Digital Signature Certificates (DSC) play an important role in e-Governance by providing secure and reliable electronic authentication of a person's identity. DSCs are used for electronic transactions that require a high level of security, such as online tax filing, company incorporation, procurement of goods and services, and submission of tender bids.
1. Contribution of DSC in e-Governance
A Digital Signature Certificate (DSC) or popularly called as Digital Signature is an electronic
form of a physical certificate. It is used to authenticate the identity of the sender of a document
or its signer while ensuring that the content of the document is untampered.
As the world is turning digital, DSC is growing in popularity and is being widely used to sign
documents. They are easily transportable, unduplicated, and automatically time-stamped. DSCs
can be widely used in any type of document signing, whether or not encrypted.
Requisites to apply for a DSC
A Digital Signature Certificate can be issued by any licensed Certifying Authority (CA)
conforming to the rules and regulations as set by the Indian IT Act - 2000. Registering and
obtaining a DSC from a CA is very easy. Here are three processes through which you can
acquire a DSC:
➢ The applicant with their original documents can approach the CA directly. These
documents may be needed for verification purposes.
➢ Whether the applicant or the CA belong to different locations or they are working at a
different time zone altogether, you can easily apply for a digital signature certificate
online. This virtual application is possible through Aadhar e-KYC where no supporting
documents are required.
➢ An applicant can also produce a certificate issued by the Bank mentioning the
requirement of a DSC. In such a case, the bank official needs to verify the digital
signature and the certificate must be certified by the bank manager.
What is e-Governance?
Electronic Governance or e-Governance is the functioning of the government using Information
and Communications Technology (ICT). It is the government’s initiative to move towards Simple,
Moral, Accountable, Responsive and Transparent (SMART) governance.
E-Governance facilitates the transaction between various stakeholders, which include G2C
(Government to Citizens), G2B (Government to Business), G2G (Government to Government),
and G2E (Government to Employee).
Incorporation of Digital Signatures in e-Governance
2. NeGP or National e-Governance Plan is a digital initiative by the Government of India in order to
make government services easily accessible to the common man, in order to ensure efficiency,
transparency and reliability of such services. The implementation of the NeGP scheme has
made it possible for various government services to easily adapt to the new digital age, which
helps them to efficiently and effectively carry out their business activities.
With so much documentation going digital, the utmost necessity was to make it secure. Digital
signatures were found as the solution to serve the purpose of securing these important
documents with legally enforceable signatures. It proved to be a cost-effective solution for slow
and expensive paper-based approvals.
How does a Digital Signature Work?
Digital Signatures use a Public Key Infrastructure (PKI) to generate two keys, Public and Private
Keys, for the DSC owner. With cryptography, these keys are used to encrypt and decrypt the
document. The public key can be shared with everyone, keeping the private key confidential
with the owner. When an online document is signed digitally, the sender uses the private key to
verify the authenticity of the digital signature, and the receiver uses the sender’s public key to
view the document. This functionality in Digital Signature Certificates ensures that the
documents shared/exchanged between the parties remain secure and the content in these
documents remain unaltered.
Important Features of Digital Signatures
Digital Signature Certificates provide three main features:
➢ Authentication - It is easy to identify the origin of a message because of the public key
cryptography. And with a valid signature it is possible to identify the sender.
➢ Integrity - The Public Key Infrastructure helps to ensure that the message is encrypted
and decrypted within the parties involved in the transmission of a message and that the
content of the message in the process is not altered.
➢ Non-repudiation - Once the signature of a sender is verified and authenticated, it can
be used to sign any document for innumerable times. A sender who has signed a
document cannot later deny signing it.
Public Key Infrastructure (PKI) in India
The Government of India has formed a hierarchical structure for the PKI to lay the foundation for
secure online communication and ensure its authenticity and privacy. At the top of the hierarchy
the Controller of Certifying Authorities (CCA) functions both as the apex authority and the
Root Certifying Authority of India (RCAI), who is responsible for issuing the Public Key
Certificates to licensed Certifying Authorities known as CA. The role of CAs is to issue the
Digital Signature Certificates. There is a Registration Authority (RA) who verifies a Certifying
Authority before a Digital Signature Certificate is issued to an applicant. Within this process of
verification, the RA processes the requests of the applicants, confirms their identity and
documents them into the user database.
Examples of e-Governance Applications who use Digital Signature
Certificates
❖ MCA21
❖ Income Tax e-filing
❖ IRCTC
❖ DGFT
❖ RBI Applications
❖ NSDG
❖ eProcurement
3. ❖ eOffice
❖ eDistrict Applications of states like UP, Assam etc.
Key Takeaways
➢ Governments sought transparency with the citizens by taking a step towards going
digital on their processes.
➢ To attach the sense of authenticity and trust, Digital Signatures were found to be the apt
solution in documentation of the volumes of private documents exchanged between
individuals.
➢ The Public Key Infrastructure (PKI) was laid as a foundation to ensure secure online
communication and ensure that your private information is always kept private.