication.

The working of the computer, computer network and computer system is more process based
than personalised, therefore it is necessary to have an identification strategy, that is a system
of identity authentication of communication channels and processes.

Before starting electronic communications, one must check the following basic requirement
viz;

 Authenticity- it means that the authenticity of the sender of the message must be
determined by the recipient.
 Message integrity- it determines, whether the message that has been received is
modified, altered or is incomplete.
 Non-reputation- it means the sender cannot deny sending the message.
 Privacy- the message must be secure from an unauthorised person.

Electronic environment uses digital signature to identify and prove transactions. A system is
required for identity authentication that has to be in the form of one or more trusted third
parties which will not only authenticate that a digital signature belongs to a specific signer,
but also dispense the public keys.

A Certifying Authority is a trusted body whose central responsibility is to issue, revoke,

renew and provide directories of Digital Certificates. In real meaning, the function of a
Certifying Authority is equivalent to that of the passport issuing office in the Government. A
passport is a citizen's secure document (a "paper identity"), issued by an appropriate
authority, certifying that the citizen is who he or she claims to be. Any other country trusting
the authority of that country's Government passport Office will trust the citizen's passport.

Similar to a passport, a user's certificate is issued and signed by a Certifying Authority and
acts as a proof. Anyone trusting the Certifying Authority can also trust the user's certificate.

According to section 24 under Information Technology Act 2000 "Certifying Authority"

means a person who has been granted a licence to issue Digital Signature Certificates.

The following are the trusted parties enumerated below:

The “certifying authority” issue digital signature certificates by authenticating the subscriber
identity.

Digital signature can be used by certifying authority only after obtaining a licence from the
“controller of certifying authority” or ‘root’ certifying authority of India (RCAI)
Verification of the digital signature of issuing certifying authority can also be also be done
through its listed public key in the repository of the controller of certifying authority.

Digital signature can be issued published and revoked by certifying authority.

A public key infrastructure (PKI) is developed having a set of certifying authorities

subordinate to the superior certifying authorities (controller of certifying authorities)

PKI (PUBLIC KEY INFRASTRUCTURE)

Public key infrastructure (PKI) provides for encryption (public key) and digital signature for
verifying and authenticating user identities.

The main task of PKI is secure electronic transaction by making use of various software and
encryption technique by combining it with digital signature on network structure, thus
providing a secured and trustworthy electronic environment. PKI must include the items such
as public key certificates, updation of public and private keys, aback up of keys and their
recoveries, a digital signature certificate repository etc.

PKI involves the following:

According to the act, PKI includes the subscriber (a certificate is used to check the identity of
the subscriber); certifying authority (certificate issuer) relying party (a party who is relying
on the certificate).
CONTROLLER OF CERTIFYING AUTHORITIES (CCA)
 Appointment of controller and other officers (section 17)
 Function of controller (section 18)
 Recognition of foreign certifying authorities (section 19)
 Controller to act as repository (section 20)
 Licence to certifying authorities to issue digital signature certificates (section 21)

All section given above are discussed below. Regulator of the digital signature infrastructure
in India is the controller of certifying authorities (CCA): called the controller, it primarily
acts as an administrative authority rather than quasi-judicial body.

Section 17 of the act deals with the appointment of controller and other officers

Central government appoints the controller of certifying authority and other officers, who
will discharge the duties assigned to them under the Act. It also prescribe the qualification
and terms and condition of the controller and all other personnel working therein along with
the description of the places at which their head office and branch office will be located.

Functions of controller of certifying authority

Section 18 of the Act enumerates fourteen functions of the controller. The controller may
performed “all or any “of these functions. Some of the important functions are exercising
supervision, certifying authorities. For the complete lit of the functions of the controller,

Section 19 of the Act deals with the Recognition of foreign Certifying Authorities

According to section 19 of the Act, the controller can recognize any foreign authority with
the previous approval of central government. An Act will recognize all the digital signature
certificates issue by such an authority.

Revocation of such as a recognition can be done by a controller by giving notification in

writing in the official Gazette, if any of the condition or restriction, on the basis of which the
certificate was issued, was contravened by the authority

License to certifying Authorities to issue Digital Signature Certificates

According to section 21 of the Act, a license to issue a digital signature certificate can be
issued to any person provided he applies for it in a prescribed manner and fulfils all
obligations with regard to qualifications, expertise etc. The validity of the license will be as
per the terms and conditions and period as prescribed by the Act. Also, the license is not
transferable.

WHO CAN APPLY FOR GRANT OF LICENSE TO ACT AS A

CERTIFYING AUTHORITY (CA)?
The following person can apply to the controller for grant of license:
  An individual, being a citizen of India and having a capital of five crores of rupees or
more in his business or profession;
 A company having- paid up capital of not less than five crores of rupees; and net
worth of not less than fifty crores of rupees.
 A firm having –capital subscribed by all partners of not less than five crores of
rupees; and net worth not less than fifty crores of rupees
 Central government or a state government any of the ministries or department,
Agencies or authorities of such government.

GRANT OF LICENSE TO THE SUBSCRIBER

a) Application of license
b) Renewal of license
c) Suspension of license

A. Application for license

According to section 22 of the Act, in order to act as a certifying authority, one has to apply
in a prescribed format of the central government by accompanying the important documents
such as certification practise statement, identity document, required fees etc, for the
submission of the application,

B. Renewal of license

According to section 23 of the Act, a renewal of licence application can be made by

certifying authority by accompanying fess as laid in the Act. A licence will be made within
forty five days from the date of expiry of the licence.

Procedure for grant or rejection of license

According to section 24 of the Act, it is in the hands of the controller to grant the license or to
reject the renewal of license application, in case, if it is not applied in a prescribed manner
and not fulfilling all the obligation as mentioned in the Act. An application must have given a
reasonable time and opportunity for explaining any default made by him in such a case before
the rejection of any such application.

C. Suspension of license

According to section 25 of the Act, a license can be revoked by a controller on the basis of
the following grounds:

 False information in the application

 Condition and standard not met fully
 Contravention of any provision of the Act

A license cannot be suspended for a period of not more than ten days and giving a party a
reasonable chance to heard before revoking any such license. If license is revoked on
sufficient grounds, then during such a period of suspension, no issue of digital signature
certificate can be made by the certifying authority.

Notice of suspension or revocation of licence (section 26)

According to section 26 of the Act, a notice of suspension or revocation of license is to be
made by the controller in all the repositories maintain by him and that is available and can br
checked by any person on a website.

PROCEDURRES OF CERTIFYING AUTHORITY

According to section 30 of the Act states that certain procedure need to be followed by the
certifying authorities in order to perform its task such as use of necessary hardware and
software, use of security procedures and laid out standard.

Display of license

According to section 32, every certifying authority will display its licence at a conspicuous
place of the premises in which it carries on its business.

Surrender of licence

According to section 33 of the Act, the certifying authority shall surrender the revoked
licence to the controller immediately in case of default, he shall be imprisoned for a period
upto six months or a fine upto ten thousand rupees or both.

Disclosure

Section 34 deals with the disclosure that are expected from certificate authority “every
certifying authority will disclose the following factor enumerated below;

 Its digital signature certificate, which contains the public key corresponding to the
private key used by that certifying authority to digitally sign another digital signature
certificate;
 Any certification practise statement relevant thereto;
 Notice of the revocation or suspension of its certifying authority certificate if any;
 Any other fact that materially and adversely affects either the reliability of a digital
signature certificate, which authority has issued, or the authority’s ability to perform
its services”.

Functions and powers of Certifying Authority

 Certifying Authority to issue digital signature certificate (DSC)

 Representation to be checked while issuing digital signature certificate.
 Suspension of digital signature certificate
 Revocation of digital signature certificate
A. Certifying authority to issue digital signature certificate
According to section 35, ‘following steps are required to be followed by the certifying
authority to issue digital signature certificate,
 Any person can make an application to the certifying authority, for the issue of
digital signature certificate in such form, as may be prescribed by the central
government.
 Every such application shall be accompanied by such fee, not exceeding twenty
five thousand rupees, as may be prescribed by central government to be paid to
the certifying authority. Provided that while prescribing fees under sub-section
(2), different fees may be prescribed for different classes of applicants.
 Every such application shall be accompanied by a certification practice
statement, or where there is no such statement, a statement containing such
particulars, as may be specified by regulation.
 On receipt of an application under sub-section (1), the certifying authority may,
after consideration of the certification practice statement or the other statement
under sub-section (3) and after making such enquiries as it may deem fit, grant
the digital signature certificate or for reason to be recorded in writing, reject the
application.

“No digital signature certificate shall be granted, unless the certifying authority is satisfied
that-

 the applicant holds the private key corresponding to the public key to be listed in the
digital signature certificate;
 the applicant holds a private key, which is capable of creating a digital signature;
 the public key to be listed in the certificate can be used to verify a digital signature
affixed by the private key held by the applicant”.

No application can be rejected unless an applicant has been heard that matter and given a
reasonable opportunity.

B. Representation to be checked while issuing digital signature certificate

According to section 36 of the Act, certifying Authority is required to certify the following,
while issuing a digital signature certificate-

 The subscriber has complied with the provision, rules and regulations made under the
ACT;
 The digital signature certificate has been published and is available to the person
relying on it and accepted by the subscriber;
 The subscriber holds the private key corresponding to the public key, listed in the
digital signature certificate.
  The subscriber’s public key and private key constitute a functioning key pair;
 The information contained in the digital signature certificate is accurate; and
 He has no knowledge of any material fact, which if it had been included in the digital
signature certificate would adversely affect the reliability of the representation made
in clauses (a) to (d)’.

C. Suspension of digital signature certificate

According to section 37 of the Act, “the digital signature certificate may be suspended by the
certifying authority on two parameters:

 Request from the subscriber

 Certifying authorities opinion

A reasonable opportunity must be given to the subscriber and the suspension will not be for a
period not more than fifteen days in such a case.

D. Revocation of digital signature certificate

According to section 38 of the Act, “a digital signature certificate may be revoked by the
certifying authority on the basis of request made by the subscriber or any person duly
authorised to do so or upon the death of the subscriber on upon the dissolution of the firm or
winding up of the company, where the subscriber is a firm or a company.”

Grounds for the revocation of digital signature certificate by the certifying authority would be
the false representation of the facts or concealment of facts; requirement for the issue of
digital signature certificates not obliged with security system is affected and relability is
questioned; the subscriber become insolvent and in case of accompany, it is wind up.

List of Certifying Authority certificates

Certifying Authorities are professional agencies, individuals, or corporate bodies, which
possess the technical skills to issue Digital Signature Certificates to those who want to send
secure e-records and digital signatures. In India, National Information Center (NIC) and Tata
Consultancy Services (TCS) are among the leading certifying authorities. The IT Act, 2000
has laid down the following Rules as the responsibilities of certifying authority.

“The following is the list of Certifying Authority Certificates mtnlTrust Line Public Primary
Certification Authority

 Safescrypt Time Stamping Authority

 Safescrypt India-RCAI Class
 Tata Consultancy Services Certifying Authority
 NIC Certifying Authority
 CONCLUSION
Looking from an overall perspective, the Information Technology Act, 2000 is a laudable
effort by the Government to create the necessary legal infrastructure for promotion and
growth of electronic commerce. Prior to the coming into effect of the IT Act, 2000, the
judiciary in India was reluctant to accept electronic records and communications as evidence.
Even e-mail was not accepted under the prevailing statutes of India as an accepted legal form
of communication and as evidence in a court of law. The IT Act, 2000 changed this scenario
by legal recognition of the electronic format. Indeed, the IT Act, 2000 is a step forward. From
the perspective of the corporate sector, the IT Act 2000 and its provisions contain the
following positive aspects: - The implications of these provisions for the corporate sector are
that email is now be a valid and legal form of communication in our country, which can be
duly produced and proved in a court of law. The corporates today thrive on email, not only as
the form of communication with entities outside the company but also as an indispensable
tool for intra company communication
 BIBLIOGRAPHY

https://shodhganga.inflibnet.ac.in/bitstream/10603/129448/14/14_conclusio
n%20and%20suggestion.pdf

https://www.toppr.com/guides/business-laws-cs/cyber-laws/regulation-of-
certifying-authorities/

https://www.gktoday.in/gk/controller-of-certifying-authorities/