Вы находитесь на странице: 1из 35

Click to edit Master text styles

Second level
Third level

Information Technology Act


Date: 28th April 2012 Venue: Som Lalit Institute of Management Roll Number: 05 Name: Shaishav Desai Subject: LAB

Fourth level Fifth level

Introduction Enacted on 17th May 2000- India is 12th nation in the world to Click tolaws Master text styles adopt cyber edit IT Second level Act is based on Model law on e-commerce adopted by UNCITRAL - United Nations Commission on International Trade Third level Law Fourth level Information Technology Amendment Act 2008 which was Fifth level passed by the two houses of the Indian Parliament on December 2008. It got the Presidential assent on February 5, 2009 and was notified for effectiveness on October 27, 2009.

What IT Act stands for? An Act to provide legal recognition for transactions carried out Click to electronic data interchange and other means of by means of edit Master text styles electronic communication. Second level Which involve the use of alternatives to paper-based methods Third level of communication and storage of information, to facilitate Fourth level electronic filing of documents with the Government agencies Fifth level and further to amend them.

IT Act features Legal Recognition of Electronic Documents Electronic contracts will be text styles Click to edit Master legally valid Legal recognition of digital signatures Second level Digital signature to be effected by use of asymmetric crypto Third level system andhash function Fourth level Security procedurelevel electronic records and digital signature Fifth for Appointment of Certifying Authorities and Controller of Certifying Authorities Certifying authorities to get License to issue digital signature certificates Various types of computer crimes defined and stringent penalties provided under the Act

Legal recognition to electronic records and digital signature The information technology Act gives legal recognition to electronic records and to digital signature u/s 4 and 5. If Click to edit required in printed or written form under any law the Master text styles any information is Information provided in electronic form, which is accessible so as to be usable Second level for subsequent use, shall be deemed to satisfy the requirement of presenting the document in writing or printed form. Third level Electronic Records are: Fourth level Very easy to make copies Fifth level Very fast distribution Easy archiving and retrieval Copies are as good as original Easily modifiable Environmental Friendly Because of 4 & 5 together, these lack authenticity Future of Electronic Commerce depends on the trust that the transacting parties place in the security of the transmission and content of their communications

Digital Signature
Why Digital Signature? To provide Authenticity, Integrity and Non-repudiation to electronic documents To use the Internet as the safe and secure medium for e-Commerce and e-Governance ---------------------------------------------------------Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document Third of a person therefore varies from document to document thus ensuring Digital Signaturelevel authenticity of each word of that document. key of the signer As the publicFourth level is known, anybody can verify the message and the digital signature Fifth level Digital signatures created and verified using cryptography Public key System based on Asymmetric keys An algorithm generates two different and related keys Public key Private Key Private key used to digitally sign. Public key used to verify. Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3; Digital signatures are created and verified by cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible forms and back again.

Click to edit Master text styles


Second level

Digital Signature
[Public edit Master text Private Click tokey known to everyone &styles key only to the owner]

Each individual generates his own key pair

Second level
Third level

Private Key Used for making digital

signature

Fourth level Public Key Used to verify the digital signature Fifth level The Private key generated is to be protected and kept secret. The responsibility of the secrecy of the key lies with the owner. The key is secured using PIN Protected soft token Smart Cards Hardware Tokens

Digital signature process

Click to edit Master text styles


Second level
Third level
Fourth level Fifth level

Digital signature process

A signs message with his own private key text styles Click to edit Master
A then encodes the resulting message with Bs Public key B decodes the message with his own Private key B applies Third level digital signature As Public key on the When A uses his own private key, it demonstrates that Fourth level he wants to sign the document Fifth level he wants to reveal his identity he shows his will to conclude that agreement The encoded message travels on the Net, but nobody can read it : confidentiality B needs to know that A and only A sent the message B uses As public key on the signature Only As public key can decode the message A cannot repudiate his signature Digital signature cannot be reproduced from the message No one can alter a ciphered message without changing the result of the decoding operation

Second level

Digital signature process

Click to edit Master text styles


Second level
Third level
Fourth level Fifth level

Certifying Authority for Digital Signature According to section 24 under Information Technology Act Click to edit Master text a person who has been 2000 "Certifying Authority" means styles granted a license to issue Digital Signature Certificates. Second level A CA is an Authority which should : Third level reliably identify persons applying for key certificates (signatures)

Fourth level reliably verify their legal capacity Fifth level confirm the attribution of a public signature key to an identified physical person by means of a signature key certificate always maintain online access to the signature key certificates with the agreement of the signature key owner take measures so that the confidentiality of a private signature key is guaranteed

Certificate based Key Management

Operated by trusted Click to edit Master text styles party - CA third Second level Provides Trading Third level Partners Certificates Fourth level Notarizes the Fifth level relationship User A User B between a public key and its owner
CA
CA A B

CA A

CA B

Certifying Authority for Digital Signature a. www.safescrypt.com www.nic.inedit Master b. Click to c. www.idrbtca.org.in Second level d. www.tcs-ca.tcs.co.in Third level e. www.mtnltrustline.com Fourth level f. www.ncodesolutions.com Fifth level g. www.e-Mudhra.com

text styles

Contents of a Public Key Certificate

Click tothe Certificate S.No of edit Master text styles


Issued by a CA as a data message and always available online


Applicantslevel Place and Date of Birth, Company Name Second name, Applicants legal domicile and virtual domicile Third level Validity period of the certificate and the signature Fourth level CAs name, legal domicile and virtual domicile Fifth level Users public key Information indicating how the recipient of a digitally signed document can verify the senders public key CAs digital signature

Controller of Certifying Authorities (CCA) Appointed by the Central Government under section 17 of the Act. to edit Master text styles IT Click Came into existence on November 1, 2000. Second level Aims at promoting the growth of E-Commerce and E Third level Governance through the wide use of digital signatures. Fourth level Licensing Certifying Authorities (CAs) under section 21 of the IT Fifth level Act and exercising supervision over their activities. Certifying the public keys of the CAs, i.e. their Digital Signature Certificates more commonly known as Public Key Certificates (PKCs). Laying down the standards to be maintained by the CAs, Addressing the issues related to the licensing process

The licensing process Examining the application and accompanying documents as Click in sections 21 to 24 of thestylesand all the Rules and provided to edit Master text IT Act, Regulations there- under; Second level
21. License to issue Digital Signature Certificates

Third level

qualification, expertise, manpower, financial resources and other infrastructure Fourth level facilities

Fifth level 22. Application for license 23. Renewal of license 24. Procedure for grant or rejection of license

Approving the Certification Practice Statement(CPS); Auditing the physical and technical infrastructure of the applicants through a panel of auditors maintained by the CCA.

Audit Process Adequacy of security policies and implementation thereof; Existence ofedit Master text styles Click to adequate physical security; Evaluation of level Second functionalities in technology as it supports CA operations; Third level CAs services administration processes and procedures; Fourth level Compliance to Fifth level CPS as approved and provided by the relevant Controller; Adequacy to contracts/agreements for all outsourced CA operations; Adherence to Information Technology Act 2000, the rules and regulations thereunder, and guidelines issued by the Controller from time-to-time.

Key Size mandated by the CCA

Click to edit Master text styles


2048-bit RSA-key UserSecond level
1024-bit RSA-key
Fourth level Fifth level

CA

Third level

Application of Digital Certificate


Instant posting of judgment on the web. Click to edit Master text styles

Applications in Judiciary

Second level

Applications in Telecommunications Fourth level

Secured electronic communications within judiciary Authentic archiving of Judicial records Submission of affidavits Giving certified Third level copies of the Judgment

Intra/Inter offices authentic communications


Procurement of material
OBs, approvals, Instructions, requests

Fifth level

Network Management functions


Books, gifts, Internet purchases

Calling/Receiving bids, Purchase orders, Payment instructions Change of configuration, Blocking/unblocking routes

Small Payments through telephones bills Mobile Authentication of SMS

Mobile Phones as Credit cards

Share market trading, Intra/Inter office instructions Mobile operator can venture into credit card business

Application of Digital Certificate

Click to edit Master text styles Issuing forms and licenses


Second level

Government Online

Filing tax returns online Online Government orders/treasury orders Registration Third level Online file movement system Fourth level Public information records E-voting Fifth level Railway reservations & ticketing E-education Online money orders

Information technology act 2000 is not applicable to:


Every electronic information is under the scope of I.T. Act 2000 but following to edit Master text styles Clickelectronic transaction is not under I.T. Act 2000

Second level 1. Information technology act 2000 is not applicable on the attestation for creating trustlevel Third via electronic way. Physical attestation is must.
is not applicable on the attestation for making will of 2. I.T. Act 2000Fourth level attestation any body. Physical Fifth level by two witnesses is must.

3. A contract of sale of any immovable property.

4. Attestation for giving power of attorney of property is not possible via electronic record.

CYBER CRIME Cyber crime occupies a major position in the Information Click toAct. Master text styles Technology edit Cybercrime refers to all the activities done with criminal intent Second level in cyberspace or using the medium of Internet. Third level Any criminal activity that uses a computer either as an Fourth level instrumentality, target or a means for perpetuating further Fifth level crimes comes within the ambit of cyber crime. Cyber crime includes financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation.

CYBER CRIME Cyber crime occupies a major position in the Information Click toAct. Master text styles Technology edit Cybercrime refers to all the activities done with criminal intent Second level in cyberspace or using the medium of Internet. Third level Any criminal activity that uses a computer either as an Fourth level instrumentality, target or a means for perpetuating further Fifth level crimes comes within the ambit of cyber crime. Cyber crime includes financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation.

CYBER CRIME Impacts on IT Cybercrime adversely impacts various activities in the Click to edit Master text styles systems and electronic medium using computers, computer computer networks Second level Effect is destruction or adverse impact on data. Third level Cybercrimes also have the ability to disrupt or damage Fourth level computers,computer systems and computer networks as also Fifth level data or information resident therein Cybercrimes directly inhibit e-commerce and the free use of the Internet and computers.

CYBER CRIME The Computer as a Target Using a computerMaster other computers. Click to edit to attack text styles Second level e.g. Hacking, Virus/Worm attacks, DOS attack etc. Third level The Computer as a Weapon Fourth to Using a computerlevelcommit real world crimes. Fifth level e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

TYPES OF CYBER CRIMES


Cyber terrorism Cyber pornographyMaster text styles Click to edit Defamation Crime against Government Second level Cyber stalking (section 509 IPC) Sale ofillegal articles-narcotics, Third level weapons, wildlife level Fourth Crime against persons Online gambling Fifth level Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Crime against property Email spoofing Forgery Credit card frauds

OFFENSES under IT ACT

Click to edit Master text styles


Second level
Third level

Section 65: Tampering with computer source documents shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both

Explanation - For the purposes of this section, "computer source code" means the listing of programmes, computer Commands, design and layout and programme analysis of computer resource in any form.

Section 66: Hacking with Computer System Fourth level Whoever commits hacking shall be punished with imprisonment up to Fifth level three years, or with fine which may extend up to two lakh rupees, or with both
Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. Sec 66A : Offensive Message thru communication service Sec 66B : Dishonestly receiving stolen computer resource or communication service Sec 66C : Identity theft Sec 66D : Cheating by personating by using any computer resource Sec 66E : Violation of privacy Sec 66F : Cyber Terrorism

OFFENSES under IT ACT

Click to edit Master text styles


Second level
Third level

Section 67: Publishing of information which is obscene in electronic form shall be punished on first conviction with imprisonment of either description for a term which may extend to two years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

Explanation - Whoever publishes or transmits or causes to be published in the electronic form, any material which is Lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or Fourth level embodied in it. Sec 67A : Publishing / Transmitting any sexually explicit act material Fifth level Sec 67B : Child Pornography Sec 67C : Retention of Information by Intermediaries

Section 69: Decryption of information


punishment up to 7 years
Controller issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States, Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information.

OFFENSES under IT ACT


Section 70:Protected system Click to punished with imprisonment of either description for a term shall be edit Master text styles which may extend to ten years and shall also be liable to fine.
Explanation - Any person who secures access or attempts to secure access to a protected system in contravention of thelevel Third Provisions of this section.

Second level

Section 71: Fourth level Penalty for misrepresentation shall be punished level imprisonment for a term which may extend to Fifth with two years, or with fine which may extend to one lakh rupees, or with both.

Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any licence or Digital Signature Certificate, as the case may be.

OFFENSES under IT ACT

Click to edit Master text styles


Second level
Third level

Section 72: Penalty for breach of confidentiality and privacy Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.

Explanation - Any person who, in pursuance of any of the powers conferred under IT Act, has secured access to any electronic record, book, register, correspondence, information or document without the consent of the person concerned discloses such electronic record, book., register, correspondence, information, document to any other person.

Explanation - Publishing a Digital Signature Certificate or otherwise making it available to any other person with the knowledge that the Certifying Authority listed in the certificate has not issued it or the subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.

Section 73: Publishing Digital Signature Certificate false in certain particulars Fourth level Imprisonment for a term which may extend to 2 years, or with fine which may extend to 1 lakh Rupees. Fifth level

Section 74: Publication for fraudulent purpose Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.
Explanation - Creation, publication or otherwise making available a Digital Signature Certificate for any fraudulent or unlawful purpose

OFFENSES under IT ACT

Click to edit Master text styles


Second level
Third level

Section 72: Penalty for breach of confidentiality and privacy Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.

Explanation - Any person who, in pursuance of any of the powers conferred under IT Act, has secured access to any electronic record, book, register, correspondence, information or document without the consent of the person concerned discloses such electronic record, book., register, correspondence, information, document to any other person.

Explanation - Publishing a Digital Signature Certificate or otherwise making it available to any other person with the knowledge that the Certifying Authority listed in the certificate has not issued it or the subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.

Section 73: Publishing Digital Signature Certificate false in certain particulars Fourth level Imprisonment for a term which may extend to 2 years, or with fine which may extend to 1 lakh Rupees. Fifth level

Section 74: Publication for fraudulent purpose Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.
Explanation - Creation, publication or otherwise making available a Digital Signature Certificate for any fraudulent or unlawful purpose

Data diddling changing data prior or during input into a computer Section 66 and 43(d) of the I.T. Actstyles the offence of data Click to edit Master text covers diddling Second level Penalty: Not exceeding Rs. 1 crore Third level
Fourth level Fifth level

OFFENSES under IT ACT

Click to edit Master text styles


If a contravention has been committed by a Company then the following Second level persons along with the Company would also be liable:
The person in charge of the Company / responsible for the conduct of the business when the contravention was committed Fourth level

Liabilities of Companies ( sec 85 )

Third level

Fifth level If a contravention has been committed by a Company and it is proved that it took place with the consent/ connivance / neglect on part of any Director, Manager, Officer then that person would also be liable.

Offenses under IPC


Sending threatening messages by email Sending defamatory messages by email Forgery of electronic records

Click to edit Master text styles


Sec Second level 499, 500 IPC

Sec 503 IPC

Third level 470, 471 IPC Sec

Fourth level Bogus websites, cyber frauds Fifth level Sec 420 IPC

Punishment Imprisonment for 2 years, or fine, or bothNoncognizableBailableTriable by any Magistrate Compoundable by the person insulted. Simple imprisonment for 2 years, or fine, or bothNoncognizableBailableTriable by Court of Session Compoundable by the person defamed. Punishment for forgery of such documentCognizable BailableTriable by Magistrate of the first classNoncompoundable Imprisonment for 7 years and fineCognizableNon-bailableTriable by Magistrate of the first class Compoundable by the person cheated with the permission of the court.

Email spoofing

Web- Jacking - Put person in Fear Destruction of electronic evidence

Sec 416, 417, 463 IPC Imprisonment for 2 years, or fine, or bothNoncognizableBailableTriable by Magistrate of the first classNon-compoundable. Sec. 383 IPC Imprisonment for 3 years, or fine, or bothCognizable Non-bailableTriable by any MagistrateNoncompoundable. Sec.204,477 IPC Imprisonment for 2 years, or fine, or bothNoncognizableBailableTriable by Magistrate of the first classNon-compoundable.

Click to edit Master text styles


Second level
Third level
Fourth level Fifth level

ThANK YOU