RA interacts with the subscribers for providing CA services. The RA is subsumed in the CA, which takes total responsibility for all actions of the RA.
A new message saying that the current message supersedes the earlier one can be sent to the recipient(s). This assumes that all messages are time stamped
Prior to cessation of operations the CA has to follow procedures as laid down under the IT Act. Such problems should not therefore exist.
Yes, it is a mandatory requirement under IT Act 2000
No, there is no threat to the security of the owner / users digital signature, if the private key lies on the smartcard /crypto token and does not leave the SmartCard/cryptotoken.
Ideally, not within the same class.
No. The Digital signature changes with content of the message.
It depends upon the how the subscriber has kept his private keys. If private key is not stored securely, then it can be misused without the knowledge of the owner of the private key.
CA has no liability, since CA is only facilitating end-to-end secure communication using digital signature.
Under the IT Act, 2000 Digital Signatures are at par with hand written signatures. Therefore, similar court proceedings will be followed.
In PKCS #10 format
Yes. On moving from one department to another, if the procedures in place so demand, then the existing certificate will be revoked and a new one issued. In any case, the digital signature generated is different each time, even if the same key has been used.
No. As per IT Act, 2000 there is no provision of a sub CA. All CAs must be granted license by CCA, India. In case of any dispute, the CA licensed by CCA will be answerable.
The sanctity of such a certificate will be as per the agreement between outside CA and a licensed CA in India. Such an agreement has to be approved by the CCA
CPS (Certification Practice Statement): A statement of the practices, which a certification authority employs in issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its trustworthy system and the practices it employs in its operations and in support of issuance of a certificate. General CPS framework is given in the guidelines.
Detailed information, financial, technical and procedural is obtained from the CA as part of the application for license . These are examined and audited. Additionally, the following are done: - Supervision of activities of CAs. - Auditing of CPS - Auditing Hardware/Software - Certifying public key of CA. - Laying down standards to be maintained by CAs to ensure continues compliance to the requirements of the IT ACT 2000
Yes, auditing is a continuous process. According to the Rules under the IT Act 2000.
Clearly, all certificates, not to mention technology applications, cannot and would not be issued by a single CA. Multiple CA's do and must exist. Inter operability between CAs- national and cross-border - has been addressed as Cross Certification. As per Information Technology (Certifying Authority) Rules, 2000
The licensed CA shall have arrangement for cross certification with other licensed CAs within India, which shall be submitted to the Controller before the commencement of their operations as per rule 20. Disputes arising as a result of such arrangements shall be submitted to CCA, India for arbitration or resolution.
The arrangement for cross certification by the licensed CA with a foreign CA along with the application shall be submitted to CCA, India. The licensed CA shall not commence cross certification operations unless it has obtained the written or digital signature approval from CCA, India.
It is not mandatory. However, certificates could be issued for different purposes to the same individual. e.g. by the bank where the individual has an account, by the government to the individual as a citizen etc.
In addition to four classes of certificates given below, the Certifying Authority may issue more classes of Public Key Certificates, but these must be explicitly defined including the purpose for which each class is used and the verification methods underlying the issuance of the certificate. The suggested four classes are the following :-
Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user's name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
Aadhaar eKyc - OTP : Aadhaar OTP class of certificates shall be issued for individuals use based on OTP authentication of subscriber through Aadhaar eKyc. These certificates will confirm that the information in Digital Signature certificate provided by the subscriber is same as information retained in the Aadhaar databases pertaining to the subscriber as Aadhaar holder
Aadhaar eKyc - biometric: Aadhaar biometric class of certificates shall be issued based on biometric authentication of subscriber through Aadhaar eKyc service. These certificates will confirm that the information in Digital Signature certificate provided by the subscriber same as information retained in the Aadhaar databases pertaining to the subscriber as Aadhaar holder.
Yes, it can be downloaded from CCA website.
CCAs Root certificate can be downloaded from CCAs web site cca.gov.in
The RCAI Root certificate is the highest level of certification in India. It is used to sign the public keys of the Licensed CAs in India. The RCAI root certificate is a self-signed certificate.
The Office of Controller of Certifying Authorities (CCA), issues Certificate only to Certifying Authorities.CA issue Digital Signature Certificate to end-user. You can approach any one of the seven CAs for getting Digital Signature Certificate. The website addresses are given below.