Know About Digital Signatures
(Section 3 of I.T. Act)
The enactment of information technology Act, 2000 comprehensively addresses the legal issues concerning the electronic messaging and electronic payment systems. Digital signature is the new concept brought under the ambit of legislation in India. With this , there is bound to begreater role for the information technology commerce. E-commerce relies heavily on electronically transmission of messages carrying digital signatures. It is a common beleif that a digital signature is just a digitised image of a signature (drawn by hand ).
Infact , digital signature is not the replica of the manual signature captured through a scanner or otherwise. The digital signature must be applied in a manner to satisfy the following critical features of any message.
It refers to the validity of the source of the communication. In the manual system we identify the source of document or instruction from the drawer's signatures. In the electronic message , it is the Digital signatures that verify the source or the originator of the message. The customer who originates an electronic payment ( funds transfer ) instruction must be able to establish authenticity of transaction.
Integrity of a message transmitted electronically is of paramount importance. The message has to be received intact and should not have altered any way during transmission.
Non-Repudiation is very important from banker's point of view so that it can act upon a funds transffer message. There should not be an opportunity for the sender of the message to deny that he or she has sent the message at all and in the form in which it has been recieved. As for example, a party having sent a message to buy particular shares should not be able to claim that it did not send the message when the price (of shares ) avtually fell down.
The Digital signature is unique to each message and any change to the message changes the digital signature.
Technology for Digital Signatures-
The most common manner of signing electronically is by the help of a pulic key cryptography as contemplated by the Information Technology Act. Cryptography is usually base on the use of algorithmic functions to generate two different but mathematically related keys (i.e. large numbers produced using a series of mathematical formulae applied to prime numbers ). One such key is used for creating digital signature or transforming data into a seemingly unintelligible form , and the other one for verifying a digital signature or returning the message to its original form.
The use of cryptography for authentication , purposes by producing a digital signature necessarily imply the use of encryption to make any information confidential in the communication process , since the encrypted digital signature may be merely appended to a non encrypted message . Generally a digital signature is an appendage to its message and the transformations involved in the creating of digital signature which do not affect the message. Digital signatures are annexed to the data and leave the content.
Before a sender can digitally sign an electronic communication, the sender must create a public-private key pair. The Private Key is used by a relying party to verify the digital signature.
To sign digitally or any other item of information
-> The signer first delimits precisely the borders of what is to be signed.
-> Then a hash function in the signer's software computes a hash result which for all practical purposes is unique to the message .
-> The signer's software then transforms the hash result into a digital signature using the signer's private key.
The resulting digital signature is thus unique to both the message and the private key used to create it.
A third party i.e. the Certification Authority is entrusted with the job of verufying key pair among the two parties. The RBI (The Reserve Bank of India ) has appointed the IDRBT, Hyderabad as one of the certification authorities for security , management fortile financial sector
Do like and comment on this post