ASSIGNMENT 4

PPLE
NAME – ANKIT KUMAR
CSSE 4
Roll – 1828292

Q1) Enlist some salient features the amendment bill IT Act 2008?

Ans) The Act was subsequently and substantially amended in 2006 and again in 2008 citing the

following salient features :

 With proliferation of information technology enabled services such as e-governance,

ecommerce and e-transactions, protection of personal data and information and

implementation of security practices and procedures relating to these applications of

electronic communications have assumed greater importance and they require

harmonization with the provisions of the Information Technology Act. Further, protection

of Critical Information Infrastructure is pivotal to national security, economy, public health

and safety, so it has become necessary to declare such infrastructure as a protected

system so as to restrict its access.

 A rapid increase in the use of computer and internet has given rise to new forms of

crimes like publishing sexually explicit materials in electronic form, video voyeurism and

breach of confidentiality and leakage of data by intermediary, e-commerce frauds like

personation commonly known as Phishing, identity theft and offensive messages

through communication services. So, penal provisions are required to be included in the
 Information Technology Act, the Indian Penal Code, the Indian Evidence Act and the

Code of Criminal Procedure to prevent such crimes.

 The United Nations Commission on International Trade Law (UNCITRAL) in the year

2001 adopted the Model Law on Electronic Signatures. The General Assembly of the

United Nations by its resolution No. 56/80, dated 12th December, 2001, recommended

that all States accord favorable consideration to the said Model Law on Electronic

Signatures. Since the digital signatures are linked to a specific technology under the

existing provisions of the Information Technology Act, it has become necessary to

provide for alternate technology of electronic signatures for bringing harmonization with

the said Model Law.

 The service providers may be authorized by the Central Government or the State

Government to set up, maintain and upgrade the computerized facilities and also collect,

retain appropriate service charges for providing such services at such scale as may be

specified by the Central Government or the State Government.

Q2) Define the term cyber space and enlist the security concerns in cyber space?

Ans) Cyberspace refers to the virtual computer world, and more specifically, an electronic

medium that is used to facilitate online communication. Cyberspace typically involves a large

computer network made up of many worldwide computer subnetworks that employ TCP/IP

protocol to aid in communication and data exchange activities.

One way to talk about cyberspace is related to the use of the global Internet for diverse

purposes, from commerce to entertainment. Wherever stakeholders set up virtual meeting

spaces, we see the cyberspace existing. Wherever the Internet is used, you could say, that

creates a cyberspace. The prolific use of both desktop computers and smartphones to access
the Internet means that, in a practical (yet somewhat theoretical) sense, the cyberspace is

growing.

Another prime example of cyberspace is the online gaming platforms advertised as massive

online player ecosystems. These large communities, playing all together, create their own

cyberspace worlds that exist only in the digital realm, and not in the physical world, sometimes

nicknamed the “meatspace.”

Q3) Define the term data and security issues concerned with it?

Ans) Data security is the process of protecting corporate data and preventing data loss through

unauthorized access. This includes protecting your data from attacks that can encrypt or destroy

data, such as ransomware, as well as attacks that can modify or corrupt your data.

The Ponemon Institute’s Cost of Data Breach Study found that on average, the damage caused

by a data breach in the USA was $8 million. 25,575 user accounts were impacted in the

average data incident, which means that beyond financial losses, most incidents lead to loss of

customer trust and damage to reputation.

Lawsuits, settlements, and fines related to data breaches are also on the rise, with many

governments introducing more stringent regulations around data privacy. Consumers have

much more extensive rights, especially in the EU, California, and Australia, with the introduction

of GDPR, CCPA, APP, and CSP234.

Companies operating in regulated industries are affected by additional standards, such as

HIPAA for healthcare organizations in the USA, and PCI/DSS for organizations processing

credit card data.

In the past decade, social engineering, ransomware and advanced persistent threats (APTs) are

on the rise. These are threats that are difficult to defend against and can cause catastrophic

damage to an organization’s data.

Q4) List the steps corporates and individuals have to take to ensure data security?

Ans) The steps are as follows:

1. Knowing where data is and where it’s going

One of the most crucial steps towards efficient data protection is knowing exactly what data is

being stored and where. By accurately identifying their data flow and its vulnerable points,

companies can make informed decisions concerning the measures they need to take to protect

it.Large organizations use data discovery tools to scan company networks for sensitive data

and, when finding it on computers not authorized to access it, they frequently have the option of

deleting or encrypting it. In the age of data protection regulations, transparency is key both for

compliance and for building effective data protection policies.

2. The use of encryption across the board

From encrypted hard drives, USBs, and phones to data encrypted prior to its transfer to the

cloud or onto portable devices, encryption has become an essential step to protect company

data and secure sensitive information.Encryption tackles two common data protection

vulnerabilities in today’s global economy: a workforce always on the move and the rise of

remote work. With devices frequently leaving the safety of company networks, encryption

ensures that, in case of theft or loss, the sensitive data they contain is inaccessible to outsiders.

3. Protecting data in the cloud

The cloud has become an integral part of digitalization efforts, but as data migrates to the cloud,

the issue of its security has sparked heated debates among CIOs and in information security

circles. While many argue that the security measures applied by cloud service providers to their
servers far exceed any a modest or even large company is likely to apply to its on-site servers,

the feeling that their most sensitive data’s security is out of their hands makes many

organizations nervous.

The most common policies applied by big companies involve the use of tools specialized in data

protection in the cloud or a limitation of the types of data that are stored in the cloud. Another

strategy involves encrypting sensitive data before it is transferred to the cloud.

4. Educating employees at all levels

The human factor is often the biggest vulnerability in the chain of data protection. Whether

through ignorance or negligence, employees account for 54% of data breaches according to a

survey conducted by the Ponemon Institute. Large corporations ensure employees are kept

informed of compliance regulations and internal cybersecurity policies, providing them with both

training and clear guidelines for those coming into contact with the most sensitive types of data.

C-level executives are frequently targeted by malicious outsiders due to their high-level access

to data. Big companies take special care that higher management do not circumvent the rules

as it is essential that the same level of data security is maintained across the board, not only

horizontally, but vertically as well.

Software such as Data Loss Prevention solutions can act as an effective method of

enforcement, by setting clear policies that protect and restrict access to sensitive data. Levels of

access to data can be controlled based on groups and specific users or endpoints.

5. Creating BYOD policies

As companies embrace Bring-your-own-device (BYOD) policies that increase productivity and

reduce costs, they often ignore their security implications. Accessing sensitive information on
personal devices means that data is traveling outside the confines of the company network,

effectively rendering any security measures taken to protect it moot.

Big organizations restrict the sort of data that can be transferred outside company devices. At

the same time, policies marking the level of trust of a device can be applied. In this way,

employees are given the option of aligning the security of their personal devices to policies used

within the company and, if they choose not to apply them, it guarantees that no sensitive data is

allowed to be transferred on them.

As we move forward into the age of data protection by design and by default, smaller and mid-

sized companies must follow in the footsteps of larger companies and adopt security methods to

protect data from both inside and outside threats or risk losing not only their customers’ trust but

their entire businesses.

Q5) State the provisions in the IT act for authentication of electronic records?

Ans) Section 3 of the Information technology Act, 2000 provides certain provisions for the

authentication of electronic records. The provisions are:

 Subject to the provisions of this section, any subscriber can affix his digital signature and

hence authenticate an electronic record.

 An asymmetric crypto system and hash function envelop and transform the initial

electronic record into another record which affects the authentication of the record.

 Also, any person in possession of the public key can verify the electronic record.

 Further, every subscriber has a private key and a public key which are unique to him and

constitute a functioning key pair.

Q6) What is meant by Intellectual Property?

Ans) Intellectual property (IP) refers to creations of the mind, such as inventions; literary and

artistic works; designs; and symbols, names and images used in commerce.

Q7) List the differences between electronic and digital signatures?

Ans) The key differences are:

 Digital signature is used to secure a document while an electronic signature is used to

verify a document.

 On the basis of document processing platform, a digital signature is of two types –

Microsoft and Adobe pdf. On the other hand, an electronic signature is of four types –

basic electronic signature, click-to-sign signature, advanced electronic signature, and

qualified signature.

 A digital signature is regulated by the certification authority. Some national acts and

regulations are applied to the electronic signature to validate it.

 A Digital signature is also authorised by the government or non-government certification

provider authority. Electronic signatures are authorised by the specific vendors, document

creator or the participating parties.

 The main intention of using a digital signature is to secure the document. The main

intention of using an electronic signature is to verify the document.

 A digital signature is comprised of more security features which makes it more secure.

An electronic signature is comprised of less security features, so it is less secure to use.

 An Electronic signature is a generic expression and much broader regarding electronic

data. A digital signature is a signature with public-key based cryptography.

  A digital signature can be used to get the details of signatory as it is associated with the

signature itself. Details of the signatory are not held in an electronic signature but can be

held separately to the signature. A timestamp is a mechanism that allows the approval of

the integrity of a series of data. That means it demonstrates that this data existed in a

specific moment, and has not been altered since then. The timestamp guarantees the

integrity of the electronic signature.

Q8) List out the subject matter for patent protection and what inventions cannot be protected?

Ans) There is a lot that can be patented. So, here are some examples of what cannot be

patented.

According to the Patents Act, an invention cannot only constitute:

1. a discovery, scientific theory or mathematical method,

2. an aesthetic creation,

3. a scheme, rule or method for performing a mental act, playing a game or doing business,

or a computer program,

4. a presentation of information,

5. a procedure for surgical or therapeutic treatment, or diagnosis, to be practised on humans

or animals.

Q9) Enumerate the Salient features of the Design Act, 2000?

Ans) Salient features of design act 2000

 India is a member of the World Trade Organization’s Paris Convention. It has signed the

Patent Cooperation Treaty which allows all the signatories of the convention to claim

priority rights.

 Under the Act of 2000, Locarno classification has been adopted in which the

classification is based only on the subject matter of design. Under the previous

provisions, the classification was made on the basis of the material which has been used

to make that material.

 The introduction of “Absolute Novelty” makes it possible to judge a novelty on the basis

of prior publication of any article. This is applicable in other countries also.

 As per the new law, a design can be restored which was absent in the previous enactment.

Now, the registration of a design can be restored.

 The Act allows the district courts to transfer cases to the high courts where the

jurisdiction is present. It is possible only in cases where a person is challenging the

validity of any registration.

 Laws regarding the delegation of powers of the controllers to other controllers and the

duty of examiner are also mentioned in the new Act.

 The quantum of punishment is also enhanced under the Act in case of any infringement.

 The secrecy of two years of a registered design is also revoked.

 Provisions regarding the avoidance of certain restrictive conditions are also there so as to

regulate anti-competitive practices in contractual licenses.

 Whenever a license is brought within the domain of public records and that too publicly,

the registration is likely to be taken into consideration. Anyone can get a certified copy of

it in order to inspect the same.

  The laws regarding the substitution of the application before registering a design are also

mentioned in the new enactment.

 Under new provisions, power has been given to district court to transfer cases to the high

court where the court is having jurisdiction. This is only possible if the person is

challenging the validity of the design registration.

 Incorporates the provisions regarding delegation of powers of the controller to other

controllers and duty of examiner.

 Under the new provision, the quantum of punishment is also enhanced in case of

infringement.

 It revokes the secrecy of two years of a registered design.

 It contains provisions for the avoidance of certain restrictive conditions so as to regulate

anti-competitive practices within contractual licenses.

 The registration is taken into consideration when it is brought within the domain of public

records that too physically. Anyone can inspect the records and get a certified copy of it.

 It contains provisions for substitution of the application before registering the design.

Q10) Write a short note on Utility Models?

Ans) Similar to patents, utility models protect new technical inventions through granting a

limited exclusive right to prevent others from commercially exploiting the protected inventions

without consents of the right holders. In order to obtain protection, an application must be filed,

and a utility model must be granted. They are sometimes referred to as “short-term patents”,

“utility innovations” or “innovation patents”. It is not easy to define a utility model, as it varies
from one country to another. In general, utility models are considered particularly suited for

protecting inventions that make small improvements to, and adaptations of, existing products

or that have a short commercial life. Utility model systems are often used by local inventors.

THANK YOU