An Application Service Provider (ASP) can integrate eSign online electronic signature service so that the users of that ASP will be able to use eSign. A physical paper form/document which is currently used to obtain digital signature certificate can be replaced by its electronic form and thereby facilitate electronic signature of the signer through eSign.
ASPs who can be potential users of eSign include Government agencies, Banks and Financial Institutions, Educational Institutions etc.
E-Sign Online electronic signature service, offers applications, a mechanism to replace manual paper–based signatures by integrating this service within their applications. An Aadhaar holder can electronically sign a form/document anytime, anywhere, and on any device. E-Sign service facilitates significant reduction in paper handling costs, improves efficiency, and offers convenience to customers.
Document content that is being signed is not sent in the clear to eSign service provider. The privacy of signer’s information is protected by sending only the one-way hash of the document to eSign online electronic signature service provider. Each signature requires a new key-pair and certification of the new public key by a certifying authority. This back-end process is completely transparent to the signer. In addition, Aadhaar eKYC data is not sent back to the Application Service Provider and is retained only within the eSign provider as eKYC audit record.
Yes. The electronic signatures facilitated through eSign online electronic signature services are legally valid, provided the eSign signature framework is operated under the provisions of Second schedule of the Information Technology Act and guidelines issued by the controller. Please refer electronic signature or electronic authentication technique and procedure rules, 2015 e-authentication technique using Aadhaar e-KYC services.
At present, eSign online electronic signature service is offered by CAs. The security requirement for this service is mandated at the same level as currently mandated for CAs. A CA should sign KYC User Agency (KUA) agreement with UIDAI to enable access to e-KYC service.
The user should have 12 digits Aadhaar number. For OTP based authentication, the mobile number should be registered with Aadhaar database.
The communication between Application Service Provider and eSign– online electronic signature service is operated in accordance with eSign API specifications issued by CCA.
Customer’s consent is mandatorily prompted before electronically signing the document. As per the Aadhaar Act 2016, the consent of the customer shall be prompted before authentication with UIDAI.
Also customer consent is must for linking Aadhaar number with bank account number.
In the application implementation, an individual is identified using a code or number instead of name. For example in the case of income tax e-filing, the person is identified by a PAN number. It is a challenge for application to ensure that the individual who has logged in using PAN id is the person who has signed the documents. Mapping (seeding) the individual’s application specific ID with their Aadhaar number in the ASP database is recommended to enable the authenticity of the signature.
OTP and biometric class.