How the trustworthiness of the eSign Online Electronic Signature Service is ensured?
Answered on February 06,2020
Upon the Biometric or OTP authentication of the individual with the already verified information kept in the database of e-KYC (Know Your Customer)provider, key pairs are generated and public key along with information received from e-KYC provider are submitted to (Certifying Authority)CA for certification. Immediately after signature is generated with the private key of individual, the key pairs are deleted. The key pairs are generated on Secure Hardware Security Module to ensure security and privacy. Audit log files are generated for all events relating to the security of the eSign-Online Electronic Signature Service. The security audit logs are automatically collected and digitally signed by (ApplicationService Provider) ASPs. All security audit logs, both Electronic and Non-electronic, shall be retained and are audited periodically.