INFORMATION

TECHNOLOGY UNIT 2

LAWS
DIGITAL Section 3 and 3A
SIGNATURES of IT Act
AND
ELECTRONIC
SIGNATURES
 The traditional signatures are
handwritten and are uniquely
representative of one’s identity. The
use of signature is mandatory in law
in certain cases and holds an
important legal position in the
document as it signify two things,
the identity of the person and its
intent to it. The Signature is one’s
identity on a document and is used
in day to day transaction and in case

Digital
of illiterate persons its fingerprint is
considered as his signature.
Under Law of Evidence, the ‘original’
document constitutes primary

Signatures
evidence, while a copy of the
‘original’ document constitutes
secondary evidence. The originality
of paper-based documents is usually
established with the presence of
original handwritten signatures.
 As the handwritten signature is
prone to forgery and tampering
hence insufficient for online
transaction and contracts. The
online transaction requires unique
and strong protection which is
served by electronic signature.
Equivalent criteria for the legality
and validity of transactions in an
electronic form were laid down by
the Model Law. Such criteria were

Digital
based on the principles of non-
discrimination, technological
neutrality and functional
equivalence. So the validity of
information cannot be challenged

Signatures merely because it contained in an

electronic document. An electronic
document is considered to be
original, if it is in the same form as
it was when it was first generated.
 This implied that a method
was required to guarantee
that the electronic document
received was indeed in the
same form as when it was
originally generated.
Handwritten signatures are a
valid means of authentication
of documents because they
are so unique and specific to

Digital
the person. This meant that
an equally unique, specific
and inimitable form of
authentication was required

Signatures for electronic transactions.

The solution was conceived
in the form of digital
signatures and electronic
signatures.
 UNCITRAL Model Law on Electronic
Signatures 2001
The purpose of UNCITRAL Model Law on
Electronic Signatures 2001 provides
following statement which signifies the
importance of electronic signature.

“The increased use of electronic

authentication techniques as substitutes
for handwritten signatures and other

Digital
traditional authentication procedures has
suggested the need for a specific legal
framework to reduce uncertainty as to
the legal effect that may result from the

Signatures and use of such modern techniques (which

may be referred to generally as
“electronic signatures”). The risk that

Electronic diverging legislative approaches be

taken in various countries with respect to
electronic signatures calls for uniform

Signatures legislative provisions to establish the

basic rules of what is inherently an
international phenomenon, where legal
harmony as well as technical
interoperability is a desirable objective.”
 The concept of digital signature was
introduced through Information
Technology Act 2000 in India which is
technology specific, this will enhanced
with hybrid concept of electronic
signature which is based on UNCITRAL
Model Law on Electronic Signatures after
2008 amendment. The electronic
signature is a technologically neutral
concept and includes a digital signature.
Digital The object and purpose of electronic
signature are similar to that of traditional

Signatures and
signature. In cyber world electronic
signature ensures that the electronic
records are authentic and legitimate as

Electronic
electronic signature are safer and cannot
be forged and is convenient as the
sender himself does not have to be

Signatures present personally at the place to

contract to sign the document. For
example a person can sign a contract in
India and send it to any part of the world
to complete the transaction.
 The method of authentication using
the digital signatures is mentioned
under Chapter II of the Act.
Section 2(1)(f), defines
“asymmetric crypto system
means a system of a secure key
pair consisting of a private key
for creating a digital signature
and a public key to verify the
digital signature;”
-The asymmetric cryptosystem forms
the basis of the digital signature

Definitions system. It consists of a private key

which creates the digital signature
and a public key which verifies the
under Digital digital signature. The private key is
held by the person affixing the
digital signature for the purpose of
Signatures authentication and the public key is
made available to the person
receiving the record, in order to
verify the record.
 Section 2(1)(x) defines,
“key pair, in an
asymmetric crypto
system, means a
private key and its
mathematically related
public key, which are so
related that the public
key can verify a digital
Definitions signature created by
the private key;”
under Digital The public key and the
private key is used in the
Signatures asymmetric crypto system
are collectively known as
a key pair.
 Section 2(1)(zc) defines,
“private key means the key
of a key pair used to create
a digital signature;”
The private key is used to
create a digital signature i,.e.
to affix the digital signature. It
Definitions is in the possession of the
subscriber or his agents only.
under Digital If the private key is revealed
to another person, it
Signatures compromises the security of
the digital signature, and will
be required to be cancelled.
 Section 2(1)(zd) defines,
“public key means the key of
a key pair used to verify a
digital signature and listed in
the Digital Signature
Certificate;”
The public key is used to verify
the digital signature. Unlike,
the private key, the secrecy of
Definitions this key is not required to be
maintained. In fact, it is

under Digital required to be given to the

person receiving the electronic
record and is also published so
Signatures that it can be used by anyone
who requires verifying of a
digital signature.
 Section 2(1)(p) defines, “digital
signature means authentication
of any electronic record by a
subscriber by means of an
electronic method or procedure
in accordance with the provisions
of section 3;”
A digital signature is the electronic method
prescribed to authenticate the electronic
records. The method prescribes
combination of asymmetric crypto system
with the hash function, another method of

Definitions
verification, to affix a digital signature. A
digital signature would be valid only if it is
used by a subscriber, i.e. the person

under Digital
holding a valid digital signature certificate.
The use of digital signature is not
mandatory under the Act but is a legal

Signatures method to authenticate the electronic

records. The use of digital signature has
been made mandatory in cases of e filing
of Income Tax return and e-filing of
Government tenders.
 Section 2(1)(q) defines,
“Digital Signature
Certificate means a Digital
Signature Certificate
issued under sub-section
(4) of section 35;”
A digital signature certificate
under section 35 gives a
certifying authority the power to
issue a DSC. A DSC certifies that
Definitions the public key being used for the
purpose of verification of the

under Digital digital signature belongs to the

person whose name is mentioned
as subscriber in the DSC. Main
Signatures purpose is to identify the
subscriber of a particular public
key.
 Section 2(1)(zg) defines,
“subscriber means a
person in whose name
the electronic signature
Certificate is issued;
The subscriber is the person
whose name appears in an
DSC/ESC. Therefore, a
subscriber refers to a person
Definitions who is authorized by the
certifying authority with
under Digital respect to the electronic
signature. With reference to
Signatures the DSC, the subscriber is the
person who is authorized to
use that key pair.
 Technical aspect of Digital
Signature
The digital signature is created
and verified by using the Public
Key Infrastructure (PKI)
technology that requires two
keys that is a public key and a
private key for encrypting and
decrypting the information. The
message is encrypted with a
public key can only be decrypted

Digital
using the corresponding private
key and vice versa. The unique
feature in public key
infrastructure is that the public

Signatures
and private keys are related to
each other and only the public
key can be used for encrypting
messages that can be decrypted
using the corresponding private
key.
 The public key is shared,
whereas the private key is
known only to its possessor.
The digital signature is
based on Cryptography.
Cryptography is the science
to secure communications
by converting the message
(encrypting ) into an
unreadable format and only

Digital the person with a secret key

can decrypt (read)
Cryptography systems can
it.

Signatures be broadly classified into

two types i.e., symmetric
and asymmetric.
 In symmetric systems,
both the sender and
recipient have same
keys and asymmetric
system each user has
two keys a public key
that is known to
everyone and a private

Digital
key that is known only
the recipient of
messages. In India

Signatures
signature uses an
asymmetric system that
has a public key and
private key.
 Digital Signature
Certificates
Digital Signature
Certificates are digital
format certificate to prove
identity in the digital
world. The digital signature
certificates are issued by
Certifying Authorities

Digital
under the authority of
Controller of Certifying
Authorities. A Digital

Signatures
Signature Certificate is an
electronic document that
can be used to verify that
the public key belongs to
the particular individual.
 Digital Signature
Certificates contains Public
key of the certificate
owner, Name of the owner,
Validity “from” and “to”
dates, Name of the issuing
authority, Serial number of
the certificate, Digital
signature of the issuing

Digital
authority name of the
person, etc. There are
three different classes of
digital certificate. They

Signatures class I, class II and class III.

Depending on the type,
each digital certificate
provides specific functions.
 Legal aspect of Digital
Signature
Section 3 of the Information
Technology Act 2000 provides for
authentication of electronic
records. It provides that the
electronic records can be
authenticated by using digital
signatures. It lays down
technology requirements for
digital signatures. It prescribes the

Digital
use of an asymmetric crypto
system and hash function for
authentication of electronic
records. Authentication of an

Signatures
electronic document is important
as it ensures that the message
has not been tampered and
confirms the creator’s identity,
making it non-repudiable i.e., the
sender cannot deny its creation.
 The object of authentication is
achieved by the use of
asymmetric system and hash
function which convert the
electronic message into an
unreadable format to prevent
tampering of electronic record.

A hash function is the method

or scheme used for encrypting
and decrypts digital

Digital signatures. A hash function

produces a hash value which
is also known as a message

Signatures
digest. It plays an important
role in ensuring that the
message has not been
tampered and information is
safe and secure.
 Authentication of electronic records
(1) Subject to the provisions of this section
any subscriber may authenticate an
electronic record by affixing his digital
signature.
(2) The authentication of the electronic
record shall be effected by the use of
asymmetric crypto system and hash
function which envelop and transform the
initial electronic record into another

Digital
electronic record.
Explanation-For the purposes of this sub-
section, “hash function” means an algorithm

Signatures-
mapping or translation of one sequence of bits
into another, generally smaller, set known as
“hash result” such that an electronic record
yields the same hash result every time the

Authentication of
algorithm is executed with the same electronic
record as its input making it computationally
infeasible

electronic
(a) to derive or reconstruct the original
electronic record from the hash result
produced by the algorithm;
(b) that two electronic records can produce

records-Section 3 the same hash result using the algorithm.

(3) Any person by the use of a public key of the
subscriber can verify the electronic record.
(4) The private key and the public key are
unique to the subscriber and constitute a
functioning key pair.
 The hash function are used in
digital signatures to guarantee the
integrity of the electronic record.
The hash function uses a method
which is similar to process of
encryption used in asymmetric
crypto system. It consists of a
simpler form of encoding and
Digital decoding that converts information
of one length into information of a

Signatures-
smaller length using a
mathematical algorithm.

Authentication of
For a given hash function, the
smaller length to which the
information is to be converted is
electronic fixed. Means it will always produce
a hash result of same length
regardless of the length of the
records-Section 3 information to which it is applied.
Hash function consists of a many:1
translation in comparison to 1:1 in
case of encryption.
 A given electronic record will
always produce the same hash
result on the application of the
same hash function and no two
electronic records will produce
the same hash result on
application of same hash
Digital function. Even a slight change
in the document will produce
Signatures- the different hash result. It
means application of the hash

Authentication of function to the electronic

record produce the hash result
which is unique to the record. –
electronic it will guarantee the integrity
of the document, even a
records-Section 3 slightest change in
document can be detectable
the

by application of same hash

function.
 Hash result can not
be decrypted to
produce an original
result. This
guarantee the
Digital confidentiality of a
message that is sent,
Signatures- ensuring that no
Authentication of person who obtains
access to the hash
electronic result of a document
records-Section 3 will be able to derive
the original
information from it.
 -A hash function consists of an
algorithm, mapping or translation,
i.e. a kind of mathematical formula
-this mathematical formula
converts one sequence of bits i.e.
information of one length into a
sequence of a fixed smaller length.

Digital -This smaller sequence is known as

a ‘hash result’.

Signatures- -A given set of information

produces the same result every

Authentication of
time the hash function is applied.
It is impossible (computationally
infeasible) to calculate or derive
electronic the original information from its
hash result.

records-Section 3 -It is impossible for two separate

electronic records to produce the
same hash result using the same
hash function.
 Manner of Authentication by a Digital
Signature: Rule 3
“A Digital Signature shall,-

(a) Be created and verified by

cryptography that concerns itself with
transforming electronic record into
seemingly unintelligible forms and back
again

(b) Use what is known as Public Key

Cryptography, which employs an algorithm
Digital Signatures- using two different but mathematical
related keys – one for creating a Digital
Authentication of electronic Signature or transforming data into a
records-Section 3 must read seemingly unintelligible form, and another
key for verifying a Digital Signature or
with Rules 3, 4 and 5 of the returning the electronic record to original
form,the process termed as hash function
IT (certifying authority) shall be used in both creating and
verifying a Digital Signature.
Rules 2000 Explanation: Computer equipment and
software utilizing two such keys are often
termed as asymmetric cryptography.”
 Under this rule, the affixation of
a digital signature involves two
steps- Creation and Verification.
The method of cryptography is
‘public key cryptography’ which
involves two keys, one which
converts the information into
cipher text and the other
reconvert it into original text.
Digital Signatures- The first key the private key
Authentication of electronic creates the digital signature
records-Section 3 must read while the second is public key
verifies it.
with Rules 3, 4 and 5 of the
Asymmetric cryptography to
IT (certifying authority) refer to the computer software
Rules 2000 and equipment which is
involved with the use of the
public key cryptography.
 Creation of Digital Signature: Rule
4
To sign an electronic record or
any other item of information, the
signer shall first apply the hash
function in the signer’s software;
the hash function shall compute a
hash result of standard length
which is unique (for all practical
purposes) to the electronic record;
Digital Signatures- the signer’s software transforming
Authentication of electronic the hash result into a Digital
Signature using signer’s private
records-Section 3 must read key; the resulting Digital Signature
with Rules 3, 4 and 5 of the shall be unique to both electronic
record and private key used to
IT (certifying authority) create it; and the Digital Signature
Rules 2000 shall be attached to its electronic
record and stored or transmitted
with its electronic record.
 The creation of a digital signature
involves the following steps:
1) Application of hash function:
The first step in the affixation of a
digital signature is the application
of the has function to the
electronic record/ information that
is to be sent. The hash function
Digital Signatures- which is applied will be the one
Authentication of electronic provided in the signer’s software,
records-Section 3 must read or the software forming a part of
the asymmetric cryptography of
with Rules 3, 4 and 5 of the the signature. This hash function
IT (Certifying Authority) produces a hash result which is
Rules 2000 of a fixed length and is unique to
the electronic record to which it is
applied.
 2) Application of private key: The
next step is the application of the
private key provided in the signer’s
software. The private key encrypts
the hash result to produce ciphertext.
The transformation of the hash result
to obtain ciphertext results in the
creation of the digital signature. The
application of the private key to hash
result of the document results in the
Digital Signatures- creation of a completely different
Authentication of electronic digital signature for every record to
which the asymmetric cryptography
records-Section 3 must read is applied. Additionally, application
with Rules 3, 4 and 5 of the of a different private key will result in
the production to different cipher
IT (Certifying Authority) text. As a result, the digital signature
Rules 2000 thus created will be unique to the
electronic record as well as to the
private key that is applied to it.
 3) Transmission of
the Record: After the
digital signature is
created, it is attached
to the original
Digital Signatures- electronic record.
Authentication of electronic Thereafter, both the
records-Section 3 must read original electronic
with Rules 3, 4 and 5 of the record in plain text and
IT (Certifying Authority) the digital signature
Rules 2000 are transmitted to the
recipient.
 Verification of digital Signature: Rule 5
The verification of a Digital Signature shall be
accomplished by computing a new hash result of
the original electronic record by means of the
hash function used to create a Digital Signature
and by using the public key and the new hash
result, the verifier shall check

(i) If the Digital Signature was created using the

corresponding private key; and

(ii) If the newly computed hash result matches the

original result which was transformed into Digital
Signature during the signing process. The
Digital Signatures- verification software will confirm the Digital
Signature as verified if:-
Authentication of electronic (a) The signer’s private key was used to digitally
records-Section 3 must read sign the electronic record, which is known to be
the case if the signer’s public key was used to
with Rules 3, 4 and 5 of the verify the signature because the signer’s public
key will verify only a Digital Signature created
IT (Certifying Authority) with the signer’s private key; and

Rules 2000 (b) The electronic record was unaltered, which is

known to be the case if the hash result computed
by the verifier is identical to the hash result
extracted from the Digital Signature during the
verification process.
 Upon receipt of the digital signature
and the original record, the recipient
will need to verify the digital
signature. For this purpose, the
public key will have to be made
available to the recipient, either,
prior to sending the digital
signature, or along with the record
with the digital signature, or made
publicly available for use by any
Digital Signatures- recipient. The process of
Authentication of electronic verification involves the following
steps:
records-Section 3 must read
i) Creation of a new hash result:
with Rules 3, 4 and 5 of the the first step in the process of
IT (Certifying Authority) verification is the application of
the same hash function to the
Rules 2000 electronic record received by
the recipient. This result in the
creation of a new hash result.
 Application of public key:
The public key will be applied
to the digital signature that is
attached with the electronic
record received. This
application will decrypt the
ciphertext, to produce the
has result that was
Digital Signatures- generated by the sender.
Authentication of electronic The successful application of
records-Section 3 must read the public key to produce the
with Rules 3, 4 and 5 of the hash result indicates that the
IT (Certifying Authority) digital signature was indeed
created by the application of
Rules 2000 the sender’s corresponding
private key.
 iii) Comparison of the hash
results: the next step is the
comparison of the hash result
obtained by the recipient with the
hash result obtained by the sender.
Electronic records can very easily
be modified or tampered wit even
once in transit. Even a slight
change in the document will
Digital Signatures- produce a completely different
hash result, thus, indicating that
Authentication of electronic the electronic document has been
records-Section 3 must read compromised with. On the other
hand, the obtaining of a hash
with Rules 3, 4 and 5 of the function that is identical to the one
IT (Certifying Authority) obtained by the sender indicates
Rules 2000 that the record received by the
recipient was identical to the one
that was sent by the sender.
 Steps are:
- A hash function is applied to the
electronic record to produce a
hash result.
- The sender’s private key is
applied to the hash result, to
produce an encrypted form of
the electronic record. This step
Digital Signatures- indicates the creation of the
digital signature.
Authentication of electronic - This encrypted record is sent
records-Section 3 must read along with the original document
with Rules 3, 4 and 5 of the to the receiver.
IT (Certifying Authority) - The receiver applies the
sender’s public key to the
Rules 2000 document and decrypts it to
obtain the original hash result of
the document.
 -he applies the hash
function to the original
document sent along
with the encrypted
record to obtain a hash
result again.
Digital Signatures- -he compares this hash
Authentication of electronic result with the one
records-Section 3 must read obtained from the
with Rules 3, 4 and 5 of the decryption.
IT (Certifying Authority)
-if the hash results are
Rules 2000
equal, the digital
signature is verified.
 A digital signature therefore
guarantee the following with
respect to the record:
-Authenticity: the asymmetric
crypto system guarantees the
authenticity of the source of
the electronic document i.e., it
Digital guarantees that the document
was sent by the sender
Signatures- himself. Since, the private
key is known only to the
Authentication of subscriber, the affixation of
the digital signature onto the
electronic records document is evidence that it
was affixed by the subscriber
and no one else.
 -Non-repudiation: the
asymmetric crypto system
also guarantees non-
repudiation of the document
i.e. once the digital signature
has been affixed by the
sender and verified by the
recipient, the sender cannot
Digital deny having sent the
Signatures- document.
-Integrity: the hash function
Authentication of guarantees the integrity of
the record, i.e. the record
electronic records had not been altered while
being transmitted to the
recipient.
Digital Signatures- Authentication of
electronic records
 Criteria for valid Electronic
Signatures under the
Model Law:
It prescribes the following
requirements for a valid
electronic signature:
1) It can be used to
identify the person

Electronic 2) It shows the identified

person’s approval of
the content of the

Signatures
message
3) It was as reliable as
was required under
the circumstances
 Section 2(1)(ta) defines
Electronic Signature as
“Authentication of any electronic
record by a subscriber by means
of the electronic technique
specified in the second schedule
and includes digital signature.”

The definition of electronic signature

includes digital signature and other
electronic technique which may be
specified in the second schedule of

Electronic the Act, thus an electronic signature

means authentication of an electronic
record by a subscriber by means of
electronic techniques. The adoption

Signatures
of ‘electronic signature’ has made
the Act technological neutral as it
recognizes both the digital signature
method based on cryptography
technique and electronic signature
using other technologies.
 Functions of Electronic
Signature
The concept of electronic signature
was introduced under section 3A of
the Information Technology
(Amendment) Act 2008.
An electronic signature means
authentication of an electronic
record by a subscriber by any means
of electronic authentication
techniques. An electronic signature
technique can be used as an

Electronic
authorized electronic signature if
such technique is notified by the
central government in the official
gazette or in the second schedule of

Signatures
the Act. There are different types of
electronic signature, however, all of
them are not secure; hence only the
techniques notified in the official
gazette or in the second schedule
can be used as a legitimate
electronic signature.
 For example typed name, a
digitized image of a
signature is also a form of
electronic signature, but is
prone to tampering and are
insecure. The electronic
signature technique has to
be reliable to be
recognized as an electronic

Electronic
signature. Section 3A of
the Information Technology
Act 2000 is based on
Article 6 “Compliance with

Signatures a requirement for

signature” of UNCITRAL
Model Law on Electronic
a

Signatures 2001.
 [3A. Electronic signature.—(1)
Notwithstanding anything
contained in section 3, but
subject to the provisions of
sub-section (2), a subscriber
may authenticate any
electronic record by such
electronic signature or
electronic authentication
technique which—
(a) is considered reliable;

Electronic
and
(b) may be specified in the
Second Schedule.
(2) For the purposes of this

Signatures section
signature
any

authentication
or
electronic
electronic
technique
shall be considered reliable if
—
 (a) the signature creation data or
the authentication data are,
within the context in which
they are used, linked to the
signatory or, as the case may
be, the authenticator and to no
other person;
(b) the signature creation data or
the authentication data were,
at the time of signing, under
the control of the signatory or,
as the case may be, the
authenticator and of no other

Electronic
person;
(c) any alteration to the electronic
signature made after affixing
such signature is detectable;

Signatures
(d) any alteration to the
information made after its
authentication by electronic
signature is detectable; and
(e) it fulfils such other conditions
which may be prescribed.
 (3) The Central Government may
prescribe the procedure for the
purpose of ascertaining whether
electronic signature is that of the
person by whom it is purported to
have been affixed or
authenticated.
(4) The Central Government may,
by notification in the Official
Gazette, add to or omit any
electronic signature or electronic
authentication technique and the
procedure for affixing such

Electronic
signature from the Second
Schedule: Provided that no
electronic signature or
authentication technique shall be

Signatures
specified in the Second Schedule
unless such signature or
technique is reliable.
(5) Every notification issued
under sub-section (4) shall be laid
before each House of Parliament.]
 Instead of specifying the technology to be used
for electronic signatures, the Legislature
specified certain criteria based on which a
technology may be prescribed by the
Government as a valid electronic signature. An
electronic record can be authenticated using any
form of electronic signature or other
authentication techniques.

The following are the requirement of an

electronic signature.

Electronic a) It has to be reliable.

b) The central government may notify in the

Signatures official gazette the technique and procedure for

electronic signature or specify in the second
schedule of the Information Technology Act 2000.
 An electronic Signature shall be
considered as reliable if it fulfills
following requirement,

a) The technique should be such that it

can be linked to the creator of the
message.
b) The technique of electronic signature
must be under the control of the maker

Electronic of the signature.

c) Any change or alteration to the
electronic signature after affixation must

Signatures
be detectable.
d) Any change or alteration of data after
affixing electronic signature must be
detectable.
 The Central Government is the
authority to declare the technique
as reliable electronic signature
and can add or remove any
technique from the electronic
authentication technique. As on
date the central government has
not issued any notification on the
concept of electronic signature

Digital and thus the electronic signature

has not gained much attention. In
this regard the Delhi high court
Signatures and has directed

electronic
the

signature
central
government to frame policy on
for
Electronic authentication of electronic
records. The only method of

Signatures authentication of electronic

records in India presently being
digital signature as there are no
guidelines on use of electronic
signature.
 The legal recognition of
electronic signature has been
provided under section 5 of
information technology Act
2000. This section equates
electronic signature as
traditional handwritten
signature. It provides that if
Digital any, information
document if confirmed by
or

Signatures and electronic signature shall

have the same effect as the
affixing of signature if done
Electronic according to the prescribed
manner. The central
Signatures government shall prescribe
the manner in which
electronic signature has to
be affixed.
 Offenses related to
Electronic Signature
The offenses related to
electronic signature are
generally related identity theft,
publication of false electronic
signature certificate, publication
of electronic certificate with

Digital fraudulent purpose.

Section 66C of the Act

Signatures and
punishes for identity theft. This
Act punishes fraudulent use of
electronic signature of any other
Electronic person and such person shall be
punished with imprisonment of
up to three years and will also
Signatures liable to pay fines which may
extend up to one lakh.
 Misrepresentation or suppression of
material fact in order to obtain any license
or electronic signature is an offense under
section 71 of the Act. This section is
applicable in following cases

a) If a person makes a misrepresentation

to the Controller or Certifying authority.
b) If a person suppresses any material

Digital
fact from, the Controller or Certifying
authority.
Such misrepresentation or suppression of

Signatures and material fact with the intent to obtain any

license or electronic certificate from, the
Controller or Certifying authority is

Electronic punishable with imprisonment of up to two

years and fine up to rupees one lakh. The
information to be provided to the
Signatures Controller or Certifying authority should be
proper and correct and presentation of
wrong, incorrect or false information is an
offense under Section 71 of the Act.
 Publication of electronic signature
certificate which is false in certain
particulars is an offense under
section 73 of the Act. The following
shall amount to publication of false
particulars in an electronic certificate,

a) Publication of Electronic signature

certificate which the certifying
authority has not issued.

Digital
b) Publication of Electronic signature
certificate which subscriber of the
certificate has not accepted.

Signatures and
c) Publication of Electronic signature
certificate which is revoked or
suspended.

Electronic Section 74 of the Act punishes

creation, publication or providing of

Signatures
electronic signature certificate for
fraudulent or unlawful purpose with
imprisonment for a term which may
extend up to two years or a fine which
may extend up to one lakh.
 • Examples of Electronic
Signatures
• Click –Wrap Agreement-”I
Accept” button on websites
• Pin Numbers –ATM cards
• Digitized Image of Handwritten
Signature

Electronic
• Biometric signatures-
Electronic devices which scan
fingerprints, hand geometry,
retina scans, voice recognition

Signatures- • Signature Capture Devices-

Devices such as tablets,

Examples
signature pads, etc which
capture handwritten
signatures
• Identity Verification Services-
Email validation, ID verification
Difference Between Electronic and
Digital Signatures
Criteria Electronic Signatures Digital Signatures

Definition It is a generic, technology neutral term that refers to It is simply a term for one technology-specific type of
the universe of all the various methods by which one e-signatures.
can “sign” an electronic record.
Technology They can take many forms and can be created by many It involves only the use of public key cryptography
different technologies. (asymmetric cryptography) to sign a message.
Examples A name typed at the end of an e-mail message by the It is a block of data at the end of an electronic message
sender; a digitized image of handwritten signature; a that attests to the authenticity of the said message.
secret code or PIN; a unique biometrics based Digital signatures are an actual transformation of an e-
identifier, etc. message using PKI. It requires a key pair and a hash
function. It provides greater assurance of a document’s
authenticity and integrity than other forms of e-
signatures.