controller of certifying authorities public key infrastructure for digital signatures under the it...
TRANSCRIPT
![Page 1: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/1.jpg)
Controller ofCertifying Authorities
Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status
Mrs Debjani NagDeputy Controller
![Page 2: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/2.jpg)
Electronic Transactions
The success of electronic transactions depends on“the trust that the transacting parties place in the
security of the transmission and content of their communications”
• Authenticity• Non-Repudiability• Confidentiality • Integrity
![Page 3: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/3.jpg)
Information Technology (IT) Act, 2000
Accorded legal recognition to Digital signatures Digital signatures treated at par with handwritten signaturesTechnology-specific
![Page 4: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/4.jpg)
Public key cryptography for Digital signatures
Pair of keys for every entityOne Public key – known to everyone
One Private key – known only to the possessor
To digitally sign an electronic document the signer uses his/her Private key.
To verify a digital signature the verifier uses the signer’s Public key.
No need to communicate private keys
![Page 5: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/5.jpg)
Creating a Digital signature
Encryption Algorithm
Encryption Algorithm
Signed document
DocumentDocument
Document+
Digital signature
Document+
Digital signature
Private KeyPrivate Key
![Page 6: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/6.jpg)
Verifying a Digital signature
Decryption Algorithm
Decryption Algorithm
Document+
Digital signature
Document+
Digital signature
Signature verification and
Document integrity
Signature verification and
Document integrity
Public Key of signer
Public Key of signer
![Page 7: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/7.jpg)
Public key Cryptography & Digital Signatures
Assurance of Authenticity of the Digital Signature created by the Private key is determined by the Trust that can be placed in the Public key
Public key Certificates or Digital Signature Certificates bind a “public key” to an “Identity”
![Page 8: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/8.jpg)
Public key Cryptography & Digital Signatures
Change in Document => Change in the Digital Signature
Digital Signature is bound to the Document as well as the Signer => Assurance of Integrity
![Page 9: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/9.jpg)
Issues in Public key Cryptosystems
How will verifier get signers public key?How will verifier authenticate signers public key ?How will the signer be prevented from repudiating his/her digital signature?
![Page 10: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/10.jpg)
Public key Cryptography & Digital Signatures
Digital Signature Certificates(containing the public key) are issued by Certifying Authorities after Identity verification
Responsibility of protecting the private key lies with its owner.
Loss or compromise of private key should be communicated to the CA so as to result in REVOCATION of the corresponding Digital Signature Certificate.
![Page 11: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/11.jpg)
Certifying Authority
Issues Digital signature Certificates (Public Key Certificates). Is widely known and trustedHas well defined methods of assuring the identity of the parties to whom it issues certificates.Confirms the attribution of a public key to a person by means of a public key certificate.Always maintains online access to the Digital Signature Certificates issued.
![Page 12: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/12.jpg)
Public Key Certification
Usercredentials
User’sPublicKey
CA’sName
Validationperiod
Signatureof CA
Usercredentials
User’sPublicKey
CA’sName
Validationperiod
Signatureof CA
User 1 certificate
User 2 certificate.
User 1 certificate
User 2 certificate.
DigitallySigned usingCA’s
privatekey
DigitallySigned usingCA’s
privatekey
Usercredentials
Usercredentials
User’s Publickey
User’s Publickey
Digital Signature Certificate Certificate Database
PublishCertificateRequest
![Page 13: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/13.jpg)
Certificate Revocation List (CRL)
A list of Certificates that have been revoked and declared invalid
![Page 14: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/14.jpg)
Public Key Infrastructure & the IT Act 2000
Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates
![Page 15: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/15.jpg)
CCA’s roleLicensing Certifying Authorities (CAs) under section 21 of the IT Act and exercising supervision over their activities. Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature CertificatesCertifying the public keys of the CAs, as Public Key Certificates (PKCs). Laying down the standards to be maintained by the CAs, Addressing the issues related to the licensing process including:
• Approving the Certification Practice Statement(CPS); • Auditing the physical and technical infrastructure of the
applicants through a panel of auditors maintained by the CCA.
![Page 16: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/16.jpg)
Audit Process
Adequacy of security policies and their implementation;Existence of adequate physical security;Evaluation of functionalities in technology as it supports CA operations;Compliance to the adopted Certification Practice Statement (CPS);Adequacy of contracts/agreements for all outsourced CA operations;Adherence to Information Technology Act 2000, the Rules, Regulations and Guidelines issued by the Controller from time-to-time.
![Page 17: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/17.jpg)
CCA’s technical Infrastructure
The CCA operates the following :-Root Certifying Authority (RCAI) under section 18(b) of the IT Act, and National Repository of Digital Signature Certificates (NRDC) under section 20 of the IT Act.
![Page 18: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/18.jpg)
Internet
Directory Client
CA
CA
CA
LAN
Cert/CRL
Cert/CRL
Cert/CRL
RCAI
CCA
NRDC
RelyingParty
SubscriberSubscriber Subscriber
CA Public Keys Certified by RCAI CA’s Revoked Keys
CCA : Certificates of Public Keys of CAs National Repository of Certificates
![Page 19: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/19.jpg)
CCA
TCSCA NICCASafescrypt
India PKI
IDRBTCAiCert(CBEC)
(n)CodeMTNLTrustline
![Page 20: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/20.jpg)
PKI enabled Applications
eProcurementIFFCODGS&DONGCGAILAir-IndiaRailways
OthersMCA21Income Tax e-filingIRCTCDGFTRBI Applications (SFMS)
![Page 21: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/21.jpg)
Challenges ahead
InteroperabilityUniformity in certificate contentsValidation methods - Certificate Revocation Lists,..International alliances
End User AdoptionApplication interoperability.Digital Signature Certificate interoperability.Trusted Verification Authority.Storage medium
![Page 22: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/22.jpg)
Challenges ahead ..contd
Awareness• Understanding of digital signature concepts• Knowledge about legal rights, duties and
liability of owning digital certificate
![Page 23: Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649db65503460f94aa795b/html5/thumbnails/23.jpg)
Controller ofCertifying Authorities
http://cca.gov.in
Thank you