Category Archives: Information Technology Act 2000

20. Controller to act as repository (Omitted)

(1) The Controller shall be the repository of all Digital Signature Certificates issued under this Act.

(2) The Counter shall- (a) make use of hardware, software and procedures that are secure from intrusion and misuse;

(b) observe such other standards as may be prescribed by the Central Government.

To ensure that the secrecy and security of the digital signatures are assured.

(3) The Controller shall maintain a computerised data-base of all public keys in such a manner that such database and the public keys are available to any member of the public.

19. Recognition of foreign Certifying Authorities

19. Recognition of foreign Certifying Authorities

(1) Subject to such conditions and restrictions as may be specified, by regulations, the Controller may, with the previous approval of the Central Government, and by notification in the Official Gazette, recognise any Certifying Authority as a Certifying Authority for the purposes of this Act.

(2) Where any Certifying Authority is recognised under sub-section (1), the Digital Signature Certificate issued by such Certifying Authority shall be valid for the purposes of this Act.

(3) The Controller may if he is satisfied that any Certifying Authority has contravened any of the conditions and restrictions subject to which it was granted recognition under sub-section (1), he may, for reasons to be recorded in writing, by notification in the Official Gazette, revoke such recognition.

18. Functions of Controller

18. Functions of Controller

The Controller may perform all or any of the following function, namely:-

(a) exercising supervision over the activities of Certifying Authorities;

(b) certifying public keys of the Certifying Authorities;

(c) laying down the standards to be maintained by Certifying Authorities;

(d) specifying the qualifications and experience which employees of the Certifying Authorities should possess;

(e) specifying the conditions subject to which the Certifying Authority shall conduct their business;

(f) specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key;

(g) specifying the form and content of a Digital Signature Certificate and the key;

(h) specifying the form the manner in which accounts shall be maintained by the Certifying Authorities;

(i) specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;

(j) facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such system;

(k) specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;

(l) resolving any conflict of interests between the Certifying Authorities and the subscribers;

(m) laying down the duties of the Certifying Authorities;

(n) maintaining a data-base containing the disclosure record of ever Certifying Authority containing such particulars as may be specified by regulations which shall be accessible to public.

16. Security procedure

16. Security procedure

The Central Government shall, for the purpose of this Act, prescribe the security procedure having regard to commercial circumstances prevailing at the time when the procedure was used, including-

(a) the nature of the transaction;

(b) the level of sophistication of the parties with reference to their technological capacity;

(c) the volume of similar transactions engaged in by other parties;

(d) the availability of alternatives offered to but rejected by any party;

(e) the cost of alternative procedures; and

(f) the procedures in general use for similar types of transaction or communications.

15. Secure digital signature

If, by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was –

(a) unique to the subscriber affixing it;

(b) capable of identifying such subscriber;

(c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which related in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature.