Wednesday, September 30, 2015

eSign - Digital Signature Service based on Aadhaar (How it works)

The earlier personal digital signature certificate requires a person’s identity verification and issuance of USB dongle to store the private key.  This scheme of physical verification, document-based identity validation and issuance of physical dongles does not scale to billions of people in the country. This is where eSign comes in. eSign is simple online Digital Signature Service based on Aadhaar, which can be used by any person who has an Aadhaar number.

How eSign Works?
  1. An Aadhaar holder can sign a document in digital format with Aadhaar Biometric/ OTP authentication.
  2. Authentication of the signer is carried out using eKYC of Aadhaar and the signature on the document is carried out on a backend server of the eSign provider
  3. The service can be run by a trusted third party service provider - to begin with the trusted third party service shall be offered only by Certifying Authorities
  4. The eSign facilitates issuing a signature certificate and performing signing of requested data by authenticating Aadhaar holder
  5. The certificate issued through eSign service will have a limited validity period and is only for the one-time signing of requested data, in a single session
  6. This service authenticates the person, does Aadhaar e-KYC, and then electronically signs the input within the e-Sign provider backend. Such a scheme allows DSC to be scaled massively and allow many 3rd party applications to use the service via an open API and integrate DSC into their application
Features of eSign

Online Secure service - eSign service is governed by e-authentication guidelines. While authentication of the signer is carried out using Aadhaar e-KYC services, the signature on the document is carried out on a back-end server of the e-Sign provider. eSign services are facilitated by trusted third party service providers - currently Certifying Authorities (CA) licensed under the IT Act. To enhance security and prevent misuse, Aadhaar holders private keys are created on Hardware Security Module (HSM) and destroyed immediately after one-time use.

Respecting privacy - eSign ensures the privacy of the signer by requiring that only the thumbprint (hash) of the document be submitted for signature function instead of the whole document.

Flexible and easy to implement - eSign provides configurable authentication options in line with Aadhaar e-KYC service and also records the Aadhaar ID used to verify the identity of the signer. The authentication options for eKYC include biometric (fingerprint or iris scan) or OTP (through the registered mobile in the Aadhaar database). eSign enables millions of Aadhaar holders easy access to legally valid Digital Signature service.

Legally valid signatures - eSign process includes signer consent, Digital Signature Certificate issuance request, Digital Signature creation and affixing as well as Digital Signature Certificate acceptance in accordance with provisions of Information Technology Act. It enforces compliance through API specification and the licensing model of APIs. Comprehensive digital audit trail, in-built to confirm the validity of transactions, is also preserved.

Easy and secure way to digitally sign information anywhere, anytime - eSign is an online service for electronic signatures without using physical cryptographic token. Application service providers use Aadhaar e-KYC service to authenticate signers and facilitate digital signing of documents.

For knowing more or implemeting eSign in your business process feel free to contact us @ [email protected] or Call us @ 9562162111