Sie sind auf Seite 1von 104

Importance and Effect

of Electronic Signature
and Electronic Records

The new communication


system
and
digital
technology has made a
dramatic change in the way
in which the people transact
with each other.
2

Nowadays businessmen and


consumers are using the
computers
to
create,
transmit and store the
information in the electronic
form instead of traditional
paper documents.
3

The information stored


data in electronic form
has many advantage like
store,
retrieve
and
speedier to communicate.
4

Though the consumers are


aware of these advantages,
they
are
reluctant
to
conduct business or conclude
any electronic transaction in
the electronic form due to
lack of appropriate legal
framework.
5

Two important and principal


hurdles which stand in the
way of facilitating the
electronic commerce and
electronic governance are
the requirements as to
writing and signature for
legal recognition.
6

At present, many legal


provisions
assume
existence
of
paper
based
records
and
documents which bear
the signatures.
7

The obvious reason is such that


the law of evidence is based upon
the paper based records and oral
testimony. On the other hand, ecommerce eliminates the paper
based transactions and so, in
order to facilitate e-commerce,
the need for legal changes
became an urgent necessity.
8

The Information Technology Act,


2000 came into force on 17.10.2000
to provide legal recognition for
transactions carried out by the means
of electronic data interchange and
other
means
of
electronic
communications to facilitate e-filing
of documents with the government
agencies and further, to amend the
IPC, Evidence Act, RBI Act and the
Bankers Books Evidence Act.
9

Vide Section 2 of the Information


Technology (Amendment) Act, 2008
which came into force on 27.10.2009,
in the Information Technology Act,
2000
for
the
words
Digital
Signature occurring in the Chapter,
Section, sub-section and Clause
referred to in table below Section 2
of Amendment Act, the words
Electronic Signature shall be
substituted.
10

Authenticity
Suppose A sends to B a
digitally signed message, how
would B make sure that it is
the message indeed originated
from A? How to authenticate
that the message was from A
only, and not from A1 or A2

11

Fundamental requirements
electronic
communications
transactions are

of
or

(i) authenticity of the sender to


enable the recipient (or relying
party) to determine who really
sent the message,
12

(ii)
message's integrity, the
recipient must be able to determine
whether or not the message received
has been modified en route or is
incomplete and
(iii) non-repudiation, the ability to
ensure that the sender cannot falsely
deny sending the message., nor falsely
deny the contents of the message.
13

Need for Digital Signature


It has been realized that Internet being
a public network would never be secure
enough and there would always be a fear
of interception, transmission errors,
delays,
deletion,
authenticity
or
verification of an electronic message using
Internet as a medium.
Hence the goal was to protect the
message, not the medium.
14

The basic problem with the aforesaid


digital signature regime is that it
operates online, software driven space,
without human intervention.
Sender sends a digitally signed message;
recipient receives and verifies it.
The only requirement is that both sender
and the recipient to have digital
signature software at their respective
ends.
15

Anything that can be


stored electronically is
software. The storage
devices
and
display
devices are hardware.
16

The
terms
software
and
hardware are used as both nouns
and adjectives. For example, you
can say: "The problem lies in the
software," meaning that there is
a problem with the program or
data, not with the computer
itself. You can also say: "It's a
software problem."
17

The distinction between software


and hardware is sometimes
confusing because they are so
integrally linked. Clearly, when
you purchase a program, you are
buying software. But, to buy the
software, you need to buy the
disk (hardware) on which the
software is recorded.
18

Software is
categories:

often

divided

into

two

* System
Software:
Includes
the
operating system and all the utilities that
enable the computer to function.
* Application
Software:
Includes
programs that do real work for users. For
example, word processors, spreadsheets,
and database management systems fall
under the category of applications
software.

19

Basically a digital signature is a two


way process, involving two parties:
The signer (creator of the digital
signature) and
The recipient (verifier of the digital
signature).
A digital signature is complete, if
and
only
if,
the
recipient
successfully verifies it.
20

Digital signatures are an actual


transformation of an electronic message
using public key cryptography. It requires
a key pair (private key for encryption and
public key for decryption) and a hash
function (algorithm).
Electronic form included audio, video,
data, text or multimedia files generated,
sent, received or stored in media,
magnetic, optical, computer memory, micro
film, computer generated micro fiche or
similar device.
21

Functions {see section-2(u)}


are the expression of algorithms
in a specific computer language.
The
definition
identifies
computer functions as, logic,
control, arithmetical process,
deletion, storage and retrieval
and
communication
or
telecommunication from or within
a computer;

22

An intermediary is a link
between an originator and an
addressee. An Internet Service
Provider (ISP) is one such
intermediary. It is like a virtual
post office. It receives, stores or
transmits electronic messages
through its mail servers on behalf
of another person (originator
and / or addressee).
23

A search engine is a facilitator


of information between two
parties, without knowing the
content of information. Its main
job is to provide the results of a
keyword search as closely as
possible to the user. It neither
knows the identity of the user
nor the intent of usage of
information.
24

Limitations
Whether technological evidence is
a threat to the right to a fair trial
or the right against incrimination as
guaranteed
by
the
Indian
Constitution?
What
are
the
statistical
probabilities
of
technological
evidence going wrong?
25

Caution is appropriate,
unreasonable doubt is
not.
Daniel Koshland, Editor
Science Magazine
26

There must be a
unique balance between
scientific evidence and
human evidence.

27

Scientific evidence is one of the


means to get closer to the truth
and thus is not an end in itself.
For example, though digital
signatures is a mathematical
reality but the fate of every case
depends upon its own factual
matrix.
28

The entire process of procuring


digital evidence is controlled by
human agencies.
Can it be manipulated, tampered
with?
The science may be infallible, but
human action, which controls the
result of the scientific forensic
examination, is always fallible.
29

Applying technology and getting


desired results is one thing, but
appreciating the value of the
evidence is another.
One may lose evidence not
because of lack of technology,
but
because
of
lack
of
appreciation of technology.
30

Paper signatures v/s Digital Signatures


Parameter

Authenticity
V/s

Integrity
Nonrepudiation

Paper

Digital

May be forged

Can not be
copied

Signature
independent of
the document

Signature
depends on the
contents of the
document

Handwriting
expert
needed
Error prone

Any
computer
user
Error free
31

Paper signatures v/s Digital Signatures


Parameter

Purpose
V/s

Evidence
Signer
Identification

Paper

Digital

To
authenticate
the message as
originating
from purported
signer

To authenticate
the message as
originating from
purported signer

distinctive,
attributable to
the signer only

distinctive,
attributable to
the signer only

Notary
/witnesses

Trusted Third
Party (CA)
32

A major benefit of public key


cryptography is that it provides a
method
for
employing
digital
signatures.
Digital
signatures
enable
the
recipient of the information to verify
the authenticity of the informations
origin, and also verify that the
information is intact. Thus, digital
signatures provide authentication and
data integrity.
33

A digital signature serves the same


purpose as a handwritten signature.
However, a handwritten signature is
easy to counterfeit. A digital
signature
is
superior
to
a
handwritten signature in that it is
nearly impossible to counterfeit,
plus it attests to the contents of
the information as well as the
identity of the signer.
34

Digital
Signature
technology requires key
pair (private key for
encryption and public key
for decryption) and a hash
function (algorithm).
35

The art and science of keeping


messages secure is cryptography

Plain Text

Encryption

Decryption

Plain Text

Cipher Text

36

Cryptography has a long and interesting


history.
Cryptography is primarily used as a tool to
protect national secrets and strategies.
It is extensively used by the military, the
diplomatic services and the banking sector.
One of the landmark developments in the
history
of
cryptography
was
the
introduction of the revolutionary concept
of public-key cryptography.
37

How cryptography works?


Cryptography is the science of using
mathematics
to
encrypt
and
decrypt data. Cryptography enables
you to store sensitive information or
transmit it across insecure networks
(like the Internet) so that it cannot
be read by anyone except the
intended recipient.
38

A cryptographic algorithm, or
cipher, is a mathematical
function used in the encryption
and decryption process. This
mathematical function works in
combination with a key a very
large number to encrypt the
plaintext (the original message).
39

Encryption used to ensure


that information is hidden
from anyone for whom it is
not intended, even those who
can see the encrypted data.
The process of reverting
cipher text to its original
plaintext is called decryption.
40

The
fundamental
objective
of
cryptography is information security.
Simply put, it is to ensure the
following:
Confidentiality is used to keep the
content of information secret from
unauthorized persons. This is achieved
through symmetric and asymmetric
encryption.
Data
integrity
addresses
the
unauthorized alteration of data. This is
addressed by hash functions.
41

Authentication
is
related
to
identification. This function applies
to both entities and information
itself. This is achieved through
digital signature certificates and
digital signatures.
Non-repudiation prevents someone
from denying previous commitments
or actions. This is achieved through
digital signature certificates and
digital signatures.
42

Symmetric Cryptography
Asymmetric Cryptography

43

Symmetric Cryptography
When a single secret key is used to
maintain communication between the
sender and the receiver, it is referred
to as a symmetric cryptography or
private-key cryptographic system.
Here, both encryption and decryption
use the same key.
44

Symmetric Cryptography
K1 = K2
Encryption Key(K1)

Plain Text

Encryption

Decryption Key(K2)

Decryption

Plain Text

Cipher Text
45

An
example
of
symmetric
cryptography is the automated
teller machine (ATM) at a Bank.
When a person uses an ATM, he
gains access to his account by
entering a personal identification
number (PIN). That is the person is
authenticating himself to the Bank.
The PIN is a shared secret
between the Bank and the person.
46

Key Management
Encryption:

and

Conventional

Conventional encryption has certain


benefits. It is fast. It is especially
useful for encrypting data that is not
to be transmitted anywhere. So, if you
want to store information so that no
one can read it without your
authorization, it would be a good idea
to use conventional encryption.
47

The
persistent
problem
conventional
encryption
is
distribution:

with
key

How do you get the key to the recipient


without someone intercepting it?
The problems of key distribution in
conventional encryption are solved by
public key cryptography, a concept that
was introduced by Whitfield Diffie and
Martin Hellman in the U.S.A.
48

Asymmetric Cryptography
For both the processes of
encryption and decryption two
different keys are used.
It is referred to as a
asymmetric
cryptography
or
public-key cryptographic system.
49

Asymmetric Cryptography
Public key cryptography is an asymmetric
scheme that uses a pair of keys: a public key,
which encrypts data, and a corresponding
private key, or secret key for decryption.
Each user has a key pair given to him. The public
key is published to the world while the private
key is kept secret. Anyone with a copy of the
public key can then encrypt information that
only the person having the corresponding private
key can read.
50

Asymmetric Cryptography
K1 = K2
Encryption Key(K1)

Plain Text

Encryption

Decryption Key(K2)

Decryption

Plain Text

Cipher Text
51

ENCRYPTION

DECRYPTION

Message 1

Encrypted Message 1

Encrypted Message 1

Message 1

Central to the growth of e-commerce and egovernance is the issue of trust in electronic
environment.

9a46894335be49f0b9cab28d755aaa9cd98571b
275bbb0adb405e6931e856ca3e5e569edd13528
5482

9a46894335be49f0b9cab28d755aaa9cd985
71b275bbb0adb405e6931e856ca3e5e569ed
d135285482

Central to the growth of e-commerce and egovernance is the issue of trust in electronic
environment.

Message 2

Same Key

SYMMETRIC

The Internet knows no geographical boundaries.


It has redefined time and space. Advances in
computer and telecommunication technologies
have led to the explosive growth of the Internet.
This in turn is affecting the methods of
communication,
work,
study,
education,
interaction, leisure, health, governance, trade
and commerce.

Encrypted Message 2

a520eecb61a770f947ca856cd675463f1c95a
9a2b8d4e6a71f80830c87f5715f5f59334978
dd7e97da0707b48a1138d77ced56feba2b46
7c398683c7dbeb86b854f120606a7ae1ed93
4f5703672adab0d7be66dccde1a763c736cb
9001d0731d541106f50bb7e54240c40ba780
[Keys of a pair Public and Private]
b7a553bea570b99c9ab3df13d75f8ccfdddea
af3a749fd1411

Different Keys

ASYMMETRIC
[PKI]

Encrypted Message 2

a520eecb61a770f947ca856cd675463f1c95a9a2b
8d4e6a71f80830c87f5715f5f59334978dd7e97da
0707b48a1138d77ced56feba2b467c398683c7db
eb86b854f120606a7ae1ed934f5703672adab0d7
be66dccde1a763c736cb9001d0731d541106f50b
b7e54240c40ba780b7a553bea570b99c9ab3df13
d75f8ccfdddeaaf3a749fd1411

Message 2

The Internet knows no geographical boundaries. It has


redefined time and space. Advances in computer and
telecommunication technologies have led to the
explosive growth of the Internet.
This in turn is
affecting the methods of communication, work, study,
education, interaction, leisure, health, governance,
trade and commerce.

52

Hash Function
[compression
function,
contraction
function, message digest, finger print,
cryptographic checksum, message integrity
check, and manipulation detection code ]

A Hash Function is a mathematical


algorithm that takes a variable
length input string and convert it to
a fixed length output string [ called
hash value]
53

Hash
Function
Message
(Any Length)

HASH

Hash is a fixed length string


128 bit MD5
160 bit SHA-1
54

Hash Function
A one-way hash function takes variablelength input say, a message of any length
and produces a fixed-length output; say,
160-bits. The hash function ensures that,
if the information is changed in any way
even by just one bit an entirely different
output value is produced. The table below
shows some sample output values using
SHA (Standard Hash Algorithm).
55

For example,
Satish

c75491c89395de9fa4ed29affda0e4d29cbad290

SATISH 33fef490220a0e6dee2f16c5a8f78ce491741adc
satish

4c391643f247937bee14c0bcca9ffb985fc0d0ba

56

Two things must be borne in mind with


regard to one-way hash functions:
1. It is computationally infeasible to
find two different input messages that
will yield the same hash output.
2. It is computationally infeasible to
reconstruct the original message from
its hash output.
57

Signed Messages
Message
Message

Calculated
Calculated
Hash
Hash

Sent thru Internet

Message
Message
++
signature
signature

Message
Message
++
Signature
Signature

if
COMPARE
COMPARE

Hash
Hash

Sign
e
Mess d
ag e

SIGN
SIGNhash
hash
With
Senders
With Senders
Private
Privatekey
key

Sender

OK
Signatures
verified

Hash
Hash

Receiver

Decrypt
Decrypt
Signature
Signature
With
WithSenders
Senders
Public
PublicKey
Key
58

Hash Value, Digital Signatures


Signature Algorithm SHA1RSA

Message 1

This is a sample message for demonstration on digital signatures. This


will be used to generate a message digest using sha1 and generating
160 bit digest
Signers
Private
Key

Hash Value 1

7a08f27d5282b673fbb97cd028a7451292c052c8

Digital Signature 1

bab3dbfba30eedc0c52dacfc144df4d9c6508502

A dot is added
at the end of
the message

Message 2

This is a sample message for demonstration on digital signatures. This


will be used to generate a message digest using sha1 and generating
160 bit digest.
Signers
Private
Key

Hash Value 2

b3cafe1ea21f290ad8be71b510297d038b68a7f9

Digital Signature 2

5335ba87f67cfc65d7ea2d7dced44ea3dc16282c

Message 3

This is a sample message for demonstration on digital signatures. This


will be used to generate a message digest using sha1 and generating
160 bit digest.
Signers
Private
Key

Adding a
space
between bit
and digest

Hash Value 3

cd7db886d5e0e63d48c6c4358c86aa3d6e2afe86

Digital Signature 3

71892180a9af4dd59ceb285eda5cfc3e9b72aaf8

59

Keys:
A key is a value that works with a
cryptographic algorithm to produce a specific
cipher text. Keys are basically very, very,
very big numbers. Key size is measured in
bits. In public key cryptography, the bigger
the key, the more secure the cipher text.
However, public key size and conventional
cryptographys symmetric key size are totally
unrelated.
The algorithms used for each type of
cryptography are very different and are very
difficult to compare.
60

The public key is meant for public


consumption and private key is to be
kept confidential. The owner of the
key pair must guard his private key
closely, as sender authenticity and
non-repudiation are based on the
signer having sole access to his
private key. In an asymmetric crypto
system,
a
private
key
is
mathematically related to public key
and it is computationally impossible to
calculate one key from the other.
61

Public Key
Infrastructure and
Certifying Authorities
(With Relevant Rules)
62

Public Key InfrastructurePublic key infrastructure is about


the management and regulation of key pairs
and the process is as under:
Step 1- Subscriber applies to Certifying
Authority (CA for Digital Signature
Certificate).
Step 2 - CA verifies identity of
Subscriber and issues Digital Signature
Certificate.
Step 3 - CA forwards Digital Signature
Certificate
to Repository maintained by
the Controller.
63

Step 4-

Subscriber digitally signs electronic


message with Private Key to ensure
Sender
Authenticity,
Message
Integrity
and Non-repudiation and
sends to Relying Party.
Step 5- Relying Party receives message,
verifies
Digital Signature with
Subscriber's Public
Key, and goes to
Repository to check
status and
validity
of
Subscriber's
Certificate.
Step 6- Repository does the status check on
Subscriber's Certificate's Certificate
and
informs back to the Relying
64
Party.

Trusted Third Party: Certifying


Authority
This calls for a participation of a trusted
third party (TTP) to certify for individuals
(subscribers)
identities,
and
their
relationship to their public keys.
The trusted third party is referred to as a
Certifying Authority (CA).
The function of a CA is to verify and
authenticate the identity of a subscriber (a
person in whose name the Digital Signature
Certificate is issued).
65

Digital Signature Certificate


A digital signature certificate securely
binds the identity of the subscriber.
It contains name of the subscriber, his
public key information, name of the
certifying authority who issued the
digital signature certificate, its public
key information and the certificates
validity period.
66

These certificates are stored


in an online, publicly accessible
repository maintained by the
Controller
of
Certifying
Authorities
or
in
the
repository maintained by the
CA.
67

Licensed Certifying Authorities


in India
Safescrypt
Tata Consultancy Services (TCS)
National Informatics Centre (NIC)
Institute for Development and
Research in Banking Technology
(IDRBT)
Mahanagar Telephone Nigam Limited
(MTNL)
Customs and Central Excise

68

Verifying a Digital Signature Recipient :


Step 1: receives digital signature and the
message.
Step 2: applies signer's public key on the
digital signature.
Step 3: recovers the hash result (message
digest) from the digital signature.
Step 4: computes a new hash result of the
original message by means of the
same hash function used by the signer
to create the digital signature.
Step 5: compares the hash results recovered
69
in Step 3 and Step 4.

Hence, it is pertinent that


the Court must not be
swayed by the technicality
of electronic evidence but
should access the evidence
by following the functional
equivalent approach.
70

Digital Signature and the Law


Rule 3. The manner in which
information be authenticated by
means of Digital Signature.
The said Rule provides for the use of
public
key
cryptography
to
authenticate by means of Digital
Signatures
71

Rule 4.
Signature.

Creation

of

Digital

Rule 5. Verification of Digital


Signature.
Rule 4 and 5 contain provisions
relating
to
creation
and
verification of Digital Signatures.
72

Section 2(ta) electronic


signature means authentication
of any electronic record by a
subscriber by means of the
electronic technique specified in
the Second Schedule and
includes digital signature;
73

Section
2(1)(p)
Digital
Signature means authentication
of any electronic record by a
subscriber by means of an
electronic method or procedure in
accordance with the provisions of
Section 3.
74

Section 3 - Authentication of Electronic


Records. - (1) Subject to the provisions of
this
Section,
any
subscriber
may
authenticate an electronic record by
affixing his digital signature.
(2) The authentication of the electronic
record shall be effected by the use of
asymmetric crypto system and hash
function which envelop and transform the
initial electronic record into another
electronic record.
75

(a) to derive or reconstruct


the original electronic record
from the hash result produced
by the algorithm;
(b) that
two
electronic
records can produce the same
hash result using the algorithm.
76

(3)
Any person by the use of
a public key of the subscriber can
verify the electronic record.
(4) The private key and the
public key are unique to the
subscriber and constitute a
functioning key pair.
77

Subscriber is a person in whose name


the Digital Signature Certificate is
issued.
Authenticate means to give legal
validity to, establish the genuineness
of.
Electronic Record means data, record
or data generated, image or sound
stored, received or sent in an electronic
form or micro film or computer
generated micro fiche.
78

Affixing Digital Signature means


adoption of any methodology or
procedure by person for the purpose
of authenticating an electric record
by means of digital signature.
Asymmetric Crypto System is a
system of using mathematically
related keys to create and verify
digital signature.
79

A one-way hash function takes


variable-length input say, a
message of any length and
produces a fixed-length output;
say, 160-bits. The hash function
ensures that, if the information
is changed in any way even by
just one bit an entirely
different
output
value
is
produced.
80

In interpreting this provision, the


term digital signature must not
be compared to signature in the
conventional
sense.
This
is
because although a
person
usually has one conventional
handwritten signature for all
messages, he will have a
different digital signature for
every message that he signs.
81

Illustration
Mr. Sen writes a message as under:
Dear Mr. Gupta,

I accept the terms and conditions


discussed by us today.

Mr. S Sen
Figure 1 : Conventionally signed message
82

Here, Mr. Sens signature is as marked in the


above message. Every document he signs will
bear this signature.
However, his digital signature for this message
could be
iQA/AwUBO0BCsFPnhMicaZh0EQJllgCgt1
qtfq
azO2ppYNdZN685h2QtYQsAoOgZ
eH3gqHf5Tisz1C7tzvHC09zx
=g/BR

Figure 2: Digital Signature


83

Although his digital signature for the message in


Figure 1 is as shown in Figure 2, his digital signature
for any and every other message will be different.

E.g. if he changes the word today in the message


in Figure 1 to yesterday, his digital signature for
the new message could be:
iQA/AwUBO0BDdlPnhMicaZh0EQIOBQCgiu0v
AT47Q7VJsgeQYWU69OtV+MMAoL772XDQB
vzPYOKSWDS6wjucho1T
=TSAn

Figure 3: New Digital Signature


84

What the law implies here is that a person


may authenticate an electronic record by
means of a digital signature, which is
unique to the message being digitally
signed.
The public key and private key are
basically two very large numbers that are
mathematically related to each other. If a
particular private key was used to sign a
message, then only the corresponding
public key will be able to verify the
signature.

85

The law also lays down that the


private key and public key are unique
to each subscriber. This implies that
no two subscribers should have the
same public and private key pair.
This is practically achieved by using
very large numbers (hundreds of
digits) as keys. The probability of
two persons generating the same key
pair is thus extremely remote.
86

Section 3A. Electronic Signature.


(1) Notwithstanding anything contained
in Section 3, but subject to the
provisions of sub-section (2), a
subscriber
may
authenticate
any
electronic record by such electronic
signature or electronic authentication
technique which
(a) is considered reliable and
(b) may be specified in the Second
Schedule.
87

(2) For the purpose of this section


any electronic signature or electronic
authentication technique shall be
considered reliable if
(a) the signature creation data or
the authentication date are, within
the context in which they are used,
linked to the signatory or, as the
case may be, the authenticator and
to no other person.
88

(b) the signature creation data or


the authentication data were, at the
time of signing, under the control of
the signatory or, as the case may be,
the authenticator and of no other
person;
(c) any alteration to the electronic
signature made after affixing such
signature is detectable;
89

(d) any
alteration
to
the
information
made
after
its
authentication
by
electronic
signature is detectable; and
(e) it fulfils such other conditions
which may be prescribed.

90

(3) The Central Government may prescribe


the procedure for the purpose of
ascertaining whether electronic signature is
that of the person by whom it is purported
to have been affixed or authenticated.
(4) The Central Government may, by
notification in the Official Gazette, add to
or omit by electronic signature or electronic
authentication technique and the procedure
for affixing such signature from the Second
Schedule;
91

Explanation - For the purposes of


this sub-section, "hash function"
means an algorithm mapping or
translation of one sequence of bits
into another, generally smaller, set
known as "hash result" such that an
electronic record yields the same
hash result every time the algorithm
is executed with the same electronic
record as its input making it
computationally infeasible 92

Provided
that
no
electronic
signature
or
authentication
technique shall be specified in the
Second Schedule unless such
signature or technique is reliable.
(5) Every
notification
issued
under sub-section (4) shall be laid
before each House of Parliament.
93

Section 4. Legal recognition of electronic


records. - Where any law provides that
information or any other matter shall be in
writing or in the typewritten or printed form,
then, notwithstanding anything contained in such
law, such requirement shall be deemed to have
been satisfied if such information or matter is(a) rendered or made available in an electronic
form; and
(b) accessible so as to be usable for a
subsequent reference.
94

Section 5. Legal recognition of digital


signatures.
Where any law provides that information or
any other matter shall be authenticated by
affixing the signature or any document
shall be signed or bear the signature of any
person (hen, notwithstanding anything
contained in such law, such requirement
shall be deemed to have been satisfied, if
such
information
or
matter
is
authenticated by means of digital signature
affixed in such manner as may be
prescribed by the Central Government.
95

Explanation.- For the purposes


of this section, "signed", with its
grammatical
variations
and
cognate expressions, shall, with
reference to a person, mean
affixing of his hand written
signature or any mark on any
document and the expression
"signature" shall be construed
accordingly.
96

Section 6. Use of electronic records


and digital signatures in Government and
its agencies.
(1) Where any law provides for(a) the filing of any form. application or
any other document with any office,
authority, body or agency owned or
controlled by the appropriate Government
in a particular manner;
(b) the issue or grant of any licence,
permit, sanction or approval by whatever
name called in a particular manner;
97

(c) the receipt or payment of


money in a particular manner,
then,
notwithstanding
anything
contained in any other law for the
time being in force, such requirement
shall be deemed to have been
satisfied if such filing, issue, grant,
receipt or payment, as the case may
be, is effected by means of such
electronic form as may be prescribed
by the appropriate Government.
98

(2) The appropriate Government


may, for the purposes of subsection (1), by rules, prescribe(a) the manner and format in
which such electronic records shall
be filed, created or issued;
(b) the manner or method of
payment of any fee or charges for
filing, creation or issue any
electronic record under clause (a).
99

9. Sections 6,7 and 8 not to confer


right to insist document should be accepted
in electronic form.
Nothing contained in sections 6, 7 and 8
shall confer a right upon any person to insist
that any Ministry or Department of the
Central Government or the State Government
or any authority or body established by or
under any law or controlled or funded by the
Central or State Government should accept,
issue, create, retain and preserve any
document in the form of electronic records
or effect any monetary transaction in the
electronic form.
100

Section 73. Penalty for publishing


Digital Signature Certificate false in
certain particulars.
(1) No person shall publish a Digital
Signature Certificate or otherwise
make it available to any other person
with the knowledge that
(a) the Certifying Authority listed in
the certificate has not issued it; or
(b) the subscriber listed in the
certificate has not accepted it; or
101

(c) the certificate has been revoked


or suspended,
unless such publication is for the
purpose of verifying a digital
signature created prior to such
suspension or revocation.
(2) Any person who contravenes the
provisions of sub-section (1) shall be
punished with imprisonment for a
term, which may extend to two years,
or with fine, which may extend to one
lakh rupees, or with both.
102

Section 74. Publication


fraudulent purpose.

for

Whoever
knowingly
creates,
publishes
or
otherwise
makes
available
a
Digital
Signature
Certificate for any fraudulent or
unlawful purpose shall be punished
with imprisonment for a term, which
may extend to two years, or with
fine, which may extend to one lakh
rupees, or with both.
103

Das könnte Ihnen auch gefallen