Information Technology Act 2000
Objectives
Carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as "electronic commerce“
To facilitate electronic filing of documents with Government agencies and E-Payments
Digital SIgnature
The authentication to be affected by use of asymmetric crypto system and hash function
The private key and the public key are unique to the subscriber and constitute functioning key pair
Verification of electronic record possible
Digital Signature
Digital signatures created and verified using cryptography
Public key System based on Asymmetric keys
An algorithm generates two different and related keys
Public key
Private Key
Private key used to digitally sign.
Public key used to verify.
Role of public key
Allow parties to have free access to the signer’s public key
This assures that the public key corresponds to the signer’s private key
Trust between parties as if they know one another
Parties with no trading partner agreements, operating on open networks, need to have highest level of trust in one another
Secure digital signature
If by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was:
(a) unique to the subscriber affixing it;
(b) capable of identifying such subscriber;
(c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature
Regulation of Certifying Authorities
The Central Government may appoint a Controller of Certifying Authority who shall exercise supervision over the activities of Certifying Authorities.
Certifying Authority means a person who has been granted a licence to issue a Digital Signature Certificate. The Controller of Certifying Authority shall have powers to lay down rules, regulations, duties, responsibilities and functions of the Certifying Authority issuing Digital Signature Certificates. The Certifying Authority empowered to issue a Digital Signature Certificate shall have to procure a license from the Controller of Certifying Authority to issue Digital Signature Certificates. The Controller of Certifying Authority has prescribed detailed rules and regulations in the Act, as to the application for license, suspension of license and procedure for grant or rejection of license.
Digital Signature Certificate
Any person may make an application to the Certifying Authority for issue of Digital Signature Certificate. The Certifying Authority while issuing such certificate shall certify that it has complied with the provisions of the Act.
The Certifying Authority has to ensure that the subscriber (i.e., a person in whose name the Digital Signature Certificate is issued) holds the private key corresponding to the public key listed in the Digital Signature Certificate and such public and private keys constitute a functioning key pair. The Certifying Authority has the power to suspend or revoke Digital Signature Certificate.
E-Governence
a) Legal Recognition of electronic record
If any information is required in printed or written form under any law the Information provided in electronic form, which is accessible so as to be usable for subsequent use, shall be deemed to satisfy the requirement of presenting the document in writing or printed form.
Use of electronic records & DS (6)
Filling of any form or application in office controlled by government
Issue of grant and license or approval
Receipt or payment of money in a particular manner
Publication of rules
The rules regulations which are supposed to published in official gazette , such requirement shall be deemed to be satisfied if it is published in electronic gazette.
Penalties
For damage to computer, computer system.etc(43)
For failure to furnish information , return (44)
fails to furnish any document- Rs.1,50,000
not submitting in specific time period-
Rs.5000 per day of delay
Failure to maintain books or accounts-
compensate the victim if any or penalty
upto 25000