Вы находитесь на странице: 1из 104

Importance and Effect of Electronic Signature and Electronic Records

The new communication

system

technology

and

has

digital

made

a

dramatic change in the way

in which the people transact with each other.

Nowadays

businessmen and

consumers

are

using

the

computers

to

create,

transmit

and

store

the

information in the electronic form instead of traditional paper documents.

The information stored data in electronic form has many advantage like store, retrieve and speedier to communicate.

Though the consumers are aware of these advantages, they are reluctant to conduct business or conclude

any electronic transaction in the electronic form due to

lack

of

appropriate

framework.

legal

Two important and principal

hurdles which stand

in

the

way

of

facilitating

the

electronic

commerce

and

electronic

governance

are

the

requirements

as

to

writing

and

signature

for

legal recognition.

At present, many legal

provisions

existence

assume

of

paper

based

records

and

documents which the signatures.

bear

The obvious reason is such that the law of evidence is based upon the paper based records and oral testimony. On the other hand, e- commerce eliminates the paper based transactions and so, in order to facilitate e-commerce, the need for legal changes became an urgent necessity.

The Information Technology Act, 2000 came into force on 17.10.2000

to

provide

legal

recognition

for

transactions carried out by the means

of

electronic

data

interchange and

other means of electronic communications to facilitate e-filing of documents with the government

agencies and further, to amend the

IPC, Evidence Act, RBI

Act and

the

Banker’s Books Evidence Act.

Vide

Section 2 of the Information

Technology (Amendment) Act, 2008

which came into force on 27.10.2009, in the Information Technology Act, 2000 for the words “Digital Signature” occurring in the Chapter,

Section,

sub-section

and

Clause

referred to in table below Section 2 of Amendment Act, the words “Electronic Signature” shall be substituted.

Authenticity

Suppose

A

sends

to

B

a

digitally signed message, how would B make sure that it is the message indeed originated from A? How to authenticate that the message was from A only, and not from A 1 or A 2

11

Fundamental

requirements

of

electronic communications or transactions are –

(i) authenticity of the sender to enable the recipient (or relying

party) to

determine who really

sent the message,

(ii)

message's integrity, the

recipient must be able to determine whether or not the message received

has been modified incomplete and

en

route

or

is

(iii) non-repudiation, the ability to ensure that the sender cannot falsely deny sending the message., nor falsely deny the contents of the message.

Need for Digital Signature

It has been realized that Internet being a public network would never be secure enough and there would always be a fear of interception, transmission errors, delays, deletion, authenticity or verification of an electronic message using Internet as a medium.

Hence

the

goal

was

to

protect the

message, not the medium.

The basic problem with the aforesaid digital signature regime is that it operates online, software driven space, without human intervention.

Sender sends a digitally signed message; recipient receives and verifies it.

The only requirement is that both sender and the recipient to have digital signature software at their respective ends.

Anything that can be stored electronically is

software.

devices

The

and

storage

display

devices are hardware.

The

terms

software

and

hardware are used as both nouns

and adjectives. For example, you

can say: "The problem lies in the software," meaning that there is

a

problem with the

program or

data,

itself.

not

with

the

computer "It's a

You can

also

say:

software problem."

The distinction between software and hardware is sometimes confusing because they are so integrally linked. Clearly, when you purchase a program, you are buying software. But, to buy the software, you need to buy the disk (hardware) on which the software is recorded.

Software

is

often

divided

into

two

categories:

 

* System

 

Software:

Includes

the

operating system and all the utilities that

enable the computer to function.

* Application

Software:

Includes

programs that do real work for users. For

example, word processors, spreadsheets, and database management systems fall

under

the

category

of

applications

software.

Basically a digital signature is a two way process, involving two parties:

The

signer (creator of

signature) and

the digital

The recipient (verifier of the digital signature).

A digital

signature is complete, if

and

only

if,

the

recipient

successfully verifies it.

Digital

signatures

are

an

actual

transformation of an electronic message using public key cryptography. It requires a key pair (private key for encryption and public key for decryption) and a hash function (algorithm).

“Electronic form” included audio, video, data, text or multimedia files generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

Functions

{see

section-2(u)}

are the expression of algorithms

in a specific computer language.

The

definition

identifies

computer

control,

deletion,

and

functions

arithmetical

storage

and

as,

logic,

process,

retrieval

communication or

telecommunication from or within

a computer;

22

An

intermediary

is

a

link

between

an

originator

and

an

addressee. An Internet Service

Provider (ISP) is one such

intermediary. It is like

a

virtual

post office. It receives, stores or transmits electronic messages

through its mail servers on behalf

of another person and / or addressee).

(originator

23

A search engine is a facilitator

of

information

between

two

parties,

without knowing the

content of information. Its main job is to provide the results of a

‘keyword’

search

as

closely

as

possible to the user. It neither

knows the

identity

of

the user

nor

the

intent

of

usage of

information.

24

Limitations

Whether technological evidence is

a threat

to the right to a fair trial

or the right against incrimination as

guaranteed

Constitution?

by

the

Indian

What

are

probabilities

the

of

statistical

technological

evidence going wrong?

“Caution is appropriate, unreasonable doubt is not.”

Daniel Koshland, Editor

Science Magazine

There

must

be

a

unique balance between scientific evidence and human evidence.

Scientific evidence is one of the means to get closer to the truth and thus is not an end in itself.

For

example,

though

digital

signatures

is

a

mathematical

reality but the fate of every case

depends

upon

its

own

factual

matrix.

The

digital

entire

process

evidence

is

human agencies.

of

procuring

controlled by

Can

it

with?

be

manipulated,

tampered

The science may be infallible, but human action, which controls the result of the scientific forensic examination, is always fallible.

29

Applying technology and getting desired results is one thing, but appreciating the value of the ‘evidence’ is another.

One

may

lose

evidence

not

because of ‘lack of technology’,

but

because

of

‘lack

of

appreciation of technology’.

Paper signatures v/s Digital Signatures

Parameter Paper Digital Authenticity May be forged Can not be copied V/s Integrity Signature independent of
Parameter
Paper
Digital
Authenticity May be forged
Can not be
copied
V/s
Integrity
Signature
independent of
the document
Signature
depends on the
contents of the
document
Non-
repudiation
Handwriting
expert
needed
Error prone
Any
computer
user
Error free

Paper signatures v/s Digital Signatures

Paper signatures v/s Digital Signatures Parameter Paper Digital Purpose To authenticate the message as originating from
Parameter Paper Digital Purpose To authenticate the message as originating from purported signer To authenticate the
Parameter
Paper
Digital
Purpose
To
authenticate
the message as
originating
from purported
signer
To authenticate
the message as
originating from
purported signer
V/s
Evidence
distinctive,
attributable to
the signer only
distinctive,
attributable to
the signer only
Notary
Signer
/witnesses
Trusted Third
Party (CA)
Identification

32

A

major

benefit

of

public

key

cryptography

is

that

it

provides

a

method

for

signatures.

employing

digital

Digital

signatures

enable the

recipient of the information to verify the authenticity of the information’s

origin, and

also

verify that the

information is intact. Thus, digital

signatures provide authentication and data integrity.

33

A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is

easy

to

signature

counterfeit.

A

is

superior

digital

to

a

handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of

the information as well as the identity of the signer.

Digital

Signature

technology requires key pair (private key for encryption and public key for decryption) and a hash function (algorithm).

The art and science of keeping messages secure is cryptography

Plain Text

 

Plain Text

Encryption Decryption Cipher Text
Encryption
Decryption
Cipher Text

Cryptography has a long and interesting history.

Cryptography is primarily used as a tool to protect national secrets and strategies. It is extensively used by the military, the diplomatic services and the banking sector.

One of the landmark developments in the history of cryptography was the introduction of the revolutionary concept of public-key cryptography.

37

How cryptography works?

Cryptography is the science of using mathematics to encrypt and

decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.

38

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. This mathematical function works in combination with a key ― a very large number ― to encrypt the plaintext (the original message).

Encryption

used

to

ensure

that information

is

hidden

from anyone for whom it is

not intended, even those who can see the encrypted data. The process of reverting

cipher

text

to

its original

plaintext is called decryption.

The

fundamental

objective

of

cryptography is information security.

Simply

put,

it

is

to

ensure

the

following:

 

Confidentiality

is

used

to

keep

the

content of information

secret from

unauthorized persons. This is achieved

through symmetric and asymmetric encryption.

Data

integrity

addresses

the

unauthorized alteration of data. This is

addressed by hash functions.

41

Authentication

is

related

to

identification. This function applies

to

both

entities

and information

itself.

digital

This

is

signature

digital signatures.

achieved

through

certificates

and

Non-repudiation prevents someone from denying previous commitments or actions. This is achieved through digital signature certificates and digital signatures.

42

Symmetric Cryptography

Asymmetric Cryptography

Symmetric Cryptography

When a single secret key is used to maintain communication between the sender and the receiver, it is referred to as a symmetric cryptography or private-key cryptographic system.

Here, both encryption and decryption use the same key.

Symmetric Cryptography

K1 = K2

Decryption Key(K2)

Decryption
Decryption

Encryption Key(K1)

Plain Text

 
 
Symmetric Cryptography K1 = K2 Decryption Encryption Key(K1) Plain Text Encryption Cipher Text Plain Text 45
Encryption Cipher Text
Encryption
Cipher Text

Plain Text

An

example

of symmetric

cryptography

is

the

automated

teller machine (ATM)

at

a Bank.

When

a person

uses an ATM,

he

gains access to

his

account

by

entering a personal identification number (PIN). That is the person is

authenticating himself to the Bank.

The PIN is a shared

secret

between the Bank and the person.

Key

Management

Encryption:

and Conventional

Conventional encryption has

certain

benefits. It

is

fast.

It

is especially

useful for encrypting data that is not to be transmitted anywhere. So, if you want to store information so that no one can read it without your authorization, it would be a good idea to use conventional encryption.

The

persistent

problem

with

conventional

encryption

is

key

distribution:

How do you get the key to the recipient without someone intercepting it?

The problems of key distribution in conventional encryption are solved by public key cryptography, a concept that was introduced by Whitfield Diffie and Martin Hellman in the U.S.A.

48

Asymmetric Cryptography

For

both

the

processes

of

encryption and decryption two different keys are used.

It

is

referred

to

as

a

asymmetric

cryptography

or

public-key cryptographic system.

Asymmetric Cryptography

Public

key

cryptography

is

an

asymmetric

scheme that uses a pair of keys: a public

key,

which encrypts data,

and

a

corresponding

private key, or secret key for decryption.

Each user has a key pair given to him. The public key is published to the world while the private key is kept secret. Anyone with a copy of the public key can then encrypt information that only the person having the corresponding private key can read.

50

Asymmetric Cryptography

Asymmetric Cryptography K1 = K2 Plain Text Encryption Key(K1) Encryption Cipher Text Decryption Plain Text 51

K1 = K2

Plain Text

Decryption Key(K2)

Encryption Key(K1)

Encryption Cipher Text
Encryption
Cipher Text
Decryption
Decryption

Plain Text

ENCRYPTION Message 1 Central to the growth of e-commerce and e- governance is the issue of
ENCRYPTION
Message 1
Central
to
the
growth
of e-commerce and
e-
governance
is
the issue
of
trust
in
electronic
environment.
Encrypted Message 1
9a46894335be49f0b9cab28d755aaa9cd985
71b275bbb0adb405e6931e856ca3e5e569ed
d135285482
Same Key
Message 2
SYMMETRIC
The Internet knows no geographical boundaries.
It has redefined time and space. Advances in
computer and telecommunication technologies
have led to the explosive growth of the Internet.
This in turn is affecting the methods of
communication, work, study, education,
interaction, leisure, health, governance, trade
and commerce.
Encrypted Message 2
a520eecb61a770f947ca856cd675463f1c95a
9a2b8d4e6a71f80830c87f5715f5f59334978
dd7e97da0707b48a1138d77ced56feba2b46
7c398683c7dbeb86b854f120606a7ae1ed93
4f5703672adab0d7be66dccde1a763c736cb
Different Keys
9001d0731d541106f50bb7e54240c40ba780
[Keys of a pair – Public and Private]
b7a553bea570b99c9ab3df13d75f8ccfdddea
af3a749fd1411
ASYMMETRIC
[PKI]

DECRYPTION

Encrypted Message 1

ENCRYPTION Message 1 Central to the growth of e-commerce and e- governance is the issue of

9a46894335be49f0b9cab28d755aaa9cd98571b

275bbb0adb405e6931e856ca3e5e569edd13528

5482

Message 1

Central

to

the

growth

of

e-commerce

and

e-

governance

is

the

issue

of

trust

in

electronic

environment.

 

Encrypted Message 2

a520eecb61a770f947ca856cd675463f1c95a9a2b

8d4e6a71f80830c87f5715f5f59334978dd7e97da

0707b48a1138d77ced56feba2b467c398683c7db

eb86b854f120606a7ae1ed934f5703672adab0d7

be66dccde1a763c736cb9001d0731d541106f50b

b7e54240c40ba780b7a553bea570b99c9ab3df13

d75f8ccfdddeaaf3a749fd1411

Message 2

The Internet knows no geographical boundaries. It has redefined time and space. Advances in computer and telecommunication technologies have led to the explosive growth of the Internet. This in turn is affecting the methods of communication, work, study, education, interaction, leisure, health, governance, trade and commerce.

52

Hash Function

[compression

function,

contraction

function, message digest, finger print, cryptographic checksum, message integrity check, and manipulation detection code ]

A Hash Function is a mathematical

algorithm that takes

a variable

length input string and convert it to a fixed length output string [ called hash value]

Hash

 

Function

Message

(Any Length)

 
Hash Function Message (Any Length) HASH Hash is a fixed length string 128 bit MD5 160
HASH
HASH

Hash is a fixed length string

128 bit MD5

160 bit SHA-1

Hash Function

A one-way hash function takes variable- length input – say, a message of any length – and produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way – even by just one bit – an entirely different output value is produced. The table below shows some sample output values using SHA (Standard Hash Algorithm).

For example,

Satish

c75491c89395de9fa4ed29affda0e4d29cbad290

SATISH 33fef490220a0e6dee2f16c5a8f78ce491741adc

satish

4c391643f247937bee14c0bcca9ffb985fc0d0ba

Two things must be borne in mind with regard to one-way hash functions:

1. It is computationally infeasible to find two different input messages that will yield the same hash output.

2. It is computationally infeasible to reconstruct the original message from its hash output.

Signed

Message

Signed Messages

Calculated

Calculated

Hash

Hash

Message Message
Message
Message
Hash Hash
Hash
Hash

Sent thru’ Internet

Signed Message Signed Messages Calculated Calculated Hash Hash Message Message Hash Hash Sent thru’ Internet COMPARE
COMPARE COMPARE
COMPARE
COMPARE
Hash Hash
Hash Hash

Decrypt

Decrypt

Signature

Signature

With With Sender’s Sender’s

Public Key

Public Key

Message

Message

+

+

signature

signature

Signed Message Signed Messages Calculated Calculated Hash Hash Message Message Hash Hash Sent thru’ Internet COMPARE
Signed Message Signed Messages Calculated Calculated Hash Hash Message Message Hash Hash Sent thru’ Internet COMPARE
Message Message + + Signature Signature
Message
Message
+
+
Signature
Signature
Signed Message Signed Messages Calculated Calculated Hash Hash Message Message Hash Hash Sent thru’ Internet COMPARE

SIGN hash

SIGN hash

With With Sender’s Sender’s

Private key

Private key

Sender

Receiver

if

OK

Signatures

verified

Hash Value, Digital Signatures

Signature Algorithm SHA1RSA

Signer’s Private Key
Signer’s
Private
Key
Signer’s Private Key
Signer’s
Private
Key
Signer’s Private Key
Signer’s
Private
Key

Message 1

This is a sample message for demonstration on digital signatures. This

will be used to generate a message digest using sha1 and generating

160 bit digest Hash Value 1 7a08f27d5282b673fbb97cd028a7451292c052c8 A dot is added Digital Signature 1 at the
160
bit digest
Hash Value 1
7a08f27d5282b673fbb97cd028a7451292c052c8
A dot is added
Digital Signature 1
at the end of
bab3dbfba30eedc0c52dacfc144df4d9c6508502
the message
Message 2
This is a sample message for demonstration on digital signatures. This
will be used to generate a message digest using sha1 and generating
160
bit digest.
Hash Value 2
b3cafe1ea21f290ad8be71b510297d038b68a7f9
Digital Signature 2
Adding a
5335ba87f67cfc65d7ea2d7dced44ea3dc16282c
space
between bit
Message 3
and digest
This is a sample message for demonstration on digital signatures. This
will be used to generate a message digest using sha1 and generating
160
bit digest.

Hash Value 3

cd7db886d5e0e63d48c6c4358c86aa3d6e2afe86

Digital Signature 3

71892180a9af4dd59ceb285eda5cfc3e9b72aaf8

Keys:

A key

is

a

value

that

works

with

a

cryptographic algorithm to produce a specific

cipher text. Keys are basically very,

very,

very

big

numbers. Key size is measured in

bits. In public key cryptography, the bigger

the

key, the more secure the cipher text.

However,

public key size and conventional

cryptography’s symmetric key size are totally unrelated.

The

algorithms

used

for

each

type of

cryptography are very different and are very

difficult to compare.

60

The public key

is meant for public

consumption and private key is to be

kept confidential. The owner of the

key pair must guard

his private key

closely, as sender authenticity and

non-repudiation

are

based

on

the

signer

having

sole

access to

his

private key. In an asymmetric crypto

system, a private key is mathematically related to public key and it is computationally impossible to calculate one key from the other.

Public Key Infrastructure and Certifying Authorities (With Relevant Rules)

Public Key Infrastructure-

Public key infrastructure is about the management and regulation of key pairs and the process is as under:

Step 1- Subscriber applies to Certifying

Authority

(CA

for

Digital

Signature

Certificate).

 

Step

2

- CA

verifies

identity

of

Subscriber

and

issues

Digital

Signature

Certificate.

Step 3 - CA forwards Digital Signature

Certificate the Controller.

to Repository maintained by

Step

4-

Subscriber digitally signs electronic

 

message

with

Private

Key

to ensure

Sender

Authenticity,

Message

Integrity and Non-repudiation and sends to Relying Party.

Step

5-

Relying

Party

receives

message,

 

verifies

Digital

Signature

with

Subscriber's Public

Repository

to

check

Key, and goes to status and

validity

of

Subscriber's

 

Step 6-

Certificate.

Repository does the status check on Subscriber's Certificate's Certificate and informs back to the Relying Party.

64

Trusted Third Party: Certifying Authority

This calls for a participation of a trusted third party (TTP) to certify for individuals’ (subscribers) identities, and their relationship to their public keys.

The trusted third party is referred to as a Certifying Authority (CA).

The

function

of

a

CA

is

to verify and

authenticate the identity of a subscriber (a person in whose name the Digital Signature Certificate is issued).

65

Digital Signature Certificate

A digital signature certificate securely binds the identity of the subscriber.

It contains name of the subscriber, his public key information, name of the certifying authority who issued the digital signature certificate, its public key information and the certificate’s validity period.

These certificates are stored in an online, publicly accessible repository maintained by the

Controller

of

Certifying

Authorities or in the

repository maintained by the CA.

Licensed Certifying Authorities in India

Safescrypt Tata Consultancy Services (TCS) National Informatics Centre (NIC) Institute for Development and Research in Banking Technology (IDRBT) Mahanagar Telephone Nigam Limited (MTNL) Customs and Central Excise

68

Verifying a Digital Signature -

Recipient :

Step

1: receives digital signature message.

and

the

Step

2: applies signer's public key on the digital signature.

Step 3:

recovers the hash result (message digest) from the digital signature.

Step 4: computes a new hash result of the original message by means of the same hash function used by the signer to create the digital signature.

Step 5: compares the hash results recovered in Step 3 and Step 4.

69

Hence, it is pertinent that

the

Court must not be

swayed by the technicality

of electronic evidence but should access the evidence by following the ‘functional equivalent approach’.

Digital Signature and the Law

Rule

3.

The

manner in which

information be authenticated by means of Digital Signature.

The said Rule provides for the use of

public

key

cryptography

to

authenticate by means of Digital Signatures

Rule

4.

Signature.

Creation

of

Digital

Rule

5.

Verification of Digital

Signature.

 

Rule

4

and 5 contain provisions

relating

to

creation

and

verification of Digital Signatures.

Section 2(ta)

– “electronic

signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature;

Section 2(1)(p)

“Digital

Signature” means authentication

of

any

electronic record by a

subscriber by means of an electronic method or procedure in accordance with the provisions of Section 3.

Section 3 - Authentication of Electronic

Records. - (1) Subject to the provisions of

this

Section,

any

subscriber

may

authenticate

an

electronic

record

by

affixing his digital signature.

 

(2)The authentication of the electronic

record

shall

be

effected by the

use

of

asymmetric crypto system and hash

function which envelop and transform the

initial

electronic

record

into

another

  • (a) to derive or reconstruct

the original electronic record from the hash result produced

by the algorithm;

  • (b) that

two

electronic

records can produce the same

hash result using the algorithm.

(3)

Any person by the use of

a public key of the subscriber can verify the electronic record.

(4)

The

private

key

and

the

public

key

are

unique

to

the

subscriber and

constitute

a

functioning key pair.

Subscriber is a person in whose name

the

Digital

issued.

Signature

Certificate is

Authenticate

means

“to

give

legal

validity to”, “establish the genuineness

of”.

Electronic Record means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

Affixing Digital Signature means

adoption of any methodology or procedure by person for the purpose of authenticating an electric record by means of digital signature.

Asymmetric

Crypto

System

is

a

system

of

using

mathematically

related

keys

to

create and verify

digital signature.

A one-way hash function takes

variable-length

input

say,

a

message of any length

and

produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information

is changed in any way – even by

just

one

different

produced.

bit

output

an

entirely

value

is

In interpreting this provision, the term “digital signature” must not

be compared to “signature” in the

conventional

sense.

This

is

because although

a

person

usually

has

one

conventional

handwritten

signature for

all

messages, he will have a

different digital signature for every message that he signs.

Illustration

Mr. Sen writes a message as under:

Dear Mr. Gupta,

I accept the terms and conditions discussed by us today.

Dear Mr. Gupta, I accept the terms and conditions discussed by us today. Mr. S Sen

Mr. S Sen

Figure 1 : Conventionally signed message

Here, Mr. Sen’s signature is as marked in the above message. Every document he signs will bear this signature.

However, his digital signature for this message could be

iQA/AwUBO0BCsFPnhMicaZh0EQJllgCgt1

qtfq

azO2ppYNdZN685h2QtYQsAoOgZ

eH3gqHf5Tisz1C7tzvHC09zx

=g/BR

Figure 2: Digital Signature

Although his digital signature for the message in Figure 1 is as shown in Figure 2, his digital signature for any and every other message will be different.

E.g. if he changes the word “today” in the message in Figure 1 to “yesterday”, his digital signature for the new message could be:

iQA/AwUBO0BDdlPnhMicaZh0EQIOBQCgiu0v

AT47Q7VJsgeQYWU69OtV+MMAoL772XDQB

vzPYOKSWDS6wjucho1T

=TSAn

Figure 3: New Digital Signature

What the law implies here is that a person may authenticate an electronic record by means of a digital signature, which is

unique

to

the

being

digitally

message

signed.

The

public

key

and

private

key

are

basically two very large numbers that are mathematically related to each other. If a

particular private key was used to “sign” a

message,

then

public

key

will

“signature”.

only

be

the

able

corresponding

to

verify

the

The law also lays down that the private key and public key are unique to each subscriber. This implies that no two subscribers should have the same public and private key pair. This is practically achieved by using very large numbers (hundreds of digits) as keys. The probability of two persons generating the same key pair is thus extremely remote.

Section 3A. Electronic Signature. – (1) Notwithstanding anything contained

in

Section

3,

but

subject

to

the

provisions of sub-section

(2),

a

subscriber may

authenticate

any

electronic record

by

such

electronic

signature

or electronic

technique which –

authentication

  • (a) is considered reliable and

  • (b) may

be

Schedule.

specified in

the Second

(2) For the purpose of this section any electronic signature or electronic authentication technique shall be considered reliable if –

(a) the signature creation data or the authentication date are, within

the context in which they are used,

linked to

the signatory or, as the

case may be, the authenticator and to no other person.

(b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;

  • (c) any alteration to the electronic

signature made after affixing such

signature is detectable;

(d)

any

alteration

to

the

information

made

after

its

authentication

by

electronic

signature is detectable; and

  • (e) it fulfils such other conditions

which may be prescribed.

(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated.

(4) The Central Government may, by notification in the Official Gazette, add to or omit by electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule;

Explanation - For the purposes of this sub-section, "hash function"

means an algorithm

mapping

or

translation

of

one sequence of

bits

into another, generally smaller, set

known

as "hash result"

such that an

electronic

record

yields

the

same

hash result every time the algorithm is executed with the same electronic

record as its input making it computationally infeasible -

Provided

that

no

electronic

signature

or

authentication

technique shall be specified in the

Second

Schedule

unless

such

signature or technique is reliable.

(5) Every

notification issued

under sub-section (4) shall be laid

before each House of Parliament.

Section 4. Legal recognition of electronic

records. - Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is-

(a) rendered or made available in an electronic form; and

(b)

accessible

so

as

to

subsequent reference.

be

usable

for

a

Section 5. Legal recognition of digital signatures.

Where any law provides that information or any other matter shall be authenticated by

affixing the signature or any document shall be signed or bear the signature of any person (hen, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if

such information

or

matter

is

authenticated by means of digital signature affixed in such manner as may be

prescribed by the Central Government.

95

Explanation.- For the purposes of this section, "signed", with its

grammatical variations

and

cognate expressions, shall, with reference to a person, mean

affixing

of

his

hand

written

signature or

any

mark

on

any

document

and

the

expression

"signature" shall accordingly.

be

construed

Section 6. Use of electronic records and digital signatures in Government and its agencies.

(1) Where any law provides for-

(a) the filing of any form. application or

with any office,

any other document

authority, body or agency owned or

controlled by the appropriate Government in a particular manner;

(b) the issue

or grant

of

any licence,

permit, sanction or approval by whatever name called in a particular manner;

97

(c)

the

receipt

payment

or

money in a particular manner,

of

then, notwithstanding anything contained in any other law for the time being in force, such requirement

shall

be deemed to have been

satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

(2) The appropriate Government

for

the

purposes

of

sub-

may,

section (1), by rules, prescribe-

(a)

the

and

format

in

manner

which such electronic records shall be filed, created or issued;

(b)

the

method of

manner

or

payment of any fee or charges for

filing,

creation

issue

or

any

electronic record under clause (a).

9.

Sections 6,7

and

8

not

to

confer

right to insist document should be accepted

in electronic form.

Nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.

Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars.

(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that—

(a) the Certifying Authority listed in the certificate has not issued it; or

(b)

the

subscriber

listed

in

the

certificate has not accepted it; or

(c) the certificate has been revoked or suspended,

unless such publication

is

for

the

purpose

of

verifying

a

digital

signature created

prior

to

such

suspension or revocation.

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term, which may extend to two years, or with fine, which may extend to one lakh rupees, or with both.

Section

74.

Publication

for

fraudulent purpose.

Whoever

knowingly

creates,

publishes

or

otherwise

makes

available

a

Digital

Signature

Certificate

for

any

fraudulent

or

unlawful purpose shall be punished with imprisonment for a term, which

may extend to two years, or with

fine,

which may

extend to one

lakh

rupees, or with both.

103