9911796707
TMI Blog2018 (6) TMI 644X X X X Extracts X X X X X X X X Extracts X X X X ..... o them by Controller of Certifying Authorities, Appellants have to follow the procedures prescribed under the Information Technology Act, 2000. Thus the activity of issuing DSC is statutorily recognised - The department vide letter dt.28.7.2008 has clarified that if the issuance of DSC does not involve development of IT Software, adoption or adaptation service related to IT software or certification of IT Software, the activity would not fall under Information Technology Services. When the process of issue of both these certificates are akin to each other, merely because SSLC is issued under voluntary requirement of the customer the same cannot be classified under Information Technology Services. Appeal allowed - decided in favor of appellant. - Appeal No.ST/40054/2013, ST/42388/2013 - 40552-40553/2018 - Dated:- 20-2-2018 - Ms. Sulekha Beevi C.S. Member (Judicial) And Shri Madhu Mohan Damodhar, Member (Technical) Shri G.Natarajan, Advocate For the Appellant Shri K Veerabhadra Reddy, JC (AR) For the Respondent Per Bench The issue arising for consideration in both these appeals being same, they were heard together and are disposed by this common order. Bri ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... q) of Information Technology Act, digital signature certificate means a Digital Signature Certificate issued under subsection (4) of Section 35. Such DSCs will be issued by the certifying authority as per procedures prescribed in the Act. As per Section 2 (g) of the Act, Certifying Authority means a person who has been granted a license to issue an Electronic Signature Certificate under Section 24. The appellant has obtained license as a certifying authority in terms of the Act. Any document which requires signature of a person can also be digitally signed and such digital signature is a valid signature as per Section 5 of the Information Technology Act. Again, Section 15 of the Act lays down when a digital signature can be considered as a secure digital signature. The said section reads as under: 15. Secure Electronic Signature. - An electronic signature shall be deemed to be a secure electronic signature if - (i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and (ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed Exp ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... use such software to issue DSC as a licensed certifying authority for which royalty is paid by appellant to M/s.Verisign. The appellant is paying service tax under IPR services under reverse charge mechanism on the royalty/charges paid to M/s.Verisigna. The appellant has not availed Cenvat Credit on such service tax paid. 2.5 The process of issuing DSCs by the appellant is explained as below: Any person intending to have a DSC would approach the appellant, either directly or through the appellant's channel partners, by way of filling up an application form along with required credential as required under the IT Act. Upon verification of such credentials, the appellant would upload such information in the software platform, made available by Verisign, The software would extract the information and creates the required DSC, by digitally signing the subscriber's public key with the CA's private key. The customer is informed through email about the issue of DSC and the customer should visit the link provided in the email, access the DSC and installs the DSC in his computer. The appellant would be charging the customer for issue of DSC. DSC once issued would be valid ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... all involve any of the activities enumerated in the definition of IT service, as explained below. S.NO. Limb of the defination Explanation 1 (i) development of information technology software The software for generation of DSCs has not been developed by the appellant. It has been developed by M/s.Verisign. Generation of DSCs everytime, does not involve development of any software everytime. 2 (ii) study, analysis, design and programming of information technology software Issue of DSCs does not involve any of these activities 3 (iii) adaptation, upgradation, enhancement, implementation and other similar service related to information technology software Issue of DSCs does not involve any of these. Using the existing software developed for this purpose DSCs are created everytime. The role of the appellant is towards verification of the credentials and uploading the information in the software plateform 4 (iv) providing advice, consult ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ncrypted channel between a client server over I-ITT P (Hyper Text Transfer Protocol). It enables transmission of data security over internet, which is a public medium, During the process of setting up the encrypted channel, a session key is exchanged between the server and the client. The session key is a symmetric key which is used for data encryption between the client and the server, so as to protect such data transmission. Encryption is the process of converting plan text into cipher text, using an encryption key. In symmetric key cryptography, a symmetric key is used, commonly known as shared secret or password. In asymmetric key cryptography receiver's public key is used for encryption and receiver's private key us used for decryption. In SSLC handshake, the session key which is generated is encrypted with the public key contained in the SSLC certificate and sent over the internet. The receive decrypts the session key and uses for data encryption between the client and the server. Session keys are periodically exchanged between the client and web server using the SSLC. An SSLC certificate duly issued helps in authentication of the website. SSLC protected web servers a ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ivity would not fall under Development and supply of content service. Therefore the very same activity of issuing SSLC cannot be classified under any of these categories. He submitted that the demand does not sustain on merits. 2.1.4 The Ld.Counsel argued on the ground of limitation also. He submitted that the period after 2007 (01.6.2007) would be hit by limitation. The department was put to knowledge by the letters issued seeking clarification of the classification of the services. The department was therefore aware of the facts and therefore the allegation of suppression is without basis. Further the issue is of taxability and classification. The appellant was under bonafide belief that the activities are not taxable services. There was no intention to evade payment of tax. That the invocation of extended period is without basis. 3. The Ld.AR, Sh.K.Veerabhadra Reddy reiterated the findings in the impugned order. He adverted to the definition of Business Support Service, Development and supply of content service as well as Information Technology services. He submitted that the Commissioner (Appeals) has confirmed the demand of SSLCs for the entire period observing that the ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ate of Digital Signature in the form of DSC and SSLC is squarely covered by the definition Information Technology Services as per Section 65 (53a) of the Finance Act. The classification has to be made based on the description of the services and more specific description has to be adopted in preference to a more general description. Therefore the confirmation of classification of the above services rendered by the appellant for the different purposes is legal and proper. On the ground of limitation, the Ld.AR submitted that there is no question of interpretation of statute involved in this matter as the relevant provisions are clear. The contention of the appellant that DGCEI had started investigation in 2007 and therefore the department was fully aware of the facts from that date and therefore the Show Cause Notice for the period after 2007 is barred by limitation is also without basis, as the investigation involved examination of large number of documents, recording of statement of employees of the appellant. The contention with the department is aware of the facts that commencement of the investigation cannot be accepted. The Ld.AR prayed to dismiss the appeal. 4. Heard both ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... department has issued letters clarifying that the said activity does not fall under DAS or Information Technology Services. The relevant letters are reproduced as under: 7. The Office of Controller of Certifying Authorities vide their letter dated 14.8.2008 has informed the appellant that the activity of issuing DSC would not fall under Technical Inspection and Certification Service, Business Auxiliary Service or Business Support Service (BSS). From the detailed explanation of the activity put forward by the Ld.Counsel for appellant, we do not find that any of the steps/process involved in issuing DSC would fall within the definition of Information Technology Services. Further, the software is owned by M/s.Verisign, USA and appellants have obtained only right to use the software. Therefore their activity does not involve any development of software, In fact appellants make use of the software already developed by M/s.Verisign and generate digital certificates. This is nothing but use of software just like use of windows software etc. 8. In para 6.3 of the Impugned Order, even the Commissioner has held that the process of issue of DSC and that of SSLC is akin ..... X X X X Extracts X X X X X X X X Extracts X X X X
|
