Context: The government has announced a pool of ₹3.4 crore in prizes for developers who create an indigenous browser for the world which trusts the Controller of Certifying Authorities, which verifies digital signatures in the country.
An important caveat is that browser ideas entered into this competition will have to trust the Controller of Certifying Authorities (CCA), the Indian government’s authority for digital signatures, including SSL (Security Sockets Layer) certificates.
About Controller of Certifying Authorities (CCA):
- It is an organisation that administers and monitors the functioning of Certification Authorities that issue encrypted (a technique for secure communication) digital certificates. This type of encryption allows relying parties to have an authenticated transfer of data under a secure connection, and the Authority has well-defined methods of assuring the identity of parties to whom it issues certificates.
- It also confirms the attribution of a public key to an identified physical person by means of a public key certificate.
- As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents.
- The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the working of Certifying Authorities.
- The Controller of Certifying Authorities has been appointed by the Central Government under section 17 of the Act for purposes of the IT Act.
- It aims to promote the growth of E-Commerce and E- Governance through the wide use of digital signatures.
- It has established the Root Certifying Authority (RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the Act.
- It certifies the public keys of CAs using its own private key, which enables users in cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose, it operates, the Root Certifying Authority of India(RCAI).
- The CCA also maintains the Repository of Digital Certificates, which contains all the certificates issued to the CAs in the country.
About Security Sockets Layer (SSL):
- It is an encryption-based Internet security protocol.
- It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications.
- It is the predecessor to the modern Transport Layer Security (TLS) encryption used today.
- A website that implements SSL/TLS has “HTTPS” in its URL instead of “HTTP.”
- In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. This means that anyone who tries to intercept this data will only see a garbled mix of characters that is nearly impossible to decrypt.
- It initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really whom they claim to be.
- It also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.