A Registration Authority (RA) is an authorized agent that acts as a bridge between the Certifying Authority (CA) and the applicant of a Digital Signature Certificate (DSC). As per the Information Technology (IT) Act, 2000 and Controller of Certifying Authorities (CCA) guidelines, an RA performs identity verification, collects documentation, and initiates the certificate issuance process. This post explains how to become an RA and the responsibilities involved—strictly following CCA norms.
1. What is a Registration Authority (RA)?
An RA is a trusted third party delegated by a licensed Certifying Authority to handle the identity verification and document collection for DSC applicants. RAs ensure the applicant’s details are validated before the CA issues a DSC. They operate under the CA’s Certification Practice Statement (CPS) and CCA’s Identity Verification Guidelines (IVG).
2. How to Become an RA
- Sign MoU with CA: Entities interested in becoming an RA must sign a formal Memorandum of Understanding (MoU) or Service Level Agreement (SLA) with a CCA-licensed CA. Example: eMudhra, NCode, etc.
- Infrastructure Readiness: The RA must establish secure infrastructure for identity verification and documentation, following CCA’s IVG.
- Inclusion in CA’s CPS: The RA’s responsibilities and procedures must be clearly defined in the CA’s Certification Practice Statement (CPS).
- Personnel Training: The RA Officers and Data Verifiers must be trained as per CA and CCA guidelines.
- Start Operations: After approval, the RA begins collecting documents, performing eKYC or video KYC, signing CSRs, and submitting to CA.
3. Roles & Responsibilities of an RA
- Identity & Document Verification: Verify applicant’s ID and address proof using Aadhaar eKYC, PAN, or offline verification as per IVG. (Refer: CCA IVG PDF)
- Collect Supporting Documents: DSC Application Form, photograph, signature, and address proofs.
- CSR Verification & Signing: Sign the Certificate Signing Request (CSR) with RA’s own DSC after verification.
- Secure Submission to CA: Submit the signed CSR and documents securely to the CA via API or web portal.
- USB Token Handling: Assist in loading the DSC onto a secure token (FIPS 140-2 Level 3 compliant) and deliver to the user securely.
- Data Confidentiality: Maintain confidentiality of applicant’s data as per Rule 34 of IT Act and Section 71.
- Data Retention: Maintain records and documents securely for a minimum of 7 years as per CCA norms.
- Support CA Audits: Facilitate internal and external audits, provide records and compliance reports.
4. Step-by-Step Summary
| Step | Description |
|---|---|
| 1️⃣ | Contact a licensed CA and sign an MoU |
| 2️⃣ | Set up required technical and physical infrastructure |
| 3️⃣ | Train staff and verify compliance with IVG and CPS |
| 4️⃣ | Begin operations: collect applications, verify identity, and submit to CA |
| 5️⃣ | Retain records and support audits |
5. Useful Resources & References
- CCA Official FAQs
- List of Licensed Certifying Authorities
- CCA Identity Verification Guidelines (IVG)
- Digital Signature in e-Governance
Conclusion
A Registration Authority plays a pivotal role in ensuring secure, verified issuance of Digital Signature Certificates in India. By becoming an RA, you become part of the national digital trust infrastructure governed by the CCA. From document verification to cryptographic CSR validation and record retention, the RA’s responsibilities ensure transparency, legality, and trust in digital transactions.
Leave a comment