INFORMATION TECHNOLOGY LAWS

 
PROJECT REPORT ON
  
“Digital and Electronic signature,
Digital
Submitted to : signature certificate” Submitted by :

Ms. Amita Verma Tushal Bagri

220/16
[Link] LL.B. (Hons.)
Section – D
Semester – 10th  
University Institute of Legal Studies
2020-2021
 Acknowledgment
Exchange of ideas generates new objects to work in a better way. Whenever a
person is helped and co-operated by others, his heart is bound to pay gratitude
and obligation to them. I would like to thank my Teacher, Ms. Amita Verma for
providing me with invaluable support and guidance which led to the completion
and conception of this project.
 Index
Sr. No. Topic Pg No.

1. Introduction 4-6

2. UNCITRAL Model Law 7

3. Digital Signature 8-10

4. Digital signature certificate 11-12

5. Suggestions 12

6. Conclusion 13

7. Bibliography 13
 Introduction
• The introduction of signatures has provided a definite identity to the individuals and allowed the corporate
sector and other individuals to function in a manner faster, keeping pace with the ongoing technology.
1. Electronic signature: Electronic Signature provides an electronic representation of the individual’s
identity that provides the proof of consent and assents to the facts of the given signature
2. Digital Signature: Digital signatures on the other end are more safeguarded and cannot be easily
tampered with. In case there are any changes made to the document and are sent back to the original
signee, the digital signature shows as invalid signature.

Section 3 : Authentication of electronic records.–

• (1) Subject to the provisions of this section any subscriber may authenticate an electronic record by
affixing his digital signature.

• (2) The authentication of the electronic record shall be effected by the use of asymmetric crypto system
and hash function which envelop and transform the initial electronic record into another electronic
record.
• Explanation.–For the purposes of this sub-section, ―hash function‖ means an algorithm mapping or Translation
of one sequence of bits into another, generally smaller, set known as ―hash result‖ such that an Electronic record
yields the same hash result every time the algorithm is executed with the same electronic Record as its input
making it computationally infeasible–
(a)To derive or reconstruct the original electronic record from the hash result produced by the
- Algorithm;
(b) That two electronic records can produce the same hash result using the algorithm.
• (3) Any person by the use of a public key of the subscriber can verify the electronic record.
• (4) The private key and the public key are unique to the subscriber and constitute a functioning key Pair.
Section 3A. Electronic signature.—
• (1) Notwithstanding anything contained in section 3, but subject to the Provisions of sub-section (2), a subscriber
may authenticate any electronic record by such electronic Signature or electronic authentication technique which
—
(a)Is considered reliable; and
(b)May be specified in the Second Schedule.

• (2) For the purposes of this section any electronic signature or electronic authentication technique Shall be
considered reliable if -

(a) the signature creation data or the authentication data are, within the context in which they are Used, linked to the
signatory or, as the case may be, the authenticator and to no other person;
• (b)The signature creation data or the authentication data were, at the time of signing, under the Control of the
signatory or, as the case may be, the authenticator and of no other person;

• (c) any alteration to the electronic signature made after affixing such signature is detectable;

• (d) alteration to the information made after its authentication by electronic signature is Detectable; and

• (e) it fulfils such other conditions which may be prescribed.

• (3) The Central Government may prescribe the procedure for the purpose of ascertaining whether Electronic
signature is that of the person by whom it is purported to have been affixed or authenticated.

• (4) The Central Government may, by notification in the Official Gazette, add to or omit any Electronic signature or
electronic authentication technique and the procedure for affixing such signature From the Second Schedule:

• Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless
such signature or technique is reliable.

• (5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.]

Sec 2(p)-

“Digital signature” means authentication of any electronic record by a subscriber by means of an electronic method
or procedure in accordance with the provisions of section 3.
UNCITRAL Model Law on electronic signatures 2001
• The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides the following statement which
signifies the importance of electronic signature. The increased use of electronic authentication techniques as
substitutes for handwritten signatures and other traditional authentication procedures has suggested the need for a
specific legal framework to reduce uncertainty as to the legal effect that may result from the use of such modern
techniques (which may be referred to generally as “electronic signatures”). The risk that diverging legislative
approaches be taken in various countries with respect to electronic signatures calls for uniform legislative
provisions to establish the basic rules of what is inherently an international phenomenon, where legal harmony as
well as technical interoperability is a desirable objective.

• Types of electronic signature

1. Unsecured Signature : Since Electronic Signature is more of an unsecured type of signature, there are
affixations that are marked in the end for reference.
• Email Signature
• Web Based Signature
2. Secured Signature

• This includes the signatures which are digitally secured and also which have more legal weightage
 Digital Signature
• According to section 2(1)(p) of the Information Technology Act, 2000 digital signature means the
authentication of any electronic record by a person who has subscribed for the digital signature in
accordance to the procedure mentioned under section 3 of the same act.

• Section 5 of the Information Technology Act, 2000 gives legal recognition to digital signatures.

• The basic purpose of digital signature is not different from our conventional signature. The purpose therefore
is to authenticate the document, to identify the person and to make the contents of the document binding on
person putting digital signature. The functioning of DS is based on the system of public key cryptography.

Usage of Digital Signature:

• Personal Use Features of Digital Signature
• Business • The authenticity of the sender
• Return filling for GST • The integrity of the message
• Filing for income tax • Non- Repudiation
• For ROC E-filing
 Process for the creation of digital signature

Digital signatures are becoming very popular in the whole world. Countries that approve the use of digital signatures have a structure
that governs the acquisition and use of the digital signature. Even so, regardless of the country that you come from, the way of
acquisition is standard. Digital signatures are created and issued by qualified individuals. For anyone to get a valid digital certificate,
they must get it from a certifying authority (CA). The Certifying Authority (CA) is a kind of Trust Service Provider, and it is a third-
party organization that is trusted and accepted in a country. It has the power of issuing the citizens with digital signatures. These CAs
have rules and regulations that they have to keep and be governed by.

• Firstly a person needs to get a Digital Signature Certificate from the Certifying Authorities. After that, the following process is
followed:

1)The original message of the sender is demarcated in order to get the message digest, with the help of the hash function.

2)Then the private key is used to encrypt the message digest.

3)The encrypted message digest becomes the digital signature by using the signature function.

4)The digital signature is then attached to the original data

5)Two things are transmitted to the recipient:

 The Original message

 The digital signature

• Rule 4 of the Information Technology(Certifying Authorities) Rules, 2000, explains the procedure of digital signature as:

a) To sign an electronic record or any other item of information, the signer first applies the hash function in the signer’s software. A
hash function is a function which is used to map data of arbitrary size onto data of a fixed size. The values returned by a hash
function are called hash values, hash codes, digests, or simply hashes
b) The hash function computes a hash result of standard length, which is unique to the electronic record.
c) The signer’s software transforms the hash result into a Digital Signature using the signer’s private key.
d) The resulting Digital Signature is unique to both electronic record and private key which is used to create it.
e) The Digital Signature is attached to its electronic record and stored or transmitted with its electronic record.

Benefits of Digital Signature :

i. Saves time Problems With Digital Signature :

ii. Cost savings
iii. Security
i. It functions online. Therefore, it has to be
iv. Environmental benefits either purchased or downloaded
v. Legal validity
ii. Restricted Storage.
vi. Workflow efficiency
iii. Dependency on Proprietary Software.
vii. Non-deniability.

viii. Message cannot be altered in between the transmission

 Difference between Electronic and Digital Signature:
Sr. No. Electronic Signature Digital Signature
1. It has been defined under Section 2(1)(ta) of the It has been defined under Section 2(1)(p) of the
Information Technology Act, 2000. Information Technology Act, 2000.
2. It can be in the form of a name typed at the end of an It involves the usage of Cryptographic system of
email, a digital version of a handwritten signature in the constructing the signature with a two-way protection
form of an attachment, a code or even a fingerprint. system.

3. It is used for verifying a document. It is used as a means for securing a document.

4. It has no expiration or validity period. It is valid up to a maximum of three years.

5. It is easily vulnerable to tampering. It is more secure and highly reliable.

6. It is verified through the signer’s identity. It has a certificate-based digital 10 verification.

7. It is technologically neutral, i.e. no specific technological It follows a technology-specific approach such as usage
process is to be followed to create an electronic of hash functions etc.
signature.
Digital Signature Certificate (DSC)
• A method to prove the authenticity of an electronic document. It can be presented electronically to prove the
identity, to access information or sign certain documents digitally.

Digital Signature Certificate (DSC) under the

Information Technology Act, 2000
Elements of Digital Certificate 1) Section 35: Any person who wishes to get a Digital

• Signature Certificate may file an application to the

Owner’s public key.
certifying authority for issuance of the Electronic
• Owners name.
Certificate along with the submission of the required
• The expiration date of Public amount of fees not exceeding Rs. 25,000, including a
Types of Certificate
Key. statement of certification practice or stating such
Class 1 Certificate
particulars as prescribed.
• Name of the issuer. Class 2 Certificate
Class 3 Certificate 2) Section 36: Representations upon issuance of the DSC.
• Serial Number of the 3) Section 37: Suspension in public interest, not more than
certificate. 15 days, unless given the opportunity to present the case.

• 4) Section 38: Revocation on death or request of a

A digital signature of the
subscriber, dissolution of a company or a firm.
user. 
Legal Approach and Digital Signature
• The provisions of Information Technology Act, 2000 are based on the UNCITRAL’s Model Law on E-
Commerce. The Model Law is based on the minimalist neutral approach ie. With the changes in technology the
law will remain neutral, as technology is dynamic in nature and comes in the public domain with a lot of
advancement with the passage of time, and it will not be feasible for the legislators to keep on changing the
laws dealing with the technology. According to Article 7 of the UNCITRAL model, there ought to be a signature
of a person while contracting using the electronic means, for which any technology can be used. It has to be
ensured that the sender can be identified and he has given his consent to the message. The same ‘technology
neutrality’ approach has also been ratified by the Amendment Act, 2008 of the Information technology Act,
2000, with the insertion of Section 3A.

Suggestions
• In India the use of the product, which in return increases the number of users. of digital
signature can be improved by making it available in places that are easily reachable to public like banks,
post office etc. The easy approach to digital signature will also increase the awareness of the people
towards digital signature. The developing countries can follow the developed countries in implementing the
digital signature in different fields, thus increasing the use of the product which in turn increases the number of
users.
Conclusion
• In today’s fast-paced world, the internet has provided unique ways for customers to extend their business in innovative ways.
In this regard, electronic signatures have many advantages over traditional wet signature method. The main advantage is that the
document remains within the control of the involved parties and there is no dependency on a third party. Electronic signatures
ensure a speedy process and are welcoming for the future generation in signing new business deals. If you do not have access to
electronic signatures, there is a chance you may miss a good business prospect coming along your way. With the advancement in
technology, the usage of the digital signature in place of the conventional signature has widely increased. The Information
Technology Act, 2000 talks widely about the concept of Digital Signature, the authorities who have been given the power of issuing
the digital signature certificate and the circumstances which require affixation of the digital signature. In India, the digital signature
is used mostly for filing tax return. And not everyone uses digital signature to file the tax return, it is only mandatory to use digital
signature for tax filing, if the turnover of the company is more than 10 million rupees per annum or the turnover of an individual is
more than 2.5 million rupees per annum. Since 2000 till June 2013 only around 5.2 million digital signatures has be given by the
Controller of Certifying Authorities, India, which is large number but its only 0.43% of Indian population uses digital signature.

Bibliography 
1) Dr. Rattan Jyoti , Cyber laws and Information technology , Bharat’s.

2) [Link]

3) [Link]

4) [Link]