electronic commerce and digital signature

7/31/2019 Electronic Commerce and Digital Signature

1/26

Electronic Commerce

E-commerce consists primarily of thebuying and selling of products or

services over electronic systems suchas the internet and other computernetworks.


2/26

Electronic Commerce

Types of e-Commerce transactions:1. Online goods and services Streaming media content

www.mp3.com

Electronic bookswww.ebooks.com

Softwarewww.download.com
http://www.mp3.com/http://www.ebooks.com/http://www.download.com/http://www.download.com/http://www.ebooks.com/http://www.mp3.com/


3/26

Electronic Commerce

2. Retail product sales Online retailers

www.amazon.com Online ticket sales

www.indianrail.gov.in Online banking

www.icicidirect.com
http://www.amazon.com/http://www.indianrail.gov.in/http://www.icicidirect.com/http://www.icicidirect.com/http://www.indianrail.gov.in/http://www.amazon.com/


4/26

Electronic Commerce

3. Marketplace services. Facilitate b2b, b2c, c2c, b2e, g2b, and other

transactions through an online community oronline auction business model. E.g.www.ebay.com , ww w.dell.com ,www.echoupal.com

Online wallet services. (stores online shoppinginformation)

Online advertising Price comparison service
http://www.echoupal.com/http://www.echoupal.com/http://www.echoupal.com/http://www.dell.com/http://www.echoupal.com/http://www.echoupal.com/http://www.dell.com/http://www.ebay.com/


5/26

Electronic Commerce

Government to citizen sales and services

www.mca.gov.in

E-procurement

www.eprocurement.gov.in
http://www.mca.gov.in/http://www.eprocurement.gov.in/http://www.eprocurement.gov.in/http://www.mca.gov.in/


6/26

Online payment system Credit cards Smart cards Paypal Electronic bill presentment and payment Mobile payment Electronic fund transfer Bank wire transfer

Electronic money

Assignment-1 : Describe functioning of each of the onlinepayment system.


7/26

Setting up ecommerce website

This section is divided into the following issues. Registering a domain name Hosting the domain Uploading content to the website Setting up email accounts Enabling online payments Legal issues

Terms of use Privacy policy disclaimer

Search engine optimization


8/26

E-commerce Indian Law

The Indian Information Technology Act, 2000aims to facilitate the development of a securesignature regulatory environment forelectronic commerce by providing legalinfrastructure governing electronicscontracting, security and integrity of electronic transactions, the use of digital

signatures and other issues relating toelectronic commerce.


9/26

Act provides: Minimize the incidence of electronic forgeries; Enable and foster authentication of computer based

documents; Facilitate commerce by means of computerized

transactions. Legal recognition of electronic contracting and acceptance

and use of electronic records and electronic signatures bythe government entities.

Also provides for civil and criminal liabilities for fraudulentfalsifying computer records, circumventing controls,unauthorized use or access into the computer system andunauthorized alteration or destruction of computer data orsystem


10/26

Digital signature

The Information Technology Act, 2000 (IT Act)prescribes digital signature as a means of authentication of electronic record.


11/26

Digital signature

Digital signatures are an application of asymmetrickey cryptography.

Cryptography is primarily used as a tool to protectnational secrets and strategies.

In 1978, Ron Rivest, Adi Shamir and Leonard

Adleman discovered the first practical public keyencryption and signature scheme, now referredto as RSA.


12/26

Digital signature

How it works:

It is the science of using mathematics to encryptand decrypt data.


13/26

Digital signature

Objective: Confidentiality

Data integrity Authentication Non-repudiation


14/26

Digital signature

Different types of cryptography

Symmetric cryptography Asymmetric cryptography Hash function


15/26

Digital signature

The digital signature creation and verificationprocess achieves the following:

Signer authentication Message authentication

Affirmative act


16/26

Digital signature

Digital signature certificate contains a publickey as certified by a Certifying authority(CA).


17/26

Digital signature

Digital signature should satisfy following conditions: It should be unique to the subscriber affixing it. It should be capable of identifying such

subscriber. It should be created in a manner or using ameans under the exclusive control of thesubscriber.

It should be linked to the electronic record towhich it relates in such a manner that if theelectronic record were altered, the digitalsignature would be invalidated.


18/26

According to notification G.S.R. 735 (E), notified by the Centralgovernment on the 29 th of October, 2004, as secure digital signature isone to which the following security procedure has been applied.

A smart card or a hardware token is used to create key pair. Private key always remain present in smart card. Private key retrieval and returning should be take place in smart card. Smart card is solely under the control of the person who is purported to

have created the digital signature.

Digital signature can be verified by using public key listed in the digitalsignature certificate issued to that person. Rule 6 of the IT (CA) rules, 2000 have been complied with, in so far as they

relate to the creation, storage and transmission of the digital signatures. The digital signature is linked to the electronic record in such a manner

that if the electronic record was altered the digital signatures would be

invalidated.


19/26

According to notification G.S.R. 735 (E), notified by the Centralgovernment on the 29 th of October, 2004, as secure digital signature isone to which the following security procedure has been applied.

A smart card or a hardware token is used to create key pair. Private key always remain present in smart card. Private key retrieval and returning should be take place in smart card. Smart card is solely under the control of the person who is purported to

have created the digital signature.

Digital signature can be verified by using public key listed in the digitalsignature certificate issued to that person. Rule 6 of the IT (CA) rules, 2000 have been complied with, in so far as they

relate to the creation, storage and transmission of the digital signatures. The digital signature is linked to the electronic record in such a manner

that if the electronic record was altered the digital signatures would be

invalidated.


20/26

List of licenced CAs

Safescrypt NIC IDRBT TCS MTNL Customs and Central Excise (n)code solutions CA (GNFC)


21/26

Digital signature Certificate

Digital signature certificate cannot be grantedunless the certifying authority is satisfied that:

The applicants holds the private key

corresponding to the public key to be listed in thedigital signature certificate The applicants holds a private key, which is

capable of creating a digital signature The public key to be listed in the certificate can be

used to verify a digital signature affixed by theprivate key held by the applicant.


22/26

Representations upon issuance of Digital signature Certificate

1. It has complied with the Provisions of the ITAct and allied rules.

2. It has published the digital signaturecertificate or otherwise made it available tosuch person relying on it and the subscriberhas accepted it.

3. The subscriber hold private corresponding tothe public key, listed in the digital signature


23/26

Representations upon issuance of Digital signature Certificate

5. The subscribers public key and private keyconstitute a functioning key pair.

6. The information containing in the digital

certificate is accurate. It has no knowledge of any material fact,

which if it had been included in the digital

signature certificate would adversely affectthe reliability of the representation made in(1) and (6) above.


24/26

Suspension of a digital certificate

On a request from the subscriber listed in thedigital signature certificate

On a request from any person duly authorizedto act on behalf of that subscriber

If it is of opinion that the certificate should besuspended in public interest.

Cannot be suspended for a period exceeding 15days.


25/26

Revocation of digital signaturecertificate

Request of the subscriber Request of any person authorized by him or Upon the death, dissolution or winding up of the subscriberIt can be revoke at any time Any material fact is false or has been concealed. Requirement is not satisfied The certifying authoritys private key or security system was

compromised in a manner materially affecting the digitalsignature certificates reliability

The subscriber has been decaled insolvent or dead, hasbeen dissolved, wound up or otherwise ceased to exist.


26/26

Certifying authority to follow certainprocedure

Make use of hardware, software and procedures thatare secure from intrusion and misuses.

Provide a reasonable level of reliability in its serviceswhich are reasonably suited to the performance of

intended functions Adhere to security procedures to ensure that the

secrecy and privacy of the digital signature are assuredand

Observe other specified standards.Assignment-2: Describe regulation of Controller and

procedure to issue and suspension and revocation of digital signature license to Certifying Authority.

electronic commerce and digital signature

Documents