DIGITAL AND ELECTRONIC SIGNATURE By Shawlwin Sharma

Introduction

We are living in a world where carrying out daily business and personal activities are becoming very easy and smooth. In an era where digital signatures are being greatly embraced in the entire world, we no longer have any limitations in our business or personal lives.

Typically, physical documents like invoices will always need a handwritten signature to validate their authenticity. Just in the same way, electronic documents will also need authentication. This is the role of digital signatures. They serve to authenticate the electronic document.

The digital signature is an electronic signature that is used by senders of certain documents to show that the document originates from them. They are amazing in also ensuring the security of the document. If the document gets interfered with during the sending process, then the receiver will be able to know there has been an alteration because of the digital signature.

Digital signature certificates contain the person’s name, their pin-code, their country name, the email address, the date when the certificate was issued, and the certifying authority’s name. This certificate gives further validation of the digital signature.

Different countries have different provisions for digital signatures. The governments came up with regulations for their creating as well as their use, and this has helped with the adoption, dependability, and trustworthiness of digital signatures. For a digital signature to be effective and dependable, then it must be created within the confinements of the cryptography that is bound by industry-standards. Otherwise, it may be questionable.

These countries have made laws that govern the acceptability of these digital signatures, and they have become a very reliable way of doing businesses and communicating. They offer a lot of advantages and benefits to every user. As time goes by, paperwork is going to be eliminated because of digital signatures.


A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it. Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures.

Where Can You Use The Digital Signatures

The beauty of digital signatures is that they can be used by anyone for any reason they have. It has no restrictions. This means that the digital signature can be used in so many sectors of life. Here are a few places you can use the digital signature.

For personal use: You can always sign every document that you send out electronically for security purpose. It does not matter where you are sending the document and to whom. You can use it the best way you please.

In business: You can always send electronically signed documents to your business partners, investors, and other shareholders when communicating important official information. There are other examples where digital signatures are applicable, and they include signing business deals and signing proposals. This also includes those doing business in the Architecture, Engineering, and Construction companies (AEC). These signs can also be used in business to sign tenders, procurements, and even in making biddings. They make running of businesses very easy and smooth.

Return filling for GST: With the introduction of GST in India, businesses have seen better days. Even so, the filling of returns is what many people have had issues with. But because of the issuance of digital signatures and the availability of e-filling, the process has been made easier, faster, efficient, and convenient.

Filling of income tax: Many citizens of India always have to file their income tax returns all over India. The introduction of e-filling made things a little easier, and with the introduction of digital signatures, things have become better than ever. You can sign all the documents required while in the comfort of your home.

For ROC e-filling: Companies are required to file numerous documents with the Registrar of Companies in India. Therefore, digital signatures will come in handy when signing these documents.

Finance and insurance sector: This is yet another sector that needs a lot of paperwork. Whether it is the application of loans, mortgages, claiming of insurance or applying for one, signatures will always be required. To streamline these activities and make business smooth and easy, these institutions are using digital signatures. Digital can be used in every aspect of life. There are no restrictions as to where and when you can use the digital signatures unless stated otherwise in a certain country.

1. Certifying Authority to issue Digital Signature Certificate

(1) Any person may make an application to the Certifying Authority for the issue of a Digital Signature Certificate in such form as may be prescribed by the Central Government.

(2) Every such application shall be accompanied by such fee not exceeding twenty-five thousand rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority Provided that while prescribing fees under sub-section (2) different fees may be prescribed for different classes of applications;

(3) Every such application shall be accompanied by a certification practice statement or where there is no such statement, a statement containing such particulars, as may be specified by regulations.

(4) On receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the Certification practice statement or the other statement under sub-section (3) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application : Provided that no Digital Certificate shall be granted unless the Certifying Authority is satisfied that-

(a) the application holds the private key corresponding to the public key to be listed in the Digital Signature Certificate;

(b) the applicant holds a private key, which is capable of creating a digital signature;

(c) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant : Provided further that no application shall be rejected unless the applicant has been given a reasonable opportunity of showing cause against the proposed rejection.

2. Representation upon issuance of Digital Signature Certificate

A Certifying Authority while issuing a Digital Signature Certificate shall certify that-

(a) it has complied with the provisions of this Act and the rules and regulations made thereunder;

(b) it has published the Digital Signature Certificate or otherwise made it available to such person relying on it and the subscriber has accepted it;

(c) the subscriber holds the private key corresponding to the public key, listed in the Digital Signature Certificate;

(d) the subscriber's public key and private key constitute a functioning key pair;

(e) the information contained in the Digital Signature Certificate is accurate; and

(f) it has no knowledge of any material fact, which if it had been included in the Digital Signature Certificate would adversely affect the reliability of the representations made in clauses (a) to (d).

3. Suspension of Digital Signature Certificate

(1) Subject to the provisions of sub-section

(2), the Certifying Authority which has issued a Digital Signature Certificate may suspend such Digital Signature Certificate,-

(a) on receipt of a request to that effect from-

(i) the subscriber listed in the Digital Signature Certificate; or

(ii) any person duly authorised to act on behalf of that subscriber;

(b) if it is of opinion that the Digital Signature Certificate should be suspended in public interest.

(2) A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has been given an opportunity of being heard in the matter.

(3) On suspension of a Digital Signature Certificate under this section, the Certifying Authority shall communicate the same to the subscriber.

How To Get A Digital Signature

Digital signatures are becoming very popular in the whole world. Countries that approve the use of digital signatures have a structure that governs the acquisition and use of the digital signature. Even so, regardless of the country that you come from; the way of acquisition is standard. Digital signatures are created and issued by qualified individuals. For anyone to get a valid digital certificate, they must get it from a certifying authority (CA).

The Certifying Authority (CA) is a kind of Trust Service Provider, and it is a third-party organization that is trusted and accepted in a country. It has the power of issuing the citizens with digital signatures. These CAs have rules and regulations that they have to keep and be governed by.

When you are in India, you can use the following CAs to get your digital signature certificate.

eMudra

Digital Signature India

Government Approved Certifying Authorities

Documents Required For Obtaining A Digital Signature

Getting digital signature has its requirements and the requirements will vary depending on the country where one is. Even so, some documents cut across and one can expect that they may be required to produce these documents. The reason why these documents are required is to verify your identity. They also offer information about who you are. The information provided by the documents are also used on your digital signature certificate. Therefore, you must always provide the right information. Remember, the digital signature is going to attach to your documents, your identity because it shows you are the one sending the document. Therefore, you must always provide accurate information.

Some of the documents include:

• An application form that has been filled with accurate information and has been duly signed. When you are applying for any certificate, an application form rarely misses in the requirements.

• A photo because this is going to identify you physically. Therefore, always have a passport size photo with you when you go to apply for this certificate.

• Your identification will also be required which can be the driver’s license, your passport, an identification card, or any other. In India, you will also need your PAN card and a few other documents.

• Other than documents, you will also have to provide information such as your working mobile number, your email address, and sometimes your physical address.

• All this information will vary depending on where you are in the world. Remember, the requirements vary. Also, those foreign citizens who are applying for digital signatures in a certain country will have different requirements. The rules that govern such special cases are determined by the always of that particular country.

Electronic signature

An electronic signature or e-signature, indicates either that a person who demands to have created a message is the one who created it.

A signature can be defined as a schematic script related with a person. A signature on a document is a sign that the person accepts the purposes recorded in the document. In many engineering companies’ digital seals are also required for another layer of authentication and security. Digital seals and signatures are same as handwritten signatures and stamped seals. Electronic signature has also been dealt with under Section 3A of the IT Act, 2000. A subscriber can authenticate any electronic record by such electronic signature or electronic authentication technique which is considered reliable and may be specified in the Second Schedule.

Any electronic signature or electronic authentication technique will be considered reliable if

  1. the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or , as the case may be, the authenticator and of no other person;

  2. the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;

  3. any alteration to the electronic signature made after affixing such signature is detectable;

  4. any alteration to the information made after its authentication by electronic signature is detectable; and 34 (e) it fulfils such other conditions which may be prescribed. An electronic signature will be deemed to be a secure electronic signature if- (i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and (ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed. (Sec.15)

An Amendment to the IT Act in 2008 introduced the term electronic signatures. The implication of this Amendment is that it has helped to broaden the scope of the IT Act to include new techniques as and when technology becomes available for signing electronic records apart from Digital Signatures.

What types of e-signatures are recognized under the IT Act?

The IT Act recognizes two types of signatures:

(1) E-signatures that combine an Aadhaar with an eKYC service

Users with an Aadhaar ID, the unique identification number issued by the Indian government to all Indian residents, are free to use an online e-signature service to securely sign documents online. In this case, the online e-signature service integrates with an Application Service Provider (ASP) to provide users with a mobile or web app interface that they can interact with. The users then use this app interface to apply e-signatures to any online document by authenticating their identity using an eKYC service such as OTP (one-time passcode) provided by an e-sign service provider. The online e-signature service works with an accredited service provider to provide certificates and authentication services that comply with government guidelines. (

2) Digital signatures that are generated by an asymmetric crypto-system and hash function

An ‘asymmetric crypto system’ refers to a secure pair of keys: a private key and a public key. Both are unique to each user, and can be leveraged to verify and create an e-signature. In this scenario, users obtain a digital signature from a reputed Certifying Authority (CA) in the form of a digital certificate. These certificates typically include the user’s name, public key, the expiration date of the certificate, and other necessary information about the user. Operating systems and browsers typically maintain a list of trusted CA root certificates that are used to verify digital certificates issued by a CA.

The user might also be issued a USB token containing the digital-certificate-based ID, along with a personal PIN, to sign a document.

Which factors make e-signatures valid in India?

Here are the 5 criteria that e-signatures must satisfy in order to be valid, as per the IT Act:

(1) E-signatures must be uniquely linked to the person signing the document. This condition is often met by issuing a digital-certificate-based digital ID.

(2) At the time of signing, the signer must have total control over the data used to generate the e-signature. Most online e-signature service providers allow signers to directly affix their e-signature to the document in order to meet this requirement.

(3) Any alteration to the affixed e-signature or the document to which the signature is affixed must be detectable. This can be done by encrypting the document with a tamper-evident seal.

(4) There should be an audit trail that details steps taken during the signing process.

(5) The digital signature certificate must be issued by a Certifying Authority (CA) recognized by the Controller of Certifying Authorities (CCA) appointed under the IT Act.

Can document of all kinds be executed using e-signatures?

No. Certain documents that require a notarial process, or documents must be registered with a Registrar or Sub-Registrar, can only be executed using handwritten signatures to be legally enforceable. These include:

(1) Negotiable instruments such as a promissory note or a bill of exchange other than a cheque

(2) Powers of attorney

(3) Trust deeds

(4) Wills and any other testamentary disposition

(5) Real estate contracts such as leases or sales agreements

Key Differences Between Digital Signature and Electronic Signature

1. Digital signatures are consistently time-stamped while in electronic signature date and time can be associated with it but placed separately.

2. Digital Signatures comply the standards and enhance security by using cryptographic encryption methods. As against, electronic signatures does not depend on standards and tend to be less secure comparatively.

3. Authentication mechanism used in the electronic signature is not defined and uses signer’s email, phone PIN, etc. In contrast, digital signature involves certificate-based digital ID authentication method.

4. Digital signature ensures the security of the digital document whereas electronic signature is used for verifying the digital document.

5. In the digital signature, the signature validation is performed by the trusted certificate authorities while it is not the case in electronic signature.

6. Electronic signatures are prone to tampering. On the contrary, digital signatures are highly secured and offer tamper evidence.

Conclusion

Digital signatures have been around since many years and there is absolutely no harm in giving it a try. Specially, if you are running a business, you should definitely consider getting one as there are multiple applications.

16 views

Subscribe to Our Newsletter

  • LinkedIn Social Icon
  • Instagram
  • Facebook Social Icon
  • YouTube