Scribd Logo
Upload

Welcome to Scribd!

  • LLB Tax. Digital Sig in Brief

    Uploaded by

    Shubhanshu Yadav
    35 views38 pages

    Original Title

    B.com LLB Tax. Digital Sig in Brief

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views38 pages

    LLB Tax. Digital Sig in Brief

    Uploaded by

    Shubhanshu Yadav

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 38

    AUTHENTICATION OF

    ELECTRONIC RECORDS:
    E & DIGITAL SIGNATURES

    Section 3 and 3A of
    the Information
    Technology Act, 2000
    as amended in 2008
    02/06/2021 DR. GAGANDEEP KAUR 1
    STUDY WITH CLASS
    NOTES AND ONLINE
    CLASSES

    02/06/2021 DR. GAGANDEEP KAUR 2


    RELEVANT DEFINITIONS: THE
    INFORMATION TECHNOLOGY
    ACT, 2000 (2008)
    Section 2 (1) (f) "asymmetric crypto system" means
    a system of a secure key pair consisting of a
    private key for creating a digital signature and a
    public key to verify the electronic signature.
    Section 2 (1) (x) "key pair", in an asymmetric crypto
    system, means a private key and its mathematically
    related public key, which are so related that the
    public key can verify a Electronic (digital) signature
    created by the private key.
    DEFINITIONS…

    Section 2 (1)(zc) "private key" means the


    key of a key pair used to create a digital
    signature.
    Section 2 (1)(zd) "public key" means the key
    of a key pair used to verify a digital
    signature and listed in the Digital Signature
    Certificate.
    CHAPTER II: DIGITAL SIGNATURE AND
    ELECTRONIC SIGNATURE (AMENDED
    VIDE ITAA 2008)
    Section 3: Authentication of Electronic Records
    (1) Subject to the provisions of this section any
    subscriber may authenticate an electronic record by
    affixing his Digital Signature.
    (2) The authentication of the electronic record shall be
    effected by the use of asymmetric crypto system and
    hash function which envelop and transform the initial
    electronic record into another electronic record.

    02/06/2021 DR. GAGANDEEP KAUR 5


    EXPLANATION
    For the purposes of this sub-section, "Hash function" means an algorithm
    mapping or translation of one sequence of bits into another, generally
    smaller, set known as "Hash Result" such that an electronic record yields the
    same hash result every time the algorithm is executed with the same electronic
    record as its input making it computationally infeasible (a) to derive or
    reconstruct the original electronic record from the hash result produced by the
    algorithm; (b) that two electronic records can produce the same hash result
    using the algorithm.
    (3) Any person by the use of a public key of the subscriber can verify the
    electronic record.
    (4) The private key and the public key are unique to the subscriber and
    constitute a functioning key pair.

    02/06/2021 DR. GAGANDEEP KAUR 6


    3A ELECTRONIC SIGNATURE
    (INSERTED VIDE ITAA 2008)
    (1) Notwithstanding anything contained in section 3, but subject to the provisions
    of sub-section (2), a subscriber may authenticate any electronic record by such
    electronic signature or electronic authentication technique which-
    (a) is considered reliable ; and
    (b) may be specified in the Second Schedule
    (2) For the purposes of this section any electronic signature or electronic
    authentication technique shall be considered reliable if-
    (a) the signature creation data or the authentication data are, within the
    context in which they are used, linked to the signatory or , as the case may be,
    the authenticator and of no other person;
    (b) the signature creation data or the authentication data were, at the time of
    signing, under the control of the signatory or, as the case may be, the
    authenticator and of no other person;

    02/06/2021 DR. GAGANDEEP KAUR 7


    (c) any alteration to the electronic signature made after affixing such signature
    is detectable
    (d) any alteration to the information made after its authentication by electronic
    signature is detectable; and
    (e) it fulfills such other conditions which may be prescribed.
    (3) The Central Government may prescribe the procedure for the purpose of
    ascertaining whether electronic signature is that of the person by whom it is
    purported to have been affixed or authenticated.
    (4) The Central Government may, by notification in the Official Gazette, add to
    or omit any electronic signature or electronic authentication technique and the
    procedure for affixing such signature from the second schedule;
    Provided that no electronic signature or authentication technique shall be
    specified in the Second Schedule unless such signature or technique is reliable
    (5) Every notification issued under sub-section (4) shall be laid before each
    House of Parliament

    02/06/2021 DR. GAGANDEEP KAUR 8


    DIFFERENCE BETWEEN DIGITAL
    SIGNATURE AND ELECTRONIC
    SIGNATURE

    Technologically speaking, there is no


    difference. Both perform the same set of
    functions -
    1. Signer’s Authentication
    2. Integrity of Message
    3. Non-Repudiation
    But there is difference in reliability. When the
    Information Technology Act, 2000 came into existence
    the term was Digital Signature. In 2008 the term
    Electronic Signature is introduced.
    02/06/2021 DR. GAGANDEEP KAUR 9
    BASIS OF COMPARISON

    02/06/2021 DR. GAGANDEEP KAUR 10


    ADDITIONALLY

    02/06/2021 DR. GAGANDEEP KAUR 11


    TYPES OF SIGNATURE:
    ELECTRONIC, BIOMETRIC &
    DIGITAL SIGNATURE

    02/06/2021 DR. GAGANDEEP KAUR 12


    RELEVANCE
    1. Authenticity of the Sender: To enable the recipient to determine
    who really sent the message.
    2. Message’s Integrity: the recipient must be able to determine
    whether or not he message received has been modified or is
    incomplete.
    3. Non-repudiation: the ability to ensure that the sender cannot
    falsely deny sending the message, nor falsely deny the contents of
    the message.

    02/06/2021 DR. GAGANDEEP KAUR 13


    WHO REQUIRES DIGITAL
    SIGNATURE?
    A Digital Certificate is a digital file used to
    cryptographically bind an entity's Public Key to
    specific attributes relating to its identity.
    The entity may be a person, organisation, web
    entity or software application. Like a driving
    license or passport binds a photograph to
    personal information about its holder, a Digital
    Certificate binds a Public Key to information
    about its owner.
    02/06/2021 DR. GAGANDEEP KAUR 14
    LETS UNDERSTAND

    We will understand with the help of


    hypothetical examples of Alice and Bob.

    02/06/2021 DR. GAGANDEEP KAUR 15


    Alice's Digital Certificate attests to the fact that her
    Public Key belongs to her, and only her. As well as the
    Public Key, a Digital Certificate also contains personal
    or corporate information used to identify the Certificate
    holder, and as Certificates are finite, a Certificate expiry
    date.

    02/06/2021 DR. GAGANDEEP KAUR 16


    QUIZ: FROM WHERE
    ALICE GOT DIGITAL
    SIGNATURE
    CERTIFICATE?

    02/06/2021 DR. GAGANDEEP KAUR 17


    Click icon to add picture

    CONTROLLER OF
    CERTIFYING
    AUTHORITY
    02/06/2021 DR. GAGANDEEP KAUR 18
    IF YOU ARE USING WHATS
    APP, IS IT MUST THAT YOUR QUESTION
    FRIEND MUST BE HAVING
    WHATS APP?
    02/06/2021 DR. GAGANDEEP KAUR 19
    Click icon to add picture

    YES. BOTH THE PERSONS SIMILARLY ALIC AND


    MUST BE HAVING ANDROID BOB BOTH MUST HAVE
    PHONE AND WHATS APP DIGITAL SIGNATURE
    CERTIFICATE.
    APPLICATION
    02/06/2021 DR. GAGANDEEP KAUR 20
    QUIZ: FROM WHERE BOB
    WILL GET DIGITAL
    SIGNATURE
    CERTIFICATE?

    02/06/2021 DR. GAGANDEEP KAUR 21


    Click icon to add picture

    CONTROLLER OF
    CERTIFYING YES, SAME PROCESS
    AS GIVEN IN IT ACT.

    AUTHORITY
    02/06/2021 DR. GAGANDEEP KAUR 22
    To understand Digital
    Signatures, it is imperative
    for us to understand the
    underlying technology; that
    is WORKING OF KEY
    PAIR
    02/06/2021 DR. GAGANDEEP KAUR 23
    The Public and Private key pair comprise of two uniquely related
    cryptographic keys (basically long random numbers). Below is an example of
    a Public Key:

    3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35
    F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744
    2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001

    The Public Key is what its name suggests - Public. It is made available to
    everyone via a publicly accessible repository or directory. On the other hand,
    the Private Key must remain confidential to its respective owner.

    Source: Comodo - SSL Certificate Authority

    02/06/2021 DR. GAGANDEEP KAUR 24


    RELATION OF TWO KEY
    PAIRS

    Because the key pair is


    mathematically related, whatever
    is encrypted with a Public Key
    may only be decrypted by its
    corresponding Private Key and
    vice versa.

    02/06/2021 DR. GAGANDEEP KAUR 25


    For example, if Bob wants to send sensitive data to
    Alice, and wants to be sure that only Alice may be able
    to read it, he will encrypt the data with Alice's Public
    Key.
    Only Alice has access to her corresponding Private Key
    and as a result is the only person with the capability of
    decrypting the encrypted data back into its original
    form.

    02/06/2021 DR. GAGANDEEP KAUR 26


    As only Alice has access to her Private
    Key, it is possible that only Alice can
    decrypt the encrypted data. Even if
    someone else gains access to the
    encrypted data, it will remain
    confidential as they should not have
    access to Alice's Private Key.

    02/06/2021 DR. GAGANDEEP KAUR 27


    Click icon to add picture

    TAKE 2 MINUTES
    AND UNDERSTAND
    02/06/2021 DR. GAGANDEEP KAUR 28
    ALICE HAS TWO KEYS: GREEN-
    PUBLIC, RED-PRIVATE

    02/06/2021 DR. GAGANDEEP KAUR 29


    BOB HAS TWO KEYS:

    02/06/2021 DR. GAGANDEEP KAUR 30


    Click icon to add picture

    WHY DID BOB USE


    PUBLIC KEY OF WHY?
    ALICE FOR
    ENCRYPTION?
    02/06/2021 DR. GAGANDEEP KAUR 31
    BECAUSE PUBLIC KEY IS
    WITH ALL THE USERS
    JUST LIKE MY EMAIL IS
    WITH ALL OF YOU BUT BASICALLY,
    THE PASSWORD IS ONLY EVERYTHING IS
    AUTOMATIC.
    WITH ME.
    02/06/2021 DR. GAGANDEEP KAUR 32
    LETS SEE THIS…ALICE IS
    ANSWERING MESSAGE

    02/06/2021 DR. GAGANDEEP KAUR 33


    COMPLETE PROCESS

    02/06/2021 DR. GAGANDEEP KAUR 34


    REVISION

    02/06/2021 DR. GAGANDEEP KAUR 35


    PRACTICALLY, IT IS VERY SIMPLE:
    ONLY EXPLAINING IS TECHNICAL

    02/06/2021 DR. GAGANDEEP KAUR 36


    ALL THE BEST
    02/06/2021 DR. GAGANDEEP KAUR 37
    IN NUTSHELL:
    1. Digital signatures are based on Cryptography (Key pair)
    2. It provides Integrity and Confidentiality
    3. It involves trusted Certifying Authorities
    4. It gives message authentication
    5. Digital signatures provide the ability to:
    o– verify author, date & time of signature
    o – authenticate message contents
    o – be verified by third parties to resolve disputes

    02/06/2021 DR. GAGANDEEP KAUR 38

    You might also like