eSign – Online Digital Signature Service
Taking wet signature of citizens on every document for any purpose and then storing the same for years is difficult job for any Government. Electronic signatures by law are accepted at par with wet signatures. Electronic documents that have been electronically signed are treated at par with paper documents signed in the traditional way.
For creating electronic signatures, the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA) licensed by the Controller of Certifying Authorities (CCA). Before a CA issues a DSC, the identity and address of the signer must be verified. The private key used for creating the electronic signature is stored in hardware cryptographic token which is secured with a password/pin. This current scheme of in-person physical presence, paper document based identity & address verification and issuance of hardware cryptographic tokens cannot be scaled to a large number of people. For offering fully paperless citizen services, mass adoption of digital signature is necessary. A simple to use online service is required to allow everyone to have the ability to digitally sign electronic documents.
Electronic Signature Service (eSign) is an innovative initiative for allowing easy, efficient, and secures signing of electronic documents by authenticating signer using Aadhaar eKYC services. With this service, any individual having Aadhaar can digitally sign an electronic document without having to obtain a physical digital signature dongle. Reurja Solutions Private Limited as an Application Service Provider (ASP) can integrate this service within their application to offer Aadhaar holders a way to sign electronic forms and documents. The need to obtain Digital Signature Certificate through a printed paper application form with wet signature and supporting documents will not be required.
The Digital Signature Certificate issuance and applying of signature to electronic content is carried out in few seconds with eSign. Through the interface provided by the ASP, users can apply electronic signature on any electronic content by authenticating themselves through biometric or One Time Password (OTP) using Trusted Third Party (TTP) Aadhaar eKYC services through eSign Service Provider. The interfaces are provided to users on a variety of devices such as computer, mobile phone etc. At the backend, eSign service provider facilitates key pair generation and Certifying Authority issues a Digital Signature Certificate. The eSign Service Provider facilitates creation of the Digital Signature of the user for the document which will be applied to the document on acceptance by the user.
- eSign is an online electronic integrated service that facilitates issuing a Digital Signature Certificate and performing signing of requested document/data
- eSign is created using authentication of an individual through Aadhaar e-KYC service
- Consent of the Aadhaar holder is obtained for Aadhaar authentication and eSign.
- Easy and secure way to digitally sign document anywhere, anytime
- Facilitates legally valid signatures
- Flexible and easy to implement
- Privacy of the signer is maintained
- Secure online service is used
- Immediate destruction of keys after usage
- No key storage and key protection concerns
- Application Service Provider (ASP) - An organization or an entity using eSign service as part of their application to electronically sign the content (e.g., Reurja Solutions Private Limited).
- End User - An individual holding Aadhaar and using the application of ASP and represents for signing the document under legal framework (e.g., Client of the abovementioned ASP).
- eSign Service Provider (ESP) - ESP is the licensed Certifying Authority and a trusted third party as per the definitions of Second Schedule of IT Act to provide eSign service (e.g., NSDL e-Gov).
- Certifying Authority - An entity licensed under CCA to issue Digital Signature Certificate and carry out allied activities
Benefits of eSign
- Saves cost and time
- User Convenience
- Legally recognized
- Suitable for individuals, businesses and Government
- Integrity with complete Audit trail
- No need of physical dongle
eSign used to verify the signature will be valid for 30 minutes and the private key will be immediately deleted after signing. This eliminates any misuse of the certificate and simplifies the need for checking revocation list during signature verification. Revocation of certificate is not necessary as the certificate validity is 30 minutes and private key is deleted immediately after signature creation
Use of eSign
eSign online Electronic Signature Service can be effectively used in scenarios where signed documents are required to be submitted to service providers – Government, Public or Private sector. The agencies which stand to benefit from offering eSign online electronic signature are those that accept large number of signed documents from users.
Some applications which can use eSign for enhancing services delivery are the following:-
- Digital Locker --> Self attestation
- Financial Sector --> Application for account opening in banks, Insurance Companies, brokers etc..
- Transport Department --> Application for driving licence renewal, vehicle registration etc…
- Various Certificates --> Application for birth, caste, marriage, income certificate etc
- Passport --> Application for issuance and reissue
- Telecom --> Application for new connection
- Educational --> Application forms for course enrollment and examinations
Legally valid signature
Document content that is being signed is not sent in the clear to eSign service provider. The privacy of signer's information is protected by sending only the one-way hash of the document to eSign online Electronic Signature Service provider. Each signature requires a new key-pair and certification of the new Public Key by a Certifying Authority. This back-end process is completely transparent to the signer. In addition, Aadhaar eKYC data is not sent back to the Application Service Provider and is retained only within the eSign provider as the eKYC audit record.
The Electronic Signatures facilitated through eSign Online Electronic Signature Service are legally valid provided the eSign signature framework. The security requirement for eSign service is mandated as the same level as currently mandated for CAs. A CA should Sign KYC User Agency (KUA) agreement with UIDAI to enable access to e-KYC service.
Our Role in eSign services
We are appointed as an Application Service Provider for esign services by NSDL e-Gov.
- We apply to eSign Service Provider for integrating eSign- Online Electronic Signature Service in their application as mentioned in the on-boarding process manual.
- We have to deploy hardware and software for deployment of e-KYC service across various delivery channels.
- We have to develop a software application that should integrate both eSign API and eKYC API as per the eSign API specifications issued by the Controller of Certifying Authorities and eKYC API specifications defined by UIDAI.