The Information Technology Act, 2000 provides for use of Digital Signatures on the documents submitted in electronic form in order to ensure the security and authenticity of the documents filed electronically. This is the only secure and authentic way that a document can be submitted electronically.
e-Procurement facilitates, integrates, and streamlines procurement processes. From buyer to supplier and even back. Approved under the Information Technology Act, and with legal status, a Digital Signature Certificate is essential for all e-Procurement processes.
Applying for a government tender online has many advantages. Since documents are uploaded to a central site, acknowledgements and receipts are provided immediately. Which is not the case with paper documents that need to be scanned and verified before being processed.
e-Procurement has gained significant popularity and acceptance as it brings greater transparency to the whole system. Among other benefits, it helps buyers and bidders overcome geographical limitations, reduce procurement cycles, and overall helps keep pace with present technology.
Now, most companies (especially Govt. organisations/departments, PSUs, and even private companies) floating tenders mandate submission of response online through digital signature certificates. Tenders might require class 3 DSCs. (You may ascertain the exact type of DSC required from the concerned company department floating the e-tender.)
There are two types of Digital Signatures, Class 2 and Class 3. Class 2 Digital Signatures are used for Company or LLP Incorporation, IT Return E-Filing, Obtaining DIN or DPIN, and filing other forms with the Ministry of Corporate Affairs and Income Tax Department. Class 3 type Digital Signatures are used mainly for E-Tendering.
Which class of Digital Signature is required for E Tendering?
You should have a legally valid Class 3 digital signature certificate for e Tendering as per Indian IT Act from the licensed Certifying Authorities operating under the Root Certifying Authority of India (RCAI), Controller of Certifying Authorities (CCA) of India. (http://www.cca.gov.in/)
Class 3 A/B digital signatures for individuals/Organization is certificate that provides highest level of assurance within the RCAI hierarchy setup by CCA ( Controller of
Certifying Authorities) in India which is mainly used for e-tendering or e-procurement or e-bidding.
Individual (Class 3A): Class 3A Individual certificates issued to individuals or devices and encompass primarily high end security-sensitive online activity.
Organization (Class 3B): Class 3B Organization certificates those are used for signing, encryption, electronic access control, e-commerce, and online financial transactions that require a strong assertion of the customer’s identity. The validation procedure for class 3 Organization certificates includes confirmation that the organization does in fact exist, authorization from the organization for the certificate applicant.
To participate in the e-procurement process, every Vendor / Purchaser is required to use a Class 3B Digital Signature Certificate. Class 3 Digital Signatures are issued to
individuals, organizations and devices and applicable for personal and commercial use. Typically, they are used for Electronic Data Exchange (EDI), internet banking/brokingtendering and other web-based transactions where confidentiality and authenticity are critical.
Validity of Digital Signature Certificates:
The Digital Signature Certificates are typically issued with one year validity and two year validity. These are renewable on expiry of the period of initial issue.
Certifying Authorities (CA) has been granted a license to issue a digital signature certificate under Section 24 of the Indian IT-Act 2000. One can procure Class 3 digital signature certificates from Capricorn CA, (n) Code Solutions CA, E-MUDHRA CA And SafeScrypt CA of the certifying authorities.
How Digital Signature Works
In Digital Signature, a public and private key are created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority (CA). The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet. One has to use the private key to decrypt text that has been encrypted with recipient public key by someone else (who can find out what your public key is from a public directory). Sender can authenticate to the receiver of the message by using sender’s private key to encrypt a digital certificate. The recipient can verify the message using public key of the sender to decrypt it.