Information Technology act 2000
The Information Technology Act, 2000 is India’s mother legislation regulating the use of computers, computer systems and computer networks as also data and information in the electronic format. The said legislation has provided for the legality of the electronic format as well as electronic contracts. This legislation has touched varied aspects pertaining to electronic authentication, digital signatures, cybercrimes and liability of network service providers.
Information technology act 2000 deals with various computer systems like
Electronic forms. (online money transfer, online income tax payment, online application)
Online transfer of data.
Online banking
Storage of data
Computer Virus
Hacking
Emailing.
Unauthorized access of computer system
The Act provides for:
Legal Recognition of Electronic Documents
Legal recognition of Electronic commerce Transactions
Admissibility of Electronic data/evidence in a Court of Law
Legal Acceptance of digital signatures
Punishment for Cyber obscenity and crimes
Establishment of Cyber regulations advisory Committee and the Cyber Regulations Appellate Tribunal.
Facilitation of electronic filing maintenance of electronic records.
Before knowing information technology act 2000, one need to know some technical terminology related to computer systems.
Person’s signature on the document is necessary to prove that the document is belonging to him. Signature is the evidence to prove that the document belong to the particular person.
DIGITAL SIGNATURE
Definition 1
A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document,
Definition 2
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.
Uses of digital signature
1. Issuing forms and licences
2. Filing tax returns online
3. Online Government orders/treasury orders
4. Registration
5. Online file movement system
6. Public information records
7. E-voting
8. Railway reservations & ticketing
9. E-education
10. Online money orders
11. Secured emailing
How do you get a Digital Signature Certificate
The Office of Controller of Certifying Authorities (CCA), issues Certificate only to Certifying Authorities.CA issue Digital Signature Certificate to end-user. You can approach any one of the eight CAs for getting Digital Signature Certificate.
Different Classes of Digital Signature Certificates
Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user’s name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
[Sec 5] legal recognition of the digital signature
According to this section, signature of the person need no to be in writing, it can be in the form of the following.
With rubber stamp
With pen
With pencil
With thumb impression
With digital signature which is issued by the certifying authority (government body) and stored in the computer in the file format
Digital signature is not like hand writing signature. It is not normally readable. Not like general hand writing signature. Digital signatures have equal legal recognition compared with non-digital signatures. Digital signature will be different for each e document. Digital signature is issued by the certifying authority.
Sec 15
According to this section digital signature is secure
Digital signature will be used as identification of the subscriber.
License procedure of the digital signature certificate
Section 2 (q) “Digital Signature Certificate” means a Digital Signature Certificate issued under subsection (4) of section 35;
Sec21
Any person can apply for the digital signature certification having certain qualification prescribed by government under the act.
Sec22 application
Any person can apply for digital signature with filling of application.
Any other documents attached if needed, should be genuine
Fee of rupees 2500/-
[Sec23]
License can be renewed before the 45 days of expiry date of 5 years. Renewal fees is 5000/-. After the expiry of the date, late fee will be collected in addition to the renewal fee.
[Sec25]
According to this section license will be cancelled if the applicant provides any false information
DIGITAL SIGNATURE
Section 2 (p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;
Authentication of electronic records. [Sec 3]
According to this section any person can use and affix his digital signature to the electronic record (message or data on computer) to prove/ confirm (authenticate) such electronic is created by him
only and belong to him only. Affixing digital signature to the electronic record will be a proof that belongs to a specific person.
“Electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche; [Sec 2(t)]
[sec3 (2)]
This section deals with the computer online process of sending data or message securely and safely from sender to the receiver. And also deals with the assuring of message or data to receiver and sender.
Section 2 (f) “asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;
Cryptographic system
Cryptographic mechanism process done by the computer system.
The message or data send out will be encrypt by a cryptographic mechanism. (the procedures and methods of making and using secret languages, as codes)
Cryptographic mechanism includes private key and public key which are cryptographic methods provided certifying authorities. (Private Key encryption is essentially the same as a secret code that the two computers must each know in order to decode the information. The code would provide the key to decoding the message)
(To decode an encrypted message, a computer must use the public key provided by the originating computer and its own private key.)
Public key and private key or both mathematically related to each other.
Therefore private key is being used to encode the data/message and a public key is being used to decode the data/ message.
Private key will be with sender only
Private Key with public will be with sender.
Public will be with receiver of data or message.
Hash function=checksum/message digest
Hash function process is done by the computer system
Hash function which mean algorithm is a mathematical function/formula that converts a large, possibly variable-sized amount of data into a small datum. This is called as hash result and message digest.
To sign a document, sender by software will crunch down the data or message into just a few lines by a process called “hashing algorithm/ hash function”. These few lines are called a message digest/ hash result.
Any modification in message or data changes the hash result.
With the hash result we cannot construct the original message or data.
Digital signature verification.
Sender by software then encrypts the message digest with his private key. The result is the digital signature.
Finally, sender software attaches / affixes the digital signature to data or message. All of the data that was hashed has been signed.
Receiver by software will decrypts the signature (using sender public key) changing it back into a message digest.
If this worked, then it proves
Tags:
electronic filing maintenance,
digital signature indian information technology act,
explain technology for authenticating an electronic document,
regulating authorities under information technology act,
education according to 2000,
digital key renewal form,
restrictions on cryptography in india
Information Technology Act 2000
Information Technology act 2000
The Information Technology Act, 2000 is India’s mother legislation regulating the use of computers, computer systems and computer networks as also data and information in the electronic format. The said legislation has provided for the legality of the electronic format as well as electronic contracts. This legislation has touched varied aspects pertaining to electronic authentication, digital signatures, cybercrimes and liability of network service providers.
Information technology act 2000 deals with various computer systems like
Electronic forms. (online money transfer, online income tax payment, online application)
Online transfer of data.
Online banking
Storage of data
Computer Virus
Hacking
Emailing.
Unauthorized access of computer system
The Act provides for:
Legal Recognition of Electronic Documents
Legal recognition of Electronic commerce Transactions
Admissibility of Electronic data/evidence in a Court of Law
Legal Acceptance of digital signatures
Punishment for Cyber obscenity and crimes
Establishment of Cyber regulations advisory Committee and the Cyber Regulations Appellate Tribunal.
Facilitation of electronic filing maintenance of electronic records.
Before knowing information technology act 2000, one need to know some technical terminology related to computer systems.
Person’s signature on the document is necessary to prove that the document is belonging to him. Signature is the evidence to prove that the document belong to the particular person.
DIGITAL SIGNATURE
Definition 1
A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document,
Definition 2
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.
Uses of digital signature
1. Issuing forms and licences
2. Filing tax returns online
3. Online Government orders/treasury orders
4. Registration
5. Online file movement system
6. Public information records
7. E-voting
8. Railway reservations & ticketing
9. E-education
10. Online money orders
11. Secured emailing
How do you get a Digital Signature Certificate
The Office of Controller of Certifying Authorities (CCA), issues Certificate only to Certifying Authorities.CA issue Digital Signature Certificate to end-user. You can approach any one of the eight CAs for getting Digital Signature Certificate.
Different Classes of Digital Signature Certificates
Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user’s name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
[Sec 5] legal recognition of the digital signature
According to this section, signature of the person need no to be in writing, it can be in the form of the following.
With rubber stamp
With pen
With pencil
With thumb impression
With digital signature which is issued by the certifying authority (government body) and stored in the computer in the file format
Digital signature is not like hand writing signature. It is not normally readable. Not like general hand writing signature. Digital signatures have equal legal recognition compared with non-digital signatures. Digital signature will be different for each e document. Digital signature is issued by the certifying authority.
Sec 15
According to this section digital signature is secure
Digital signature will be used as identification of the subscriber.
License procedure of the digital signature certificate
Section 2 (q) “Digital Signature Certificate” means a Digital Signature Certificate issued under subsection (4) of section 35;
Sec21
Any person can apply for the digital signature certification having certain qualification prescribed by government under the act.
Sec22 application
Any person can apply for digital signature with filling of application.
Any other documents attached if needed, should be genuine
Fee of rupees 2500/-
[Sec23]
License can be renewed before the 45 days of expiry date of 5 years. Renewal fees is 5000/-. After the expiry of the date, late fee will be collected in addition to the renewal fee.
[Sec25]
According to this section license will be cancelled if the applicant provides any false information
DIGITAL SIGNATURE
Section 2 (p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;
Authentication of electronic records. [Sec 3]
According to this section any person can use and affix his digital signature to the electronic record (message or data on computer) to prove/ confirm (authenticate) such electronic is created by him
only and belong to him only. Affixing digital signature to the electronic record will be a proof that belongs to a specific person.
“Electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche; [Sec 2(t)]
[sec3 (2)]
This section deals with the computer online process of sending data or message securely and safely from sender to the receiver. And also deals with the assuring of message or data to receiver and sender.
Section 2 (f) “asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;
Cryptographic system
Cryptographic mechanism process done by the computer system.
The message or data send out will be encrypt by a cryptographic mechanism. (the procedures and methods of making and using secret languages, as codes)
Cryptographic mechanism includes private key and public key which are cryptographic methods provided certifying authorities. (Private Key encryption is essentially the same as a secret code that the two computers must each know in order to decode the information. The code would provide the key to decoding the message)
(To decode an encrypted message, a computer must use the public key provided by the originating computer and its own private key.)
Public key and private key or both mathematically related to each other.
Therefore private key is being used to encode the data/message and a public key is being used to decode the data/ message.
Private key will be with sender only
Private Key with public will be with sender.
Public will be with receiver of data or message.
Hash function=checksum/message digest
Hash function process is done by the computer system
Hash function which mean algorithm is a mathematical function/formula that converts a large, possibly variable-sized amount of data into a small datum. This is called as hash result and message digest.
To sign a document, sender by software will crunch down the data or message into just a few lines by a process called “hashing algorithm/ hash function”. These few lines are called a message digest/ hash result.
Any modification in message or data changes the hash result.
With the hash result we cannot construct the original message or data.
Digital signature verification.
Sender by software then encrypts the message digest with his private key. The result is the digital signature.
Finally, sender software attaches / affixes the digital signature to data or message. All of the data that was hashed has been signed.
Receiver by software will decrypts the signature (using sender public key) changing it back into a message digest.
If this worked, then it proves
Tags: electronic filing maintenance, digital signature indian information technology act, explain technology for authenticating an electronic document, regulating authorities under information technology act, education according to 2000, digital key renewal form, restrictions on cryptography in india