1 / 22

Public Key Infrastructure (PKI) for Digital Signatures in India

Public Key Infrastructure (PKI) for Digital Signatures in India. Debjani Nag Deputy Controller Office of Controller of Certifying Authorities Department of Information Technology. IT Act, 2000.

ikia
Télécharger la présentation

Public Key Infrastructure (PKI) for Digital Signatures in India

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Infrastructure (PKI) for Digital Signatures in India Debjani Nag Deputy Controller Office of Controller of Certifying Authorities Department of Information Technology

  2. IT Act, 2000 • The Information Technology (IT) Act, 2000 facilitates acceptance of electronic records and Digital Signatures through a legal framework for establishing trust in e-Commerce and e-Governance. • A technology-specific act, Public Key Cryptography was specified as the technology for enabling digital signatures. • The IT Act has recently been amended to include newer technologies, if any, for electronic signatures

  3. Public Key Cryptography Document Encoded Document Encoded Document Document Private Public • No need to communicate the private key • The public key is used to decrypt documents • encrypted by the private key

  4. Public key Cryptography & Digital Signatures • Digital Signature created using the Private key is validated against the Public Key • Assurance of Authenticity • Change in Document => Original Digital Signature no longer valid •  Digital Signature is bound to the Document as well as the Signer => Assurance of Integrity

  5. Issues in Public key Cryptosystems • How will verifier get signers public key? • How will verifier authenticate signers public key ? • How will the signer be prevented from repudiating his/her digital signature?

  6. Certifying Authority • Issues Digital signature Certificates (Public Key Certificates). • Is widely known and trusted • Has well defined methods of assuring the identity of the parties to whom it issues certificates. • Confirms the attribution of a public key to a person by means of a public key certificate. • Always maintains online access to the Digital Signature Certificates issued. • Maintains online access to theCertificate Revocation List (CRL) - a list of Certificates that have been revoked and declared invalid

  7. User 1 certificate User 2 certificate . Public Key Certificate Digital Signature Certificate Certificate Database User credentials User credentials User’s Public Key CA’s Name Validation period Signature of CA Digitally Signed using CA’s private key Certificate Request Publish User’s Public key

  8. Public key Cryptography & Digital Signatures • Digital Signature Certificates(containing the public key) are issued by Certifying Authorities after Identity verification • Responsibility of protecting the private key lies with its owner. • Loss or compromise of private key should be communicated to the CA so as to result in REVOCATION of the corresponding Digital Signature Certificate.

  9. Controller of Certifying Authorities • Controller of Certifying Authorities (CCA), appointed under Section 17 of the IT Act, 2000, has established the Public Key Infrastructure (PKI) in India • CCA licenses Certifying Authorities (CAs) under section 21 of the IT Act and exercises supervision over their activities. • As the “Root” Authority, CCA certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates • The standards to be maintained by the CAs are also laid down by the CCA.

  10. Controller of Certifying Authorities • CCA certifies the public keys of the CAs, as Public Key Certificates (PKCs). • Eight Certifying Authorities have been licensed by CCA for issuing Digital Signature Certificates • Around 11,00,000 Digital Signature Certificates have been issued by the licensed Certifying Authorities till date.

  11. Root Certifying Authority of India (RCAI) • The CCA has established the RCAI under section 18(b) of the IT Act to digitally sign the public keys of CAs in the country • The requirements fulfilled by the RCAI include the following • All public key certificates corresponding to the signing private key of a CA are digitally signed by the CCA • Relying parties can verify the CAs public key signed by CCA through the CCA’s website

  12. Controller of Certifying Authorities • The CCA has established the Root Certifying Authority of India (RCAI) under section 18(b) of the IT Act to digitally sign the public keys of licensed CAs. • All public key certificates corresponding to the signing private key of a CA are digitally signed by the CCA. Relying parties can verify the CAs public key signed by CCA through the CCA’s website.

  13. India PKI CCA Safescrypt IDRBTCA TCSCA NICCA MTNLTrustline iCert (CBEC) (n)Code eMudhra

  14. Licensed CAs • Safescrypt • http://www.safescrypt.com/ • National Informatics Centre (NIC) • https://nicca.nic.in/ • IDRBT • Established by Reserve Bank of India, http://idrbtca.org.in/ • TCS • http://www.tcs-ca.tcs.co.in/

  15. Licensed CAs • MTNL • http://www.mtnltrustline.com/ • Customs & Central Excise • https://www.icert.gov.in/ • (n)Code Solutions CA (GNFC) • https://www.ncodesolutions.com/ • 3i Infotech Consumer Services • http://www.e-Mudhra.com

  16. CCA’s role • Licensing Certifying Authorities (CAs) under section 21 of the IT Act and exercising supervision over their activities. • Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates • Certifying the public keys of the CAs, as Public Key Certificates (PKCs). • Laying down the standards to be maintained by the CAs, • Addressing the issues related to the licensing process including: • Approving the Certification Practice Statement(CPS); • Auditing the physical and technical infrastructure of the applicants through a panel of auditors maintained by the CCA.

  17. Audit Process • Adequacy of security policies and their implementation; • Existence of adequate physical security; • Evaluation of functionalities in technology as it supports CA operations; • Compliance to the adopted Certification Practice Statement (CPS); • Adequacy of contracts/agreements for all outsourced CA operations; • Adherence to Information Technology Act 2000, the Rules, Regulations and Guidelines issued by the Controller from time-to-time.

  18. PKI Implementation in India

  19. PKI enabled Applications • Ministry of Corporate Affairs MCA21 for e-filing • Income Tax e-filing • Indian Railway Catering & Tourism Corporation (IRCTC) • Director General of Foreign Trade (DGFT) • Reserve Bank of India (SFMS & RTGS) eProcurement • Indian Farmers Fertiliser Cooperative Limited(IFFCO) • Directorate General of Supplies & Disposals • Oil and Natural Gas Corporation • Gas Authority of India Ltd • Air-India • Railways

  20. Promotional initiatives • Interoperability Guidelines for DSC are expected to be notified soon for being followed by CAs in issuing the DSCs. • To ensure that the PKI set up in India is in line with international standards and best practices, a review of the existing PKI has been carried out and upgrade Guidelines are being issued.

  21. Promotional initiatives • The On-line Certificate Validation Service (OCVS) is being set up to meet the requirements placed on validity of DSCs for higher assurance levels. • The India PKI Forum is being registered as a not-for-profit society. • The India PKI Forum has become a Principal member of the Asia PKI Consortium (APKIC). •  CCA’s Root Certificate is being incorporated in Microsoft Internet Explorer browser for ease of establishment of trust. Subsequently other browsers will be taken up

  22. http://cca.gov.in Thank you

More Related