410 likes | 760 Views
Ministry of Company Affairs Digital Signature Certificate Usage. Kamlesh Bajaj Global Head Managed Security Services 03 June 2006. MCA21 Digital Certificate Issuance Agenda. Introduction to concepts TCS Certifying Authority (CA) – Registration Authority (RA)
E N D
Ministry of Company Affairs Digital Signature Certificate Usage Kamlesh Bajaj Global Head Managed Security Services 03 June 2006
MCA21 Digital Certificate IssuanceAgenda • Introduction to concepts • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
MCA21 Digital Certificate IssuanceAgenda • Introducing the concepts • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
The issues: Security and Trust • It’s all about trust in electronic environment • The key issue in an e-Filing/ Web based environment is security and trust • Lack of security results in lack of trustworthiness • Trust in Electronic Environment - through Digital Signature Framework
The Paper World Documents • A paper document consists of four components • the carrier ( the sheet of paper) • text and pictures ( the physical representation of information) • information about the originator • measures to verify the authenticity (written signature) • All the four components are physically connected • So, paper is the document • There is only one original • can be reproduced in innumerable copies
The Paper World Signature • Supposed to be unique, difficult to be reproduced, not changeable and not reusable • Its main functions • identification • declaration • Proof • The signature is used to identify a person and to associate the person with the content of that document • always related to a physical person
Electronic World • Electronic document produced by a computer. Stored in digital form, and cannot be perceived without using a computer • It can be deleted, modified and rewritten without leaving a mark • Integrity of an electronic document is “genetically” impossible to verify • A copy is indistinguishable from the original • It can’t be sealed in the traditional way, where the author affixes his signature • The functions of identification, declaration, proof of electronic documents carried out using a digital signature based on cryptography
Introduction to concepts - Neede-Filing requires PAIN Privacy and Confidentiality • Data can only be viewed by the target party A uthentication • Each party is who he claims to be I ntegrity • The data has not been changed N on-Repudiation • No party can deny the involvement in a transaction
Introduction to concepts - NeedTraditional Paper based solutions Electronic World Real World Privacy & Confidentiality Envelopes Encryption Notaries, Physical Presence, Photo ID card Digital Signature Authenticity Signatures, Barcodes, Watermarks, Sealed letter Digital Signature Integrity Digital Signature & Audit Log Notarized signature, Receipts &Confirmations Non-Repudiation
Electronic World • Digital signatures created and verified using cryptography • Public key System based on Asymmetric keys • An algorithm generates two different and related keys • Public key • Private Key • Private key used to digitally sign. • Public key used to verify.
Introduction to concepts – Digital Signature CertificatesDigital Authentication & Digital Signatures • What is a Handwritten Signature? • A signature is a mark made with the present intention to authenticate a writing • What is a Digital Signature? • A message is sealed and signed by the sender of the message • A unique code that binds the signer to a specific message. • Created by a specific entity (i.e. a person) • Can't be forged • Only someone possessing the private key could have created the digital signature • Anyone with access to the corresponding public key can verify the digital signature • Any modification of the signed data (even changing only a single bit in a large file) invalidates the digital signature • Digital signatures provides: • Authentication/ Identification (Who) • Message Integrity (What) • Non Repudiation/Non Denial (Legal Binding)
Certificate PRIV PUB Introduction to concepts – Digital Signature CertificatesCryptography basics • Based on the science of Public Key cryptography • Uses Public and Private "key pairs", and Digital Certificate • What is a Digital Signature Certificate? • A Digital Certificate is a digitally signed statement issued by a trusted party, such as Tata Consultancy Services-Certifying Authority (TCS-CA), that binds the identity of a person or entity to a specific public key. • Trust inherits from a Certifying Authority • What does a Digital Signature Certificate contain? • Details about the user • X.500 distinguished name (DN) • E-mail address • Details about the certificate issuer (called the Certifying Authority, or CA) • User's public key • Validity period • A digest of the certificate contents • The certificate digest is signed by the CA TCS-CA
Introduction to concepts – Digital Signature CertificatesHow does a Digital Signature Certificate look like?
Introduction to concepts – Need Using Digital Signatures • Transactions can be done electronically with a click of a button. • Details are sent across instantaneously once the information is submitted. No time delay in communication. • Processing & approval done electronically at each level and hence takes less time • All the official communications can be sent through email, which is fast and cost-effective • Ensures PAIN • Archival of information is possible. Also retrieval of the archived data is easier • No physical storage is required for the documents • Legal sanctityin a court of law
Introduction to concepts – Digital Signature CertificatesUsage Scenarios • Any application or process which presently uses ink and paper signature • Any business process which requires authentication and/ or privacy • Order processing, Electronic Tendering, etc • Any process which requires access control or identification • Web site log in (eliminate user names/ passwords)
Public Key Infrastructure (PKI) The solution for e-Filing trust requirements requires MCAe-FilingApplication PAIN providestrust to can be satisfied with Public Key Infrastructure (PKI) Cryptography is supplied by
Information Technology Act • IT Act 2000 : Basic legal framework for E-Commerce - promotes trust in electronic environment • IT Act creates a conducive environment for promoting E-Commerce in the country • Acceptance of electronic documents as evidence in a court of law • Acceptance of electronic signatures at par with handwritten signatures • Acceptance of electronic documents by the government. • Defines digital signatures based on asymmetric public key cryptography • Provides for the creation of Certifying Authorities to issue public key certificates – digital certificates for electronic authentication of users in electronic commerce
Introduction to concepts – Digital Signature Certificates • Legal framework - IT Act of India, 2000 • Enforceable Legal and validity of Digital Signatures at par with Hand written signatures • Licensed Third Party Trusted Authorities - Certifying Authorities • A Trusted Third Party (TTP) is an independent enterprise that provides reliability on, and confidence in, the truth and worth of electronic business transactions. • For issuance and management of Digital Signature Service (Digital Certificates)
MCA21 Digital Certificate IssuanceAgenda • Introduction to concept • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
The Components of Public Key Infrastructure (PKI) Directory • Certifying Authority (CA): An entity or service that issues certificates. Acts as a guarantor of the binding between the subject public key and the subject identity information contained within the certificates it issues and manages. • Registration Authority (RA): An entity or service that registers users, validates its identity and is trusted by the Certifiying Authority. • Certificate Repository/Directory: A public directory/database in which certificates and their status (e.g. validity) is published. Certification Authority Registration Authority Registration Authority
Controller of Certifying Authorities TCS - Certifying Authority (CA) TCS-CA – Primary Registration Authority Registration Authority Registration Authority User Z User X User C User Y User B User A TCS Certifying Authority (CA) Registration Authority solution – Operational Infrastructure
In a PKI Certification Authority Registration Authority Directory Certificates Issuance of a passport The Indian state Passport registration office List of all passports Passport The components: Analogies
TCS Certifying Authority (CA) Registration Authority solution • Registration Authority to TCS-CA • Registration Authority responsible for identity validation of physical persons who wish to obtain Digital Signature Certificates from TCS-CA • Legally valid Digital Certificates as per the Indian IT Act, 2000 • Cost benefit
MCA21 Digital Certificate IssuanceAgenda • Introduction to concept • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
Certificate Details 2. RA Office Verifies the Certificate request 1. User Request for Digital Certificate 3. TCS-CA Primary RA Approves the Certificate Generation User RA Office TCS-CA Primary RA 4. Certificate is generated at TCS-CA Secure Facility 5. User Downloads and Installs the Digital Certificate TCS -CA Workflow for Digital Signature CertificateIssuance
Request Initiated by RA Office 2 & 3. RA Administrator Initiates and processes request for Certificate Revocation / Suspension / Activation Request Initiated by User 2. RA Administrator Verifies the Request 3. TCS-CA Primary RA Approves the Certificate Revocation 1. User Request for Digital Certificate revocation / Suspension / Activation User RA Office TCS-CA Primary RA 5. CRL published into the repository 4. Certificate is revoked at TCS-CA Secure Facility TCS Repository TCS -CA Workflow for Digital Signature CertificateManagement
MCA21 Digital Certificate IssuanceAgenda • Introduction to concept • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
Roles & ResponsibilitiesUser - Request for Certificate • Go through the Digital Certificate Registration Centre from RA website • Register with TCS-CA and enroll for a Digital Certificate through the RA Digital Certificate Registration Centre • Download the Certificate request form and submit the same to RA after filling. Also submit the validation documents as per the checklist • Once the certificate is generated, login to the TCS-CA website through RA Digital Certificate Registration Centre and download the certificate
Roles & ResponsibilitiesRA - Processing the Certificate Request • Login to TCS-CA website (www.tcs-ca.tcs.co.in) using User ID and Certificate • Check for the new requests • Collect the Certificate Request Form and validation documents from the Subscriber Members who has applied for the certificate • Process the certificate online once the documents are in place
MCA21 Digital Certificate IssuanceAgenda • Introduction to concept • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
MCA21 ScenarioOverview • Purpose • Authentication, Non-repudiation & Integrity for electronic documents filed with ROC • Legal Sanctity for e-filing • Potential Users • Authorized Signatory & Directors of the Company • Chartered Accounts • Auditors • Company secretaries
MCA21 Scenario - DSC Registration • Authorized Signatory • Authorized Signatory will do self registration using DSC to get user id. • Provide personal details including individual identifier (DIN for Directors and PAN for Professional): • Provide DSC when directed by MCA21 portal • System validates the name against that in the DSC • In case of DIN, system validates that DIN is active; validates the name against that in DIN • System creates user Id-DSC Serial number & CA-DIN/PAN mapping after all validations are successful • Professional • Professional users will do self registration using DSC to get a user id • Process of registration will be similar to Director but the unique identifier will be PAN • The Director will associate the Professional user through a screen based interface at myMCA portal
Fills eForm MCA21 Portal Select eForm Make attachments to eForm Login Sign eForm and Submit it System Digital Signature Validation Field/Form Data Validation Additional Rules Automated Prescrutiny Select Payment Method Online Payment User Challan Payment Send eForm for Approval MCA21 ScenarioFiling eForm
View list of Forms assigned Applicant resubmits the form at the Portal Manual Scrutiny Return for Resubmission/Ask for requisite Add notes/ Correspondence Form is assigned to the Dealing Hand Forward to Authorising Officer Authorising Officer Approve E-form / Register E-form Reject E-form Digitally sign Send acknowledgement through email / paper Message on Website Update Metadata & Add to the electronic record room MCA21 ScenarioeForm Approval
MCA21 ScenarioeForm Signing Requirements • DSC shall be used in eForms to ensure the Signatory authentication and data authentication. • MCA official shall digitally sign the eForm as a proof of having approved the request in recognition of delivery of Service. • All eForms require DSC except Investor Complaint Form. DSC check is performed at the time of submission of eForm. All eForms shall be digitally signed by “Authorized Signatory”/ ”Professionals”/ “Charge holders”.
MCA21 ScenarioDSC Verification • Signer Certificate Verification • The signer’s DSC is verified using the Issuer’s (CA’s) certificate. A trust-list of CA certificate shall be maintained in the MCA application servers • Signer’s DSC Validation • The signer certificate is validated to ensure that the certificate is valid; not revoked or suspended • The DSC status is checked using the certificate revocation list (CRL). MCA 21 solution incorporates CRLs of various CAs, which are updated periodically; this period is presently fixed at twelve hours • Digital Signature uses PKCS#7 format. Verified using signer’s public key (available in the DSC)
MCA21 Digital Certificate IssuanceAgenda • Introduction to concept • TCS Certifying Authority (CA) – Registration Authority (RA) • Workflow for DSC Issuance and management • Roles & Responsibilities • MCA21 Scenario • Best Practices – To Carry your Private Key
MCA21 Digital Certificate IssuanceThank You Contact: TCS-CA Helpdesk Mail: helpdesk@tcs-ca.tcs.co.in Phone: 1800-425-1922 (Toll-free), +91-40-55673524/5 Web: www.tcs-ca.tcs.co.in / www.tcs.com