The Ministry of Electronics and Information Technology (MEITY) has issued a Notification amending the Second Schedule of the Information Technology Act, 2000. This Notification was issued on 29th September 2020.
This notification has inserted a provision on e- authentication technique and procedure for creating and assessing subscriber’s signature key facilitated by trusted third-party.
It may be recalled that under section 3A of the IT Act, 2000 a subscriber can authenticate any electronic record by an electronic signature or electronic authentication as may be specified in the Second Schedule and which will be deemed to be reliable. The Second Schedule of the Information Technology Act prior to the amendment only mentioned e-Authentication technique using Aadhaar and other e-KYC services
The notification now therefore includes e- authentication techniques facilitated by trusted third-party.
The provision lays down certain duties on the trusted third party, for example, facilitating identity verification of the Digital Signature Certificate applicant, facilitating key pair-generation, secure storage of subscriber’s signature key, etc.
Furthermore, the Certifying Authority is required to verify the credentials of a Digital Signature Certificate applicant prior to issuing the Digital Signature Certificate. Such verification must be in accordance with the Identity Verification Guidelines that are issued by the Controller.
The Controller must also issue e-authentication guidelines which will stipulate for the manner and the requirements for authentication and storage of signature keys, the requirements for operating as a trusted third-party and the security procedure for creating the subscriber’s key pair.
For the purpose of effectuating this new provision, the relevant provisions under the Information Technology (Certifying Authorities) Rules, 2000 and Digital Signature (End entity) Rules, 2015 are also required to be complied with.
This newly inserted provision will now be in addition to the existing provision on e- authentication technique using Aadhaar and other e- KYC services.
