Monday,
February 24, 2003
|
|
Feature |
|
Digital signature
different from electronic one
Geeta Gulati
WITH
economy having undergone a sea change from agrarian to industrial and
now cyber economy, the growth of e-commerce has led to the requirement
of electronic alternative to handwritten signature.
As online business
involves both businesses and consumers, items of valuable consideration
are being purchased and sold by mutual agreement done electronically,
which can have substantial economic consequences. For example, in the
event of any dispute, the problem of establishing the authentication and
integrity of the electronic communication will be difficult. In order to
overcome such an eventuality, the provision for digital signatures was
provided in the IT Act, 2000.
Digital signature is not
to be confused with electronic signature. A signature, which can be
executed by using a symbol or sound like writing name at the end of the
e-mail is an electronic signature. This does not verify whether the
document has been altered in the transaction. This, thus, does not
provide for the authentication and veracity of the message.
Digital signature is done
electronically by using the Asymmetric Cryptography through a
combination of a pair of keys called public key and a private key.
The private key is with
the subscriber to create the digital signatures. The public key is with
the receiver to verify the digital signatures. Digital signature can be
executed by following a few steps. The signer first drafts the message
that he wishes to sign digitally. Then he uses the hash function to
create hash result or message digest of the original message by using
the digital signature software. Finally, the signer uses his private key
to sign the message digest. It’s not possible to alter a message
digest back to the original data from which it was created.
The receiver decrypts the
digital signature by signer’s public key, changing it back into a
message digest by using the same hash function as that of a signer if
the hash result matches. It implies that the message has not been
altered unauthorisedly.
Digital signature fulfills
various legal purposes for the effective use of electronic records in
e-commerce in government and its agencies. It provides for authenticity,
as digital signatures cannot be forged unless the signer losses control
over his private key. The signer is accountable for legal consequences,
as the message cannot be repudiated thus preventing cheating and other
malicious activities. It also provides for the confidentiality of the
information.
The IT Act has given legal
recognition to digital signature meaning, thereby, that legally it has
the same value as handwritten or signed signatures affixed to a document
for its verification.
Digital signature under
the IT Act authenticates all electronic documents, except Negotiable
Instruments, Power of Attorney, Trusts, Wills or other Testamentary
dispositions and document for the sale or conveyance of immovable
property.
Digital signature
certificate is issued by certifying authority, appointed under the IT
Act, by making an application with the prescribed fee to the same.
Digital Signature Certificate is issued with a designated
expiry date. Certifying Authority has the power to suspend and revoke a
Digital Signature Certificate after publishing notice of the same.
Digital signatures, thus,
provide for the legality and trustworthiness of the electronic document.
|