The document discusses the role and regulation of Certifying Authorities in e-commerce. It explains that Certifying Authorities are trusted third parties that verify a person's identity and associate them with their public key. The Certifying Authority issues digital certificates containing the subscriber's public key and information to uniquely identify them. The digital certificate establishes trust that allows parties to conduct secure e-commerce transactions online. The document also outlines the process for applicants to obtain a digital signature certificate and the contents and purpose of the certificate.
The document discusses the role and regulation of Certifying Authorities in e-commerce. It explains that Certifying Authorities are trusted third parties that verify a person's identity and associate them with their public key. The Certifying Authority issues digital certificates containing the subscriber's public key and information to uniquely identify them. The digital certificate establishes trust that allows parties to conduct secure e-commerce transactions online. The document also outlines the process for applicants to obtain a digital signature certificate and the contents and purpose of the certificate.
The document discusses the role and regulation of Certifying Authorities in e-commerce. It explains that Certifying Authorities are trusted third parties that verify a person's identity and associate them with their public key. The Certifying Authority issues digital certificates containing the subscriber's public key and information to uniquely identify them. The digital certificate establishes trust that allows parties to conduct secure e-commerce transactions online. The document also outlines the process for applicants to obtain a digital signature certificate and the contents and purpose of the certificate.
The document discusses the role and regulation of Certifying Authorities in e-commerce. It explains that Certifying Authorities are trusted third parties that verify a person's identity and associate them with their public key. The Certifying Authority issues digital certificates containing the subscriber's public key and information to uniquely identify them. The digital certificate establishes trust that allows parties to conduct secure e-commerce transactions online. The document also outlines the process for applicants to obtain a digital signature certificate and the contents and purpose of the certificate.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 7
UNIT – II (A)
Information technology law
Introduction :- scientist who have figured out how to get computer to talk to each other 50 years ago, possibly have no idea that their computer could evolve into the highly commercial, user friendly, internet of today.
Way back in 1969 the ‘infant’ internet was possibly boon, when a computer was first connected to a switch or routes and later on to another computer. Internet has revolutionized society to enable users to search for material, retrieve it, store it on their computers and open it with a single command. The dramatic rise of internet and World Wide Web has transformed the way business is carried out, improving accuracy, efficiency and speed. Today’s industrial economy is evolving into a new business environment in which money, goods, services and information are exchanged electronically. The internet becoming more popular with each passing day. E-commerce has emerged as the fastest growing form of business today.
Meaning of E-Commerce:- the ability to conduct business electronically or over the internet.
It is a generic term to describe technology- enabled communication with customers and
suppliers for a business organization. When people talk about e-commerce most will think of it as using internet to help the business market and sell its products or services. But in reality, e-commerce is much more than that. Generally there are two kinds of e- commerce: B to B C to C
Initiatives in India –
1. IPC 2. Indian Evidence Act 3. The Contract Act 4. The Indian Telegraph Act 5. The Banker’s Books Evidence Act 6. The general clauses act 7. The R.B.I Act
E-commerce is categorized as B to B, B to C, C to B, C to C, non business and government and
inter-organizational transactions.
It has examined various combination of tools including legal and business process and policies. E security would give credibility to E-commerce against online frauds and hacking etc. which can be achieved by adequate legal framework and a protective technology.
1|Page Business to business
The B2B kind of e-commerce refers to a company, selling or buying from other companies. A company communicates with the other companies by electronic means. It is by means of Electronic Data Interchange ( EDI ). EDI transaction include sending or receiving of orders invoices and shipping notices. This is the method of extending the organization computing power beyond its boundaries. But the high cost and maintenance of the networks made this method out of reach for small and medium sized business. With the introduction of the internet, companies regardless of size can communicate with each other electronically and cheaply. Companies that do so use it in several ways depending on weather they are manufacturers or suppliers.
Business to customers
This kind of e-commerce refers to a company selling its products or services to the customers using the internet as the communication medium. It is an umbrella term for entire spectrum of activities such as Electronic Data Interchange ( EDI ), electronic payment systems, inventory and order management, product support and service, information delivery and other business application linking solutions through the use of paperless information technologies such as the internet bar coding, e mail, smart cards, CDROMS etc.
Benefits :-
1. Increase customer satisfaction. The internet is always open- so business is always open 24 hours a day 7 days a week and 365 days a year. 2. Increases sales volume. 3. Decreases costs of doing business. The technology of cryptography provided legal sanction by Information Technology Act, 2000 would go a long way boosting E-commerce.
Risks of E-Commerce
1. Security The issue of cyber jurisdiction has been become global character which cannot be genuinely address by passing only national legislations. Cyber jurisdiction global in character which requires global solution. An international treaty relating to uniform rules applicable to E-commerce badly needed to be adopted.
Initiatives in India :
2|Page 1. I.P.C 2. Indian Evidence Act 3. The Contract Act 4. The Indian Telegraph Act 5. The Bankers Books Evidence Act 6. The General Clauses Act 7. The Reserve Bank of India Act To facilitate E-commerce various changes are made in the aforesaid act as an initiative taken in India.
Digital signature
1. The digital signature is not a digitalized image of a hand written signature.
2. It is a block of data at the end of the electronic message. 3. This attests the authenticity of the said message. 4. D.S are an actual transformation of an electronic message using public key cryptography. 5. It requires a key pair, private key for encryption, public key for decryption and a hash function.
Creating a digital signature: basically a digital signature is a two way process; involving two parties:
1. Signer – creator of D.S
2. Recipient – verifier of D.S
It is complete when the recipient successfully verifies it.
A Hash function is used in both creating and verifying a digital signature.
A Hash function is an algorithm which creates a digital representation or finger print in form of a hash value or hash result of a standard length which is much more smaller than the message.
Algorithm (a set of rules that must be followed when solving a particular problem.)
Definition: a digital signature can be defined as a short unit of data in the documents context and provides assurance to the recipient that the data is authentic.
It also means authentication of any electronic record by a subscriber by applying
asymmetric crypto system and hash function.
The electronic record means data record or data generated image or sound, stored received or sent in an electronic form.
The electronic form with reference to information means any information guaranteed, sent received or stored in media, magnetic, optical, computer memory or similar device.
3|Page Role and regulation of Certifying Authorities
2. Application + 25000/- 3. Statement or certification practice statement (2h) 4. Grant of D.S.C
What is the need of Certifying Authorities ?
The problem of identification of public key holder can be solved by appointing a third party trusted by sender as well as recipient, to perform the task it is necessary to associate a person, or entity with a specific public key. This third party is generally called as C.A .
The I.T Act calls that third party as certifying authority. It is also called issuing authority or certificate issuer. These expressions have been used interchangeably throughout this work.
Functioning of the C.A
1. A Certifying Authority is a trusted body either public or private that ascertains the identity of the applicant of D.S.C (Digital Signature Certificate). 2. He certifies that the public key of a public- private key pair used to create digital signature belongs to that person. 3. The applicant seeking to verify a digital signature needs at least – a) The public key corresponding to the private key used to create the digital signature. b) Reliable evidence that the public key is identified with the signer.
Process of issuing a certificate
The process of issuing a certificate differs from CA to CA, it requires :-
1. Public- private key pair to be generated by the applicant.
2. Proof to identify such as identity cards, driver’s license or passport or any other proof required by C.A. 3. Demonstration by the applicant that she/he holds the private key corresponding to the public key without disclosing the private key.
Once the certifying authority has verified the association between an identified person and a public key, the certifying authority then issue a certificate.
Contents of the Certificate
4|Page Each certificate contains a public key value and information that uniquely ‘identifies’ the certificate’s subject that is, the person, device or other identity that holds the corresponding private key.
Thus a certificate is a digitally signed statement by a certifying authority that provides
independent confirmation of an attribute claimed by a person preferring a digital signature.
It may also be called as a computer based record which –
1. Identifies certifying authority issuing it.
2. Names and identities or describes an attribute of the subscriber. 3. Contains the subscriber’s public key 4. Digitally signed by the certifying authority issuing it. The certificate issued by the third party i.e, certifying authority greatly enhances the trust required for conducting business across the internet. If anybody needs public key of any subscriber, he has to obtain a copy of the certificate issued by the Certifying Authority, extract the public key value and verify the Certifying Authorities signature on the certificate using the CA’s public key. A public key user who uses certificate in this way is called the relying party.
Since public keys are meant for public use, so there is no need of keeping public key value confidential, so certificates are not generally confidential.
Types of certificates
Class 1 are designed for casual web browsing and secure e-mail and are issued to individuals only inter and intra organizational e-mail, transaction e-mail. Class 2 more expensive provides a reasonable level of assurance of a subscriber’s identity but it is not fool proof. Class 3 are issued to individuals as well as organizations for electronic data interchange (EDI), software validation, e-banking services, membership based online services. Class 4 involve through investigation of both an individual as well as organization given by CA in a statement called certification practice statement (2h).
4 categories of certificate issued by CA
1. Identification certificate – identification
2. Authorizing certificate – residence, age, association with any organization 3. Transactional certificate – it is just like a public notary attesting a document. 4. Digital Time Stamping service – sometimes it becomes necessary to know the exact date on which the document is executed.
Validity period of digital signature
Public key and private key has to be kept valid only for limited duration, a longer period of validity increases the chance of compromise.
5|Page Chapter 4
Appointment of controller: section 17
Functions of controller: section 18
Appointment
1. The controller of certifying authority is appointed by the central government by issuing
a notification to this effect in the official gazette. 2. By the same or separate notification such number of deputy controllers and assistant controllers may be appointed as the central government deems fit. 3. The controller shall be subject to direct control and direction of the central government in respect of functions which he has to perform under the I.T.Act. 4. The deputy and assistant controller shall perform the function assigned by the controller under his supervision and control. 5. The qualification, experience and terms and conditions of service of controller, deputy controller shall be prescribed by central government. 6. The head office of the controller shall be located at such place as the central government may specify. 7. There may be branch offices of the office of controller and their places location shall be notified by the central government and the office of the controller shall have a seal.
Functions:-
1. One of the important functionaries in the I.T.Act is the controller of certifying authority. 2. His role in public key infrastructure is indispensible. 3. He acts as a central controlling body. 4. He has been assigned multiferous functions to effectuate smooth functioning of the certifying authority. 5. The controller may perform all of the following functions: a) Exercising supervision over the activities of C.A. b) Certifying public key of the C.A. c) Laying down standards to be maintained by C.A. d) Prescribing qualification, experience for employees. e) Prescribing business rules.
Powers of controller:
1. The controller of certifying authority is a chief administrator.
2. He acts as a watch dog for the C.A. 3. He has to perform and enjoys vast powers to ensure strict compliance and efficient functioning of the functionaries under the I.T.Act. 4. The controller has the following powers: I. Power to recognize foreign CA’s ( 19, 32)
6|Page II. Power to issue license ( 21, 22) III. Power to renew license ( 23,24,25) IV. Power to suspend + revoke license (26) V. Power to delegate and investigate (27,28) a) Power regarding discovery + production of evidence b) Power of search and seizure c) Power of requisition Books of Account d) Power of call for information e) Power of survey f) Power to collect certain information g) Power to inspect registers of companies 5. Power to have access to computers and data. 6. Power to issue direction. 7. Power to decrypt information. 8. Power to make regulations.
