Many people confuse digital signature with digital certificate but actually it is not the same. A digital signature is an electronic signature issued by an authority after appropriate verification. The reason for the verification is to make the digital or electronic signature authentic. A digital signature has many advantages. Firstly, it is portable. Secondly, it cannot be copied. Due to its immense security softwares provided by the certifying authority, it becomes impossible to copy the electronic signature. Thirdly, it is portable. A person does not have to go to the places personally and then sign a piece of document. It is easy to just sit in some other part of the world sign a particular contract and send it through e-mail. Fourthly, digital signature is prompt; it mainly comes handy when matter is urgent. Through courier no matter how much time it takes the document could be signed through digital signature and sent within few seconds.
There are authorities like Tata Consultancy Services, National Informatics Center (NIC) etc. These agencies provide digital signature to the organizations or individuals. These companies are known as certificate issuing authority. There are only seven certifying authorities appointed by the CCA (Controller of Certifying Agency). CCA was established under the IT Act, 2000. The seven agencies are Tata Consultancy Services (TCS), National Informatics Center (NIC), IDRBT Certifying Authority, Safe Scrypt CA Services, Sify Communications Ltd., (n) Code Solutions CA and MTNL Trust Line. These agencies provide a high level assurance for the authenticity of digital signature. They make sure that no fraud has been done while issuing certificate to the organizations, through public key. Anyone can see if the digital signature is authentic or not. The companies have to obtain Digital Signature Certificate (DSC) the validity of these certificates is maximum upto two years of renewal. The reason for doing these is because there will be a continuous check on the companies as well as on the certifying authorities. Digital signature or electronic signature is important because the electronic documents or the Electronic Data Interchange (EDI) cannot be signed manually and so an electronic signature is needed. The digital signature contains all the relevant and authentic detailed information which the opposite party needs to know, it provides information like contact details, registered office address and most importantly the senders name. So that any dispute takes place matter can be pulled to the court. Digital signature is not time consuming at all, a handwritten signature has to be verified with the specimen signature cards, each and every document has to be processed to see if the document is real or not, then sometimes the signature also may be forged and it can be overlooked. There is a chance of human error due to the laborious processing of the document, whereas digital signature is already issued by a certificate issuing authority with proper verification and being certified by them as authentic. So it becomes less troublesome for the opposite party and they also don’t have to see the specimen signature card and process each and every document.
Evolution Of Digital Signature
In 1976, Whitfield Diffie and Martin Hellman came to describe the idea of a digital signature scheme for the first time. Later, the RSA algorithm was invented by Ronald Rivest, Adi Shamir and Len Adleman. These could be utilized to produce primitive digital signatures only in cases of proof-of-concept as “plain” RSA signatures are not secure. The above- mentioned algorithm was used by lotus notes in a software package offering a digital signature which received a good market response in 1989.
Thereafter, such other digital schemes were evolved after the said RSA, namely the “Lamport signatures, merkle signatures (named after “merkle trees” or simply “hash trees”) and Rabin signatures. In 1988, Shafi Goldwasser, Silvio Micali and Ronald Rivest came to suggest a few security requirements of such digital signature schemes. They also proposed to apply a hierarchy of attack models for signature schemes and also a GMR signature scheme which can be proved in the first instance for the prevention of a subsisting forgery against a selected message attack. The signature schemes invented at the early phase were mostly the same, the common thing being the use of a trapdoor permutation such as the RSA function etc.
Legal Provisions Under IT Act, 2000.
This act was passed from both houses of the parliament on May, 2000. The Information Technology Act also contains Cyber Laws. The IT Act is the most recent act in our developing nation. The IT Act is being enacted keeping in mind the e-commerce and the fraud which is being committed through the internet. When internet came to our house, it was new to everyone. Many new ingredient of offence came with internet like hacking, internet fraud, obscenity etc. To correspond with this new set of offences a new law was required. The new set of offences did not exactly fit in the definition of the present acts. Thus the IT Act was introduced. The objective of the IT Act is to recognize the digital signatures and the electronic document.
Sec 3 of the IT authenticates digital signature. It says that authentication of data can be done through digital signature. It also says that any user can use the public key and see if the particular document is authentic or not.
Sec 5 gives legal recognition to the digital or electronic signature, it says that any electronic document which is affixed by a digital signature should be considered as authentic and satisfied by law.
Chapter IV of the IT Act, gives a detailed account of how the certifying authorities will work. Sec 18 describes the functions of the controller. It gives a supervision power over the certifying authority.
Sec 19 gives condition and restrictions for recognition of the foreign certifying authority.
Chapter VIII of the IT Act describes the duties of the subscribers. While issuing the certificate the authority provides two keys to the subscriber viz. private and public key. The private key should be kept with the subscriber only and not be published; the subscriber should reasonable care to retain the public key; he should take all care to prevent its disclosure (Sec 42).
Chapter IX of the act provides penalties, compensation and adjudication. This chapter protects the person if any tampering is done, or if any fraud is being committed to any person’s computer and it gives the provisions of penalties and compensation.
The IT Act elaborately gives legal recognition to the digital signature & further it talks about the duties of subscribers and penalties and compensation if tampered the digital signature. IT Act is the new tool to fight against the new set of e-fraud committed in recent times.
Provisions Under The Indian Evidence Act, 1872.
Digital signature is recognized under the Indian Evidence Act under sec 73-A: proof as to verification of digital signature. This act expressly asks for proof to the digital signature holder. The court asks the holder to produce the certifying authority certificate. Once it is established authentic, the court takes account of the document as evidence (primary or secondary as the case may be). Sec 73-A of the Act gives a legal recognition of the electronic data. If a digital signature is affixed, then by the law of evidence the court sees if it is issued by the proper certifying authority. Sec 73-A (a) states that “that person or the controller or the certifying authority to produce digital signature certificate.” Through this sec, the Act recognizes the piece of electronic data affixed with a digital signature, provided it is issued by the appropriate controller or certifying authority.
Although electronic data and electronic signature is an upcoming field in law, Indian law is trying to cope up with this technical era through various amendments in the existing laws, along with the inclusion of the I.T. Act of 2000. The I.T. act opened a new horizon altogether. It is a tool to cope with the internet fraud and other offences further it provides penalties of offences. When internet age came everyday a new set of laws like the intellectual property laws, cyber crimes, the Indian Penal Code (obscenity) were broken. The existing laws were not sufficient enough. In due course of time new laws are being enacted and in future many more amendments are required to be made as the World Wide Web is becoming more and more global.
Student, Symbiosis Law School, Pune
Student, Department Of Law, University Of Calcutta, Kolkata.
[Submitted as an entry for the MightyLaws.in Blog Post Writing Competition, 2011]