A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew and provide directories of Digital Certificates. Certifying Authority means a person who has been granted a license to issue an Electronic Signature Certificate under section 24.
Provisions with regard to Certifying Authorities are covered under Chapter VI i.e. Sec.17 to Sec.34 of the IT Act, 2000. It contains detailed provisions relating to the appointment and powers of the Controller and Certifying Authorities. Controller of Certifying Authorities (CCA)
The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.
The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India (RCAI). The CCA also maintains the National Repository of Digital Certificates (NRDC), which contains all the certificates issued by all the CAs in the country.
The functions of the Controller are –
(a) to exercise supervision over the activities of the Certifying Authorities;
(b) certify public keys of the Certifying Authorities;
(c) lay down the standards to be maintained by the Certifying Authorities;
(d) specify the qualifications and experience which employees of the Certifying Authorities should possess;
(e) specify the conditions subject to which the Certifying Authorities shall conduct their business;
(f) specify the content of written, printed or visual material and advertisements that may be distributed or used in respect of a Electronic Signature Certificate and the Public Key;
(g) specify the form and content of a Electronic Signature Certificate and the key;
(h) specify the form and manner in which accounts shall be maintained by the Certifying Authorities;
(i) specify the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;
(j) facilitate the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems;
(k) specify the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;
(l) resolve any conflict of interests between the Certifying Authorities and the subscribers;
(m) lay down the duties of the Certifying Authorities;
(n) maintain a data-base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to the public. Controller has the power to grant recognition to foreign certifying authorities with the previous approval of the Central Government, which will be subject to such conditions and restrictions imposed by regulations.