SlideShare une entreprise Scribd logo

Chapter 06 Information Technology Act 2000

Télécharger en tant que DOC, PDF
Robin Kapoor
Robin Kapoor
TechnologieBusiness
1  sur  6
CHAPTER 06 INFORMATION TECHNOLOGY ACT, 2000 6.1 INTRODUCTION Source of the Act  The first 17 Sections of the Act are largely based on Model Law on Electronic Commerce adopted by United Nations Commission on International Trade Law (UNCITRAL) recommended by the General Assembly of the United Nations on the 30th January, 1997 in drafting its new law. UNCITRAL - Model Law on Electronic Commerce  This Model Law provides for equal legal treatment of users of electronic communication and paper based communication. The General Assembly of United Nations by its Resolution No. 51/162 dated 30th January 1997 recommended that all States should give favourable considerations to the said Model Law when they enact or revise their laws.  The macro perspectives were: (a) to facilitate electronic commerce among and within nations, (b) to validate transactions entered into by means of new information technologies, (c) to promote and encourage the implementation of new information technologies, (d) to promote the uniformity of law: and (e) to support commercial practice.  The micro perspectives were: (a) to establish rules and norms that validate and recognise Contracts formed through electronic means, (b) to set default rules for contract formation and governance of electronic contract performance, (c) to define the characteristics of a valid electronic writing and an original document, (d) to provide for the acceptability of electronic signatures for legal and commercial purposes, and (e) to support the admission of computer evidence in courts and arbitration proceedings. Objectives of the IT Act, 2000 (a) To grant legal recognition for transactions carried out by means of Electronic Data Interchange and other means of electronic communication commonly referred to as “electronic commerce” in place of paper-based methods of communication. (b) To give legal recognition to Digital Signature for authentication of any information or matter which requires authentication under any law (c) To facilitate electronic filing of documents with Government departments (d) To facilitate electronic storage of data. (e) To facilitate and give legal sanction to electronic fund transfers between banks and financial institutions. (f) To give legal recognition for keeping books of account by Bankers in electronic form. (g) Certifying authorities will be licensed to issue digital signature certificates and a regulatory regime will be established to supervise the certifying authorities who will not, themselves be a part of the bureaucracy.  The Act extends to the whole of India including the State of Jammu and Kashmir. It also applies to any offence or contravention committed under the Act outside India by any person. However, this is subject to certain conditions. Documents excluded from the purview of the Act and justification therefor  The Act does not apply to- 1. A Negotiable Instrument as defined in the Negotiable Instruments Act, 1881. 2. A Power of Attorney as defined in the Powers of Attorney Act, 1882. . 3. A trust as defined in the Indian Trusts Act, 1882. 4. Any contract for the sale or conveyance of immovable property or any interest in such property. Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette. This is an enabling and residuary clause. CYBER SPACE – MEANING THEREOF  An Internet or network of computers can operate without constrains of space, state borders, etc. Though they are only a medium for storage and analysis and communication of information, they virtually create a world of their own – a medium in which business can be transacted without any of the inhibitions that the real world imposes.  The New Shorter Oxford Dictionary explains the expression “cyberspace” as follows: The notional environment within which electronic communication occurs, especially when represented as the inside of a computer system; space perceived as such by an observer but generated by a computer system, and having no real existence; the space of virtual reality”.  “Cyberspace” is computer-governed environment, which does not exist in reality but yet serves many of the
IIPM 41 CH. – 6 INFORMATION TECH. ACT purposes that the visible, tangible world serves. The Act does not mention cyberspace but dubs the Appellate Tribunal for which it proves as “Cyber Tribunal” 6.2 AUTHENTICATION OF ELECTRONIC RECORDS USING DIGITAL SIGNATURES [SECTION 3] What is `Authentication`  A process used to confirm the identity of a person or to prove the integrity of information.  Message authentication involves determining its source and verifying that it has not been modified or replaced in transit.  Any subscriber may authenticate an electronic record by affixing his digital signature. The authentication shall be effected by the by use of asymmetric system and hash function which envelop and transform the initial electronic record into another electronic record. DIGITAL SIGNATURE  The digital signature is created in two distinct steps. (i) Firstly - the electronic record is converted into a message digest by using a mathematical function known as “hash function” which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication. (ii) Secondly, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the message digest and which can be verified by any person who has the public key according to such private key. This will enable any person to verify whether the electronic record is retained intact or has been tampered with. It will also enable a person who has a public key to identify the originator of the electronic message. 'Hash function' - an algorithm mapping or translation of one sequence of bits into another (generally smaller) set known as 'hash result' such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible: (a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm, and (b) that two electronic records can produce the same hash result using the algorithm. CONTENT OF HASH FUNCTION MESSAGE DIGEST AGREEMENT TO ALOGRITHM RUN BE SIGNED OVER AGREEMENT ELECTRONICALLY CONTENT MESSAGE DIGEST ENCRYPTED WITH PRIVATE KEY OF SENDER GENERATE DIGITAL SIGNATURE WHICH ARE EMBOSSED ON THE AGREEMENT RECEIVER AGAIN GENERATES THE MESSAE DIGEST BY RUNNING HASH FUNCTION ALOGRITH OVER THE AT RECEIVER DIIGTAL SIGNATURE ARE ORIGINAL CONTENT OF MESSAGE AND IF MESSAGE DECRYPTED WITH SENDER PUBLIC KEY AND DIGEST GENERATED AFTER DECRYPTING DIGITAL IT GENERTAE MESSAGE DIGEST SIGNATURE OF SENDER WITH SENDER PUBLIC KEY, IT PROVES THAT THE CONTENTS ARE NOT CHANGED AND SIGNATURE BELONGS TO THE SENDER DIGITAL CERTIFICATE  A Digital Certificate is a digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its Subscriber, (3) contains the Subscriber's public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it.  A Digital Certificate is a data structure used in a public key system to bind a particular, authenticated individual to a particular public key.  A Personal Digital Certificate serves as the digital identity of an individual. Just as a Driver's License can be used to identify someone who can legally drive in a particular country, a Digital Certificate can be presented electronically to prove an individual's identity or right to access information or services on the Internet.  Digital Certificates are used to secure information and assure the identities of their owners. They also providing a means of associating individuals with electronic documents similar to the manner in which handwritten signatures associate individuals with the paper documents.  For a Digital Certificate to be trusted, it needs to be endorsed a recognized third party that is empowered by the law to issue Digital Certificates. LECTURES BY PROF. S N GHOSH
IIPM 42 CH. – 6 INFORMATION TECH. ACT Following steps are followed for obtaining Digital certificate: 1. Sender sends his public key to Certification Authority along with information specific to his identification and other relevant information. 2. The Certification Authority uses his information to verify sender and his public key, if every thing is OK, the Certification Authority returns the sender a Digital Certificate that confirms the validity of Sender Public Key. 3. Actually Certification Authority certifies public key by digitally signing the sender public key with authority private key and authority put this sign on Digital Certificate. And any user who wants to use some one's public key can verify its validity by applying the certification authority public key to the certificate. In this way user would get actual public key of sender and can tally this public key with the public key supplied by the sender.  Depending on the level of trustworthiness one wants to create towards the people he/she communicates with over the Net, the CA offers three classes of Personal Certificates: CLASS UTILITY PURPOSE Class- 1 Digitally sign email, Encrypt email; Authenticate to a Web Server to engage in secure communication. This protects all information such as credit card details that one sends to the Web Server. These certificates are not intended for, and shall not be relied upon, for commercial use where proof of identity is required. These Certificates are issued following a top down approach. Class –2 Issued as Managed Digital Certificates to employees/ partners/ affiliates/ customers of business and government organizations those are ready to assume the responsibility of verifying the accuracy of the information submitted by their employees/ partners/ affiliates/ customers. The organization is given a Digital Certificate signed by the CA to initiate the process of issuing Certificates to its employees/ partners/ affiliates/ customers. The entire organization is treated as a Sub-CA/RA. The Sub-CA/RA in turn requests the issue of Digital Certificates for employees/ partners/ affiliates/ customers of the organization from the CA. The verification of details supplied with the request for a Digital Certificate is done by the organization appointed as a Sub-CA/RA under the CA Trust Network Certificates are issued to individuals, companies and government organizations. They can be used both for personal and commercial purposes. Class - 3 They are typically used for electronic commerce applications such as electronic banking, electronic data interchange (EDI), and membership-based on-line services, where security is a major concern. The level of trust created by the Digital Certificate is based on the authentication procedures used by the CA to verify subscriber’s identity and the service guarantees offered by the CA to back up that authentication. Usually, the CA uses various procedures to obtain evidence of subscriber’s identity before issuing you the Class-3 Certificate. During verification, the subscriber will also need to be physically present before a Registration Authority (RA), qualified by the CA due to their neutrality and reliability. These validation procedures provide stronger assurances of an applicant's identity. Example – TCS has been granted licence as CA (Certifying Authority). Bombay Stock Exchange (BSE) is the RA (Registering Authority) for members of that stock exchange. Types of Digital Certificates  Generally, the CA offers Single Key Pair and Dual Key Pair support for Personal Digital Certificates, which can be used for Digital Signature and Encryption purposes.  A provision is also available to back-up the credentials the subscriber has used to receive encrypted messages/documents, so that the encrypted messages/documents can be recovered if he/she has lost the private key or if required in his/her absence, using the backed-up credentials. This can be of great help for organizations, wherein, it is necessary to recover the encrypted information received by an employee after he/she has left the organization.  The Signing Certificate is used for preparing the Digital Signature that provides Authenticity, Non-Repudiation and Integrity to electronic communication. The Signing Certificate can be used to digitally sign documents, messages, email and can also be used as an identification for the electronic application and in SSL communication with a Web Server.  Encryption key pairs that are generated at the CA end are made available to their respective owners (subscribers) in a secure manner through strong authentication procedures.  The Encryption Certificate is used for encrypting documents, messages and other forms of electronic communication that provide confidentiality. LECTURES BY PROF. S N GHOSH
IIPM 43 CH. – 6 INFORMATION TECH. ACT  This type of Certificate is backed-up. To achieve this, the credentials (Key-pairs) are generated at the CA end unlike the other types of Certificates where the credentials (Key-pairs) are generated at the Subscriber's end. The CA backs-up the key-pair and sends a copy to the Subscriber in a highly secure manner. Types Utility purpose Single Key Pair In the Single Key pair option, Digital Certificates can be used for signing and/or encryption. The credentials used for encryption are not backed-up. Dual Key Pair In the Dual Key pair option, the credentials used for encryption are backed-up. The credentials used for Digital Signature are not backed-up as that would violate the notion of Authentication and Non-Repudiation. 6.3 SOME IMPORTANT LEGAL PROVISIONS ELECTRONIC GOVERNANCE [SECTIONS 4 TO 10]  The Act provides following legal protection for filing, retention, preservation, payment etc. in the electronic/digital modes: - 1) Legal recognition of electronic records – all documents that are required to be in writing or typewritten or printed form, can now be made available and subsequently accessible in an electronic form. 2) Legal recognition of digital signatures – all documents that require signature (manual) can now be authenticated by means of digital signature affixed. 3) Filing of applications, forms, fees payment to Govt. in prescribed electronic mode– all the applications, documents/information for grant of licence, permit, sanction, approval, receipt or payment of money may now be filed/made with Government or its agencies in the electronic mode. The Government has prescribed rules and forms for the purpose. 4) Retention and retrieval of electronic records – documents, records or information that required to be retained can now retained in the electronic form. Such information shall remain accessible and usable for a subsequent reference; retained in the format as was originally generated. The details facilitating the identification of the origin, destination date and time of despatch or receipt of such electronic record shall also be made available. 5) Publication of rule, regulation, etc., in Electronic Gazette - the Official Gazette shall also be published in the electronic mode. Such Gazette will be called `Electronic Gazette`. The date of publication shall be the date of the Gazette, which was first published in any form. 6) No right to insist acceptance, retention or preservation of document in electronic form – The Central or State Government or its agencies shall not insist that documents/information shall exclusively be in electronic form. 7) Power to make rules by Central Government in respect of digital signature - The Central Government has been authorized to prescribed rules of types, manner, format, control, integrity, security and confidentially of digital signatures and electronic records. ATIRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC RECORDS [SECTIONS 11 TO 16]  Attribution electronic records - an electronic record shall be attributed to the originator if it was sent by (i) him; (ii) any authorized person or (iii) an information system programmed by or on behalf of the originator to operate automatically.  Acknowledgement of receipt - the acknowledgement of receipt of electronic record may be sent by the address (i) in prescribed form or (ii) conduct sufficient to indicate its receipt by the addressee (iii) any automated communication by addressee  Circumstances where acknowledgement though not stipulated, not received after due Notice - Where the originator has not stipulated that the electronic record shall be binding only on receipt of such acknowledgement and the acknowledgement has not been received by the originator within the specified time or within a reasonable time, then, the originator may give notice to the addressee stating that no acknowledgement has been received by him and specifying a reasonable time by which the acknowledgement must be received by him. If no acknowledgement is received within the aforesaid time limit, the originator may after giving notice to the addressee, treat the electronic record as though it has never been sent.  Time and place of despatch and receipt of electronic record -  The despatch of an electronic record - when it enters a computer resource outside the control of the originator;  The time of receipt of an electronic record – (i) the time when receipt occurs at the designated electronic record LECTURES BY PROF. S N GHOSH
IIPM 44 CH. – 6 INFORMATION TECH. ACT resource or (ii) At the time when the electronic record is retrieved by the addressee;  Place of despatch - at the place where the originator has his usual place of business or residence.  THE CENTRAL GOVERNMENT HAS NOTIFIED RULES, REGULATIONS AND GUIDELINES FOR THE PURPOSE OF THIS ACT. REGULATION OF CERTIFYING AUTHORITIES [SECTIONS 17 TO 42] Appointment, functions and powers of Controller of Certifying Authorities  A Controller of Certifying Authorities may be appointed by the Central Government by notification in the Official Gazette. Deputy Controllers and Assistant Controllers may also be appointed as the Government may think fit.  The Central Government has prescribed qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant Controllers. There shall be a seal of the Office of the Controller.  The Controller may recognise any foreign Certifying Authority as a Certifying Authority. This shall however, be done with the previous approval of the Central Government and by notification in the Official Gazette,  Any person may make an application, in the prescribed form along with requisite documents/information and fees to the Controller for a licence to issue Digital Signature Certificates. The Controller on being satisfied may grant licence for a prescribed period subject to specified terms and conditions. The Controller may revoke the licence upon violation thereof by the Certifying Authority. The revocation be also publicized in the web page of the controller.  Every Certifying Authority shall follow prescribed procedures in respect of digital signatures.  By accepting a Digital Signature Certificate the subscriber certifies to all who reasonably rely on the information contained in the Digital Signature Certificate that---- (a) the subscriber holds the private key corresponding to the public key listed in the Digital Signature Certificate and is entitled to hold the same; (b) all representations made by the subscriber to the Certifying Authority and all material relevant to the information contained in the Digital Signature Certificate are true; (c) all information in the Digital Signature Certificate that is within the knowledge of the subscriber is true.  Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in his Digital Signature Certificate. He shall take all steps to prevent its disclosure to a person not authorised to affix the digital signature of the subscriber. Controller to act as repository  The Controller shall be repository of all Digital Signature Certificates.  Further to ensure that the secrecy and security of the digital signatures the Controller shall make use of appropriate hardware, software and procedures to prevent intrusion and misuse.  The Controller shall maintain a computerised database of all public keys and the same be available to any member of the public. PENALTIES AND ADJUDICATION [SECT IONS 43 TO 47] Penalty for damage to computer, computer system, etc.  A penalty not exceeding Rs. One Crore may be imposed as compensation for damages for doing or causing to do the following acts without permission of the owner or any other person who is in charge of a computer, computer system or computer network:- (i) Accesses or secures access: (ii) Downloads, copies or extracts any data, computer data base or information; (iii) Introduces introduce any virus; (iv) Damages any database or any other programmes; (v) Disrupts any computer, computer system or computer network; (vi) Denies access to any authorised person (vii) Provides any assistance to any person to facilitate access; (viii) Charges the services availed of by a person to the account of another person. Penalty for failure to furnish information, return, etc.  Failure to file requisite Returns, Information, maintain Books or records shall entail specified penalties. And where no penalty has been prescribed compensation damages not exceeding Rs. 25,000 may be imposed. Adjudicating Officer (not below the rank of Director) to adjudicate  The Adjudicating Officer not below the rank if Director shall hold enquiry to determine whether any violation under the Act or Rules or Regulations framed thereunder has been committed by any person. He shall have the powers of a Civil Court. CYBER REGULATIONS APPELLATE TRIBUNAL [SECTIONS 48 TO 64]  The Cyber Regulations Appellate Tribunal has been constituted. Appeals against the orders of the Adjudicating Officer may be preferred before this Tribunal.  The Civil Courts have been barred from entertaining any suit or proceedings in respect of any matter which an LECTURES BY PROF. S N GHOSH
IIPM 45 CH. – 6 INFORMATION TECH. ACT adjudicating officer or Tribunal is empowered to handle.  An appeal shall lie to the High Court against an order or decision of the Cyber Appellate Tribunal. COMPUTER OFFENCES [SECTION 65 TO 68]  Penalties (pecuniary and imprisonment) have been provided under the Act for the following types of offences: (i) Tampering with Computer Source Documents (ii) Hacking with Computer System. (iii) Publication or obscene information in electronic form (iv) Misrepresentation (v) Breach of Confidentiality (vi) Publishing False Digital Signature Certificate (vii) Fraudulent Publication (viii) Offence Committed Outside India (ix) Confiscation  Further any police officer not below the rank of DSP or any other authorised person may enter any public place, search and arrest without warrant any person reasonably suspected or having committed any offence specified under the Act. LECTURES BY PROF. S N GHOSH

Recommandé

The information technology act 2000
The information technology act 2000The information technology act 2000
The information technology act 2000Naveen Kumar C
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
E payment methodss
E payment methodssE payment methodss
E payment methodssuniversity of education,Lahore
 
Digital signature
Digital signatureDigital signature
Digital signatureFilipp Kolobov
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic TransactionUnited International University
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureAdarsh Kumar Yadav
 
It act ppt ( 1111)
It act ppt ( 1111)It act ppt ( 1111)
It act ppt ( 1111)Yogendra Wagh
 

Recommandé

The information technology act 2000
The information technology act 2000The information technology act 2000
The information technology act 2000Naveen Kumar C
 
Digital signature
Digital signatureDigital signature
Digital signatureAbdullah Khosa
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
E payment methodss
E payment methodssE payment methodss
E payment methodssuniversity of education,Lahore
 
Digital signature
Digital signatureDigital signature
Digital signatureFilipp Kolobov
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic TransactionUnited International University
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureAdarsh Kumar Yadav
 
It act ppt ( 1111)
It act ppt ( 1111)It act ppt ( 1111)
It act ppt ( 1111)Yogendra Wagh
 
Credit card frauds
Credit card fraudsCredit card frauds
Credit card fraudsJeetendra Khilnani
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificateAshvini Soni
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Digital signature
Digital signatureDigital signature
Digital signatureCHESStest{perfect Kadhu}
 
Information technology act, 2000
Information technology act, 2000Information technology act, 2000
Information technology act, 2000Prateek Sinha
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificateNetGains Technologies Pvt. Ltd.
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)ALOK GUPTA
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
Electronic payment systems
Electronic payment systemsElectronic payment systems
Electronic payment systemsArti Parab Academics
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,ShivangiSingh241
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Cyber law - Security aspects and Intellectual Property rights
Cyber law - Security aspects and Intellectual Property rights Cyber law - Security aspects and Intellectual Property rights
Cyber law - Security aspects and Intellectual Property rights premarhea
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature pptOECLIB Odisha Electronics Control Library
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000Vijay Dalmia
 
Digital signatures and e-Commerce
Digital signatures and e-CommerceDigital signatures and e-Commerce
Digital signatures and e-CommerceNaveen Jakhar, I.T.S
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Electronic Transaction Act-2063[summary]
Electronic Transaction Act-2063[summary]Electronic Transaction Act-2063[summary]
Electronic Transaction Act-2063[summary]Mahesh Singh Madai
 
Class it act
Class it actClass it act
Class it actAryan Ajmer
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturenayakslideshare
 
IT Act,2000
IT Act,2000IT Act,2000
IT Act,20002coolshivani
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptDiya Mirza
 

Contenu connexe

Tendances

Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificateAshvini Soni
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
Information technology act, 2000
Information technology act, 2000Information technology act, 2000
Information technology act, 2000Prateek Sinha
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)ALOK GUPTA
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureSonu Mishra
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,ShivangiSingh241
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Cyber law - Security aspects and Intellectual Property rights
Cyber law - Security aspects and Intellectual Property rights Cyber law - Security aspects and Intellectual Property rights
Cyber law - Security aspects and Intellectual Property rights premarhea
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000Vijay Dalmia
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Electronic Transaction Act-2063[summary]
Electronic Transaction Act-2063[summary]Electronic Transaction Act-2063[summary]
Electronic Transaction Act-2063[summary]Mahesh Singh Madai
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 

Tendances (20)

Credit card frauds
Credit card fraudsCredit card frauds
Credit card frauds
 
Digital signature certificate
Digital signature certificateDigital signature certificate
Digital signature certificate
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Information technology act, 2000
Information technology act, 2000Information technology act, 2000
Information technology act, 2000
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificate
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Electronic payment systems
Electronic payment systemsElectronic payment systems
Electronic payment systems
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Cyber law - Security aspects and Intellectual Property rights
Cyber law - Security aspects and Intellectual Property rights Cyber law - Security aspects and Intellectual Property rights
Cyber law - Security aspects and Intellectual Property rights
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature ppt
 
Information Technology Act 2000
Information Technology Act 2000Information Technology Act 2000
Information Technology Act 2000
 
Digital signatures and e-Commerce
Digital signatures and e-CommerceDigital signatures and e-Commerce
Digital signatures and e-Commerce
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Electronic Transaction Act-2063[summary]
Electronic Transaction Act-2063[summary]Electronic Transaction Act-2063[summary]
Electronic Transaction Act-2063[summary]
 
Class it act
Class it actClass it act
Class it act
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 

Similaire à Chapter 06 Information Technology Act 2000

Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptDiya Mirza
 
Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Suryadev Maity
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptSuvabrataSamanta
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptshahulgk
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000Onkar Sule
 
Information Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewInformation Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewAnubhav
 
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptxINFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptxakshitarathi77
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Validity Of E singnature In India
Validity Of E singnature In IndiaValidity Of E singnature In India
Validity Of E singnature In IndiaRohit6699
 
Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesSneha J Chouhan
 

Similaire à Chapter 06 Information Technology Act 2000 (20)

IT Act,2000
IT Act,2000IT Act,2000
IT Act,2000
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
 
Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000
 
Information Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewInformation Technology Act 2000 An Overview
Information Technology Act 2000 An Overview
 
It act
It actIt act
It act
 
It act law ppt
It act law pptIt act law ppt
It act law ppt
 
It act 2000
It act 2000It act 2000
It act 2000
 
Cyber law
Cyber lawCyber law
Cyber law
 
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptxINFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law.
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)
 
The e commerce law
The e commerce lawThe e commerce law
The e commerce law
 
Cyber
CyberCyber
Cyber
 
Cyber law/Business law
Cyber law/Business lawCyber law/Business law
Cyber law/Business law
 
Business Law - Unit 3
Business Law - Unit 3Business Law - Unit 3
Business Law - Unit 3
 
Validity Of E singnature In India
Validity Of E singnature In IndiaValidity Of E singnature In India
Validity Of E singnature In India
 
Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studies
 

Plus de Robin Kapoor

Responsible For Child Slavery
Responsible For Child SlaveryResponsible For Child Slavery
Responsible For Child SlaveryRobin Kapoor
 
Value Added Dairy Products
Value Added Dairy ProductsValue Added Dairy Products
Value Added Dairy ProductsRobin Kapoor
 
Research Hdfc Plan
Research Hdfc PlanResearch Hdfc Plan
Research Hdfc PlanRobin Kapoor
 
Merger & Acquisition In Banks
Merger & Acquisition In BanksMerger & Acquisition In Banks
Merger & Acquisition In BanksRobin Kapoor
 
Mobile Vas In India
Mobile Vas In IndiaMobile Vas In India
Mobile Vas In IndiaRobin Kapoor
 
Dictionary To Stock Market
Dictionary To Stock MarketDictionary To Stock Market
Dictionary To Stock MarketRobin Kapoor
 
Stock Market Dictionary
Stock Market DictionaryStock Market Dictionary
Stock Market DictionaryRobin Kapoor
 
Marketing Dictionary
Marketing Dictionary Marketing Dictionary
Marketing DictionaryRobin Kapoor
 
The Foreign Exchange Market
The Foreign Exchange MarketThe Foreign Exchange Market
The Foreign Exchange MarketRobin Kapoor
 
Chapter 02 Contract Act 1872
Chapter 02 Contract Act 1872Chapter 02 Contract Act 1872
Chapter 02 Contract Act 1872Robin Kapoor
 
Chapter 01 Sources Of Law
Chapter 01 Sources Of LawChapter 01 Sources Of Law
Chapter 01 Sources Of LawRobin Kapoor
 
Chapter 03 Partnership Act 1932
Chapter 03 Partnership Act 1932Chapter 03 Partnership Act 1932
Chapter 03 Partnership Act 1932Robin Kapoor
 
Chapter 04 Sale Of Goods Act
Chapter 04 Sale Of Goods ActChapter 04 Sale Of Goods Act
Chapter 04 Sale Of Goods ActRobin Kapoor
 
Chapter 05 Negotiable Instruments Act 1881
Chapter 05 Negotiable Instruments Act 1881Chapter 05 Negotiable Instruments Act 1881
Chapter 05 Negotiable Instruments Act 1881Robin Kapoor
 

Plus de Robin Kapoor (20)

Responsible For Child Slavery
Responsible For Child SlaveryResponsible For Child Slavery
Responsible For Child Slavery
 
Value Added Dairy Products
Value Added Dairy ProductsValue Added Dairy Products
Value Added Dairy Products
 
Research Hdfc Plan
Research Hdfc PlanResearch Hdfc Plan
Research Hdfc Plan
 
Merger & Acquisition In Banks
Merger & Acquisition In BanksMerger & Acquisition In Banks
Merger & Acquisition In Banks
 
Marketing
MarketingMarketing
Marketing
 
Mobile Vas In India
Mobile Vas In IndiaMobile Vas In India
Mobile Vas In India
 
Dictionary To Stock Market
Dictionary To Stock MarketDictionary To Stock Market
Dictionary To Stock Market
 
Stock Market Dictionary
Stock Market DictionaryStock Market Dictionary
Stock Market Dictionary
 
Marketing Dictionary
Marketing Dictionary Marketing Dictionary
Marketing Dictionary
 
4
44
4
 
Retail Management
Retail ManagementRetail Management
Retail Management
 
The Foreign Exchange Market
The Foreign Exchange MarketThe Foreign Exchange Market
The Foreign Exchange Market
 
Mrktng Concepts
Mrktng ConceptsMrktng Concepts
Mrktng Concepts
 
Low Cost Hotels
Low Cost HotelsLow Cost Hotels
Low Cost Hotels
 
Low Cost Hotels
Low Cost HotelsLow Cost Hotels
Low Cost Hotels
 
Chapter 02 Contract Act 1872
Chapter 02 Contract Act 1872Chapter 02 Contract Act 1872
Chapter 02 Contract Act 1872
 
Chapter 01 Sources Of Law
Chapter 01 Sources Of LawChapter 01 Sources Of Law
Chapter 01 Sources Of Law
 
Chapter 03 Partnership Act 1932
Chapter 03 Partnership Act 1932Chapter 03 Partnership Act 1932
Chapter 03 Partnership Act 1932
 
Chapter 04 Sale Of Goods Act
Chapter 04 Sale Of Goods ActChapter 04 Sale Of Goods Act
Chapter 04 Sale Of Goods Act
 
Chapter 05 Negotiable Instruments Act 1881
Chapter 05 Negotiable Instruments Act 1881Chapter 05 Negotiable Instruments Act 1881
Chapter 05 Negotiable Instruments Act 1881
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Dernier (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Chapter 06 Information Technology Act 2000

  • 1. CHAPTER 06 INFORMATION TECHNOLOGY ACT, 2000 6.1 INTRODUCTION Source of the Act  The first 17 Sections of the Act are largely based on Model Law on Electronic Commerce adopted by United Nations Commission on International Trade Law (UNCITRAL) recommended by the General Assembly of the United Nations on the 30th January, 1997 in drafting its new law. UNCITRAL - Model Law on Electronic Commerce  This Model Law provides for equal legal treatment of users of electronic communication and paper based communication. The General Assembly of United Nations by its Resolution No. 51/162 dated 30th January 1997 recommended that all States should give favourable considerations to the said Model Law when they enact or revise their laws.  The macro perspectives were: (a) to facilitate electronic commerce among and within nations, (b) to validate transactions entered into by means of new information technologies, (c) to promote and encourage the implementation of new information technologies, (d) to promote the uniformity of law: and (e) to support commercial practice.  The micro perspectives were: (a) to establish rules and norms that validate and recognise Contracts formed through electronic means, (b) to set default rules for contract formation and governance of electronic contract performance, (c) to define the characteristics of a valid electronic writing and an original document, (d) to provide for the acceptability of electronic signatures for legal and commercial purposes, and (e) to support the admission of computer evidence in courts and arbitration proceedings. Objectives of the IT Act, 2000 (a) To grant legal recognition for transactions carried out by means of Electronic Data Interchange and other means of electronic communication commonly referred to as “electronic commerce” in place of paper-based methods of communication. (b) To give legal recognition to Digital Signature for authentication of any information or matter which requires authentication under any law (c) To facilitate electronic filing of documents with Government departments (d) To facilitate electronic storage of data. (e) To facilitate and give legal sanction to electronic fund transfers between banks and financial institutions. (f) To give legal recognition for keeping books of account by Bankers in electronic form. (g) Certifying authorities will be licensed to issue digital signature certificates and a regulatory regime will be established to supervise the certifying authorities who will not, themselves be a part of the bureaucracy.  The Act extends to the whole of India including the State of Jammu and Kashmir. It also applies to any offence or contravention committed under the Act outside India by any person. However, this is subject to certain conditions. Documents excluded from the purview of the Act and justification therefor  The Act does not apply to- 1. A Negotiable Instrument as defined in the Negotiable Instruments Act, 1881. 2. A Power of Attorney as defined in the Powers of Attorney Act, 1882. . 3. A trust as defined in the Indian Trusts Act, 1882. 4. Any contract for the sale or conveyance of immovable property or any interest in such property. Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette. This is an enabling and residuary clause. CYBER SPACE – MEANING THEREOF  An Internet or network of computers can operate without constrains of space, state borders, etc. Though they are only a medium for storage and analysis and communication of information, they virtually create a world of their own – a medium in which business can be transacted without any of the inhibitions that the real world imposes.  The New Shorter Oxford Dictionary explains the expression “cyberspace” as follows: The notional environment within which electronic communication occurs, especially when represented as the inside of a computer system; space perceived as such by an observer but generated by a computer system, and having no real existence; the space of virtual reality”.  “Cyberspace” is computer-governed environment, which does not exist in reality but yet serves many of the
  • 2. IIPM 41 CH. – 6 INFORMATION TECH. ACT purposes that the visible, tangible world serves. The Act does not mention cyberspace but dubs the Appellate Tribunal for which it proves as “Cyber Tribunal” 6.2 AUTHENTICATION OF ELECTRONIC RECORDS USING DIGITAL SIGNATURES [SECTION 3] What is `Authentication`  A process used to confirm the identity of a person or to prove the integrity of information.  Message authentication involves determining its source and verifying that it has not been modified or replaced in transit.  Any subscriber may authenticate an electronic record by affixing his digital signature. The authentication shall be effected by the by use of asymmetric system and hash function which envelop and transform the initial electronic record into another electronic record. DIGITAL SIGNATURE  The digital signature is created in two distinct steps. (i) Firstly - the electronic record is converted into a message digest by using a mathematical function known as “hash function” which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication. (ii) Secondly, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the message digest and which can be verified by any person who has the public key according to such private key. This will enable any person to verify whether the electronic record is retained intact or has been tampered with. It will also enable a person who has a public key to identify the originator of the electronic message. 'Hash function' - an algorithm mapping or translation of one sequence of bits into another (generally smaller) set known as 'hash result' such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible: (a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm, and (b) that two electronic records can produce the same hash result using the algorithm. CONTENT OF HASH FUNCTION MESSAGE DIGEST AGREEMENT TO ALOGRITHM RUN BE SIGNED OVER AGREEMENT ELECTRONICALLY CONTENT MESSAGE DIGEST ENCRYPTED WITH PRIVATE KEY OF SENDER GENERATE DIGITAL SIGNATURE WHICH ARE EMBOSSED ON THE AGREEMENT RECEIVER AGAIN GENERATES THE MESSAE DIGEST BY RUNNING HASH FUNCTION ALOGRITH OVER THE AT RECEIVER DIIGTAL SIGNATURE ARE ORIGINAL CONTENT OF MESSAGE AND IF MESSAGE DECRYPTED WITH SENDER PUBLIC KEY AND DIGEST GENERATED AFTER DECRYPTING DIGITAL IT GENERTAE MESSAGE DIGEST SIGNATURE OF SENDER WITH SENDER PUBLIC KEY, IT PROVES THAT THE CONTENTS ARE NOT CHANGED AND SIGNATURE BELONGS TO THE SENDER DIGITAL CERTIFICATE  A Digital Certificate is a digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its Subscriber, (3) contains the Subscriber's public key, (4) identifies its operational period, and (5) is digitally signed by the certification authority issuing it.  A Digital Certificate is a data structure used in a public key system to bind a particular, authenticated individual to a particular public key.  A Personal Digital Certificate serves as the digital identity of an individual. Just as a Driver's License can be used to identify someone who can legally drive in a particular country, a Digital Certificate can be presented electronically to prove an individual's identity or right to access information or services on the Internet.  Digital Certificates are used to secure information and assure the identities of their owners. They also providing a means of associating individuals with electronic documents similar to the manner in which handwritten signatures associate individuals with the paper documents.  For a Digital Certificate to be trusted, it needs to be endorsed a recognized third party that is empowered by the law to issue Digital Certificates. LECTURES BY PROF. S N GHOSH
  • 3. IIPM 42 CH. – 6 INFORMATION TECH. ACT Following steps are followed for obtaining Digital certificate: 1. Sender sends his public key to Certification Authority along with information specific to his identification and other relevant information. 2. The Certification Authority uses his information to verify sender and his public key, if every thing is OK, the Certification Authority returns the sender a Digital Certificate that confirms the validity of Sender Public Key. 3. Actually Certification Authority certifies public key by digitally signing the sender public key with authority private key and authority put this sign on Digital Certificate. And any user who wants to use some one's public key can verify its validity by applying the certification authority public key to the certificate. In this way user would get actual public key of sender and can tally this public key with the public key supplied by the sender.  Depending on the level of trustworthiness one wants to create towards the people he/she communicates with over the Net, the CA offers three classes of Personal Certificates: CLASS UTILITY PURPOSE Class- 1 Digitally sign email, Encrypt email; Authenticate to a Web Server to engage in secure communication. This protects all information such as credit card details that one sends to the Web Server. These certificates are not intended for, and shall not be relied upon, for commercial use where proof of identity is required. These Certificates are issued following a top down approach. Class –2 Issued as Managed Digital Certificates to employees/ partners/ affiliates/ customers of business and government organizations those are ready to assume the responsibility of verifying the accuracy of the information submitted by their employees/ partners/ affiliates/ customers. The organization is given a Digital Certificate signed by the CA to initiate the process of issuing Certificates to its employees/ partners/ affiliates/ customers. The entire organization is treated as a Sub-CA/RA. The Sub-CA/RA in turn requests the issue of Digital Certificates for employees/ partners/ affiliates/ customers of the organization from the CA. The verification of details supplied with the request for a Digital Certificate is done by the organization appointed as a Sub-CA/RA under the CA Trust Network Certificates are issued to individuals, companies and government organizations. They can be used both for personal and commercial purposes. Class - 3 They are typically used for electronic commerce applications such as electronic banking, electronic data interchange (EDI), and membership-based on-line services, where security is a major concern. The level of trust created by the Digital Certificate is based on the authentication procedures used by the CA to verify subscriber’s identity and the service guarantees offered by the CA to back up that authentication. Usually, the CA uses various procedures to obtain evidence of subscriber’s identity before issuing you the Class-3 Certificate. During verification, the subscriber will also need to be physically present before a Registration Authority (RA), qualified by the CA due to their neutrality and reliability. These validation procedures provide stronger assurances of an applicant's identity. Example – TCS has been granted licence as CA (Certifying Authority). Bombay Stock Exchange (BSE) is the RA (Registering Authority) for members of that stock exchange. Types of Digital Certificates  Generally, the CA offers Single Key Pair and Dual Key Pair support for Personal Digital Certificates, which can be used for Digital Signature and Encryption purposes.  A provision is also available to back-up the credentials the subscriber has used to receive encrypted messages/documents, so that the encrypted messages/documents can be recovered if he/she has lost the private key or if required in his/her absence, using the backed-up credentials. This can be of great help for organizations, wherein, it is necessary to recover the encrypted information received by an employee after he/she has left the organization.  The Signing Certificate is used for preparing the Digital Signature that provides Authenticity, Non-Repudiation and Integrity to electronic communication. The Signing Certificate can be used to digitally sign documents, messages, email and can also be used as an identification for the electronic application and in SSL communication with a Web Server.  Encryption key pairs that are generated at the CA end are made available to their respective owners (subscribers) in a secure manner through strong authentication procedures.  The Encryption Certificate is used for encrypting documents, messages and other forms of electronic communication that provide confidentiality. LECTURES BY PROF. S N GHOSH
  • 4. IIPM 43 CH. – 6 INFORMATION TECH. ACT  This type of Certificate is backed-up. To achieve this, the credentials (Key-pairs) are generated at the CA end unlike the other types of Certificates where the credentials (Key-pairs) are generated at the Subscriber's end. The CA backs-up the key-pair and sends a copy to the Subscriber in a highly secure manner. Types Utility purpose Single Key Pair In the Single Key pair option, Digital Certificates can be used for signing and/or encryption. The credentials used for encryption are not backed-up. Dual Key Pair In the Dual Key pair option, the credentials used for encryption are backed-up. The credentials used for Digital Signature are not backed-up as that would violate the notion of Authentication and Non-Repudiation. 6.3 SOME IMPORTANT LEGAL PROVISIONS ELECTRONIC GOVERNANCE [SECTIONS 4 TO 10]  The Act provides following legal protection for filing, retention, preservation, payment etc. in the electronic/digital modes: - 1) Legal recognition of electronic records – all documents that are required to be in writing or typewritten or printed form, can now be made available and subsequently accessible in an electronic form. 2) Legal recognition of digital signatures – all documents that require signature (manual) can now be authenticated by means of digital signature affixed. 3) Filing of applications, forms, fees payment to Govt. in prescribed electronic mode– all the applications, documents/information for grant of licence, permit, sanction, approval, receipt or payment of money may now be filed/made with Government or its agencies in the electronic mode. The Government has prescribed rules and forms for the purpose. 4) Retention and retrieval of electronic records – documents, records or information that required to be retained can now retained in the electronic form. Such information shall remain accessible and usable for a subsequent reference; retained in the format as was originally generated. The details facilitating the identification of the origin, destination date and time of despatch or receipt of such electronic record shall also be made available. 5) Publication of rule, regulation, etc., in Electronic Gazette - the Official Gazette shall also be published in the electronic mode. Such Gazette will be called `Electronic Gazette`. The date of publication shall be the date of the Gazette, which was first published in any form. 6) No right to insist acceptance, retention or preservation of document in electronic form – The Central or State Government or its agencies shall not insist that documents/information shall exclusively be in electronic form. 7) Power to make rules by Central Government in respect of digital signature - The Central Government has been authorized to prescribed rules of types, manner, format, control, integrity, security and confidentially of digital signatures and electronic records. ATIRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC RECORDS [SECTIONS 11 TO 16]  Attribution electronic records - an electronic record shall be attributed to the originator if it was sent by (i) him; (ii) any authorized person or (iii) an information system programmed by or on behalf of the originator to operate automatically.  Acknowledgement of receipt - the acknowledgement of receipt of electronic record may be sent by the address (i) in prescribed form or (ii) conduct sufficient to indicate its receipt by the addressee (iii) any automated communication by addressee  Circumstances where acknowledgement though not stipulated, not received after due Notice - Where the originator has not stipulated that the electronic record shall be binding only on receipt of such acknowledgement and the acknowledgement has not been received by the originator within the specified time or within a reasonable time, then, the originator may give notice to the addressee stating that no acknowledgement has been received by him and specifying a reasonable time by which the acknowledgement must be received by him. If no acknowledgement is received within the aforesaid time limit, the originator may after giving notice to the addressee, treat the electronic record as though it has never been sent.  Time and place of despatch and receipt of electronic record -  The despatch of an electronic record - when it enters a computer resource outside the control of the originator;  The time of receipt of an electronic record – (i) the time when receipt occurs at the designated electronic record LECTURES BY PROF. S N GHOSH
  • 5. IIPM 44 CH. – 6 INFORMATION TECH. ACT resource or (ii) At the time when the electronic record is retrieved by the addressee;  Place of despatch - at the place where the originator has his usual place of business or residence.  THE CENTRAL GOVERNMENT HAS NOTIFIED RULES, REGULATIONS AND GUIDELINES FOR THE PURPOSE OF THIS ACT. REGULATION OF CERTIFYING AUTHORITIES [SECTIONS 17 TO 42] Appointment, functions and powers of Controller of Certifying Authorities  A Controller of Certifying Authorities may be appointed by the Central Government by notification in the Official Gazette. Deputy Controllers and Assistant Controllers may also be appointed as the Government may think fit.  The Central Government has prescribed qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant Controllers. There shall be a seal of the Office of the Controller.  The Controller may recognise any foreign Certifying Authority as a Certifying Authority. This shall however, be done with the previous approval of the Central Government and by notification in the Official Gazette,  Any person may make an application, in the prescribed form along with requisite documents/information and fees to the Controller for a licence to issue Digital Signature Certificates. The Controller on being satisfied may grant licence for a prescribed period subject to specified terms and conditions. The Controller may revoke the licence upon violation thereof by the Certifying Authority. The revocation be also publicized in the web page of the controller.  Every Certifying Authority shall follow prescribed procedures in respect of digital signatures.  By accepting a Digital Signature Certificate the subscriber certifies to all who reasonably rely on the information contained in the Digital Signature Certificate that---- (a) the subscriber holds the private key corresponding to the public key listed in the Digital Signature Certificate and is entitled to hold the same; (b) all representations made by the subscriber to the Certifying Authority and all material relevant to the information contained in the Digital Signature Certificate are true; (c) all information in the Digital Signature Certificate that is within the knowledge of the subscriber is true.  Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in his Digital Signature Certificate. He shall take all steps to prevent its disclosure to a person not authorised to affix the digital signature of the subscriber. Controller to act as repository  The Controller shall be repository of all Digital Signature Certificates.  Further to ensure that the secrecy and security of the digital signatures the Controller shall make use of appropriate hardware, software and procedures to prevent intrusion and misuse.  The Controller shall maintain a computerised database of all public keys and the same be available to any member of the public. PENALTIES AND ADJUDICATION [SECT IONS 43 TO 47] Penalty for damage to computer, computer system, etc.  A penalty not exceeding Rs. One Crore may be imposed as compensation for damages for doing or causing to do the following acts without permission of the owner or any other person who is in charge of a computer, computer system or computer network:- (i) Accesses or secures access: (ii) Downloads, copies or extracts any data, computer data base or information; (iii) Introduces introduce any virus; (iv) Damages any database or any other programmes; (v) Disrupts any computer, computer system or computer network; (vi) Denies access to any authorised person (vii) Provides any assistance to any person to facilitate access; (viii) Charges the services availed of by a person to the account of another person. Penalty for failure to furnish information, return, etc.  Failure to file requisite Returns, Information, maintain Books or records shall entail specified penalties. And where no penalty has been prescribed compensation damages not exceeding Rs. 25,000 may be imposed. Adjudicating Officer (not below the rank of Director) to adjudicate  The Adjudicating Officer not below the rank if Director shall hold enquiry to determine whether any violation under the Act or Rules or Regulations framed thereunder has been committed by any person. He shall have the powers of a Civil Court. CYBER REGULATIONS APPELLATE TRIBUNAL [SECTIONS 48 TO 64]  The Cyber Regulations Appellate Tribunal has been constituted. Appeals against the orders of the Adjudicating Officer may be preferred before this Tribunal.  The Civil Courts have been barred from entertaining any suit or proceedings in respect of any matter which an LECTURES BY PROF. S N GHOSH
  • 6. IIPM 45 CH. – 6 INFORMATION TECH. ACT adjudicating officer or Tribunal is empowered to handle.  An appeal shall lie to the High Court against an order or decision of the Cyber Appellate Tribunal. COMPUTER OFFENCES [SECTION 65 TO 68]  Penalties (pecuniary and imprisonment) have been provided under the Act for the following types of offences: (i) Tampering with Computer Source Documents (ii) Hacking with Computer System. (iii) Publication or obscene information in electronic form (iv) Misrepresentation (v) Breach of Confidentiality (vi) Publishing False Digital Signature Certificate (vii) Fraudulent Publication (viii) Offence Committed Outside India (ix) Confiscation  Further any police officer not below the rank of DSP or any other authorised person may enter any public place, search and arrest without warrant any person reasonably suspected or having committed any offence specified under the Act. LECTURES BY PROF. S N GHOSH