A digital signature is a block of data at the end of message. It provides the identity of a person who has applied the signature.
The Information Technology Act aims to provide legal recognition for transaction carried out by electronic data interchange and other means of electronic communication. The other means is electronic filing of documents with the government agencies. Thus, Information Technology law is creating standards to control the electronic impulse. Public key infrastructure is created by organizations to create trust in their network system and security policies. It is also known as public key cryptography. Digital Signatures are the public key cryptography which can be used to make internet communications and data stored in internet safer with growth of internet and its impact. The Courts and legislators will not be able to provide guidance in time and to engage them in commerce.
The advantage of public key infrastructure is the production of software, and software integrity verification added with virus protection. The other main benefit of this technology is to provide data integrity. The main benefit of digital signature is that the modification of electronic form is not possible. The information is stored and protected by digital signature. Digital Signature is also highly important to the e-governance and e-commerce.
People are using cryptography to protect the data and messages. Cryptography is used to prevent criminals from reading confidential letters, memo, reports, etc. Cryptography is a kind of secret writing which helps in storing information and which can also be revealed to those who wish to see it and it can be hidden from all others.
It involves two processes:-
· Encryption Process - It is a process where the text message is encrypted into an unintelligible form.
E.g.: Message - "Reaching Delhi on August 24"
Encrypted Message:
ASDFGHJKMNBVCXSDRTYUJNBVCXDFGH
· Decryption Process - It is the process where the message in unintelligible form is decrypted into an 'original' text message.
E.g.: Encrypted Message
ASDFGHJKMNBVCXSDRTYUJNBVCXDFGH
Decrypted Message
"Reaching Delhi on August 24"
1. Symmetric Cryptography - In this type of cryptography, only one key is used to encrypt and decrypt the message. It is also known as private-key cryptographic system.
· Only two parties are involved : Sender and Receiver of the message.
· It is cheaper than the public key systems.
The key which is used by both the parties i.e., sender or receiver of message can be misused by any third party (HACKER).
2. Asymmetric Cryptography - In this type of cryptography, two keys are used. One key is used to encrypt the message and another key is used to decrypt the message. It is also known as public cryptography system.
· That no key is required for sender and receiver to transport the secret key over communication channels.
· That there is involvement of a trusted third party "Certifying Authority".
· It is suitable for short messages only. It is not suitable for bulk encryption where megabytes of data is required.
· Public key system is expensive.
A digital signature is block of data at the end of message that attests to the authority of the file. It is necessary to note that if any change is made to the file, the signature will not verify.
A digital signature is created and verified by cryptography in which the message in an electronic form is converted into an unintelligible form and when it is received by receiver of message, it can be converted into original form.
The new Oxford dictionary defines digital signature as "a person's name written in different manner as a form of identification in authorizing a cheque or any document."
Legally, a signature means visible form of writing which has some evidentiary attributes like signers approval, identity, etc.
|
Statutory Criteria |
Handwritten Signature |
Digital Signature |
|
Purpose |
To authenticate the message as originating from the purported signer. |
To authenticate the message as originating from the purported signer. |
|
Affirmative Action |
The written content is bound by legal implications of signing. |
An electronic record is bound by legal implications of affixing. |
|
Evidence |
Distinctive, attributable to signer only. |
Distinctive, attributable to signer only. |
|
Signer identification |
Witness/notary |
Trusted third party, notary does not identify the digital signature. |
|
Document identification |
It is impossible to alter the signed or the signature without detection. |
Non-repudiation, i.e., preventing a person from modifying or terminating the legal obligation arising out of transaction made through computer. |
The digital signature becomes legally binding to the signer (sender) when:-
1.The certifying authority (Trusted Third Party) is a licensed one.
2.A digital signature has been created as per the technology standards prescribed under the law.
3.The digital signature verification process has become successful.
The main purpose of digital signature is that it identifies the signer of an electronic message and also assures that the signer approved the content of that electronic message.
Comparison between electronic signature and digital signature:-
|
Criteria |
Electronic Signature |
Digital Signature |
|
Definition |
It refers to all the methods by which one can ‘sign’ an electronic record. |
It is technology specific type of electronic signature. |
|
Technology |
It can be created by using different technologies, it also satisfies the requirement of a legal signature. |
It involves public key cryptography (asymmetric cryptography to sign a message). |
|
Legislative examples |
There are different statues which have been enacted in the various countries like Australia, Austria, Bermuda, Canada, Germany, Japan, Hong-Kong, Malaysia, Singapore and European Union, etc. (E-sign Federal enactment have been enacted in South Korea, UK as ‘electronic signature’ legislation). |
Technology specific statutes have been enacted in various States of the United States. Various countries like India, Argentina, Italy, Columbia have enacted ‘digital signature’ legislation. |
By the 2008 amendment of the Information Technology Act, 2000, the words "digital signature" were substituted by the words "electronic signature" in some sections and chapter.
It uses "Public Key Cryptography" in which two different keys are mathematically related.
One key is used for creating a digital signature and converting the message into an unintelligible form. Another key is used to verify the digital signature and transforming the data into original form. This process is known as Hash Function.
Two parties are involved in this two-way process of Digital Signature.
· The signer (creator of digital signature).
· The recipient (verifier of digital signature).
The process of digital signature is complete only when the recipient receives the message and verifies it.
What is the process of digital signature?
There are two process involved in Digital Signature:-
· Creating a digital signature - It is a process in which the message is typed in computer and the limited information is to be signed and termed as "message". The hash function in the signer's software computes the hash result which is unique to the message and the message is then transformed (encrypts) by the hash result into the digital signature using the signer's private key. The digital signature is unique to the message and the signer's private key. The digital signature is then attached to the message and it is stored with the message. Signer sends both digital signature and the message to the recipient.
· Verifying the digital signature - When the receiver receives the message along with the digital signature and receiver applies the signer's public key on the digital signature and recovers the hash result from digital signature. The hash result of the original message is computed by way of hash function which is used by signer to create the digital signature. The hash result should be same if so computed by the verifier and so extracted from digital signature. If the hash result is not same, then it means that it is altered or originated elsewhere after it was signed and the recipient can reject the message.
© Universal law Publishing Co.