|Legal Service India - Digital signatures|
|Legal Advice | Find a lawyer | Constitutional law | Judgments | forms | PIL | family law | Cyber Law | Law Forum | Income-Tax | Consumer laws | Company laws|
|Articles | Articles 2014 | Articles 2013 | Articles 2012 | Articles 2011 | Articles 2010 | Articles 2009 | Articles 2008 | Articles 2007 | Articles 2006 | 2000-05|
Since the advent of the Internet and the gradual conversion of paperwork to computer files, a need has been felt to bring in security and trustworthiness to Internet transactions. The year 2000 was an important one for India from the point of view of the bringing the law up to date with modern times. I speak of the enactment of the Information Technology Act, 2000. This Act gives legal recognition to the threats faced by us on the vast cyberspace better known as the Internet.
Conventional signatures are marks made by persons to authenticate a document, and assure the receiver that he has signed it personally. But in case of emails, merely typing out one’s name at the end of a document is hardly any reassurance for the receiver. In this age where crooks are adequately equipped to hack into systems, and acquire any data they wish to, the Internet is not a safe medium for secure communication. Hence the concept of “Digital Signatures” has come up.
What is a Digital Signature?Section 2(1)(p) of the Information Technology Act, 2000 (or the IT Act) defines it as “authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3”
Before going into “the provisions of section 3”, it is pertinent to explain a few basics of cryptography. Public key cryptography is the method recognized by the IT Act for the safeguarding of computer documents.
Public key cryptography is a form of cryptography, which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys designated as public key and private key. A public key is essentially like an email address, and a private key, like the email address password. The public key is sent to the receiver, while the private key is not disclosed to anybody. They are related mathematically. What has been encrypted by the first key can only be decrypted by the second - and vice versa. Hence, if A wants to send a secure email to B, A must encrypt it with B’s public key, so that when B receives the encrypted email, he can decrypt it using his own private key.
When we say, “A encrypts the document”, what A actually does is runs this document through a hash function software. The hash function software produces a fixed length of alphabets, numbers and symbols for any document. This is known as the hash result. The hash result is never the same for two different documents. Any small alteration in the document will generate an entirely different hash result. The hash function software will always produce the same hash result for a particular message. Thus, if there is any doubt about the message being intercepted, all one must do is to compare the hash functions at both ends.
Section 3 of the IT Act allows a user to authenticate an electronic record by affixing his digital signature on it. Authentication of the electronic record shall be effected by the use of asymmetric crypto system (which is nothing but the public key cryptography system explained above) and hash function, which envelope and transform the initial electronic record into another electronic record.
So, if one desires to communicate securely, he must make sure he uses a digital signature. But how does the receiver know that the digital signature used by the sender truly does belong to the sender?
The IT Act has provided for “Certifying Authorities”, who are authorised to issue Digital Signature Certificates. A Controller of Certifying Authorities is appointed by the Central Government to regulate the conduct of Certifying Authorities, under Section 17 of the Act. Any interested party may apply to the Controller to be appointed as a Certifying Authority. The Controller is empowered to frame rules to be followed by Certifying Authorities while issuing Digital Signature Certificates. The Controller also certifies the Digital Signatures of the Certifying Authorities.
A Digital Signature Certificate essentially contains the public key of the person who holds it, along with other details such as contact details, and the most important part, that is the digital signature of the Certifying Authority. The main purpose of such a certificate is to show that a trustable authority appointed and regulated by the Government, has attested the information contained in the Certificate.
Strict regulations have been prescribed for Controllers and Certifying Authorities; for example, they have to utilise secure hardware and software while executing their functions. Certifying Authorities have to submit Certification Practice Statements, which contain all the details pertinent to their functioning, such as audit, security requirements, procedures for application etc. A record of all licenses and certificates issued has to be maintained. The Act also provide for suspension of licenses and certificates on contravention of the provisions of the Act. Certifying Authorities are also subject to the provisions of the Information Technology (Certifying Authority) Rules, 2000.
There are 7 licensed Certifying Authorities currently in IndiaSafescrypt
National Informatics Centre (NIC)
Institute for Development & Research in Banking Technology (IDRBT)
Tata Consultancy Services (TCS)
Mahanagar Telephone Nigam Limited (MTNL)
Customs & Central Excise
(n) Code Solutions CA (GNFC)"
The website of the Controller of Certifying Authorities (http://www.cca.gov.in/ ) contains detailed information regarding the above organizations and their Digital Signature Certificates.
The Act has also provided its own mechanism for resolution of disputes. The Act authorises the Central Government to appoint an office known as the Adjudicating Officer for every state. At present, the respective IT Secretaries of the States have been appointed as Adjudicating Officers. A Cyber Regulations Appellate Tribunal (CRAT) has been constituted under the Act. Any person aggrieved by the orders or decisions of the Adjudicating Officers, or the Controller, may appeal to this Tribunal. A further appeal shall lie to the High court.
Subscribers are also bound to observe certain duties under the Act. They are expected to exercise reasonable care in guarding their private keys, and must immediately notify the Certifying Authority if the private key has been compromised. Hence it has been seen that the IT Act has gone a long way to ensure security in Internet communication.
Digital Signature Certificate:
Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Examples of physical certificates are drivers' licenses, passports or membership cards.
Cyber Forensics and Electronic Evidences | Cyber Torts | Data Protection and Outsourcing | Cyber Terrorism - Quick glance | Cyber Offences - A Technological Termite |Cyber Crime- success of conviction lack of jurisdiction | Issue of Jurisdiction in Combating Cyber Crimes | Prevention of Cyber Crime
The author can be reached at: firstname.lastname@example.org / Print This Article
• Know your legal options
• Information about your legal issues
Call us at Ph no: 9650499965
Copyright Registration Online
Right from your Desktop...
*Call us at Ph no: 9891244487
Legal AdviceGet legal advice from Highly qualified lawyers within 48hrs.
with complete solution.
Your Name Your
lawyers in Delhi
lawyers in Chandigarh
lawyers in Allahabad
lawyers in Lucknow
lawyers in Jodhpur
lawyers in Jaipur
lawyers in New Delhi
lawyers in Nashik
Protect your website
lawyers in Mumbai
lawyers in Pune
lawyers in Nagpur
lawyers in Ahmedabad
lawyers in Surat
lawyers in Dimapur
Trademark Registration in India
lawyers in Kolkata
lawyers in Janjgir
lawyers in Rajkot
lawyers in Indore
lawyers in Guwahati
Protect your website
Transfer of Petition
|Lawyers in India - Search by City|
lawyers in Chennai
lawyers in Bangalore
lawyers in Hyderabad
lawyers in Cochin
lawyers in Agra
lawyers in Siliguri
Lawyers in Auckland
lawyers in Dhaka
lawyers in Dubai
lawyers in London
lawyers in New York
lawyers in Toronto
lawyers in Sydney
lawyers in Los Angeles
Cheque bounce laws
Lok Adalat, legal Aid and PIL
About Us |
Divorce by mutual consent |
| Submit article
Lawyers Registration |
legal Service India.com is Copyrighted under the Registrar of Copyright Act ( Govt of India) © 2000-2015
ISBN No: 978-81-928510-0-6