A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew and provide directories of Digital Certificates. Certifying Authority means a person who has been granted a license to issue an Electronic Signature Certificate under section 24.
Provisions with regard to Certifying Authorities are covered under Chapter VI
i.e. Sec.17 to Sec.34 of the IT Act, 2000. It contains detailed provisions relating
to the appointment and powers of the Controller and Certifying Authorities.
Controller of Certifying Authorities (CCA)
The IT Act provides for the Controller of Certifying Authorities (CCA) to license
and regulate the working of Certifying Authorities. The Certifying Authorities
(CAs) issue digital signature certificates for electronic authentication of users.
The CCA certifies the public keys of CAs using its own private key, which
enables users in the cyberspace to verify that a given certificate is issued by a
licensed CA. For this purpose it operates, the Root Certifying Authority of India
(RCAI). The CCA also maintains the National Repository of Digital Certificates
(NRDC), which contains all the certificates issued by all the CAs in the
country.
The functions of the Controller are –
(a) to exercise supervision over the activities of the Certifying
Authorities;
(b) certify public keys of the Certifying Authorities;
(c) lay down the standards to be maintained by the Certifying
Authorities;
(d) specify the qualifications and experience which employees of the
Certifying Authorities should possess;
(e) specify the conditions subject to which the Certifying Authorities
shall conduct their business;
(f) specify the content of written, printed or visual material and
advertisements that may be distributed or used in respect of a
Electronic Signature Certificate and the Public Key;
(g) specify the form and content of a Electronic Signature Certificate
and the key;
(h) specify the form and manner in which accounts shall be
maintained by the Certifying Authorities;
(i) specify the terms and conditions subject to which auditors may be
appointed and the remuneration to be paid to them;
(j) facilitate the establishment of any electronic system by a Certifying
Authority either solely or jointly with other Certifying Authorities
and regulation of such systems;
(k) specify the manner in which the Certifying Authorities shall
conduct their dealings with the subscribers;
(l) resolve any conflict of interests between the Certifying Authorities
and the subscribers;
(m) lay down the duties of the Certifying Authorities;
(n) maintain a data-base containing the disclosure record of every
Certifying Authority containing such particulars as may be
specified by regulations, which shall be accessible to the public.
Controller has the power to grant recognition to foreign certifying authorities
with the previous approval of the Central Government, which will be subject to
such conditions and restrictions imposed by regulations.