|
CHAPTER
VII :
DIGITALELECTRONIC10F
SIGNATURE CERTIFICATES
35. Certifying
Authority to issue
DigitalElectronic10F
Signature Certificate
(1) Any person
may make an application to the Certifying Authority for the issue of
aan
DigitalElectronic10F
Signature Certificate in such form as may be prescribed by the Central
Government.
(2) Every such application shall be accompanied by such fee
not exceeding twenty-five thousand rupees
as
may be prescribed by the Central Government, to be paid to the Certifying
Authority :
Provided that while prescribing fees under sub-section (2) different fees
may be prescribed for different classes of applications;
(3)
Every such application shall be accompanied by a certification practice
statement or where there is no such statement, a statement containing such
particulars, as may be specified by regulations.
(4) On receipt of an application under sub-section (1), the Certifying
Authority may,10H
after
consideration of the Certification practice statement or the other
statement under sub-section (3) and
after making such
enquiries as it may deem fit, grant the
DigitalElectronic
Signature
Certificate or for reasons to be recorded in writing, reject the
application
in such
a manner as prescribed by the Central Government:
Provided that no
Digital
Certificate shall be granted unless the Certifying Authority is satisfied
that-
(a) the application holds the private key corresponding to the public key
to be listed in the
Digital
Signature Certificate;
(b) the applicant holds a private key, which is capable of creating a
digital
signature;
(c) the public key to be listed in the certificate can be used to verify a
digital
signature affixed by the private key held by the applicant :
Provided further that no application shall be rejected unless the
applicant has been given a reasonable opportunity of showing cause against
the proposed rejection.
36. Representation upon issuance of an
DigitalElectronic10I
Signature Certificate
A Certifying
Authority while issuing an
DigitalElectronic
10I
Signature Certificate shall certify that-
(a) it has complied with the provisions of this Act and the rules and
regulations made thereunder;
(b) it has published the
DigitalElectronic
10I
Signature Certificate or otherwise made it available to such person
relying on it and the subscriber has accepted it;
(c) the subscriber holds the private key corresponding to the public key,
listed in the
case of Digital
Signature Certificate;
10I
(d) the subscriber's public key and private key constitute a functioning
key pair
in the case of
Digital
Signature
Certificate;
10I
(e) the information contained in the
DigitalElectronic
Signature Certificate is accurate; and
(f) it has no knowledge of any material fact, which if it had been
included in the
DigitalElectronic11A
Signature Certificate would adversely affect the reliability of the
representations made in clauses (a) to (d).
37. Suspension of
DigitalElectronic11A
Signature Certificate
(1) Subject to
the provisions of sub-section (2), the Certifying Authority which has
issued a
DigitalElectronic11A
Signature Certificate may suspend such
DigitalElectronic11A
Signature Certificate,-
(a) on receipt of a request to that effect from-
(i) the subscriber listed in the
DigitalElectronic11A
Signature Certificate; or
(ii) any person duly authorised to act on behalf of that subscriber;
(b) if it is of opinion that the
DigitalElectronic11A
Signature Certificate should be suspended in public interest
on
receipt of direction from the Controller.
(2) A
Digital
Electronic
Signature
Certificate shall not be suspended for a period exceeding fifteen days
unless the subscriber has been given an opportunity of being heard in the
matter.
(3) On suspension of
aan
DigitalElectronic11A
Signature Certificate under this section, the Certifying Authority shall
communicate the same to the subscriber.
38. Revocation of
DigitalElectronic11A
Signature Certificate
(1) A Certifying
Authority may revoke an
DigitalElectronic11A
Signature Certificate issued by it-
(a) where the subscriber or any other person authorised by him makes a
request to that effect; or
(b) upon the death of the subscriber; or
(c) upon the dissolution of the firm or winding up of the company where
the subscriber is a firm or a company.
(2) Subject to the provisions of sub-section (3) and without prejudice to
the provisions of sub-section (1), a Certifying Authority may revoke a
DigitalElectronic
Signature
Certificate which has been issued by it at any time, if it is of opinion
that-
(a) a material fact represented in the
Application for
DigitalElectronic12A
Signature Certificate is false or has been concealed;
(b) a requirement for issuance of the
DigitalElectronic12A
Signature Certificate was not satisfied;
(c) the Certifying Authority's private key or security system was
compromised in a manner materially affecting the Digital Signature
Certificate's reliability;
(d) the subscriber has been declared insolvent or dead or where a
subscriber is a firm or a company, which has been dissolved, wound-up or
otherwise ceased to exist.
(3)
A
Digital
Electronic
Signature Certificate shall not be revoked unless the subscriber has been
given an opportunity of being heard in the matter.
(4) On revocation of
aan
DigitalElectronic12A
Signature Certificate under this section, the Certifying Authority shall
communicate the same to the subscriber.
39. Notice of suspension or revocation
(1) Where a
DigitalElectronic12A
Signature Certificate is suspended or revoked under section 37 or section
38, the Certifying Authority shall publish a notice of such suspension or
revocation, as the case may be, in the repository specified in the
DigitalElectronic12A
Signature Certificate for publication of such notice.
(2) Where one or more repositories are specified, the Certifying
Authority shall publish notice of such suspension or revocation, as the
case may be, in all such repositories.
|