The Digital Signature system based on Public Key Infrastructure was defined as the sole electronic authentication method under Information technology Act 2000 notified on 17th October 2000. However, as on the date of the notification of the Act, there was no infrastructure present for issue of Digital Certificates in India. As a result, the community had to wait until the first Certifying Authority license was issued on 5th February 2002 to Safescrypt which was a subsidiary of Sify.com. Subsequently licenses were issued to IDRBT, NIC, TCS, (n)Code, e-mudhra, MTNL, and Department of Central Excise. In the last few years, MTNL, the Department of Central Excise and TCS exited from the business (TCS license expires in 2017), leaving Safescrypt, (n)Code and E-Mudhra as Certifying Authorities (CAs) for the public, NIC for the Government and IDRBT for Bankers.
In the last one year, two new licensees have been added to the list of CAs. First was CDAC-PUne which was licensed on 29th June 2015 and more recently, “Capricorn Certifying Authority” in Delhi was licensed on 16th May 2016.
Of these two, CDAC CA is set up to cater to the needs of issuing Digital Certificates for eSign Services, which was notified as an additional method of authentication under Section 3A of ITA 2008 vide G.S.R. 61(E) dated 28th June 2015, under which e-authentication guidelines were issued by CCA on 24th June 2015. The notification of 28th June 2015 was however modified on 30th June 2015 vide G.S.R.539(E).
The eSign facility was first used on a beta basis in the DigiLocker service of the Government of India. Now it is learnt that a private company in Bangalore has launched a web based service using the e-Sign facility offered by CDAC.
The Capricorn Certifying Authority is launched in Delhi recently and is offering its services to the public. It therefore becomes the fourth CA besides Safescrypt, (n) Code and e-Mudhra to offer such services to public.
In the list of licensed CAs as available in the CCA website, there is a mention of Indian Air Force as a licensed Certifying Authority but no details of information has been provided. Assuming that this is not an error, it may be presumed that Indian AirForce has obtained a license probably for its internal use so that secure communication can take place between the AirForce employees which may include the defense personnel, the equipments used in air defense systems etc. In order to secure further information of the same the full details might not have been provided in the website.
This development where IAF has set up its own Certifying Authority with legal validity in India but for captive use is a good security policy which could be adopted by the Army and Navy.
While trying out the CDAC system of e-Sign, it was not clear if the system has been implemented properly and we hope in the coming days, the system would be fine tuned.