Home       Top Rated       Submit Article     Advanced Search     FAQ       Contact Us       Lawyers in India       Law Forum     RSS Feeds     

Register your Copyright Online

We offer copyright registration right from your desktop click here for details.

Latest Articles | Articles 2014 | Articles 2013 | Articles 2012 | Articles 2011 | Articles 2010 | Articles 2009 | Articles 2008 | Articles 2007 | Articles 2006 | Articles 2000-05

Search On:Laws in IndiaLawyers Search

Mutual Consent Divorce in Delhi
We provide fast, cost effective and Hassle free solution.
Contact us at Ph no: 9650499965 (Divorce Law Firm Delhi)

E-mail login                       Password
     

Free Email Sign Up

Main Categories
 Accident Law
 Arbitration
 Aviation Law
 Banking and Finance laws
 Case Laws
 Civil Laws
 Company Law
 Constitutional Law
 Consumer laws
 Contracts laws
 Criminal law
 Drug laws
 Dubai laws
 Educational laws
 Employment / Labour laws
 Environmental Law
 family law
 Gay laws and Third Gender
 Human Rights laws
 Immigration laws
 Insurance / Accident Claim
 Intellectual Property
 International Law
 Juvenile Laws
 Law - lawyers & legal Profession
 Legal Aid and Lok Adalat
 Legal outsourcing
 Media laws
 Medico legal
 Miscellaneous
 Real estate laws
 Right To Information
 Tax Laws
 Torts Law
 Woman Issues
 Workplace Equality & Non-Discrimination
 Yet Another Category

More Options
 Most read articles
 Most rated articles

Subscription
Subscribe now and receive free articles and updates instantly.

Name
Email



Copyright Registration

To Copyright Your Books, Videos, Songs, Scripts etc
Call us at: 9891244487 / or email at: admin@legalserviceindia.com
Top Law Colleges

Law Updates:

# Income-Tax
# Family law
# Company Law
# Constitutional Law
# Partnership firms
# Immigration Law
# Cyber Law
# Lok Adalat, legal Aid & PIL
# Forms
# Trademarks
# Woman issues
# Medico Legal
# Consumer laws
# Criminal laws
# Supreme Court Judgments


Published : May 08, 2015 | Author : Yogesh Kolekar
Category : Cyber Law | Total Views : 10431 | Rating :

  
Yogesh Kolekar
Yogesh Prasad Kolekar BAL,LLM,NET, Assistant Professor, Ismailsaheb Mulla Law College, Satara
 

Electronic Signature – Legal and Technical aspect

The traditional signatures are hand written and are uniquely representative of one’s identity. The use of signature is mandatory in law in certain cases and holds an important legal position in the document as it signify two things, the identity of the person and its intent to it. The Signature is one’s identity on a document and is used in day to day transaction and in case of illiterate persons its fingerprint is considered as his signature. The handwritten signature is prone to forgery and tampering hence insufficient for online transaction and contracts. The online transaction requires unique and strong protection which is served by electronic signature.

The concept of digital signature was introduced through Information Technology Act 2000 in India, which is enhanced with hybrid concept of electronic signature which is based on UNCITRAL Model Law on Electronic Signatures 2001. The electronic signature is a technologically neutral concept and includes a digital signature. The object and purpose of electronic signature are similar to that of traditional signature. In cyber world electronic signature ensures that the electronic records are authentic and legitimate as electronic signature are safer and cannot be forged and is convenient as the sender himself does not have to be present personally at the place to contract to sign the document. For example a person can sign a contract in India and send it to any part of the world to complete the transaction.

UNCITRAL Model Law on Electronic Signatures 2001

The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides following statement which signifies the importance of electronic signature.

“The increased use of electronic authentication techniques as substitutes for handwritten signatures and other traditional authentication procedures has suggested the need for a specific legal framework to reduce uncertainty as to the legal effect that may result from the use of such modern techniques (which may be referred to generally as “electronic signatures”). The risk that diverging legislative approaches be taken in various countries with respect to electronic signatures calls for uniform legislative provisions to establish the basic rules of what is inherently an international phenomenon, where legal harmony as well as technical interoperability is a desirable objective.”

Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”

The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.

Technical aspect of Digital Signature

The digital signature is created and verified by using the Public Key Infrastructure (PKI) technology that requires two keys that is a public key and a private key for encrypting and decrypting the information. The message is encrypted with a public key can only be decrypted using the corresponding private key and vice versa. The unique feature in public key infrastructure is that the public and private keys are related to each other and only the public key can be used for encrypting messages that can be decrypted using the corresponding private key. The public key is shared, whereas the private key is known only to its possessor. The digital signature is based on Cryptography. Cryptography is the science to secure communications by converting the message (encrypting ) into an unreadable format and only the person with a secret key can decrypt (read) it. Cryptography systems can be broadly classified into two types i.e., symmetric-key and asymmetric.

In symmetric systems, both the sender and recipient have same keys and asymmetric system each user has two keys a public key that is known to everyone and a private key that is known only the recipient of messages. In India signature uses an asymmetric system that has a public key and private key.

Digital Signature Certificates

Digital Signature Certificates are digital format certificate to prove identity in the digital world. The digital signature certificates are issued by Certifying Authorities under the authority of Controller of Certifying Authorities. A Digital Signature Certificate is an electronic document that can be used to verify that the public key belongs to the particular individual. Digital Signature Certificates contains Public key of the certificate owner, Name of the owner, Validity “from” and “to” dates, Name of the issuing authority, Serial number of the certificate, Digital signature of the issuing authority name of the person, etc. There are three different classes of digital certificate. They class I, class II and class III. Depending on the type, each digital certificate provides specific functions.

Legal aspect Digital Signature

Section 3 of the Information Technology Act 2000 provides for authentication of electronic records. It provides that the electronic records can be authenticated by using digital signatures. It lays down technology requirements for digital signatures. It prescribes the use of an asymmetric crypto system and hash function for authentication of electronic records. Authentication of an electronic document is important as it ensures that the message has not been tampered and confirms the creator’s identity, making it non repudiable, i.e., the sender cannot deny its creation. The object of authentication is achieved by the use of asymmetric system and hash function which convent the electronic message into an unreadable format to prevent tampering of electronic record.

A hash function is the method or scheme used for encrypting and decrypts digital signatures. A hash function produces a hash value which is also known as a message digest. It plays an important role in ensuring that the message has not been tampered and information is safe and secure.

Functions of Electronic Signature

The concept of electronic signature was introduced under section 3A of the Information Technology (Amendment) Act 2008. An electronic signature means authentication of an electronic record by a subscriber by any means of electronic authentication techniques. An electronic signature technique can be used as an authorized electronic signature if such technique is notified by the central government in the official gazette or in the second schedule of the Act. There are different types of electronic signature, however, all of them are not secure; hence only the techniques notified in the official gazette or in the second schedule can be used as a legitimate electronic signature. For example typed name, a digitized image of a signature is also a form of electronic signature, but is prone to tampering and are insecure. The electronic signature technique has to be reliable to be recognized as an electronic signature. Section 3A of the Information Technology Act 2000 is based on Article 6 “Compliance with a requirement for a signature” of UNCITRAL Model Law on Electronic Signatures 2001. The following are the requirement of an electronic signature.

a) It has to be reliable.
b) The central government may notify in the official gazette the technique and procedure for electronic signature or specify in the second schedule of the Information Technology Act 2000.

An electronic Signature shall be considered as reliable if it fulfills following requirement,

a) The technique should be such that it can be linked to the creator of the message.
b) The technique of electronic signature must be under the control of the maker of the signature.
c) Any change or alteration to the electronic signature after affixation must be detectable.
d) Any change or alteration of data after affixing electronic signature must be detectable.

The Central Government is the authority to declare the technique as reliable electronic signature and can add or remove any technique from the electronic authentication technique. As on date the central government has not issued any notification on the concept of electronic signature and thus the electronic signature has not gained much attention. In this regard the Delhi high court has directed the central government to frame policy on electronic signature for authentication of electronic records. The only method of authentication of electronic records in India presently being digital signature as there are no guidelines on use of electronic signature.

The legal recognition of electronic signature has been provided under section 5 of information technology Act 2000. This section equates electronic signature as traditional handwritten signature. It provides that if any, information or document if confirmed by electronic signature shall have the same effect as the affixing of signature if done according to the prescribed manner. The central government shall prescribe the manner in which electronic signature has to be affixed.

Offenses related to Electronic Signature

The offenses related to electronic signature are generally related identity theft, publication of false electronic signature certificate, publication of electronic certificate with fraudulent purpose. Section 66C of the Act punishes for identity theft. This Act punishes fraudulent use of electronic signature of any other person and such person shall be punished with imprisonment of up to three years and will also liable to pay fines which may extend up to one lakh.

Misrepresentation or suppression of material fact in order to obtain any license or electronic signature is an offense under section 71 of the Act. This section is applicable in following cases
a) If a person makes a misrepresentation to the Controller or Certifying authority.
b) If a person suppresses any material fact from, the Controller or Certifying authority.

Such misrepresentation or suppression of material fact with the intent to obtain any license or electronic certificate from, the Controller or Certifying authority is punishable with imprisonment of up to two years and fine up to rupees one lakh. The information to be provided to the Controller or Certifying authority should be proper and correct and presentation of wrong, incorrect or false information is an offense under Section 71 of the Act.

Publication of electronic signature certificate which is false in certain particulars is an offense under section 73 of the Act. The following shall amount to publication of false particulars in an electronic certificate,

a) Publication of Electronic signature certificate which the certifying authority has not issued.
b) Publication of Electronic signature certificate which subscriber of the certificate has not accepted.
c) Publication of Electronic signature certificate which is revoked or suspended.

Sec 74 of the Act punishes creation, publication or providing of electronic signature certificate for fraudulent or unlawful purpose with imprisonment for a term which may extend up to two years or a fine which may extend up to one lakh.

Conclusion

The growing online transactions and contracts requires stronger protection which is currently fulfilled by digital signature. However, it would be in the interest of cyber community if the Government allows and initiate multiple method of authentication like the use of fingerprint or aadhaar card linked with password based online transaction. The multiple methods would permit easy identification of persons which will assist in curbing online frauds and ease online transaction and further enhance online security of users as to even today the factual identity of persons online is a mirage.
******************

Sujata Pawar and Yogesh Kolekar, 'Essentials of Information Technology law', Notionpress, 2015

# A mark or sign made by an individual on an instrument or document to signify knowledge, approval, acceptance, or obligation. The term signature is generally understood to mean the signing of a written document with one's own hand. However, it is not critical that a signature actually be written by hand for it to be legally valid. It may, for example, be typewritten, engraved, or stamped. The purpose of a signature is to authenticate a writing, or provide notice of its source, and to bind the individual signing the writing by the provisions contained in the document. Because a signature can obligate a party to terms of a contract or verify that the person intended to make a last will and testament, the law has developed rules that govern what constitutes a legally valid signature. The Internet and other forms of telecommunication have created the need to transact legally binding agreements electronically….." http://legal-dictionary.thefreedictionary.com/signature
# Section 463 of Indian Penal Code: Whoever makes any false documents or electronic record part of a document or electronic record with, intent to cause damage or injury, to the public or to any person, or to support any claim or title, or to cause any person to part with property, or to enter into any express or implied contract, or with intent to commit fraud or that fraud may be committed, commits forgery.
# Sec.2(p) of the Information technology Act 2000, digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3
# Sec. 2(ta) of the Information technology Act 2000, electronic signature means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature
# http://www.uncitral.org/pdf/english/texts/electcom/ml-elecsig-e.pdf
# Article 2 (a) of UNCITRAL defines an electronic signature as means data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message.
# Section 2(zg) of the Information technology Act 2000, subscriber means a person in whose name the Electronic Signature Certificate is issued
# “PKI is a security architecture used for secure communication over Internet. PKI enables users to exchange information or perform monetary transactions securely through Internet. PKI ensures the authenticity of the sender, security and accuracy of the information sent to the receiver. It provides assurance that the information sent is accurate and authentic and it can be produced as evidence in court.” http://www.e-zest.net/blog/public-key-infrastructure/
# Section 2(zc) of the Information technology Act 2000, public key means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate# Section 2(zd) of the Information technology Act 2000, private key means the key of a key pair used to create a digital signature

# “The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy because it's effective and free. Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.” http://www.webopedia.com/TERM/C/cryptography.html

# Section 2(q) of the Information technology Act 2000, means a Digital Signature Certificate issued under sub-section (4) of section 35.

# Section 2(g) of the Information technology Act 2000, means a person who has been granted a licence to issue a electronic signature Certificate under section 24.

# Sec. 18(a) exercising supervision over the activities of the Certifying Authorities

# http://www.certificatetiger.com/News/difference-between-digital-certificate-and-digital-signature.htm# There is another class of digital certificate which is called as Class 0 Certificate. It is issued only for demonstration/ test purposes.

# http://www.digitalsignatureindia.co.in/

# “A unique numerical identifier that can be assigned to a file, a group of files, or a portion of a file, based on a standard mathematical algorithm applied to the characteristics of the data set. The most commonly used algorithms, known as MD5 and SHA, will generate numerical values so distinctive that the chance that any two data sets will have the same hash value, no matter how similar they appear, is less than one in one billion. ‘Hashing’ is used to guarantee the authenticity of an original data set and can be used as a digital equivalent of the Bates stamp used in paper document production.”
# “Managing Discovery of Electronic Information: A Pocket Guide for Judges,” Federal Judicial Center, at 24 (2007)
# Article 6. Compliance with a requirement for a signature 1. Where the law requires a signature of a person, that requirement is met in relation to a data message if an electronic signature is used that is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement. 2. Paragraph 1 applies whether the requirement referred to therein is in the form of an obligation or whether the law simply provides consequences for the absence of a signature. 3. An electronic signature is considered to be reliable for the purpose of satisfying the requirement referred to in paragraph 1 if: (a) The signature creation data are, within the context in which they are used, linked to the signatory and to no other person; (b) The signature creation data were, at the time of signing, under the control of the signatory and of no other person; (c) Any alteration to the electronic signature, made after the time of signing, is detectable; and (d) Where a purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable. http://www.uncitral.org/pdf/english/texts/electcom/ml-elecsig-e.pdf
# Sec. 3A(a) of Information Technology Act 2000
# Sec. 4 of Information Technology Act 2000
# Sec. 3A(b) of Information Technology Act 2000
# Sec.3A(2)(a) of Information Technology Act 2000
# Sec.3A(2)(b) of Information Technology Act 2000
# Sec.3A(2)(c) of Information Technology Act 2000
# Sec.3A(2)(d) of Information Technology Act 2000
# http://ptlb.in/iips/?p=303

 

Written By: Yogesh Prasad Kolekar, BAL,LLM,NET, Assistant Professor, Ismailsaheb Mulla Law College, Satara




1 2 3 4 5
Rate this article!     Poor
Excellent    

Most viewed articles in Cyber Law category
Offences & Penalties under the IT Act, 2000
Online Copyright Infringement & Liability of Search Engines
Issue of Jurisdiction in Combating Cyber Crimes: Issues and Challenges Pornography and Indian Jurisdiction
Cyber Torts
Email Privacy & Anti-spam Law
Software Licensing Agreement
White Collar Crimes - cyber crimes
Cyber Forensics & Electronic Evidences: Challenges In Enforcement & Their Admissibility
Historical Perspective of Terrorism & Cyber Terrorism
Electronic Signature: Legal and Technical aspect
Prevention of Cyber Crime
Cyber Crime - Issues Threats and Management
Telecommunication laws in India and its drawbacks
Cyber Terrorism - Quick glance
Keyword Trademark Infringement - A Countrywise Analysis
Perspective of Information Technology
Most recent articles in Cyber Law category
E-Evidence in India
Cyber Jurisprudence An Internalisation In Indian Matrix
A study of Formation and challenges of electronic contract in cyberspace
Electronic Signature: Legal and Technical aspect
Proposed Amendments Affecting Transmission Service Provider
Cybersquatting and Domain Names
Right to Privacy and Social Networking Websites
Data Privacy And Cyber Security Policies Shaping The Legal Outsourcing Landscapes In India
Telecommunication laws in India and its drawbacks
A Clarion Call To BPOs In India
Social Media Governance In India
Prevention of Cyber Crime
Issue of Jurisdiction in Combating Cyber Crimes: Issues and Challenges Pornography and Indian Jurisdiction
Cyber Crime: Default in success of conviction due to lack of jurisdiction
Cyber Offences - A Technological Termite
Cyber Terrorism - Quick glance

Article Comments

Posted by Manoj Kumar on November 01, 2016
How can the owner of the digital signature be monitored /updated on the signatures made in different location by a third party?

Post Your Comments
Name

Email

Your comments

Note : Your email address is only visible to admin, other members / users cannot see it.

You can use following FXCodes


BOLD : [b]
Italic : [i]

[b] Legal Services India [/b] is a [i]nice website[/i].
[url= http://www.legalservicesindia.com/article/ ]click here to visit.[/url]

Legal Services India is a nice website.
Click here to visit

 

Note : Currently, user comments are moderated and will be posted only after approval.



Welcome!
Please login or register a new free account.

Random Pick
Man is the only animal who believes in keeping order in his world. This was one of the reasons that he invented the concept of law....

Statistics
» Total Articles
1380
» Total Authors
3994
» Total Views
15599692
» Total categories
40

Law Forum


Legal Articles

Lawyers in India- Click on a link below for legal Services

lawyers in Chennai
lawyers in Bangalore
lawyers in Hyderabad
lawyers in Cochin
lawyers in Pondicherry
lawyers in Guwahati
lawyers in Nashik

lawyers in Jaipur
lawyers in New Delhi
lawyers in Dimapur
lawyers in Agra
Noida lawyers
lawyers in Siliguri

For Mutual consent Divorce in Delhi

Ph no: 9650499965
For online Copyright Registration

Ph no: 9891244487
Law Articles

lawyers in Delhi
lawyers in Chandigarh
lawyers in Allahabad
lawyers in Lucknow
lawyers in Jodhpur
Faridabad lawyers

lawyers in Mumbai
lawyers in Pune
lawyers in Nagpur
lawyers in Ahmedabad
lawyers in Surat
Ghaziabad lawyers

lawyers in Kolkata
lawyers in Janjgir
lawyers in Rajkot
lawyers in Indore
lawyers in Ludhiana
Gurgaon lawyers

TOP

India's Most Trusted Online law library
Legal Services India is Copyrighted under the Registrar of Copyright Act ( Govt of India) 2000-2016
 ISBN No: 978-81-928510-1-3