Ans. Information Technology Act, 2000 is the legal identification for dealings carried out by means of electronic information exchange and other way of electronic message, usually referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communiqué and storage of information, to make easy the electronic filing of credentials with the Government agencies.

This Act is applicable to the whole of India and  to any offence or breach there under committed outside India by anyone.

INTRODUCTION

A digital signature is a mathematical technique want to validate the authenticity and integrity of a message, software or digital document. As the digital equivalent of a handwritten signature or stamped seal, a digital signature offers much more inherent security, and it's intended to unravel the matter of tampering and impersonation in digital communications.

Digital signatures can provide the added assurances of evidence of origin, identity and standing of an electronic document, transaction or message and may acknowledge consent by the signer.

In many countries, including the us , digital signatures are considered legally binding in the same way as traditional document signatures.

HOW DIGITAL SIGNATURES WORK

Digital signatures are supported public key cryptography, also referred to as asymmetric cryptography. Employing a public key algorithm, like RSA, one can generate two keys that are mathematically linked: one private and one public. (for more on

Digital signatures work because public key cryptography depends on two mutually authenticating cryptographic keys. The individual who is creating the digital signature uses their own private key to encrypt signature-related data; the sole thanks to decrypt that data is with the signer's public key. This is often how digital signatures are authenticated.

Digital signature technology requires all the parties to trust that the individual creating the signature has been ready to keep their own private key secret. If somebody else has access to the signer's private key, that party could create fraudulent digital signatures within the name of the private key holder.

HOW TO CREATE A DIGITAL SIGNATURE

To create a digital signature, signing software -- like an email program -- creates a one-way hash of the electronic data to be signed. The private key's then want to encrypt the hash. The encrypted hash -- alongside other information, like the hashing algorithm -- is that the digital signature.

The reason for encrypting the hash rather than the whole message or document is that a hash function can convert an arbitrary input into a hard and fast length value, which is typically much shorter. This protects time as hashing is far faster than signing.

The value of a hash is exclusive to the hashed data. Any change within the data, even a change during a single character, will end in a special value. This attribute enables others to validate the integrity of the info by using the signer's public key to decrypt the hash.

If the decrypted hash matches a second computed hash of an equivalent data, it proves that the info hasn't changed since it had been signed. If the 2 hashes don't match, the info has either been tampered with in how -- integrity -- or the signature was created with a personal key that does not correspond to the general public key presented by the signer authentication.

A digital signature is often used with any quite message -- whether it's encrypted or not just so the receiver is often sure of the sender's identity which the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something assuming their private key has not been compromised -- because the digital signature is exclusive to both the document and therefore the signer and it binds them together. This property is named nonrepudiation.

Digital signatures aren't to be confused with digital certificates. A digital certificate, an electronic document that contains the digital signature of the issuing certificate authority, binds together a public key with an identity and may be wont to verify that a public key belongs to a specific person or entity.

Most modern email programs support the utilization of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures also are used extensively to supply proof of authenticity, data integrity and nonrepudiation of communications and transactions conducted over the web .

USES OF DIGITAL SIGNATURES

Industries use digital signature technology to streamline processes and improve document integrity. Industries that use digital signatures include:

1) Government - The U.S. Government Publishing Office publishes electronic versions of budgets, public and personal laws and congressional bills with digital signatures. Digital signatures are employed by governments worldwide for a spread of uses, including processing tax returns, verifying business-to-government (B2G) transactions, ratifying laws and managing contracts. Most government entities must adhere to strict laws, regulations and standards when using digital signatures.

2) Healthcare - Digital signatures are utilized in the healthcare industry to enhance the efficiency of treatment and administrative processes, to strengthen data security, for e-prescribing and hospital admissions. The utilization of digital signatures in healthcare must suits the insurance Portability and Accountability Act of 1996 (HIPAA).

3) Manufacturing - Manufacturing companies use digital signatures to hurry up processes, including product design, quality assurance (QA), manufacturing enhancements, marketing and sales. The utilization of digital signatures in manufacturing is governed by the world organization for Standardization (ISO) and therefore the National Institute of Standards and Technology (NIST) Digital Manufacturing Certificate (DMC).

4) Financial services - The U.S. Financial sector uses digital signatures for contracts, paperless banking, loan processing, insurance documentation, mortgages, and more. This heavily regulated sector uses digital signatures with careful attention to the regulations and guidance put forth by the Electronic Signatures in Global and National Commerce Act (E-Sign Act), state UETA regulations, the buyer Financial Protection Bureau (CFPB) and therefore the Federal Financial Institutions Examination Council (FFIEC).

DIGITAL SIGNATURE VS. ELECTRONIC SIGNATURE

While digital signature may be a technical term, defining the results of a cryptographic process which will be wont to authenticate a sequence of knowledge , the term electronic signature -- or e-signature -- may be a legal term that's defined legislatively.

For example, within the us , the term was defined within the Electronic Signatures in Global and National Commerce Act, passed in 2000, as meaning "an electronic sound, symbol, or process, attached to or logically related to a contract or other record and executed or adopted by an individual with the intent to sign the record."

This means that a digital signature -- which may be expressed digitally in electronic form and related to the representation of a record -- are often a kind of electronic signature. More generally, though, an electronic signature is often as simple because the signer's name being entered on a form on a webpage.

To be considered valid, electronic signature schemes must include three things:

• a way to verify the identity of the entity signing it;

• a way to verify that the signing entity intended to affirm the document being signed; and

• a way to verify that the electronic signature is indeed related to the signed document.

A digital signature can, on its own, fulfill these requirements to function an electronic signature:

The public key of the digital signature is linked to the signing entity's identification; the digital signature can only be affixed by the holder of the general public key's associated private key, which implies the entity intends to use it for the signature; and the digital signature will only authenticate if the signed data -- document or representation of a document -- is unchanged. If a document is altered after being signed, the digital signature will fail to authenticate.

While authenticated digital signatures provide cryptographic proof that a document was signed by the stated entity which the document has not been altered, not all electronic signatures can provide an equivalent guarantee.

DIGITAL SIGNATURE SECURITY FEATURES AND BENEFITS

Security features embedded in digital signatures make sure that a document isn't altered which signatures are legitimate. Security measures and methods utilized in digital signatures include:

• PINs, passwords and codes: want to authenticate and verify a signee’s identity and approve their signature. Email, username and password are most common.
• Time stamping: Provides the date and time of a signature. Time stamping is beneficial when the timing of a digital signature is critical, like stock trades, lottery ticket issuance and legal proceedings.
• Asymmetric cryptography: Employs a public key algorithm that has private and public key encryption/authentication.
• Checksum: a long string of letters and numbers that represent the sum of the right digits during a piece of digital data, against which comparisons are often made to detect errors or changes. Checksum acts as a data fingerprint.
• Cyclic Redundancy Checking (CRC): An error-detecting code and verification feature utilized in digital networks and storage devices to detect changes to data .
• Certificate authority (CA) validation: CAs issue digital signatures and act as a trusted third party by accepting, authenticating, issuing and maintaining digital certificates. The utilization of CAs helps avoid the creation of faux digital certificates.
• Trust Service Provider (TSP) validation: A TSP may be a person or legal entity that performs validation of a digital signature on a company’s behalf and offers signature validation reports.

DIGITAL SIGNATURE CERTIFICATES

Certifying Authority to issue Digital Signature Certificate

Any person may make an application to the Certifying Authority for the difficulty of a Digital Signature Certificate in such form as could also be prescribed by the Central Government

Every such application shall be amid such fee not exceeding twenty-five thousand rupees as could also be prescribed by the Central Government, to be paid to the Certifying Authority:

Provided that while prescribing fees under sub-section (2) different fees could also be prescribed for various classes of applicants.

Every such application shall be amid a certification practice statement or where there's no such statement, a press release containing such particulars, as could also be specified by regulations.

On receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the certification practice statement or the opposite statement under sub-section (3) and after making such enquiries because it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application:

Provided that no Digital Signature Certificate shall be granted unless the Certifying Authority is satisfied that - the applicant holds the private key like the general public key to be listed within the Digital Signature Certificate. The applicant holds a personal key, which is capable of making a digital signature.

The public key to be listed within the certificate are often wont to verify a digital signature affixed by the private key held by the applicant:

Provided further that no application shall be rejected unless the applicant has been given an inexpensive opportunity of showing cause against the proposed rejection. The Gazettie

Representations upon issuance of Digital Signature Certificate

A Certifying Authority while issuing a Digital Signature Certificate shall certify that--

• It has complied with the provisions of this Act and the rules and regulations made thereunder.
• It has published the Digital Signature Certificate or otherwise made it available to such person counting on it and the subscriber has accepted it.
• The subscriber holds the private key like the general public key, listed within the Digital Signature Certificate.
• The subscriber's public key and personal key constitute a functioning key pair.
• The information contained within the Digital Signature Certificate is accurate, and
• It has no knowledge of any material fact, which if it had been included within the Digital Signature Certificate would adversely affect the reliability of the representations made in clauses (a) to (d).

Suspension of Digital Signature Certificate

Subject to the provisions of sub-section (2), the Certifying Authority which has issued a Digital Signature Certificate may suspend such Digital Signature Certificate -

• On receipt of asking thereto effect from -
• The subscriber listed in toe Digital Signature Certificate, or
• Any person duly authorized to act on behalf of that subscriber
• If it's of opinion that the Digital Signature Certificate should be suspended in public interest
• A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has been given a chance of being heard within the matter.
• On suspension of a Digital Signature Certificate under this section, the Certifying Authority shall communicate an equivalent to the subscriber.

Revocation of Digital Signature Certificate

A Certifying Authority may revoke a Digital Signature Certificate issued by it -

• Where the subscriber or the other person authorized by him makes a request to that effect, or
• Upon the death of the subscriber, or
• Upon the dissolution of the firm or completing of the corporate where the subscriber may be a firm or a corporation .

Subject to the provisions of sub-section (3) and without prejudice to the provisions of sub-section (1), a Certifying Authority may revoke a Digital Signature Certificate which has been issued by it at any time, if it's of opinion that -

• a material fact represented within the Digital Signature Certificate is fake or has been concealed.
• a requirement for issuance of the Digital Signature Certificate wasn't satisfied.
• The Certifying Authority's private key or security system was compromised during a manner materially affecting the Digital Signature Certificate's reliability.
• The subscriber has been declared insolvent or dead or where a subscriber may be a firm or a corporation , which has been dissolved, wound-up or otherwise ceased to exist.
• A Digital Signature Certificate shall not be revoked unless the subscriber has been given a chance of being heard within the matter.
• The Gazette On revocation of a Digital Signature Certificate under this section, the Certifying Authority shall communicate an equivalent to the subscriber.

Notice of suspension or revocation

Where a Digital Signature Certificate is suspended or revoked under section 37 or section 38, the Certifying Authority shall publish a notice of such suspension or revocation, as the case could also be , within the repository laid out in the Digital Signature Certificate for publication of such notice.

Where one or more repositories are specified, the Certifying Authority shall publish notices of such suspension or revocation, as the case may he. In all such repositories.

Chapter 4 of IT Act, 2000, “Attribution, Acknowledgement & Dispatch of Electronic records

This section mainly deals with the electronic contracts. In physical world organized process is defined to border the contracts but in cyber space there are many ambiguities. Hence provisions are made in order that making electronic contracts can be an easier process.

ATTRIBUTION OF ELECTRONIC RECORDS (SECTION 11)

The word attribution means, “The act of establishing a specific person because the creator of a piece of art. 2. Something, like a quality or characteristic, that's associated with a particular possessor.”

With respect to IT at 2000, attribution of electronic records means fixing identity of sender and receiver. Here originator may be a one that sends or generates any electronic record. The receiver of electronic record is termed as Addressee. For instance, if ‘A’ sends an email to ‘B’, then ‘A’ may be a sender or originator and ‘B’ is Addressee. In normal course of communication (postal communication or paper communication), it’s very easy to identify originator and addressee but in electronic communication it’s not an equivalent.

The electronic record can be sent by the originator himself or by the person who has been authorized by the originator or by a data system that the originator has authenticated.

Acknowledgment of receiving of electronic record (Section12)

If the originator has not specified any specific mode of acknowledgement (an act by the addressee that he/she has received the electronic record), the acknowledgement is often given by a return mail by the addressee or an automatic response by the addressee or an act by addressee that shows the acknowledgement.

For example, when a person receives an email by an estate agent, for land properties, the person can send a thank u mail or can send an automatic reply or can show interest within the offer given by the agent by visiting him. All the three option show an acknowledgement.

If the originator has specified a format and period of time for sending the acknowledgement, then the addressee must send the acknowledgement therein format and within the given period of time otherwise the originator can send a notice to the addressee stating that no acknowledgement was received.

Dispatch of Electronic Record(Section 13)

This section states that when an individual sends an electronic record from his computer then that specific time becomes the time of dispatch. For instance, if Mr. A composes an email at 3.30 am and presses the “Send” button at 4.30 am then time of dispatch are going to be 4.30 am. Because after pressing send button the sender cannot make any changes to the record.

Q4) State the features and benefits of digital signature security.

Ans. The  features embedded in digital signatures make sure that a document isn't altered which signatures are legitimate. Security measures and methods utilized in digital signatures include:

• PINs, passwords and codes: want to authenticate and verify a signee’s identity and approve their signature. Email, username and password are most common.
• Time stamping: Provides the date and time of a signature. Time stamping is beneficial when the timing of a digital signature is critical, like stock trades, lottery ticket issuance and legal proceedings.
• Asymmetric cryptography: Employs a public key algorithm that has private and public key encryption/authentication.
• Checksum: a long string of letters and numbers that represent the sum of the right digits during a piece of digital data, against which comparisons are often made to detect errors or changes. Checksum acts as a data fingerprint.
• Cyclic Redundancy Checking (CRC): An error-detecting code and verification feature utilized in digital networks and storage devices to detect changes to data .
• Certificate authority (CA) validation: CAs issue digital signatures and act as a trusted third party by accepting, authenticating, issuing and maintaining digital certificates. The utilization of CAs helps avoid the creation of faux digital certificates.
• Trust Service Provider (TSP) validation: A TSP may be a person or legal entity that performs validation of a digital signature on a company’s behalf and offers signature validation reports.

Q5) How does Digital Signature improve the document integrity?

Ans. Industries use digital signature technology to streamline processes and improve document integrity. Industries that use digital signatures include:

1) Government - The U.S. Government Publishing Office publishes electronic versions of budgets, public and personal laws and congressional bills with digital signatures. Digital signatures are employed by governments worldwide for a spread of uses, including processing tax returns, verifying business-to-government (B2G) transactions, ratifying laws and managing contracts. Most government entities must adhere to strict laws, regulations and standards when using digital signatures.

2) Healthcare - Digital signatures are utilized in the healthcare industry to enhance the efficiency of treatment and administrative processes, to strengthen data security, for e-prescribing and hospital admissions. The utilization of digital signatures in healthcare must suits the insurance Portability and Accountability Act of 1996 (HIPAA).

3) Manufacturing - Manufacturing companies use digital signatures to hurry up processes, including product design, quality assurance (QA), manufacturing enhancements, marketing and sales. The utilization of digital signatures in manufacturing is governed by the world organization for Standardization (ISO) and therefore the National Institute of Standards and Technology (NIST) Digital Manufacturing Certificate (DMC).

4) Financial services - The U.S. Financial sector uses digital signatures for contracts, paperless banking, loan processing, insurance documentation, mortgages, and more. This heavily regulated sector uses digital signatures with careful attention to the regulations and guidance put forth by the Electronic Signatures in Global and National Commerce Act (E-Sign Act), state UETA regulations, the buyer Financial Protection Bureau (CFPB) and therefore the Federal Financial Institutions Examination Council (FFIEC).