eMudhra is a Certifying Authority (CA) authorized by the Controller of Certifying Authority (CCA) for issuance of Digital Signature Certificates in India. eMudhra provides Class 1, Class 2 and Class 3 Digital Signature Certificates (DSC) along with digital signatures for specific needs such as Income Tax filing, MCA, e-tendering, e-procurement and Foreign Trade.
A digital signature takes the concept of traditional paper-based signing and turns it into an electronic "fingerprint." This "fingerprint," or coded message, is unique to both the document and the signer and binds them together. In short, a digital signature has the same function as that of a handwritten signature. Some of the salient features of digital signature are non-repudiation, integrity and authenticity. The Information Technology Act 2000 provides the required legal sanctity to digital signatures based on asymmetric crypto systems.
This functionality is particularly useful for workflow processes where one or multiple approvals are required, such as supply-chain management or financial management of forms like expense reports. Digital signatures provide confidence to customers, citizens and consumers that the material actually came from the originating organization.
eMudhra Limited in its capacity as a Certifying Authority (CA) licensed by Controller of Certifying Authorities, under Government of India issues Digital Signatures in India. eMudhra operates under the guidelines set by Information Technology Act. With more than two million certificates issued, eMudhra caters to all kinds of subscribers who use Digital Certificates for Income Tax, MCA (ROC), Tenders, Foreign Trade, Banking, Railways and many other needs.
The signature certificate is corresponding to the signing private key. It will be used by individuals or organizations for signing purpose. The key pair will be generated by applicant/subscriber in a secure medium and is inherent to keep his private key in safe custody. The signature certificate is issued by e-Mudhra after the validation process mentioned in the CPS. The relying parties can make use of this certificate for signature verification.
The encryption key pair is used by the subscriber for receiving encrypted messages which is encrypted using subscriber’s public key. The subscriber fills in the application and submits to eMudhra or it’s authorized RAs along with the identification and address proof. The RA verifies the application, id proof and address proof and approves the request. The Subscriber provides a password in the portal for protecting the encryption certificate. The server generates the encryption key, escrows and makes it available for the customer in the portal. The subscriber needs to login with the credentials sent to his digital id and download the encryption certificate from the portal.
Assurance Level: Class 1 certificates shall be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Applicability: This provides a basic level of assurance relevant to environments where there are risks and consequences of data compromise, but they are not considered to be of major significance.
Assurance Level: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Applicability: This level is relevant to environments where risks and consequences of data compromise are moderate. This may include transactions having substantial monetary value or risk of fraud, or involving access to private information where the likelihood of malicious access is substantial.
Assurance Level: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
Applicability: This level is relevant to environments where threats to data are high or the consequences of the failure of security services are high. This may include very high value transactions or high levels of fraud risk.