Sie sind auf Seite 1von 17

INFORMATION & TECHNOLOGY ACT 2000

ATM Global Business School

Prepared By: POOJA RANA

Objectives of the Act


1. to provide a legal and regulatory regime to facilitate reliable e- commerce and egovernance. 2. to provide legal parity between paper based communication and internet based communication.

ATM Global Business School

Security Procedures
To ensure safe and secure communications during e- commerce operations, one or more of the following security procedures can be adopted: (1) encryption (2) digital signatures (3) digital certificates

ATM Global Business School

Encryption
1. sending message in a coded form, only recepient can decode 2.conversion of regualr text into a coded or secret text. 3.use of mathematical formulae or algoritham. converts normal message into coded form. 4.Decryption: coded message is to be reconverted into their normal forms to become understandable to the receiving person.
ATM Global Business School

key
a key is a specific sequences of digits representing a very large numerical value generated by a complex mathematical formula. used for encryption of an electronic message into codes and again for the decryption

ATM Global Business School

system of encryption
coding and decoding with the help of computers encryption process involves 4 elements: 1.original message that has to be codified 2.the encryption algorithm/ mathematical formula 3.the key to encrypt and decrypt a message 4.the coded message or thr ciphertext
ATM Global Business School

types of encryption
1. single key or pvt key or symmetrical key encryption 2. double key/ public key encryption/ asymmetrical key Private key: Only one key used to codify and decode the receiver of the mesaage Public key: two keys to be used, one would be a private key and other public key
ATM Global Business School

Difference between private and public key


I. the private key is secret and is not revealed to anyone, Public key is meant to be revealed to the person with whom a person is dealing. II. private key is not lsited in the Digital Signature certificate issued by the Certifying authority. Public key of the owner is listed in the certificate. III.pvt key is mainly used to encrypt a digital signature. public key is used to encrypt a message.

ATM Global Business School

making of an electronic message


originator addressee intermediary

ATM Global Business School

Digital Signature
it is a secret digital value which identifies its owner. it means authentication of any electronic record by a subscriber of an electronic record. it must be noted that a digital signature is not an electronic image of the hand written or anything similar to it. functions of signature: 1. to grant authenticity 2. to ensure non denial by the sender it forms a pair of pvt key and public key
ATM Global Business School

steps required for affixing Digital Certificate


the sender prepares the total message to be sent including his name. he applies a hash function, i.e. a mathematical formula or algoritham, in the form of a computer software, on the message to encrypt it using addressee's public key. he encrypts thsi has result again using the same hash functions and his own private key. the outcome of this encryptionis accepted as the digital signature of the sender. he sends to the addressee both the things, the message and digital signature.
ATM Global Business School

Digital Signature Certificate


1. subsriber means a person in whose name the digital signature certificate has to be issued. 2. when a person wants to own a public and a private key and use authenticated digital signature on his electronic messsages and records, he has to obtain a DSC. For this he has to apply to a "Certifying Authority" which is a private professional agency authorized by government for this purpose. 3. this certificate authenticates that the person concerned is the owner of the specific public key to be lsited.
ATM Global Business School

DSC.....CONTD.
a person will become entitled to legally use the digital signature after he has obtained DSC from the Certifying Autority. contents of a DSC: INFORMATIONABOUT THE SUBSCRIBER INFORMATION ABOUT THE ca'S ISSUE DATE AND PERIOD OF VALIDITY SERIAL NUMBER OF THE CERTIFICATE PUBLIC KEY OF THE SUBSCRIBER PUBLIC KEY OF THE SUBSCRIBER HAS FUNCTION I.E. THE ALGORITHM CA's public key and digital certificate

ATM Global Business School

Electronic Governance
the governance by the government through procedures involving electronic communication. the Act contains the following provisions to facilitate e- governance: legal recognition of electronic records legal recognition of digital signatures use of electronic records and digital signatures in Govt and its agencies retention of electronic records publicationof rules, regulations etc. in electronic gazette
ATM Global Business School

Digital Signature Infrastructre


IT Act, 2000 has prepared the ground for the creation and effective functioning of regulatory authority to look after the PKI (Public Key Infrastructure) or the Digital Signature Infrastructure. this infrastructre would have 2 components: 1. CCA (Controller of Certifying Authority, placed by Central Govt.) 2. CA (Certifying Authorities which will issue digital signature certificate).

ATM Global Business School

Functions of CCA
Supervision over the activites of the CA's certification of public keys of CA's laying down the standards to be maintained by CA'S specifying the qualifications and experience which emplyees of CA should possess. conditions subject to which CA shall conduct their business. specifying the contents, image, print, form and content etc of a DSC laying down the dutie of CA's resolving any conflict between CA's and subscribers

ATM Global Business School

ATM Global Business School