Aadhaar-Based eSign: Is It Safe And Reliable?

eSign was designed to remove the problems associated with digital signatures in India.

Through Aadhaar verification, eSign has become easier now than it was ever before to implement and use a digital signature.

Layers Of eSign

eSign safety

Let’s look at the four layers of eSign that make it safe, convenient and reliable.

1. Consent

eSign is based on consent. An individual gives his or her consent by electronically signing a document.

Since it is an electronic document, it can be shared with multiple parties and upon consent of all the parties, an electronic document is executed.

For example, you can share an agreement with your co-founders or partners for all of you to sign, or you can share an official electronically signed statement with your bank to update your eKYC details.

Further, the eSigned document can be stored online and can be downloaded if needed.

2. Aadhaar

eSign works on a two-way authentication system that involves an individual’s 12 digit Aadhaar number (and password) and OTP (One Time Password) on the individual’s Aadhaar-enabled mobile device.

This helps secure an individual’s identity electronically and remotely using eSign. Aadhaar is becoming a mandatory document that every individual must have to access basic services and Public infrastructure.

Aadhaar is used to authenticate the identity of an individual in the issuance of PAN, passport, DL, telecom sim, etc., and is a secure and trusted system.

3. Go Paperless

The Government has set up infrastructure to enable a paperless economy with the help of digital locker (to hold, share and store all electronic documents) and electronic signatures (to sign and authenticate an electronic document).

Gone are the days of manual paper record-keeping and bookkeeping. The problems associated with having to use paper is storing these documents, retrieval, remote access, cross information within departments, and much more.

The process with paper takes days, even weeks and is also harmful to the environment, considering we have a digital alternate at our disposal.

Also, it is safer to have records stored digitally to prevent and eliminate document forgery, red-tapism, paper pushing, document shuffling, etc.

4. Physical Presence Redundant

Every individual who has enrolled for Aadhaar, would have provided his/her biometric and demographic information to avail an Aadhaar card.

The information provided by the Aadhaar holder is stored and secured in a centralized Aadhaar database maintained by the UIDAI.

When an individual needs to use a service or verify his or her identity, they can do so without having to be physically present for verification.

Biometric devices can be used to capture the iris or fingerprint of the individual, or Aadhaar based OTP can be used for authentication.

No presence is required. This means you can walk into a store and use your eSign to make a purchase or authentication without providing any physical identity verification.

Validity Of eSign

eSign is a valid signature in India, just as valid as a regular signature on paper.

In 2015, under the provisions of the Information Technology Act, 2000, (Schedule 3) made the use of electronic signatures valid in India.

eSign can be used to attest several documents, execute certain business and commercial agreements, etc.

eSign is safe and reliable, yet the Government mandates that electronic signatures cannot be applied to the following sections:

  1. A Negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881.
  2. A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882.
  3. A trust as defined in section 3 of the Indian Trusts Act, 1882.
  4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925, including any other testamentary disposition by whatever name called.
  5. Any contract for the sale or conveyance of immovable property or any interest in such property.
  6. Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.

How Is eSign Made Safe And Reliable?

For an individual to use eSign services, it is necessary that authentication is done using Aadhaar eKYC services.

Upon successful authentication of an individual using biometric or OTP verification, eSign enables key pair generation, certification of public key and digital signature on the electronic document, all within a single online service.

The private key pair is used once and then, after a one-time use, the private key is deleted.

The Digital Signature Certificate generated is valid for 30 minutes and expires later to maintain security.

A document that is signed using eSign will be affixed with a valid electronic signature (eSign) that can be easily verified using standard methods.

The user should have 12-digit Aadhaar Number and a mobile number registered with it for OTP-based authentication.

To enable eSign integration with PIN, a Gateway will manage the PIN function and an ASP can directly integrate with eSign.

The optional PIN facility will not be available in such integration (only biometric and OTP will be available).

eSign Security: Is Your Data Protected?

Every time a user has to apply his or her digital signature, a new key-pair and certification of the new Public Key by a Certifying Authority are required.

This back-end process is completely transparent to the signer. In addition, Aadhaar eKYC data is not stored with the Application Service Provider but is retained only by the eSign provider as the eKYC audit record.

Online Application Service providers and eSign Signature Service providers do not store the user’s personal data such as Aadhaar number or OTP.

Our eSign logs include only the information received from ESP API call.

In the case of Aadhaar eKYC OTP option, additional authentication can be used to authenticate the identity of an individual.

The following options of additional authentication are available to a user:

1. ASP level logon or Password authentication

The Aadhaar eKYC OTP option works perfectly in conditions where the risks and consequences of data compromise are low.

An application-level authentication is recommended for eSign Online Electronic Signature Service.

This mitigates the risk of cases where an entire family is registered on a single mobile number, and this number has been replaced by a new number.

The new number may not have been updated in the Aadhaar database.

2. PIN

As an alternate option, Aadhaar eKYC OTP-based authentication can be used for eSign Online Electronic Signature Service.

A Gateway level PIN authentication which is linked to an individual’s Aadhaar number is used as the One-Time Password.

Use eSign Now

eSign is safe and secure to use. It is proposed for businesses, public services, processes, service applications, etc. to make them quick, reliable and efficient.

With all the safety features and fail-safes built into eSign, it is no surprise that more companies and individuals are starting to use eSign for signing electronic documents.

Thus, the provisions of the Information Technology Act, 2000, (Schedule 3) validates and legalises the use of electronic signatures in India, thus making it a more clear about its characteristics and accessibility.

Want To Avail eSign?

SignDesk.com  is an authorized Application Service Provider (ASP), which in collaboration with the UIDAI, facilitates eSign services.

Every Aadhaar-holder can make use of the portal to eSign his/her documents. We offer different eSign packages based on your requirement as well as eSign API.

Get in touch with us to get a quote for eSign services today.

 

Leave a Comment

Your email address will not be published. Required fields are marked *