DSC (Digital Signature Certificate) token, or simply DSC, is a pen drive shaped device that can be used to securely sign an electronic document.
To obtain a DSC token, the signer needs to apply to a Certifying Authority (CA) where she will have to submit KYC documents and undergo a video eKYC process. After authenticating the identity of the signer and upon receipt of the requisite fees, the CA will courier the DSC token in a few days. The signer then has to insert the DSC token into a computer, and wait for a driver software to install before proceeding to eSign any document.
Each DSC comes with a PIN, which is the password required to eSign a document with a DSC token. The PIN is known only to the signer in whose name the DSC has been issued.
The major drawbacks of using a DSC Token include:
- It is too expensive for the average Indian
- DSC Tokens are very hard to use and they often stop working
- DSC Tokens take time and effort to procure
- DSC Tokens cannot be used on mobile devices
- DSC Tokens always require physical possession of the pen drive for the sign to be affixed
Section 2(p) defines a digital signature, while Section 2(1)(ta) categorizes digital signatures - as a subset of electronic signatures.
Section 3 stipulates the technical requirements for an electronic signature to be classified as a digital signature - namely the involvement of an asymmetric cryptographic system along with hashing functions and a system of “authenticated certificates” known as Electronic Signature Certificates. DSC Tokens are form of deploying these technical requirements - via a USB pen drive device.
Section 5 of the IT Act grants electronic signatures identical validity to wet-ink signatures, i.e., an “electronic signature” like DSC is seen as legally identical to a wet-ink physical signature - even if its form and design may be different.
Digital signatures like DSC can therefore be used to legally sign all types of documents.
The only exception to this rule is that it cannot be used to eSign documents listed in the First Schedule of the IT Act, 2000.
Here is a handy table which tells you where can you legally use DSCs:
The legal enforceability of any eSign type depends on:
- How well it can establish the identity of the signer (Authentication)
- Whether the document can be altered after the signatures are affixed (Integrity)
- Whether the parties can deny their acceptance of the terms and conditions at a later stage (Non-repudiation)
DSC is very easy to enforce because it performs these 3 functions very well.
In addition to the underlying technology, there are certain legal presumptions in favour of DSC tokens which make enforcement even easier:
- Section 67A - if a signer uses DSC to execute a document then it will be presumed that such eSign belonged to the signer herself and not to any other person. The signer cannot later on refute her eSign on the document.
- Section 85A - an agreement which has been executed using DSC will be presumed to have been concluded between the parties and attained finality. This lends certainty as to the finality of the terms and conditions agreed between parties to the agreement.
- Section 85B(1) - it is legally presumed that the document has not been altered once it has been signed using DSC
- Section 85B(2) - if the signer signs a document using DSC, it is presumed that the signer signed it with the intention of signing or approving the document
- Section 85C - it is presumed that the details mentioned in the Electronic Signature Certificate affixed on the document, such as name of the signer, email ID and time of signing is true. This helps in establishing the identity of the person who signed the document.