DSC Tokens

About

DSC (Digital Signature Certificate) token, or simply DSC, is a pen drive shaped device that can be used to securely sign an electronic document.

DSC Token

To obtain a DSC token, the signer needs to apply to a Certifying Authority (CA) where she will have to submit KYC documents and undergo a video eKYC process. After authenticating the identity of the signer and upon receipt of the requisite fees, the CA will courier the DSC token in a few days. The signer then has to insert the DSC token into a computer, and wait for a driver software to install before proceeding to eSign any document.

Each DSC comes with a PIN, which is the password required to eSign a document with a DSC token. The PIN is known only to the signer in whose name the DSC has been issued.

The major drawbacks of using a DSC Token include:

  1. It is too expensive for the average Indian
  2. DSC Tokens are very hard to use and they often stop working
  3. DSC Tokens take time and effort to procure
  4. DSC Tokens cannot be used on mobile devices
  5. DSC Tokens always require physical possession of the pen drive for the sign to be affixed

Legal Validity

Section 2(p) defines a digital signature, while Section 2(1)(ta) categorizes digital signatures - as a subset of electronic signatures.

Section 3 stipulates the technical requirements for an electronic signature to be classified as a digital signature - namely the involvement of an asymmetric cryptographic system along with hashing functions and a system of “authenticated certificates” known as Electronic Signature Certificates. DSC Tokens are form of deploying these technical requirements - via a USB pen drive device. 

Section 5 of the IT Act grants electronic signatures identical validity to wet-ink signatures, i.e., an “electronic signature” like DSC is seen as legally identical to a wet-ink physical signature - even if its form and design may be different.

Digital signatures like DSC can therefore be used to legally sign all types of documents.

The only exception to this rule is that it cannot be used to eSign documents listed in the First Schedule of the IT Act, 2000.

Here is a handy table which tells you where can you legally use DSCs:

eSign type
Documents listed in the First Schedule of the IT Act
ALL other types of documents
DSC tokens
Image
Image
eSign type
DSC tokens
Documents listed in the First Schedule of the IT Act
Image
ALL other types of documents
Image

Legal Enforceability

The legal enforceability of any eSign type depends on:

  1. How well it can establish the identity of the signer (Authentication)
  2. Whether the document can be altered after the signatures are affixed (Integrity)
  3. Whether the parties can deny their acceptance of the terms and conditions at a later stage (Non-repudiation)

DSC is very easy to enforce because it performs these 3 functions very well.

eSign type \ Goal
Authentication
Integrity
Non-repudiation
DSC token
Image
  • The secure key pair encryption/decryption process helps to clearly establish the signer’s identity, details of which are contained in the electronic signature certificate
Image
  • The underlying technology (asymmetric crypto system + hash matching process) ensures that anyone opening the document on a PDF reader is alerted if the document has been altered after the signatures were affixed.
Image
  • For the signer to deny their DSC digital signature - they would need to prove that someone else got access to their unique PIN. This is extremely unlikely.
eSign type \ Goal
DSC token
Authentication
Image
    • The secure key pair encryption/decryption process helps to clearly establish the signer’s identity, details of which are contained in the electronic signature certificate
Integrity
Image
  • The underlying technology (asymmetric crypto system + hash matching process) ensures that anyone opening the document on a PDF reader is alerted if the document has been altered after the signatures were affixed.
Non-repudiation
Image
  • For the signer to deny their DSC digital signature - they would need to prove that someone else got access to their unique PIN. This is extremely unlikely.

In addition to the underlying technology, there are certain legal presumptions in favour of DSC tokens which make enforcement even easier:

  • Section 67A - if a signer uses DSC to execute a document then it will be presumed that such eSign belonged to the signer herself and not to any other person. The signer cannot later on refute her eSign on the document.
  • Section 85A - an agreement which has been executed using DSC will be presumed to have been concluded between the parties and attained finality. This lends certainty as to the finality of the terms and conditions agreed between parties to the agreement.
  • Section 85B(1) - it is legally presumed that the document has not been altered once it has been signed using DSC
  • Section 85B(2) -  if the signer signs a document using DSC, it is presumed that the signer signed it with the intention of signing or approving the document
  • Section 85C - it is presumed that the details mentioned in the Electronic Signature Certificate affixed on the document, such as name of the signer, email ID and time of signing is true. This helps in establishing the identity of the person who signed the document.

Want to try out eSigning for your own documents?

ExploreKeep reading more
Other Signature types
Digital & electronic signatures
Secure Virtual SignatureClickwrapStandard Virtual SignatureEmail exchange
eSIGNS
MORE