Section 4 in The Information Technology (Security Procedure) Rules, 2004
4. Secure digital signature.
- A digital signature shall be deemed to be a secure digital signature for the purposes of the Act if the following procedure has been applied to it, namely:-(a)that the smart card or hardware token, as the case may be, with cryptographic module, in it, is used to create the key pair;(b)that the private key used to create the digital signature always remains in the smart card or hardware token as the case may be;(c)that the hash of the content to be signed is taken from the host system to the smart card or hardware token and the private key is used to create the digital signature and the signed hash is returned to the host system;(d)that the information contained in the smart card or hardware token, as the case may be, is solely under the control of the person who is purported to have created the digital signature;(e)that the digital signature can be verified by using the public key listed in the Digital Signature Certificate issued to that person;(f)[ that the standards referred to in rule 7 or rule 12 of the Digital Signature (End Entity) Rules, 2015 have been complied with, in so far as they relate to the creation, storage and transmission of the digital signature; and] [Substituted by Notification No. G.S.R. 661(E), dated 25.8.2015 (w.e.f. 5.11.2004).](g)that the digital signature is linked to the electronic record in such a manner that if the electronic record was altered the digital signature would be invalidated.
