Electronic Signatures

INDEX
Sr.
No.
1.
2.
3.

Topic
Acknowledgements
Introduction
Electronic Signature Under Indian Law

Page
No.
2
3
5

Transition From Handwritten Signatures To Digital

To Electronic Signatures
Secure Electronic Signature
Function Of Electronic Signature
Why Electronic Signature?
Looking Ahead

4.

Digital Signature Vs. Electronic Signature:

Whats The Big Difference?

10

A Traditional Signing Process

What Are Digital Signatures?
Electronic Signatures

5.

Bibliography

13

Electronic Signatures

ACKNOWLEDGEMENT

I would like to thank Mrs. Amita Verma for giving me the opportunity to
research on Electronic Signatures. The work contained herein is an
amalgamation of the remarkable works of eminent authors who have
contributed to the study of this issue. I have prepared the project to the best of
my abilities using the guidance of these authors.

Electronic Signatures

INTRODUCTION
An electronic signature, or e-signature, is any electronic means that indicates either that a
person adopts the contents of an electronic message, or more broadly that the person who
claims to have written a message is the one who wrote it (and that the message received is the
one that was sent by this person). By comparison, a signature is a stylized script associated
with a person. In commerce and the law, a signature on a document is an indication that the
person adopts the intentions recorded in the document. Both are comparable to a seal. In
many instances, common with engineering companies for example, digital seals are also
required for another layer of validation and security. Digital seals and signatures are
equivalent to handwritten signatures and stamped seals.
As defined under Article 2(a) of Model Law on E-Signature of 2001:
Electronic Signature means data in an electronic form, affixed to or logically associated with, a
data message, which may be used to identify the signatory in relation to the data message and to
indicate the signatorys approval of the information contained in the data message. 1

An electronic signature is the electronic equivalent of a written signature. Electronic

signatures come in many forms, including:
Typewritten
Scanned
An electronic representation of a handwritten signature
A unique representation of characters
A digital representation of characteristics, for example, fingerprint, retina
A signature created by cryptographic means
Electronic signatures can be divided into three groups:

Simple electronic signatures - these include scanned signatures and tickbox plus
declarations

1 http://www.uncitral.org/pdf/english/texts/electom/ml-elecsig-e.pdf
3

Electronic Signatures

Advanced electronic signatures - can identify the user, is unique to them, is

under the sole control of the user and is attached to a document in a way that it

becomes invalidated if the contents are changed

Qualified electronic signatures - an advanced electronic signature with a digital
certificate encrypted by a secure signature creation device e.g. smart card

Electronic signatures are only as secure as the business processes and technology used to
create them. High value or more important transactions need better quality electronic
signatures - signatures used for these transactions need to be more securely linked to the
owner in order to provide the level of assurance needed and to ensure trust in the underlying
system.
Better quality electronic signatures can offer:
Authentication linking the originator to the information
Integrity allowing any changes to the information provided to be detected more
easily
Non-repudiation ensuring satisfaction (in a legal sense) about where the electronic
signature has come from.2
Increasingly, digital signatures are used in e-commerce and in regulatory filings as digital
signatures are more secure than a simple generic electronic signature. The concept itself is
not new, with common law jurisdictions having recognized telegraph signatures as far back as
the mid-19th century and faxed signatures since the 1980s. In many countries, including the
United States, the European Union, India, Brazil and Australia, electronic signatures (when
recognised under the law of each jurisdiction) have the same legal consequences as the more
traditional forms of executing of documents.

2
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/35
6786/bis-14-1072-electronic-signatures-guide.pdf
4

Electronic Signatures

ELECTRONIC SIGNATURE UNDER THE INDIAN

LAW
Electronic signature has been dealt with under Section 3A of the IT Act, 2000. A subscriber
can authenticate any electronic record by such electronic signature or electronic
authentication technique which is considered reliable and may be specified in the Second
Schedule. An Amendment to the IT Act in 2008 introduced the term electronic signatures.
The implication of this Amendment is that it has helped to broaden the scope of the IT Act to
include new techniques as and when technology becomes available for signing electronic
records apart from Digital Signatures.
Electronic Signature is defined under S. 2 (1) (ta) of the Act as:
Electronic signature means authentication of any electronic record by a subscriber by means of the
electronic technique specified in the Second Schedule and includes digital signature.
S. 3A. Electronic Signature- (1) Notwithstanding anything contained in section 3, but subject to the
provisions of subsection (2) a subscriber may authenticate any electronic record by such electronic
signature or electronic authentication technique which(a) is considered reliable ; and
(b) may be specified in the Second Schedule
(2) For the purposes of this section any electronic signature or electronic authentication technique
shall be considered reliable if
(a) the signature creation data or the authentication data are, within the context in which they
are used, linked to the signatory or , as the case may be, the authenticator and of no other
person;
(b) the signature creation data or the authentication data were, at the time of signing, under the
control of the signatory or, as the case may be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such signature is detectable
(d) any alteration to the information made after its authentication by electronic signature is
detectable; and
(e) it fulfills such other conditions which may be prescribed.
5

Electronic Signatures
(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether
electronic signature is that of the person by whom it is purported to have been affixed or
authenticated;
(4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic
signature or electronic authentication technique and the procedure for affixing such signature from
the second schedule;
Provided that no electronic signature or authentication technique shall be specified in the Second
Schedule unless such signature or technique is reliable
(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament. 3

The IT Act is a legal framework to facilitate and safeguard electronic transactions in

electronic medium. It is based on UNCITRALs Model Law of E-Commerce which adopts
functional equivalent approach advocating a shift from paper-based environment to a
computer-based equivalent. It is obligatory to note that the UNCITRAL Model Law only
advocated technology neutrality in the form of electronic signatures and never digital
signatures.

Transition from Handwritten Signatures to Digital to Electronic Signatures

To begin with the Act was a technology specific act that accepted digital signatures as an
authentication standard. Subsequently, with the passage of the Amendment Act, technology
specific regime has given way to a technologically neutral regime in the form of electronic
signature as an authentication standard. If S. 3 of the Act enumerates the whole process of
digital signature creation and its verification, S. 3A advocates authentication of any electronic
record by any such electronic signature or electronic authentication technique. The legislative
support in the form of Rules and Regulations to electronic signatures is yet to be articulated.
Thus the transition from handwritten signatures to digital to electronic signatures is already a
reality both legally and commercially. In fact commercial recognition to electronic
signatures came way earlier in the form of biometric signatures even before they were
legally recognised. Both digital and electronic signatures have been made legally binding
signatures by the Information Technology Act and its subsequent amendments. This is often
3 Inserted by Information Technology Amendment Act, 2008
6

Electronic Signatures
referred to as hybrid model wherein in a legislative and commercial context both digital
signature and electronic signature co-exist.4
In general an electronic signature is defined as an electronic sound (audio files of a persons
voice) or symbol (a graphic representation of a person in JPEG file) or process (a procedure
that conveys assent), attached to or logically associated by a person with the intent to sign the
record.
Examples:

A name typed at the end of an E-mail by the sender.

Secret code or PIN to identify the sender.
Any voice, logo, symbol or process to identify sender.
A code that sender of the message uses to identify himself.
A unique biometrics base identifier such as fingerprint or retinal scan.
A digitised image of a handwritten signature which is attached to electronic
document.

Secure electronic signature

According to S. 15 of the Act an electronic signature shall be secure if:

The signature creation data at the time of affixation was under the exclusive control of

the signatory and no other person and;

The signature creation data was stored and affixed in such a manner as is prescribed.

Signature creation data means private key of the signer.5

Function of Electronic Signature

Electronic Signature establishes the principle that in an electronic environment, the basic
legal functions of a signature are performed by a way of a method that identifies the signer of
an electronic record and also confirms that the said signer approved the content of that
electronic record, which was successfully verified by the recipient of that electronic record.

4 Sharma, Vakul. INFORMATION TECHNOLOGY LAW AND PRACTICE. Universal Law

Publishing. 3rd Ed. 2011. Pg 43-44
5 Rattan, Jyoti (Dr.). BHARATS CYBER LAWS & INFORMATION TECHNOLOGY. 4th
Ed., 2014. P 98-102
7

Electronic Signatures
1. To provide authenticity, integrity, secrecy, and non-repudiation to electronic record or
message.
2. To use the Internet as safe and secure medium without any violation or compromise for any
e-transaction whether covered under E-Governance or E-Commerce.6

Why Electronic Signature?

Identification is a fundamental legal requisite to decide the liability of a person for his action
and transaction. In transactions, identification technology is essential to identify the sender of
the message. In physical world, taking formal evidence of identity is a cumbersome process
and there are comparatively few transactions where identification is required as a standard
procedure. However in e-transaction the process is different. The identification associated
with electronic signature may be technically very sophisticated but practically it is very easy
to use.7
Those involved in a commercial transaction or messaging activity need to have confidence
(trust) that any communication that is sent reaches its destination without being changed in
any way and that the sender can be identified. There may also be a need for it to reach its
destination without being read by anyone else.
Trust is the basis of business and commerce and can be enhanced by the use of electronic
signatures. Some types of electronic signatures can:
prove the origin of the message
show whether a message has been altered
ensure messages remain confidential8

Looking Ahead
With the passage of the IT (Amendment) Act, 2008 India has become technologically neutral
due to adoption of electronic signatures as a legally valid mode of executing signatures. This
6 id
7 id
8 Supra note 2
8

Electronic Signatures
includes digital signatures as one of the modes of signatures and is far broader in ambit
covering biometrics and other new forms of creating electronic signatures. This is a positive
change as India has different segments people and all may not be technologically adept to
understand and use the digital signatures. Therefore, allowing forms of authentication that are
simpler to use such as retina scanning can be quite useful in effective implementation of the
Act. However, the challenge it poses is accessibility to authentication tools and imparting
education to people to use the same.
It is a challenging task for the Central government to prescribe conditions for considering
reliability of electronic signatures or electronic authentication techniques under Section 3A
(2), the procedure for ascertaining electronic signature or authentication under Section
3A(3),the manner in which information may be authenticated by electronic signatures in
Section 5. It also involves expenditure as such authentication tools will require purchase,
installation & training, particularly in all government departments where it is proposed to be
used. Equally challenging will be the drafting of duties of subscriber of electronic signature
certificate under Section 40 A of the Act which will need to incorporate security measures
subscribers can adopt depending on electronic signature being used for signatures. Further, in
a move to secure the flow of data and information on the internet, and promote e-commerce
& e-governance, the amended Act in Section 84A has empowered the Central Government to
prescribe modes or methods for encryption. These parameters should be laid down in
consultation with organizations such as Nasscom and/or governmental agencies that can
assist in formulation of necessary standards and related rules.9
Electronic signature is also expected to produce the same result as digital signature after the
2008 Amendment. Since all the given provisions do not refer to electronic signature but refer
only to digital signature, the possibility of the parties facing difficulties in proving electronic
signature cannot be ruled out. It is therefore recommended that necessary amendments may
be carried out in the Act and Indian Evidence Act on the same lines (as the provisions relating
to digital signature) to facilitate proof of electronic signature also.10

9 http://catindia.gov.in/writereaddata/ev_rvnrbv111912012.pdf
10 http://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=624
9

Electronic Signatures

DIGITAL SIGNATURE vs. ELECTRONIC

SIGNATURE - WHAT'S THE BIG DIFFERENCE?
A Traditional Signing Process
A paper-based signing process typically begins in the electronic world, by creating a
document in the most appropriate software application Word is ideal for straight text like
legal contracts, Excel works for budgets, and XHTML is used for Web forms. Then they print
the document to paper and apply their signatures. It seems simple enough, but the meaning
behind that signature is quite significant. That signature illustrates consent and identifies the
signer. The ink permanently binds the signature to the paper so that its virtually impossible to
remove it. These factors are the foundation of the legal requirements for signing; in other
words, in a court of law, that signature makes for a legally enforceable contract.
But most business processes require much more than a single signature. If only it were that
easy. More often than not, however, people are asked to fill in their name, add the date, and
the city theyve signed in. Even more complicated are the times that a document needs to be
sent to other signatories for additional signature approvals. In the cases of sectional forms, as
in an insurance claim or mortgage application, it gets particularly tricky as each person has to
add information into their respective section, and then sign.
With these kinds of complex signing processes at work in most organizations today, its no
wonder that making the shift from paper to electronic methods comes up against some
roadblocks. It doesnt help matters either that what people expect, and what they actually get,
from various products on the market often differ as drastically as the signing processes
theyre trying to move on-line in the first place.

What are Digital Signatures?

A Digital Signature11 is the electronic or digital equivalent of a physical signature. Just as a
physical signature on a paper document establishes the origin of that document, a digital
11 Under S. 2(p) of the IT Act, 2000 "digital signature" means authentication of
any electronic record by a subscriber by means of an electronic method or
procedure in accordance with the provisions of section 3.
10

Electronic Signatures
signature affixed to a digital document (computer file) establishes the origin of that digital
document.
Digital Signatures are much more secure and fool-proof compared to physical signatures.
Physical signatures are easily replicated or forged. On the other hand, the technology behind
Digital Signatures makes it virtually impossible to forge them.
Because of the higher security associated with Digital Signatures and the many advantages
associated with storing documents electronically (as opposed to paper), governments in many
countries have passed laws and regulations encouraging (and in some cases mandating) the
usage of digitally signed electronic documents rather than paper documents. For example, in
India, Income Tax returns, Corporate returns etc are to be digitally signed and uploaded
electronically.
A Digital Signature is a sequence of bytes or a code that has some special characteristics. A
code generated for a particular document by a particular signer is unique. An identical code
cannot be generated by another signer for the same document or by the same signer for
another document. This means that only the unique combination of that particular document
and that particular signer can generate a particular digital signature.
When a person digitally signs a document, he generates this unique code (signature) and
attaches it to the document. The receiver can verify that the code has indeed been generated
by the Signer (and by no other person). The receiver of the document can also readily verify
that the document has not been modified.
In India, the Government, via the Controller of Certifying Authorities has authorized a set of
entities to issue Digital Signing Certificates (DSC). A DSC is necessary to be able to digitally
sign a document. The process of obtaining a DSC essentially involves submission of
paperwork that establishes your identity to the issuer.
A digital signature is NOT a scanned version of a physical signature. Furthermore, it is not
possible to sign another document just by looking at the digital signature on one document.

Electronic Signatures
Digital signature technology requires that a software application be developed to produce a
real-world signing process. That said digital signature technology is a sub-set of electronic

11

Electronic Signatures
signature technology which has greater functionality and comes closer to emulating the sign
on the dotted line tradition.
Digital signature technology still does what it does best when someone signs with an
electronic signature: encrypts the data and detects if changes have been made. Meanwhile,
electronic signatures produce what digital signature technology stops short of: it actually
displays an image of your handwritten signature or a visual mark within the document to
illustrate your consent towards a documents contents and uniquely identify you as a signer.
In addition, its permanently attached to a document just like our handwritten, pen-inked
signature would be in a traditional, paper-based signing act.12

12 Chander, Harish. CYBER LAWS AND IT PROTECTION. PHI Learning Pvt. Ltd.
2012.
12

Electronic Signatures

BIBLIOGRAPHY
Books
Jyoti Rattan, Bharats Cyber Laws & Information Technology. 4th Ed., Bharat Law
House, New Delhi, 2014
Vakul Sharma, Information Technology Law And Practice. 3rd Ed., Universal Law
Publishing. 2011

Web Links

http://deity.gov.in/sites/upload_files/dit/files/downloads/itact2000/itbill2000.pdf
http://www.uncitral.org/pdf/english/texts/electom/ml-elecsig-e.pdf
http://catindia.gov.in/writereaddata/ev_rvnrbv111912012.pdf
http://www.rbi.org.in/scripts/PublicationReportDetails.aspx?ID=624
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/356786
/bis-14-1072-electronic-signatures-guide.pdf

13