As we move into age of digitization, it becomes important to create channels that would enable everyone to make the maximum use of them too. One such way is to use eSign.
What is eSign?
eSign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents by authenticating signer using Aadhaar eKYC services. With this service, any Aadhaar holder can digitally sign an electronic document without having to obtain a physical digital signature dongle.

e-signature guide

Application Service Providers can integrate this service within their application to offer Aadhaar holders a way to sign electronic forms and documents. The need to obtain Digital Signature Certificate through a printed paper application form with ink signature and supporting documents will not be required.

But Why eSign when digital signature is used?
Personal digital signature certificate requires person’s identity verification and issuance of USB dongle to store private key. The access to private key is secured with a password/pin. Current scheme of physical verification, document based identity validation, and issuance of physical dongles does not scale to a billion people.

For offering hassle-free fully paperless citizen services, mass adoption of digital signature is necessary. A simple to use online service is required to allow everyone to have the ability to digitally sign electronic documents.

eSign Online electronic signature service, offers applications a mechanism to replace manual paper based signatures by integrating this service within their applications. An Aadhaar holder can electronically sign a form/document anytime, anywhere, and on any device. eSign service facilitates significant reduction in paper handling costs, improves efficiency, and offers convenience to customers.

How does eSign works?
The Digital Signature Certificate issuance and applying of signature to electronic content is carried out in few seconds with eSign. Through the interface provided by the Application Service Provider (ASP), users can apply electronic signature on any electronic content by authenticating themselves through biometric or OTP using Trusted Third Party (TTP) Aadhaar eKYC services through eSign Service Provider.

The interfaces are provided to users on a variety of devices such as computer, mobile phone etc. At the backend, eSign service provider facilitates key pair generation and Certifying Authority issues a Digital Signature Certificate. The eSign Service Provider facilitates creation of the Digital Signature of the user for the document which will be applied to the document on acceptance by the user.

Where it can be used?
An Application Service Provider (ASP) can integrate eSign online electronic signature service so that the users of that ASP will be able to use eSign. A physical paper form/document which is currently used to obtain digital signature certificate can be replaced by its electronic form and thereby facilitate electronic signature of the signer through eSign.

ASPs who can be potential users of eSign include Government agencies, Banks and Financial Institutions, Educational Institutions etc. eSign online Electronic Signature Service can be effectively used in scenarios where signed documents are required to be submitted to service providers – Government, Public or Private sector.

The agencies which stand to benefit from offering eSign online electronic signature are those that accept large number of signed documents from users. Some applications which can use eSign for enhancing for enhancing services delivery are the following:-

• Digital Locker: Self attestation
• Tax: Application for ID, e-filing
• Financial Sector: Application for account opening in banks and post office
• Transport Department: Application for driving license renewal, vehicle registration
• Various Certificates: Application for birth, caste, marriage, income certificate etc.
• Passport: Application for issuance, reissue
• Telecom: Application for new connection
• Educational: Application forms for course enrollment and exams
Where it could be used in Pune Municipal Corporation?
• Property Tax Assessment
• Building Permission Approvals
• Business Licenses Approvals and Renewals
• NoCs Issuance
• On Field Bill Generation
• On Field Notice Generation

Is there any difference between traditional digital Signature eco system and eSign ecosystem?
In the traditional Digital Signature system, an individual is responsible for applying for a Digital Signature Certificate to CA, key pair generation and safe custody of keys. The Certifying Authorities issue Digital Signature Certificate to individuals after verification of credentials submitted in the application form. Such Digital Signature Certificates are valid for 2-3 years.

Individual can affix digital signature any time during the validity of Digital Signature Certificate. The certificates are revoked in case of loss or compromise of keys. The verification of the individual’s signature requires the verification of whether the DSC is issued under India PKI and also ascertaining the revocation status of the DSC. Key pairs are stored in Crypto Tokens which comply with standards mentioned in the Information Technology Act & Rules to prevent the duplication of keys. It is individual’s obligation for safe custody of Crypto Tokens.The signatures are created using the keys certified by CA.

In the new eSign online Electronic Signature Service, on successful authentication of individual using Aadhaar eKYC services, the key pairs generation, the certification of the public key based on authenticated response received from Aadhaar eKYC services, and digital signature of the electronic document are facilitated by the eSign online Electronic Signature Service provider instantaneously within a single online service.

The key pairs are used only once and the private key is deleted after one time use. The Digital Signature Certificates are of 30 minutes validity, and this makes verification simple by eliminating the requirements of revocation checking. Document that is signed using eSign will contain a valid digital signature that can be easily verified using standard methods.

Is it Legal?

The Electronic Signatures facilitated through eSign Online Electronic Signature Service are legally valid provided the eSign signature framework is operated under the provisions of Second Schedule of the Information Technology Act and Guidelines issued by the Controller. Please refer Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015 – e-authentication technique using Aadhaar e-KYC services.

Who can provide eSign- Online Electronic Signature Service?
At present, eSign Online Electronic Signature Service is offered by CAs. The security requirement for this service is mandated as the same level as currently mandated for CAs. A CA should Sign KYC User Agency (KUA) agreement with UIDAI to enable access to e-KYC service.

Pune Municipal Corporation is working with CDAC to bring in eSign infrastructure. CDAC is providing support for integration with eSign ecosystem. For more details please contact IT Department.

How the trustworthiness of the eSign Online Electronic Signature Service is ensured?
Upon the biometric or OTP authentication of the individual with the already verified information kept in the database of UIDAI, key pairs are generated and public key along with information received from UIDAI are submitted to CA for certification. Immediately after signature is generated with the private key of individual, the key pairs are deleted. The key pairs are generated on Secure Hardware Security Module to ensure security and privacy.

Audit log files are generated for all events relating to the security of the eSign- Online Electronic Signature Service. The security audit logs are automatically collected and digitally signed by ASPs. All security audit logs, both electronic and non-electronic, shall be retained and are audited periodically.

What about Cost?
Application service providers can do a price discovery and get the best offer from any of the providers. Depending on the volume and usage, pricing may vary. With large scale adoption and multi-provider ecosystem, market forces will automatically provide the best price for the application providers.

Considering high cost of physical paper handling , archival audit etc. application providers can work out the return of investment easily.

What are the requirements for enabling application with eSign Electronic Signature Service?
• CA should be KUA of UIDAI to provide eKYC service
• ASP should be a sub-KUA of CA to integrate eKYC service
• ASP should be Service Integrator of eSign online Electronic Signature Service for one or more CAs.(includes a contract between CA and ASP)
• Integrate eSign API and Aadhaar eKYC API in the application of ASP
• Audit, as per the guidelines of UIDAI and CCA.
• Subscriber should have Aadhaar Number (and registered mobile for OTP based authentication). For biometric based authentication , the individual should have access to biometric capturing device
• ASP database should be seeded with Aadhaar number to ensure that authenticity of the signer is verifiable by ASP.

Contact Pune Municipal Corporation IT Department for more details or technical support.

What about the Validity?
Digital Signature Certificate used to verify the signature will be valid for 30 minutes and the private key will be immediately deleted after signing. This eliminates any misuse of the certificate and simplifies the need for checking revocation list during signature verification.