Indian Regulations regarding Recognition of Foreign Certifying Authorities : Facilitating Cross-Border Trade and Investments - PowerPoint PPT Presentation

Loading...

PPT – Indian Regulations regarding Recognition of Foreign Certifying Authorities : Facilitating Cross-Border Trade and Investments PowerPoint presentation | free to download - id: 6a144d-YjgxZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Indian Regulations regarding Recognition of Foreign Certifying Authorities : Facilitating Cross-Border Trade and Investments

Description:

Indian Regulations regarding Recognition of Foreign Certifying Authorities : Facilitating Cross-Border Trade and Investments using Digital Signatures – PowerPoint PPT presentation

Number of Views:129
Avg rating:3.0/5.0
Slides: 16
Provided by: Compaq
Learn more at: http://www.afact.org
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Indian Regulations regarding Recognition of Foreign Certifying Authorities : Facilitating Cross-Border Trade and Investments


1
Indian Regulations regarding Recognition of
Foreign Certifying Authorities Facilitating
Cross-Border Trade and Investments using Digital
Signatures
Website cca.gov.in E-mail takhan_at_nic.in
Tahseen A Khan
2
AFACT Members and India
  • AFACT members are already having strong economic
    linkages with India , eg ,
  • India - ASEAN trade 79.3 billion (2011-12) ,
    target of 100 billon by 2015 and 200 billion by
    2022.
  • India - China trade 67 billion (2011-12) ,
    target of 100 billion by 2015
  • India - Iran Trade 13.4 billion (2009-10) ,
    India is also involved in projects like
    development of Chabahar Port , International
    North-South Corridor.
  • India Japan Trade 18.43 billion
    (2011-12),Comprehensive Economic Partnership
    Agreement signed.
  • India Republic of Korea 20.5 billion
    (2010-11) , target of 40 billion by 2015.
    Comprehensive Economic Partnership Agreement in
    force.
  • Cross-border trade could be further facilitated
    by use of Digital Signatures

3
Why Digital Signatures?
For using Internet as a safe and secure medium
for e-Commerce and e-Governance Most countries
have already given Legal Validity to Documents
signed digitally. Electronic documents are
convenient for copying,transmission,storage. Reduc
es dependence paper based documents , hence
environment friendly. Digital Signatures provide
Authenticity(assurance of the genuineness of the
source/signer), Integrity(assurance that document
hasn't been changed after signing) and
Non-repudiation(the signer cannot later deny
signing the document ) to electronic documents.
4
Digital Signature Usage in AFACT
member countries
Many of the AFACT members like Japan,
S.Korea, India, Chinese Taipei, Malaysia,
Singapore have already implemented Electronic
Signature Act/IT Act modelled on UNCITRAL's Model
Law and have provided legal validity to documents
signed digitally at par with paper
signature. The use of Digital Signatures is
already widespread in many AFACT members and is
increasing further due to presence of strong,
secure and robust PKI environments
5
Public Key Infrastructure in India
  • Information Technology Act , 2000 has given legal
    recognition to documents signed Digitally.
  • Controller of Certifying Authorities(CCA) acts as
    the Regulator and Facilitator of PKI in India
  • Certifying Authorities are licensed by the
    Controller (CCA).Compliance with the Information
    Technology Act , 2000 and other Rules and
    Regulations is monitored by the CCA.
  • Office of CCA is also Root Certifying Authority
    of India. Public Keys of licensed Certifying
    Authorities are signed by the Office of CCA.
  • More than 6.6 Million Digital Signature
    Certificates have been issued till now.
  • Broad applications include eLICENCE ,
    ePROCUREMENT, eIPO, eIncome Tax, eBanking ,
    e-Governance .

6
Current Scenario Public Key Infrastructure (PKI)
  • Digitally signed documents are signed using a
    Private Key and verified using corresponding
    Public Key.
  • Some Trusted Agency is required which certifies
    the association of an individual with the key
    pair.
  • Such trusted agencies are called Certifying
    Authorities(CA).Most countries issue licenses to
    agencies which operate as CAs.
  • Documents signed using Digital Signature
    Certificate issued by such recognized Certifying
    Authorities are legally equivalent to documents
    signed manually in most countries.
  • However, a CA which is legally recognized in
    country X may not be legally recognized in
    country Y

7
Limiting Recognition of Certifying Authorities
creates few inconveniences Mr Good-Trader in
a country Utopia has a Digital Signature
Certificate issued by SecureCA, a recognized
Certifying Authority in Utopia and wants to
sign a document and send it to Mr Good-Customer
in another country Heaven. However, SecureCA
is not a recognized Certifying Authority in
Heaven and hence the digitally signed document
lacks legal validity in Heaven . To increase
Mr. Good-Trader's problems , no recognized
Certifying Authority of Heaven is having local
presence in Utopia
8
A possible Solution
The two countries Utopia and Heaven can
have an arrangement through which recognized
,licensed Certifying Authorities in both the
countries are mutually recognized and Digital
Signatures Certificates issued by them are
accepted
9
Recognition of Foreign CAs Indian Law
  • As per Section 19 (1) of the Information
    Technology Act , 2000 subject to conditions and
    restrictions as specified by regulations in this
    regard, the Controller may with the previous
    approval of the Central Government, and by
    notification in the Official Gazette, recognise
    any foreign Certifying Authority.
  • Section 89 of the Information Technology Act ,
    2000 requires consultation with the Cyber
    Regulations Advisory Committee and previous
    approval of the Central Government for framing
    Regulations for recognition of Foreign CAs.
  • The Controller of Certifying Authorities
    ,following the procedure given in the IT Act ,
    has issued Notification containing Regulations
    regarding Recognition of Foreign CAs.
  • The Notification can be accessed on CCA's
    website
  • http//cca.gov.in/cca/sites/all/Recognition_of_for
    eignCA.PDF

10
Recognition of Foreign CAs Indian Law
  • The Notification contains two sets of Regulations
  • One for recognized Foreign Certifying Authorities
    operating under a PKI Regulatory Authority
    comparable to that in India.
  • Other set of Regulations for those Foreign
    Certifying Authorities which are not operating
    under a PKI Regulatory Authority.

11
For Foreign Certifying Authorities operating
under a Regulatory Authority
  • Digital Signature Certificates issued by a
    Foreign Certifying Authority ,which has been
    authorized by legally recognized Regulatory
    Authority of its country , will be recognized in
    India, if the Controller of Certifying
    Authorities enters into a memorandum of
    understanding with the recognized Foreign
    Regulatory Authority.
  • Before entering into a Memorandum of
    Understanding , the Controller will ensure that
    the laws of the country under which such
    regulatory authority is established , require a
    level of reliability at least equivalent to that
    required for issuance of a Digital Signature
    Certificate under the IT Act of India ,2000
  • The following are some of the factors , to be
    used for determining the level of reliability
  • (a)Financial and human resources, including
    existence of assets within the country
  • (b)Trustworthiness of hardware and software
    systems
  • (c)Procedures for processing of certificates and
    applications for certificates and retention of
    records
  • (d)Availability of information to subscribers
    identified in certificates and to potential
    relying parties
  • (e)Regularity and extent of Audit by an
    independent body
  • (f)Strength of Algorithms used.

12


We look forward to enter in MoUs with PKI
Regulators from various countries for mutual
recognition of Certifying Authorities. The
details of Regulations in this regard are
available on the website cca.gov.in .
13
Foreign Certifying Authorities not operating
under any Regulatory Authority

  • Many countries do not have PKI Regulators like
    India. Certifying Authorities from such countries
    may also apply for recognition.
  • Recognition may be granted if the Controller is
    satisfied about their reliability , security and
    fulfillment other conditions.
  • Such CAs will have to apply to the CCA in the
    prescribed format. The Application should contain
    documents like CPS,a statement including the
    procedures with respect to identification of the
    applicant,a statement for the purpose and scope
    of anticipated Digital Signature Certificate
    technology, management, or operations to be
    outsourced, certified copies of the business
    registration documents and licences.
  • Further, such CAs will have to establish a Local
    Office in India and submit a performance bond.

14
International Initiatives for Cross-Border
Recognition of Digital / Electronic Signatures
  • Regional Commonwealth in the field of
    Communications The Trans-boundary Trust
    Space CIS Member States
  • http//www.en.rcc.org.ru/index.php/rcc-activities/
    informatization-/261211
  • European Union Revision of e-Signature
    Directive for Cross-Border Mutual Recognition of
    Electronic IDs .
  • http//ec.europa.eu/digital-agenda/en/pillar-i-dig
    ital-single-market/action-8-revision-esignature-di
    rective
  • UN/CEFACT A Project named Recommendation for
    ensuring legally significant trusted
    trans-boundary electronic interaction has been
    proposed , Recommendation 14.



15
Path Ahead
  • PKI Regulators need to work together to establish
    mutually acceptable Inter-operability Guidelines,
    security and audit criteria. However, in case
    countries whose IT Act/Electronic Signature Act
    is based on Model UNCITRAL Laws have some
    commonalities which will help in evolving such
    Guidelines.
  • MoUs for Mutual Recognition
  • Initiated with Korea through KISA, Iran through
    GRCA, Russia, Israel, Nepal, China, UNESCAP
    SRO-SSWA etc.
  • Seeking expression of interest with other AFACT
    members



16
Thank You
Controller of Certifying Authorities(India) Websit
e cca.gov.in E-mail takhan_at_nic.in
About PowerShow.com