THE SECOND SCHEDULE 
[See sub-section (1) of section 3A]

Electronic Signature or Electronic Authentication Technique and Procedure

(Substituted vide ITAA-2006)

 

Sl No Description

Procedure

1 e-authentication technique using Aadhaar e-KYC services

Authentication of an electronic record by e-authentication Technique which shall be done by-

(a) the applicable use of e-authentication, hash, and asymmetric crypto system techniques, leading to issuance of Digital Signature Certificate by Certifying Authority

(b) a trusted third party service by subscriber's key pair-generation, storing of key pairs on hardware security module [Ref GSR 539(E) of 30th June 2015] and creation of digital signature

-provided that the trusted third party shall be offered by the certifying authority.

The trusted third party shall send application form and certificate signing request to the Certifying Authority for issuing a Digital Signature Certificate to the subscriber.

(c) Issuance of Digital Signature Certificate by Certifying Authority shall be based on e-authentication, particulars specified in Form C of Schedule IV of the Information Technology (Certifying Authorities) Rules, 2000, digitally signed verified information from Aadhaar e-KYC services and electronic consent of Digital Signature Certificate applicant.

(d) The manner and requirements for e-authentication shall be as issued by the Controller from time to time.

(e) The security procedure for creating the subscriber’s key pair shall be in accordance with the e-authentication guidelines issued by the Controller.

(f) The standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant.

(g) The manner in which information is authenticated by means of digital signature shall comply with the standards specified in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 in so far as they relate to the creation, storage and transmission of Digital Signature Certificate."

(Inserted on 28th January 2015 vide GSR 61(E)

(g) The manner in which the information is authenticated by means of digital signature shall comply with the manner and standards specified in rules 3 to 12 of the Digital Signature (End entity) Rules 2015 in so far as they relate to the creation, storage and verification of Digital Signature

(Replaced vide GSR 446(E) of 27th April 2016

   

PS: The third schdule and fourth schedule of ITA-2000 is omitted vide ITAA 2006.

However Amendments have been made to Indian Penal Code and Indian Evidence Act concurrent with the ITAA-2006 which is considered Part III and IV of the Information Technology Amendment Act 2006