digital signature · 2019-09-28 · digital signature and section 2(p) defined“digitalsignature...
Post on 15-Jul-2020
4 Views
Preview:
TRANSCRIPT
Digital SignatureMarket Analysis and Future Trends
Digital Signature : What is it…?Digital signatures are the most advanced and secure type of electronic signature. You can use them to comply with the most demanding legal and regulatory requirements because they provide the highest levels of assurance about each signer's identity and the authenticity of the documents they sign.
What makes it secure…?
Trusted Digital ID
Compliant, certificate-based digital IDs
come from accredited providers. You
need to prove your identity before you
can get one.
Unique
Every time you sign a document, you
use your own unique digital certificate
and PIN to validate your credentials and
prove you’re who you say you are.
Encrypted
Your digital signature and the document
you sign are encrypted together and
bound with a tamper-evident seal.
Easy to validate
Both the signed document and your digital
signature can be re-validated by a CA or TSP
for up to 10 years after the signing event.
01010
10100
HASH
ALGORITHIM
HASH VALUE
SENDER PRIVATE KEY
SIGNED MESSAGESENDER SENDER PUBLIC KEY
HASH VALUE
RECEIVER
SIGNED MESSAGE
Working Model
The Evolution and History1976
Whitfield Diffie and Martin Hellman
first described the notion of Digital
Signature
1977
The RSA Algorithm is invented
and used to produce a primitive
digital signature1989
The first widely marketed software
to offer digital signatures Lotus
Notes 1.0 is released
1988
Goldwasser, Micali and Rivest become the
first to rigorously define security
requirements of digital signature schemes
1989
PDF format adds ability to embed
digital signature into documents
2000
ESIGN act makes online signatures
legally binding2008
Digital signatures included in open standard
for PDF established by International
organization for standardization
Today
Digital signatures recognized as
most secure way to get documents
signed online
What's Better!“Digital Signature and Physical Signature”
Lot of Paper work
Easily tampered
Can be copied
Fraud issues
Security Concerns
A Digital Signature
is….
Highly secure
Tamper-evident
Cryptographically encrypted
Multifactor authentication
Certificate-based digital ID authentication
Whereas a Physical Signature
is....
Digital SignatureTypes of Solutions
1.CORPORATE SIGNER – ONPREMISE SIGNING OF PO, INVOICESCorporate Signer is an on-premise Digital Signature system that integrates into your ERP / CRM / SAP / Oracle.
2.DSC SIGNER - SIGN WITH YOUR USB TOKEN
DSC Signer allows you to sign any document with your DSC
(USB token)
• HOW IT WORKS• Corporate Signer is available as a on-premise solution.
• API is available for easy integration into your existing IT systems / ERP / MIS.
• Has multi-level security and protection features.
• Supports high throughputs as well as HSMs
• USE CASES• Corporate Financial Documents: Invoices, PO, Bills, Contracts, Sales Tax and other
compliance documentation, Vendor correspondence
• Corporate HR docs: Offer letters, appraisal letters, relieving letters, experience letters, etc.
• BENEFITS• Eliminates the use of paper, saves you the time & money spent on printing, handling
and archiving paper documents.
• Ensures that your physical signatures cannot be misused. Also ensures that
documents issued by you cannot be forged or misrepresented.
• Makes verification of previously issued / archived documents easy.
• HOW IT WORKSSelect and sign a document or multiple documents with
DSC
• USE CASES• Generic document signing with DSCContracts
• BENEFITS• Use your existing DSC to sign any document.
• Easy integration into your ERP / Tally / CRM
3. OMNISIGNER - CLOUD BASED SIGNATURE SOLUTIONOmniSigner is an all-purpose, cloud-based Digital Signature system which allows you to sign, send, track and archive your documents.
4. ESIGN GATEWAY - AADHAAR-BASED
SIGNINGThe eSign Gateway is an on-premise solution that allows Finserv
companies to consume eSignatures from multiple ESign Providers
(ESPs) while ensuring that no one else has access to their data.)
• HOW IT WORKS• OmniSigner is available as a cloud-based solution that can be accessed any-time,
anywhere through your secure account.
• Upload one or more documents. Sign and email for signatures by others.
• Track the status of all documents. Download signed documents.
• Supports all Digital Signatures types including Aadhaar eSignatures, DSC, etc.
• USE CASES• Corporate HR docs: Offer letters, appraisal letters, relieving letters, experience letters,
etc.
• Corporate Documents: Agreements, Contracts, Vendor correspondence
• Educational Institutions: Verification letters, Transcripts, other student documents.
• BENEFITS• Eliminates the use of paper, saves you the time & money spent on printing,
handling and archiving paper documents.
• Ensures that your physical signatures cannot be misused. Also ensures that
documents issued by you cannot be forged or misrepresented.
• Makes verification of previously issued / archived documents easy.
• HOW IT WORKS• A Single Aadhaar eSign API for all your applications
• Original Data and eSignature information remains within
your organization.
• Signed documents are stored on-premise.
• Use any ESP in real-time.
• USE CASES• eMandates / eNach
• eSign for forms, contracts, agreements
• BENEFITS• Work with multiple ESPs with single API
• Data security -Your data and your client's data never leaves your
organization
• Better compliance with Regulations on data confidentiality.
• Lower pricing per eSign
• Better up-time
Digital Signature Applications
Software
Distribution
Electronic Mail Data storage
Electronic
funds transfer
Online banking,
e-commerce
Growth Drivers
Online shopping
Online documentation
Penetration of internet Growing acceptance in the
BFSI sector
E-commerce businesses
Security requirements Ease of accessLessen fraud
Digital SignatureMarket Segmentation : Industry & Applications
GOVERNMENT
INFORMATION
TECHNOLOGY
HEALTHCARE
AND
LIFESCIENCE
BFSI
TELECOM
RETAIL
EDUCATIONAL
INSTITUTES
Indian Law & Digital Signature
Laws for Digital Signature Digital signature is electronically generated and can be used to make sure the veracity and legitimacy of data. The dawn of information technology revolutionized the whole world, India
is not an exception to it; as technological activism is the social behavior in India.
IT Act Provisions Related to Digital SignatureSection 3 of IT Act, made the provision for it as:Authentication of electronic records - Subject to the provisions of this section, any subscriber may authenticate an electronic record by affixing his digital signature.
Section 4 made the provision for Legal recognition of electronic records — where any law provides that information or any other matter shall be in writing, typewritten or printed
form then not-withstanding anything contained in such law, given requirement shall be deemed to have been satisfied if such information or matter is—
(a) rendered or made available in an electronic form; and
(b) accessible so as to be usable for a subsequent reference
Section 5 Legal recognition of [electronic signatures] — where law provides that information or any other matter shall be authenticated by affixing the signature or any document
should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such
information or matter is authenticated by means of [electronic signatures] affixed in such manner as may be prescribed by the Central Government.
Makes or transmits any electronic record or part of any electronic record;
a) affixes any [electronic signature] on any electronic record;
b) Makes any mark denoting the execution of a document or the authenticity of the [electronic signature]
Firstly -----with the intention of causing it to be believed that such a document or a part of document, electronic record or [electronic signature] was made, signed, sealed,
executed, transmitted or affixed by or by the authority of a person by whom or by whose authority he knows that it was not made, signed, sealed, executed or affixed; or
Secondly —Who, without lawful authority, dishonestly or fraudulently, by cancellation or otherwise, alters a document or an electronic record in any material part thereof, after it
has been made, executed or affixed with [electronic signature] either by himself or by any other person, whether such person be living or dead at the time of such alteration; or
Thirdly —Who dishonestly or fraudulently causes any person to sign, seal, execute or alter a document or an electronic record or to affix his [electronic signature] on any
electronic record knowing that such person by reason of unsoundness of mind or intoxication cannot, or that by reason of deception practiced upon him, he does not know the
contents of the document or electronic record or the nature of the alteration.
Digital Signature and Digital Certificate Laws
Digital SignatureVs. Digital Certificate
Digital signatures are based on three pointers for authentication – Privacy, Non repudiation and Integrity in the virtual world, while the objectives of digital certificate are the
authentication of documents, and bind the person who is putting the digital signature, which based on public key cryptography requires two separate keys, as secret and public.
However, both the keys are linked together, one key encrypts the plain text, and another decrypts the cipher text, and neither key can perform both the functions. The other
difference is digital signature is an electronic process of signing an electronic document while a Digital Certificate is a computer based record which is the identification of certifying
agency or the identity of subscriber
Digital SignatureVs. Electronic Signature
The Information Technology Amendment Bill 2006, replaces the word “Digital” with the word “Electronic” at several places in the principal act, which creates a slight difference
between the two, electronic signature is wide in nature, while the digital signature is one of the many kinds of electronic signature.
Section 2(ta) “electronic signature” means authentication of any electronic record by a subscriber by means of an electronic technique specified in the second schedule and includes
digital signature and section 2(p) defined “Digital Signature Certificate” means a Digital Signature Certificate issued Under sub-section (4) of section 35.
The Indian Evidence Act and Digital Signature
After the IT Act 2000, it was necessary to make an applicable amendment in the Indian Evidence act, to make it compatible.
Section 3 in the definition of “Evidence”, for the words “all documents produced for the inspection of the Court”, the word “all document including electronic records produced for
the inspection of the Court”
Section 47A, says when the court has to form an opinion as to the digital signature or any person, the opinion of the certifying authority which has issued the Digital Signature
Certificate is a relevant fact. It means while drawing the conclusion, court gives the weight of the digital signature as a relevant fact.
Further 67A proof as to digital signature – except in the case of a secure digital signature, if the digital signature of any subscriber is alleged to have been affixed to an electronic
record the fact that such digital signature is the digital signature of the subscriber must be proved.
Section 85B exhibits the positive presumption as Presumption as to electronic records and digital signatures.- (1) In any proceedings involving a secure electronic record, the Court
shall presume unless contrary is proved, that the secure electronic record has not been altered since the specific point of time to which the secure status relates.
Indian Penal CodeSection 464 Making a false document: A person is said to make a false document or false electronic
record—
First — who dishonestly or fraudulently-
Makes or transmits any electronic record or part of any electronic record;
affixes any [electronic signature] on any electronic record;
makes any mark denoting the execution of a document or the authenticity of the [electronic signature],
with the intention of causing it to be believed that such a document or a part of document, electronic record or [electronic signature] was made, signed, sealed,
executed, transmitted or affixed by or by the authority of a person by whom or by whose authority he knows that it was not made, signed, sealed, executed or affixed.
Secondly —Who, without lawful authority, dishonestly or fraudulently, by cancellation or otherwise, alters a document or an electronic record in any material
part thereof, after it has been made, executed or affixed with [electronic signature] either by himself or by any other person, whether such person be living or dead at
the time of such alteration.
Thirdly —Who dishonestly or fraudulently causes any person to sign, seal, execute or alter a document or an electronic record or to affix his [electronic
signature] on any electronic record knowing that such person by reason of unsoundness of mind or intoxication cannot, or that by reason of deception practiced upon
him, he does not know the contents of the document or electronic record or the nature of the alteration.
Laws for Digital Signature
Major Global Players
Adobe
Systems
Docusign
Ascertia
Entrust
Datacard
Microsoft
Corporation
Gemalto
Signix
International
Business
solutions
IdenTrust
Oracle
Corporation
Co-sign
E-signlive
AssureSign
Sertifi
Rpost
Alphatrust
eOriginal
GOPaperless
Kofax
Korea
system’s Tech
Kotrade
Secured
Signing
Globalsign
Right
Signature
Digital SignatureMarket size and Value
The Digital signature market which comprises of services, Deployment, Application , BFSI, Government and
Defence, Legal, Real Estate, Manufacturing and Engineering, Healthcare and Lifesciences, etc is estimated to grow from USD 662.7 Million in 2016 to USD 2657.0 Million by 2021, at an expected Compound Annual Growth Rate (CAGR) of 32.0% from 2016 to 2021.
“Software solutions are expected to grow at the highest CAGR during the forecast period”
The main reason for this explicitly is software solutions are gaining traction, based on the need to decrease cost and time-taken for transactions. The software sub segment is majorly contributing to the growth of this market, due to the need for its implementation among different industries for improved compliance and greater end–user benefit.
Whereas, the hardware solution has a lesser scope than the software solution in this market and is being used to store the digital signature-related information. Digital signature vendors are emphasizing on offering customizable solutions to accelerate their growth in this market.
“The on-premises deployment model is expected to exhibit a larger market share during the forecast period”
The on-premises deployment model is contributing the most, when compared with the cloud deployment model. This is due to its acceptance among enterprises across verticals and in this deployment mode, the solution is deployed on the client’s system, thereby insuring them with data security & compliance. On-premises deployment offers more flexibility and control over enterprises and can be regulated by clients themselves.
“Europe is expected to witness a high growth potential during the forecast period”
North America held the largest market share in 2016, while Europe would be the fastest-maturing in terms of CAGR. Since newly introduced electronic signature regulations in Europe would boost cross-country trading among the European countries, the need for secure reliable transactions, authenticating the identity of the user over digital network, and the new release of regulations for electronic signatures by the European Electronic Messaging Association are driving the adoption of digital signature solutions in Europe.
Digital Signature Market was valued at $517 million in 2018, and is expected to reach $3,440 million by 2022.
Digital SignatureFuture Trends
Future Applications
Government Judicial Telecom E-commerce BFSI
Issuing forms and licenses
Filing tax returns online
Online Government
orders/treasury orders
Registration
Online file movement system
Public information records
E-voting
Railway reservations &
ticketing
E-education
Online money orders
Instant posting of judgment on the web.
Secured electronic communications within judiciary
Authentic archiving of Judicial records
Submission of affidavits
Giving certified copies of the Judgment
Subscriber’s services
management
Shifting of telephones,
Accessories (Clip,
Cordless)
Small Payments through
telephones bills
Mobile Authentication of
SMS
Intra/Inter offices authentic
communications
Procurement of material
Network Management
functions
Online Shopping
Payments
Sellers verification
Purchase verification
Money Transfers
Payments
Account opening/ Access
Non- Financial Transactions
Tax payment
Online Trading
Insurance opening
Changes in Legality
If both parties agree to these, digital signatures are then valid and legally binding.
Changes in Security
Greater Efficiency in Multi-Transaction Contracts
Changes in Controls and Audits
Greater Efficiency in Internal Contracts
Improvement in Company Image
Improved Corporate Social Responsibility
Better Time Management
Better Cost Management
Accelerated Company Evolution
What will be changed…!!
• The prospect of fully implementing digital signatures in general commerce presents both benefits and costs.
• The costs consist mainly of: Institutional overhead: The cost of establishing and utilizing certification authorities, repositories, and other important services, as well as assuring quality in the performance of their functions.
• Subscriber and Relying Party Costs: A digital signer will require software, and will probably have to pay a certification authority some price to issue a certificate. Hardware to secure the subscriber's private key may also be advisable. Persons relying on digital signatures will incur expenses for verification software and perhaps for access to certificates and certificate revocation lists (CRL) in a repository.
• On the plus side, the principal advantage to be gained is more reliable authentication of messages. Digital signatures if properly implemented and utilized offer promising solutions to the problems of: Imposters, by minimizing the risk of dealing with imposters or persons who attempt to escape responsibility by claiming to have been impersonated; Message integrity, by minimizing the risk of undetected message tampering and forgery, and of false claims that a message was altered after it was sent.
Challenges
“Sign IT, Secure IT”Because IT is about you
India Headquarters
Cygnet Infotech Pvt. Ltd.
16-Swastik Society, Nr. AMCO Bank,
Stadium Circle, Navrangpura,
Ahmedabad—380009,
Gujarat, India.
inquiry@cygnetinfotech.com
+91-79-67124000 | +91-79-4901-2525
www.cygnet-infotech.com
Ahmadabad
Mumbai
Pune
Noida
India
USA
UK
Dubai
Germany
Australia
South Africa
World
top related