For creating electronic signatures, the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA) licensed by the Controller of Certifying Authorities (CCA) under the Information Technology (IT) Act, 2000. Before a CA issues a DSC, the identity and address of the signer must be verified. The private key used for creating the electronic signature is stored in hardware cryptographic token which is secured with a password/pin. This current scheme of in-person physical presence, paper document based identity & address verification and issuance of hardware cryptographic tokens does not scale to a billion+ people. For offering fully paperless citizen services, mass adoption of digital signature is necessary.
To address these concerns, Govt. of India through the Department of Electronics and Information Technology, Ministry of Communications and Information Technology has launched a simple to use online service which allows everyone to have the ability to digitally sign electronic documents.
What is eSign?
eSign facilitates digitally signing a document by an Aadhaar holder using an Online Service. eSign is designed for applying Digital Signature using authentication of signer through Aadhaar e-KYC service. This is an integrated service which facilitates issuing a Digital Signature Certificate and performing signing of requested data by authenticating the Aadhaar holder. Aadhaar is mandatory for availing the eSign Service.
What are the expected benefits of eSign?
Easy and secure way to digitally sign information anywhere, anytime –eSign is an online service that offers application service providers the functionality to authenticate signers and perform the digital signing of documents using Aadhaar e-KYC service. Hardware tokens are not required to be used.
Facilitates legally valid signatures –eSign process involves consumer consent, Digital Signature Certificate generation, Digital Signature creation & affixing and Digital Signature Certificate acceptance in accordance with the provisions of the Information Technology (IT) Act, 2000. It enforces compliance, through API specification and licensing model of APIs. Comprehensive digital audit trail – in-built to confirm the validity of transactions is also preserved.
Flexible and easy to implement –eSign provides configurable authentication options in line with Aadhaar e-KYC service and also records the Aadhaar number that is used to verify the identity of the signer. The authentication options for eKYC include biometric (fingerprint or iris scan) or OTP (through the registered mobile in the Aadhaar database). eSign enables millions of Aadhaar holders easy access to legally valid Digital Signature service.
Respecting privacy – eSign ensures the privacy of the signer by requiring that only the thumbprint (hash) of the document be submitted for signature function instead of the whole document.
Secure online service – The eSign Service is governed by e-authentication guidelines. While authentication of the signer is carried out using Aadhaar e-KYC services, the signature on the document is carried out on a backend server of the e-Sign provider. eSign services are offered by trusted third party service provider, currently Certifying Authorities (CA) licensed under the IT Act.
To enhance security and prevent misuse, Aadhaar holders private keys are created on Hardware Security Module (HSM) and destroyed.
Save cost and time
|
Improve User Convenience
|
Easy to apply Digital Signature
|
Verifiable Signatures and Signatory
|
Legally recognized
|
Managed by Licensed CAs
|
Privacy concerns addressed
|
Simple Signature verification
|
Short validity certificates
|
Aadhaar e-KYC based authentication
|
Flexible and fast integration with application
|
Biometric or OTP based authentication
|
Aadhaar is mandatory
|
Integrity with a complete audit trail
|
API subscription Model
|
No key storage and key protection concerns
|
Suitable for individual, business and Government
|
Immediate destruction of keys after usage
|