GOVERNMENT OF PUDUCHERRY DIRECTORATE OF INFORMATION TECHNOLOGY

No.505, II Floor, Planning & Research Complex, Kamaraj Salai, Saram, Puducherry — 605 013.

Ph.:0413-2244750, Fax.0413-2246090, e-mail : directorit.pon@nic.in

No.DIT/SeMT/Circulars/Center/2016/eSign Puducherry, Dt. 28.06.2016.

CIRCULAR

Sub: eSign Integration with all online applications and services

Ref: DO No. 12(04)/2014-CCA(Pt.5) Dated. 20.05.2016.

-o0o-

In pursuance of the Letter cited under reference, DeitY has requested all online

services/applications in your department to be integrated with eSign (Digital Signature).

2. With the integration of eSign with the online services/applications an Aadhaar

holder can digitally sign a document which makes the process completely paperless. An

Aadhaar holder will be authenticated through Aadhaar authentication and e-KYC service

before allowing to apply Digital Signature (eSign). In addition, departmental employees can

also be allowed to eSign and the requested party will be able to authenticate the signer as

an employee of that department.

3. In this regard, departments have been advised to plan and start integration all

departmental online services with eSign along with all eDistrict online services.

4. This circular has been uploaded to the DIT site

http://dit. pud ucherry.gov .i n/pages/D IT Ci rcula rs. htm I

5. For any clarification, the departments may contact Mr. Sreedhar N (email:

sreedhar.n@semt.gov.in, Cell: 94907 46640)

A copy of the letter is enclosed for necessary action.

To

All HoDs

Copy to

1. PA to the Secretary (IT) — For information please

(D .S.SIVAKUMAR) DIRECTOR (IT)

•

11_,„31-fur anCIPM

Dr. Aruna Sharma, I.A.S. Secretary

Dear Secretary,

OFFICE OF THE SECRETARY

RECEIVED ON

No.

0 it

:rmr

-ftwrf. *js .1-ii silc.iActa 0.5,1 ich afrr 001,1chl faiwr

Government of India Ministry of Communications &

Information Technology Department of Electronics &

• DO

Nicri.ff:M9lifnef Irnkci•gy. 20th May, 2016

The Office of CCA has been set up under the Information Technology (IT) Act, 2000 to facilitate the Electronic Signature environment and the functioning of Certifying Authorities (CA). More than 12 million Digital Signature Certificates (DSC) have been issued by these CAs.

2. The eSign online electronic signature service was launched by the Hon 131e Prime Minister in July 2015. eSign is an online service that can be integrated within various service delivery applications to facilitate digitally signing a document by an Aadhaar holder. It is designed for applying Digital Signature using authentication of the Aadhaar holder through Aadhaar authentication and e-KYC service, making the process completely paperless. A copy of the Brochure that has been prepared in this regard is attached for your information. In this regard, a letter was written by Shri RS Sharma, the then Secretary, DeitY asking for considering integration of eSign into applications in your Department.

3. Since Aadhaar eKYC includes the holder's information such as name, address etc. but does not provide for organisational credentials of the Aadhaar holder, eSign could not be used by organisational users. Recently, however, a framework has been developed, using which it will be possible for organisational users to use eSign and the relying party will be able to authenticate the signer as an employee/member of that organisation.

4. I request you to consider integration of eSign into applications that are already operational or in the pipeline in your Department. Any query on this can be routed to Smt. Debjani Nag (info(ipcca.gov.in ), Controller of Certifying Authorities, in this Department.

With regards,

Encl: As above. DESPATCHED ON

Yours sincerely,

To

IT Secretaries of All State Governments / UTs.

f- -d9-, 6, it ALA. fiT 11:04W1, 9 -4 it-Al-110003/ Electronics Niketan,6, C.G.O. Complex, New Delhi-110003 Tel. : 011-24364041 • Fax : 24363134 • email : secretary@mit.gov.in

&Zit atii4

GOVERNMENT OF INDIA Ministry of Communications & Information Technology Department of Electronics & Information Technology

Controller of Certifying Authorities

eSign Online Electronic Signature Service

AADHAAR Introduction

For creating electronic signatures, the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA) licensed by the Controller of Certifying Authorities (CCA) under the Information Technology (IT) Act, 2000. Before a CA issues a DSC, the identity and address of the signer must be verified. The private key used for creating the electronic signature is stored in hardware cryptographic token which is secured with a password/pin. This current scheme of in-person physical presence, paper document based identity & address verification and issuance of hardware cryptographic tokens does not scale to a billion people. For offering fully paperless citizen services, mass adoption of digital signature is necessary. A simple to use online service is required to allow everyone to have the ability to digitally sign electronic documents.

eSign

eSign is an online electronic signature service which can be integrated with service delivery applications via an open API to facilitate an Aadhaar holder to digitally sign a document. Using authentication of the Aadhaar holder through Aadhaar e-KYC service, online electronic signature service is facilitated.

Salient Features of eSign

• Save cost and time •:• Aadhaar e-KYC based authentication

• Improve user convenience • Mandatory Aadhaar ID • Easily apply Digital Signature • Biometric or OTP based authentication

• Verifiable Signatures and Signatory •:• Flexible and fast integration with application

• Legally recognized • Suitable for individual, business and Government

• Managed by licensed CAs • API subscription Model • Assured Integrity with complete audit trail • Privacy concerns addressed

+ Simple Signature verification • Immediate destruction of keys after usage

•• Short validity certificates • No concerns regarding key storage and key

protection

Easy and secure way to digitally sign information anywhere, anytime - eSign is an online service for electronic signatures without using physical hardware tokens. Application service providers use Aadhaar e-KYC service to authenticate signers and facilitate digital signing of documents.

• Facilitates legally valid signatures - eSign process includes signer consent, Digital Signature Certificate issuance request, Digital Signature creation and affixing as well as Digital Signature Certificate acceptance in accordance with provisions of Information Technology Act. It enforces compliance through API specification and licensing model of APIs. Comprehensive digital audit trail, in-built to confirm the validity of transactions, is also preserved.

Flexible and easy to implement - eSign provides configurable authentication options in line with Aadhaar e-KYC service and also records the Aadhaar ID used to verify the identity of the signer. The authentication options for eKYC include biometric (fingerprint or iris scan) or OTP (through the registered mobile in the Aadhaar database). eSign enables millions of Aadhaar holders easy access to legally valid Digital Signature service.

• 41

7, V • AADHAAIR

1111 22223333 • Biometrics

Or

OTP

successful

2. Request for Verified

PoA / Pol Data

1. Online Request for

Digital Signature

• Respecting privacy - eSign ensures the privacy of the signer by requiring that only the thumbprint (hash) of the reument be submitted for signature function instead of the whole document.

• Secure online service - The eSign service is governed by e-authentication guidelines. While authentication of the signer is carried out using Aadhaar e-KYC services, the signature on the document is carried out on a backend server of the e-Sign provider. eSign services are facilitated by trusted third party service providers - currently Certifying Authorities (CA) licensed under the IT Act. To enhance security and prevent misuse, Aadhaar holders private keys are created on Hardware Security Module (HSM) and destroyed immediately after one time use.

How eSign Works

Aadhaar eKYC

jCertifying Authority

4. Issuance of Certificate

5. Digital Signature & 3. PoA/Pol Verification

Certificate eSign Service Through eKYC

Providers

OTP—One Time Pin

eSign API - eSign Application Programming Interfaces (API) specification defines the major architectural components and also the format and elements of communication among the eSign stake holders including Application Service Provider, Certifying Authorities, Trusted Third Party eSign Service Providers and Aadhaar e-KYC service. This eSign API enables Application Service Providers to integrate eSign service in their application. The system is designed to integrate Application Gateway too.

Who can use eSign and where - Only Aadhaar holders can use eSign online electronic signature service. The eSign service can be used by individuals, businesses and Government departments for electronically signing a document based on OTP or Biometric (Fingerprint/Iris) authentication through Aadhaar e-KYC service.

Use Cases - eSign online Electronic Signature in Applications

eSign online electronic signature service can be effectively used in scenarios where signed documents are required to be submitted to Service Providers, Government, Public or Private sector. The agencies which stand to benefit from offering eSign online electronic signatures are those that accept large number of documents from users. Some applications which can use eSign for enhancing services delivery are the following:-

Use Case- eSign online Electronic Signature in Applications Digital Locker

✓ Self attestation Tax Financial Sector Transport Department Various Certificates Passport Telecom Educational Member of Parliament

✓ Application for Tax ID, e-filing ✓ Application for account opening in banks and 'post office ✓ Application for driving licence renewal, vehicle registration ✓ Application for birth, caste, marriage, income certificate etc ✓ Application for issuance, reissue ✓ Application for new connection ✓ Application forms for course enrolment and exams ✓ Submission of parliament questions

CONTROLLER OF CERTIFYING AUTHORITIES 6, CGO Complex, Electronics Niketan Lodhi Road, New Delhi•03

E•mail : info@cca.gov.in Website : www.cca.gov.in