ESign (India)

Aadhaar eSign is an online electronic signature service in India to facilitate an Aadhaar holder to digitally sign a document. The signature service is facilitated by authenticating the Aadhaar holder via the Aadhaar-based e-KYC (electronic Know Your Customer) service.

To eSign a document, one has to have an Aadhaar card and a mobile number registered with Aadhaar. With these two things, an Indian citizen can sign a document remotely without being physically present.

Procedure
The notification issued by Government of India in this regard stipulates the following procedure for the e-authentication using Aadhaar e-KYC services.

Authentication of an electronic record by e-authentication technique, which shall be done by
 * 1) the applicable use of e-authentication, hash function, and asymmetric cryptosystem techniques, leading to issuance of digital signature certificate by Certifying Authority,
 * 2) a trusted third party service  by subscriber's key pair generation, storing of the key  pairs  on  hardware  security  module and creation  of  digital  signature provided  that  the  trusted  third  party  shall  be  offered  by  the  certifying authority (the  trusted  third  party  shall  send  application  form  and  certificate signing  request  to  the  Certifying  Authority  for  issuing  a digital  signature certificate to the subscriber),
 * 3) issuance of  digital  signature  certificate  by  Certifying  Authority  shall  be based on e-authentication, particulars given in the prescribed format,  digitally signed  verified  information  from  Aadhaar  e-KYC  services  and  electronic consent of digital signature certificate applicant,
 * 4) the manner  and  requirements  for  e-authentication  shall  be  as  issued  by  the Controller  from time to time,
 * 5) the security  procedure  for  creating  the      subscriber’s  key  pair  shall  be  in accordance with the e-authentication guidelines issued by the Controller,
 * 6) the  standards   referred   to   in   rule   6   of      the   Information   Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate   to   the   certification   function   of   public   key of   Digital   Signature Certificate applicant, and
 * 7) the manner  in  which  information  is  authenticated  by  means  of  digital signature      shall  comply  with  the  standards  specified  in  rule  6  of  the Information  Technology  (Certifying  Authorities)  Rules,  2000  in  so  far  as they  relate  to  the  creation,  storage  and  transmission  of  Digital  Signature.

eSign Service Providers
Organisations and individuals seeking to obtain the eSigning Service can utilize the services of various service providers. There are empanelled service providers with whom organisations can register as an Application Service Prover after submitting the requisite documents, getting UAT access, building the application around the service and going through an IT Audit by an CERT-IN empanelled auditor.

However, the process of registering as an Application Service Provider is cumbersome, and requires huge investments of time, money and resources in complying with the regulations and building a suitable application. Most organisations prefer using services of plug-n-play gateway providers who take the responsibility of complying with the regulations, hence simplifying the process for the market.