Difference between Aadhaar based eSign & DSC

Summary

Aadhaar eSign is an electronic method of affixing a signature on a document via aadhaar card

Digital Signature uses a DSC token to authenticate a signature on a document

While both aadhaar eSign & DSC are a way to electronically sign a document, aadhaar eSign has an edge over DSC when it comes to scalability & mass usage

Read below to learn more about the key difference between DSC & Aadhaar eSign

What’s the main difference between DSC Token Signing and Aadhaar eSign?

The two primary modes of “eSign” in India are

a) DSC Tokens (the “old” method) and

b) Aadhaar eSign (the “new” and significantly more popular method)

What is a Digital Signature?

A digital signature is a combination of algorithmic processes used to authenticate a document.

The “digital signature” process consists of an algorithmic interplay between 5 elements:

(A) An electronic record

(B) A hashing function

(D) Hardware Security Module

(E) Electronic Signature Certificates

Check out our blog on Digital Signatures, to know how the digital signature process works in detail.

Traditionally, digital signatures were made available in the form of a physical USB device - known as a “DSC Token”.

What are Aadhaar based eSigns?

Aadhaar eSign is a legal method of signing documents digitally with the help of Aadhaar. Aadhaar eSign was given legal sanctity through its inclusion in the second schedule of the IT Act via Gazette Notification No. 2015 Jan – GSR 61(E) (the Aadhaar eSign Notification), dated January 27, 2015, entitled “Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015”. The policy imperative that drove Aadhaar eSign was quite simple – to enable a mode of electronic signature that could be used scalably by 1 billion + individuals on a regular basis.

So, why would one need an Aadhaar eSign when DSC exists?

Both Aadhaar eSign and DSC Token consist of 2 broad steps:

a) Authentication - a step to verify the identity of the signer and “issue” an electronic signature certificate

b) Affixture - a step to affix an electronic signature certificate on a document - thereby “eSigning it”

Both Aadhaar eSign and DSC tokens are actually IDENTICAL when it comes to Affixture. Take a look at Schedule 2 of the IT Act - which sanctions Aadhaar eSign:

‍

Title of the document

Schedule 2 of IT Act

Notice the persistent use of the word “digital signatures”. An Aadhaar eSign is, essentially, a digital signature. It is an interplay of the same 5 elements that consist of a digital signature:

(A) An electronic record

(B) A hashing function

(D) Hardware Security Module

(E) Electronic Signature Certificates

So Aadhaar eSign and DSC Token eSign is the same?

Not quite. While “Affixture” is identical - Authentication is a different story altogether.

DSC Tokens - or “digital signatures” operate via a physical device. The “Authentication” process for a DSC Token is, therefore, geared towards procurement of this physical device.

This is a complex multi-step process:

Fundamentally, this process is unwieldy and unscalable:

DSC tokens are quite difficult to procure - User needs to go through multi-touch point process and pay an amount of INR 1000+ every year to procure and reuse the DSC token. The process in itself takes weeks.

Its difficult to sign with a DSC token - every time the signer wants to sign a document, they have to go through a multi-step process of putting the PIN that they received during DSC procurement. Also, DSC tokens are notorious for malfunctioning without warning. So, its not entirely error free.

All the signers MUST have the device to sign a document - if you want three different parties to sign a document, it can only happen if all three parties have access to their DSC tokens. If one of them fails to have a DSC token, they won’t be able to sign the document

DSC tokens are not mobile friendly - you need to have access to your PC or laptop to sign a document using DSC. It cannot be plugged into a phone thus making it less scalable.

The above issues make traditional digital signing impossible to scale across the Indian population. So while digital signatures may be better than wet-ink signatures - their traditional mode of affixture will never replace wet-ink signatures.

This is where Aadhaar eSign comes into play.

Aadhaar eSign DOES not require possession of a physical device. An Aadhaar card holder can eSign a document from anywhere, anytime as long as they have:

An Aadhaar number
Phone or email linked to this aadhaar number

Once an Aadhaar holder receives a signing link (facilitated by an ASP interface) - they can electronically sign via an “on-the-fly” Aadhaar eKYC authentication (usually via OTP authentication - but also possible via Biometric and Iris authentication). Upon a valid success response to the authentication - an Electronic Signature Certificate is generated and affixed to the document being signed.

The process is significantly simpler:

This makes Aadhaar eSign radically more scalable and easier to use than conventional “digital signatures” via DSC Tokens.

Digital Signature Certificate Tokens (DSC)	Aadhaar eSign
Difficult to procure a DSC token	One does not need a physical device to eSign a document through Aadhaar
A tedious process where signers mandatorily need physical possession of a DSC token to eSign	Signers can eSign anywhere, anytime without possession of a physical object
One can only sign a document on a laptop or a PC	Can eSign documents on any electronic device - anytime, anywhere
Expensive and hard to procure	All signers need is a valid Aadhaar and an Aadhaar linked phone/email

Read the Laws of eSign

From Awareness to Action: A Roadmap for DPDP Act Compliance