NEW DELHI: The Controller of Certifying Authorities (CCA) suspended three digital certificates issued by the National Informatics Centre Certifying Authority to prevent their misuse, Parliament was informed.
Digital Signature Certificates (DSCs) are issued by Certifying Authorities for electronic authentication of users, Communication and IT Minister Ravi Shankar Prasad told Lok Sabha.
The CCA, which is appointed under the Information Technology Act, 2000, licences Certifying Authorities to issue DSC.
DSCs are issued under Sub Section 4 of Section 35 of the IT Act and they facilitate e-commerce and e-filing of documents through authentication of users and their transactions, he added.
"Three certificates issued to NIC-CA were suspended by CCA. The unauthorised certificates that had been issued, were revoked by the NIC-CA. This was done to prevent misuse," Prasad said.
The incident has been investigated and the findings suggest that the perpetrators made an electronic intrusion in to the CA systems from outside India, he added.
"NIC-CA has been asked to revamp their infrastructure from all aspects -- technical, physical and procedural," Prasad said.
Besides, an advisory has been issued to all Certifying Authorities to examine and wherever necessary, strengthen security controls in the infrastructure used for DSCs issuance, the Minister added.
Last month, Google and Microsoft had complained about the unauthorised DSCs issued by NIC-CA.
Google in a blog post had said: "On Wednesday, July 2, we became aware of unauthorised DSCs for several Google domains.
"The certificates were issued by NIC of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities."
Similarly, Microsoft said it is aware of improperly issued SSL certificates that could be used in attempts to spoof content or perform phishing attacks.
"SSL certificates were improperly issued by NIC, which operates subordinate CAs under root CAs operated by Government of India's CCA, which are CAs present in the Trusted Root Certification Authorities Store," it added.
14:41
Share:
0 comments: