Recognition of Foreign Certifying Authorities Vakul Sharma Vakul

• Recognizing “Foreign Certifying Authorities” by two statutory instruments: “Information Technology (Recognition of

• Foreign CA means a CA other than one licensed to issue a

• Recognised Foreign CA means a “foreign CA” who has been granted under

• Foreign CAs will have the same protection of law as it has

Deemed Recognition operating under a Regulatory Authority • A foreign CA deemed as recognised

Recognition of Foreign Certifying Authorities operating under a Regulatory Authority is based on: •

• Controller of Certifying Authority (CCA – India) to enter into a Memorandum

Recognition not operating under a Regulatory Authority • Any Foreign CA may apply to

• The idea is to provide seamless authentication, message integrity, non-repudiation, & accessibility

• Global business model based on ‘cross certifying authorities’ acting as ‘trusted third

Thanks vakul@vakulcorp. com © Vakul Corporate Advisory, 2014

Slides: 14

Download presentation

Recognition of Foreign Certifying Authorities Vakul Sharma © Vakul Corporate Advisory, 2014

Leap of faith

• Recognizing “Foreign Certifying Authorities” by two statutory instruments: “Information Technology (Recognition of Foreign Certifying Authorities operating under a Regulatory Authority) Regulations, 2013”* “Information Technology (Recognition of Foreign Certifying Authorities not operating under any Regulatory Authority) Regulations, 2013”* * April 6 th 2013

• Foreign CA means a CA other than one licensed to issue a DSC……. whose installed facilities and infrastructure associated with all functions of generation, issue, and management of DSCs are located outside India [Regulation 2(1)(d)]

• Recognised Foreign CA means a “foreign CA” who has been granted under these regulations pursuant to section 19 of the Information Technology Act [Recognition of foreign CA].

• Foreign CAs will have the same protection of law as it has been provided to the Indian CAs under the Information Technology Act, 2000

Deemed Recognition operating under a Regulatory Authority • A foreign CA deemed as recognised if it has been authorised to issue DSCs by a recognised Regulatory Authority established under the laws of a country other than India. [Regulation 3 A(2)]

Recognition of Foreign Certifying Authorities operating under a Regulatory Authority is based on: • Principle of reliability & reciprocity

• Controller of Certifying Authority (CCA – India) to enter into a Memorandum of Understanding (Mo. U) with each recognised Regulatory Authority* • Reliability assessment for equivalence *India has signed Mo. U with South Korea.

Recognition not operating under a Regulatory Authority • Any Foreign CA may apply to Controller for recognition; it may require to submit following details, including: • A Certificate Practice Statement (CPS) • A statement for the purpose & scope of anticipated DSC technology, management, or operations to be outsourced • Certified copies of the business registration & license of foreign certifying authority that intends to be recognised • Audit report of infrastructure • Maintenance of local office • Fee of USD 25, 000 • Issuance of recognition within 4 weeks

Global Business Model

• The idea is to provide seamless authentication, message integrity, non-repudiation, & accessibility across jurisdictions facilitating ecommerce* & e-Governance • Time to come out of ‘cocoon’ existence (DSCs are never meant to be localized but glocalized) * UNCITRAL Model Law on E-commerce (Resolution A/RES/51/162 adopted by the General Assembly of UN on 30 th January 1997.

• Global business model based on ‘cross certifying authorities’ acting as ‘trusted third parties’ has all the ingredients to revolutionize online trust - from authentication to payments to service delivery