Saturday, 24 September 2011

[To be published in the Gazette of India, Extraordinary, Part II, Section 3, Sub-section (i)]
Government of India
Ministry of Information Technology

New Delhi, the 17th October, 2000
G.S.R 788 (E) In exercise of the powers conferred by sub-section (3) of section 1 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby appoints 17th Day of October 2000 as the date on which the provisions of the said Act comes into force.
[ No. 1(20)/97-IID(NII)/F6]
Joint Secretary
The Manager
Govt. of India Press
New Delhi
[To be published in the Gazette of India, Extraordinary, Part II, Section 3, Sub-section (i)]
Government of India
Ministry of Information Technology
New Delhi, the 17th October, 2000
G.S.R 789 (E) In exercise of the powers conferred by section 87 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules regulating the application and other guidelines for Certifying Authorities, namely:-
1. Short title and commencement.- (1) These Rules may be called Information Technology (Certifying Authorities) Rules, 2000.
(2) They shall come into force on the date of their publication in the Official Gazette.
2.Definitions.- In these Rules, unless the context otherwise requires,–
(a) “Act” means the Information Technology Act, 2000 (21 of 2000);
(b) “applicant” means Certifying Authority applicant;
(c) “auditor” means any internationally accredited computer security professional or agency appointed by the Certifying Authority and recognized by the Controller for conducting technical audit of operation of Certifying Authority;
(d) “Controller” means Controller of Certifying Authorities appointed under sub-section (1) of Section 17 of the Act;
(e) “Digital Signature Certificate” means Digital Signature Certificate issued under sub-section (4) of section 35 of the Act;
(f) “information asset” means all information resources utilized in the course of any organisation’s business and includes all information, applications (software developed or purchased), and technology (hardware, system software and networks);
(g) “licence” means a licence granted to Certifying Authorities for the issue of Digital Signature Certificates under these rules;
(h) “licensed Certifying Authority” means Certifying Authority who has been granted a licence to issue Digital Signature Certificates;
(i) “person” shall include an individual; or a company or association or body of individuals; whether incorporated or not; or Central Government or a State Government or any of the Ministries or Departments, Agencies or Authorities of such Governments;
(j) “Schedule” means a schedule annexed to these rules;
(k) “subscriber identity verification method” means the method used to verify and authenticate the identity of a subscriber;
(l) “trusted person” means any person who has: –
(i) direct responsibilities for the day-to-day operations, security and performance of those business activities that are regulated under the Act or these Rules in respect of a Certifying Authority; or
(ii) duties directly involving the issuance, renewal, suspension, revocation of Digital Signature Certificates (including the identification of any person requesting a Digital Signature Certificate from a licensed Certifying Authority), creation of private keys or administration of a Certifying Authority's computing facilities.
(m) words and expressions used herein and not defined but defined in Schedule-IV shall have the meaning respectively assigned to them in that schedule.
3. The manner in which information be authenticated by means of Digital Signature.- A Digital Signature shall,-
(a) be created and verified by cryptography that concerns itself with transforming electronic record into seemingly unintelligible forms and back again;
(b) use what is known as “Public Key Cryptography”, which employs an algorithm using two different but mathematical related “keys” – one for creating a Digital Signature or transforming data into a seemingly unintelligible form, and another key for verifying a Digital Signature or returning the electronic record to original form,
the process termed as hash function shall be used in both creating and verifying a Digital Signature.
Explanation: Computer equipment and software utilizing two such keys are often termed as “asymmetric cryptography”.
4. Creation of Digital Signature.- To sign an electronic record or any other item of information, the signer shall first apply the hash function in the signer’s software; the hash function shall compute a hash result of standard length which is unique (for all practical purposes) to the electronic record; the signer’s software transforming the hash result into a Digital Signature using signer’s private key; the resulting Digital Signature shall be unique to both electronic record and private key used to create it; and the Digital Signature shall be attached to its electronic record and stored or transmitted with its electronic record.
5. Verification of Digital Signature.- The verification of a Digital Signature shall be accomplished by computing a new hash result of the original electronic record by means of the hash function used to create a Digital Signature and by using the public key and the new hash result, the verifier shall check-
(i) if the Digital Signature was created using the corresponding private key; and
(ii) if the newly computed hash result matches the original result which was transformed into Digital Signature during the signing process. The verification software will confirm the Digital Signature as verified if:-
(a) the signer’s private key was used to digitally sign the electronic record, which is known to be the case if the signer’s public key was used to verify the signature because the signer’s public key will verify only a Digital Signature created with the signer’s private key; and
(b) the electronic record was unaltered, which is known to be the case if the hash result computed by the verifier is identical to the hash result extracted from the Digital Signature during the verification process.
6. Standards.-The Information Technology (IT) architecture for Certifying Authorities may support open standards and accepted de facto standards; the most important standards that may be considered for different activities associated with the Certifying Authority’s functions are as under:


Post a Comment

Heaven Of Professional Bloggers:JOIN HERE

Related Posts Plugin for WordPress, Blogger...
Copyright © 2013 Technodhuniah:Information Technology|Powered by Blogger