The Infomation Technology (Certifying Authority) Regulations, 2001
The Cyber Regulations Appellate Tribunal
 
Cyber Crime Branch Advisory
The Nigerian Scam
Important Links
Cyber Crime Investigation Cell
Delhi Police
Delhi Traffic Police

Section  No


VII. ELECTRONIC SIGNATURE CERTIFICATES

VII

 35

Certifying Authority to issue Electronic Signature Certificate

(1) 

Any person may make an application to the Certifying Authority for the issue of a Digital Signature Certificate in such form as may be prescribed by the Central Government.

(2)

Every such application shall be accompanied by such fee not exceeding twenty-five thousand rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority:

Provided that while prescribing fees under sub-section (2) different fees may be prescribed for different classes of applicants.

(3)

Every such application shall be accompanied by a certification practice statement or where there is no such statement, a statement containing such particulars, as may be specified by regulations.

(4)

On receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the certification practice statement or the other statement under sub-section (3) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application
 

Provided that

no application shall be rejected unless the applicant  has been given a reasonable opportunity of showing cause against the proposed  rejection.


36.

Representations upon issuance of Digital Signature Certificate

A Certifying Authority while issuing a Digital Signature Certificate shall certify that -

(a)

it has complied with the provisions of this Act and the rules and  regulations made there under;

(b)

it has published the Digital Signature Certificate or otherwise made it available to such person relying on it and the subscriber has accepted it;

(c)

the subscriber holds the private key corresponding to the public key,  listed in the Digital Signature Certificate;

(ca)   the subscriber holds a private key which is capable of creating a digital signature (Inserted vide ITAA 2008)
(cb)  the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the subscriber (Inserted vide ITAA 2008)

(d)

the subscriber's public key and private key constitute a functioning key  pair;

(e)

the information contained in the Digital Signature Certificate is  accurate;   and

(f)

it has no knowledge of any material fact, which if it had been included in  the Digital Signature Certificate would adversely affect the reliability of  the representations made in clauses (a) to (d).


37.

Suspension of Digital Signature Certificate.

(1)

Subject to the provisions of sub-section (2), the Certifying Authority which has issued a Digital Signature Certificate may suspend such Digital Signature Certificate -
 

(a)

on receipt of a request to that effect from -

(i)

the subscriber listed in the Digital Signature Certificate; or

(ii)

any person duly authorized to act on behalf of that subscriber;

(b)

if it is of opinion that the Digital Signature Certificate should be suspended in public interest

(2)

A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has been given an opportunity of being heard in the matter.

(3)

On suspension of a Digital Signature Certificate under this section, the Certifying Authority shall communicate the same to the subscriber.


38.

Revocation of Digital Signature Certificate.

(1)

A Certifying Authority may revoke a Digital Signature Certificate issued by it

(a)

where the subscriber or any other person authorized by him makes a request  to that effect; or

(b)

upon the death of the subscriber; or

(c)

upon the dissolution of the firm or winding up of the company where the subscriber is a firm or a company.

(2)

Subject to the provisions of sub-section (3) and without prejudice to the provisions of sub-section (1), a Certifying Authority may revoke a Digital Signature Certificate which has been issued by it at any time, if it is of opinion that -

(a)

a material fact represented in the Digital Signature Certificate is false  or has been concealed;

(b)

a requirement for issuance of the Digital Signature Certificate was not  satisfied;

(c)

the Certifying Authority's private key or security system was compromised  in a manner materially affecting the Digital Signature Certificate's  reliability;

(d)

the subscriber has been declared insolvent or dead or where a subscriber  is a firm or a company, which has been dissolved, wound-up or otherwise  ceased to exist.

(3)

A Digital Signature Certificate shall not be revoked unless the subscriber has been given an opportunity of being heard in the matter.

(4)

On revocation of a Digital Signature Certificate under this section, the Certifying Authority shall communicate the same to the subscriber.


39. 

Notice of suspension or revocation.
 

(1)

Where a Digital Signature Certificate is suspended or revoked under section 37 or section 38, the Certifying Authority shall publish a notice of such suspension or revocation, as the case may be, in the repository specified in the Digital Signature Certificate for publication of such notice.

(2)

Where one or more repositories are specified, the Certifying Authority shall publish notices of such suspension or revocation, as the case may be, in all such repositories.


Latest News

20 November 2010
30-Month Sentence For Bot Nets Used To Obtain Information From Other Computer Systems
19 October 2010
Computer Specialist Pleads Guilty to Securities Fraud Committed through Hacking, Botnets, Spam and Market Manipulation