electronic records/digital signatures & certifiactes

9
8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 1/9 ASSIGNMENT-PGDCL & IPR COURSE NO: 422 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES PRASAD PATIBANDLA (ENROL NO: 19CL01254-15) 5. !"# $% D$$#"' *#$+$"#, % $$#"' %$"#* '3 '$3 & % + '#*$ **% * $$#"' %$"#* "'$ $ *6# " $#% "$%, In cryptography , a 7'$ 38 *#$+$"# (also known as a $$#"' *#$+$"# or $#$#8 *#$+$"# ) is an electronic document used to prove ownership of a public key . The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner. In a typical publickey infrastructure (!"I) scheme, the signer is a certificate authority (#$), usually a company which charges customers to issue certificates for them. In a web of trust scheme, the signer is either the key's owner (a selfsigned certificate ) or other users (%endorsements%) whom the person examining the certificate might know and trust. #ertificates are an important component of Transport &ayer ecurity (T&, sometimes called by its older name &, ecure ockets &ayer), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption and code signing . #ertificates can be created for nix based servers with tools such as pen& 's ca command, *+ or u- 'sgensslcert. These may be used to issue unmanaged certificates * certification authority (#$) certificates for managing other certificates, and user or computer certificate reuests to be signed by the #$, as well as a number of other certificate related functions. imilarly, /indows erver contains a #$ as part of #ertificate ervices for the creation of digital certificates. In /indows erver 0112 and later the #$ may be installed as part of $ctive 3irectory #ertificate ervices. The #$ is used to manage and centrally issue certificates to users or computers. 4icrosoft also provides a number of different certificate utilities, such as elf&.exe for creating unmanaged certificates, and #ertre.exe for creating and submitting certificate reuests to be signed by the #$, and certutil.exe for a number of other certificate related functions. 4ac 5 comes with the "eychain $ccess program, which is able to perform various certificaterelated services. S*$"' N6* 6 sed to uniuely identify the certificate. S# 6 The person, or entity identified.

Upload: prasad-patibandla

Post on 07-Jul-2018

216 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 1/9

ASSIGNMENT-PGDCL & IPR COURSE NO: 422

ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

PRASAD PATIBANDLA

(ENROL NO: 19CL01254-15)

5. !"# $% D$ $#"' *#$+$ "# , % $ $#"' %$ "# * ' 3 '$3 & % + ' #* $ * * % *$ $#"' %$ "# * "'$ $ * 6 # " $#% " $ %,

In cryptography , a 7 '$ 3 8 *#$+$ "# (also known as a $ $#"' *#$+$ "# or $ #$#8 *#$+$ "#) isan electronic document used to prove ownership of a public key . The certificate includes informationabout the key, information about its owner's identity, and the digital signature of an entity that has verified

the certificate's contents are correct. If the signature is valid, and the person examining the certificatetrusts the signer, then they know they can use that key to communicate with its owner.

In a typical public key infrastructure (!"I) scheme, the signer is a certificate authority (#$), usually acompany which charges customers to issue certificates for them. In a web of trust scheme, the signer iseither the key's owner (a self signed certificate ) or other users (%endorsements%) whom the personexamining the certificate might know and trust.

#ertificates are an important component of Transport &ayer ecurity (T& , sometimes called by its older name &, ecure ockets &ayer), where they prevent an attacker from impersonating a secure website or other server. They are also used in other important applications, such as email encryption and codesigning .

#ertificates can be created for nix based servers with tools such as pen & 's ca command,*+ or u - 'sgensslcert. These may be used to issue unmanaged certificates *certification authority (#$)certificates for managing other certificates, and user or computer certificate re uests to be signed by the#$, as well as a number of other certificate related functions.

imilarly, /indows erver contains a #$ as part of #ertificate ervices for the creation of digitalcertificates. In /indows erver 0112 and later the #$ may be installed as part of $ctive3irectory #ertificate ervices. The #$ is used to manage and centrally issue certificates to users or computers. 4icrosoft also provides a number of different certificate utilities, such as elf &.exe for creating unmanaged certificates, and #ertre .exe for creating and submitting certificate re uests to besigned by the #$, and certutil.exe for a number of other certificate related functions.

4ac 5 comes with the "eychain $ccess program, which is able to perform various certificate relatedservices.

• S *$"' N 6 * 6 sed to uni uely identify the certificate.

• S #6 The person, or entity identified.

Page 2: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 2/9

• S$ "# * A' *$#!6 6 The algorithm used to create the signature.

• S$ "# * 6 The actual signature to verify that it came from the issuer.

• I%% *6 The entity that verified the information and issued the certificate.

• "'$ -F* 6 6 The date the certificate is first valid from.

• "'$ -T 6 The expiration date.

• ; 8-U%" 6 !urpose of the public key (e.g. encipherment, signature, certificate signing...).

• P '$ ; 8 6 The public key.

• T! 6 7*$ # A' *$#!6 6 The algorithm used to hash the public key certificate.

• T! 6 7*$ # (also known as fingerprint )6 The hash itself, used as an abbreviated form of the public key certificate

3igital #ertificates are a means by which consumers and businesses can utili7e the security applicationsof P '$ ; 8 I +*"%#* # * (!"I). !"I comprises of the technology to enables secure e commerce andInternet based communication.

/hy is security needed on the Internet8

The number of people and businesses online is continuing to increase. $s access becomes faster andcheaper such people will spend even more time connected to the Internet for personal communication and

business transactions.

The Internet is an open communications network that was not originally designed with security in mind.#riminals have found they can exploit its vulnerabilities for fraudulent gain. If the Internet is to succeedas a business and communications tool users must be able to communicate securely.

Page 3: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 3/9

/hat does security provide8

I #$+$ "#$ / A #! #$ "#$ :The persons 9 entities with whom we are communicating are really who they say they are.

C +$ #$"'$#8:The information within the message or transaction is kept confidential. It may only be read andunderstood by the intended sender and receiver.

I # *$#8:The information within the message or transaction is not tampered accidentally or deliberately with enroute without all parties involved being aware of the tampering.

N -R 7 $"#$ :The sender cannot deny sending the message or transaction, and the receiver cannot deny receiving it.

A %% C #* ':$ccess to the protected information is only reali7ed by the intended person or entity.

$ll the above security properties can be achieved and implemented through the use of !ublic "eyInfrastructure (in particular D$ $#"' C *#$+$ "# %).

Page 4: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 4/9

E' #* $ G * "

4. L "' * $#$ + ' #* $ * * %./here any law provides that information or any other matter shall be in writing or in the typewritten or

printed form, then, notwithstanding anything contained in such law, such re uirement shall be deemed tohave been satisfied if such information or matter is

• rendered or made available in an electronic form, and• accessible so as to be usable for a subse uent reference.

Page 5: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 5/9

5. L "' * $#$ + $ $#"' %$ "# * %./here any law provides that information or any other matter shall be authenticated by affixing thesignature or any document shall be signed or bear the signature of any person (hen, notwithstandinganything contained in such law, such re uirement shall be deemed to have been satisfied, if such

information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the #entral :overnment.-xplanation. ;or the purposes of this section, %signed%, with its grammatical variations and cognateexpressions, shall, with reference to a person, mean affixing of his hand written signature or any mark onany document and the expression %signature% shall be construed accordingly.

<. U% + ' #* $ * * % " $ $#"' %$ "# * % $ G * 6 # " $#% " $ %.• (+) /here any law provides foro the filing of any form. application or any other document with any office, authority, body

or agency owned or controlled by the appropriate :overnment in a particular manner.o the issue or grant of any licence, permit, sanction or approval by whatever name called in

a particular manner.o the receipt or payment of money in a particular manner.then, notwithstanding anything contained in any other law for the time being in force, such re uirementshall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be,is effected by means of such electronic form as may be prescribed by the appropriate :overnment.

• The appropriate :overnment may, for the purposes of sub section (+), by rules, prescribeo the manner and format in which such electronic records shall be filed, created or issued.o the manner or method of payment of any fee or charges for filing, creation or issue any

electronic record under clause (a)

=. R # #$ + ' #* $ * * %.• /here any law provides that documents, records or information shall be retained for any specific

period, then, that re uirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if

o the information contained therein remains accessible so as to be usable for a subse uentreference.

o the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originallygenerated, sent or received.

o the details which will facilitate the identification of the origin, destination, date and timeof despatch or receipt of such electronic record are available in the electronic record6!rovided that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be despatched or received.

• <othing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.

>. P '$ "#$ + * ' ? * '"#$ ? # .? $ E' #* $ G"@ ## ./here any law provides that any rule, regulation, order, bye law, notification or any other matter shall be

published in the fficial :a7ette, then, such re uirement shall be deemed to have been satisfied if such

Page 6: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 6/9

rule, regulation, order, bye law, notification or any other matter is published in the fficial :a7ette or -lectronic :a7ette6!rovided that where any rule, regulation, order, bye law, notification or any other matter is published inthe fficial :a7ette or -lectronic :a7ette, the date of publication shall be deemed to be the date of the:a7ette which was first published in any form.

9. S #$ % <?= " > # # + * *$ !# # $ %$%# 6 # %! ' " 7# $ ' #* $ + *6. <othing contained in sections =, > and 2 shall confer a right upon any person to insist that any 4inistry or 3epartment of the #entral :overnment or the tate :overnment or any authority or body established byor under any law or controlled or funded by the #entral or tate :overnment should accept, issue, create,retain and preserve any document in the form of electronic records or effect any monetary transaction inthe electronic form.

10. P * # 6"3 * ' % 8 C #*"' G * 6 # $ * %7 # + $ $#"' %$ "# * .The #entral :overnment may, for the purposes of this $ct, by rules, prescribe

• the type of digital signature.• the manner and format in which the digital signature shall be affixed.• the manner or procedure which facilitates identification of the person affixing the digital

signature.• control processes and procedures to ensure ade uate integrity, security and confidentiality of

electronic records or payments, and• any other matter which is necessary to give legal effect to digital signatures.

Page 7: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 7/9

T! % 7 + #! % #$ $#! * + * # #! ' $ # ! ' 8 IT 2020

There are various benefits provided by the technology whether it is at an individual level, or development of the#ountry as a whole. It s a tool which makes a platform for the growth and‟ development of the #ountry and istherefore important. The use by government agencies of the information technologies (IT) to improve and transformrelations with the citi7ens, businesses another arms of the government for availing services to its citi7ens, and providingthem an efficient way of complying with the norms9rules9regulations set by the government, is known as e governance.This kind of technological use is been introduced for the welfare of the marginali7ed sections of the society also, and istherefore an initiative for helping them ?oin the mainstream of the society.

It@s only that the information needs to be spread among all the sections of the society to avail theservices of the e governance. :overnment through the use of IT based technology has now become facilitator of itsservices to different segments of people at all levels. The use of IT by the government to facilitate services likefilling the forms online, payment of bills(electricity, water supply etc.), distant education for its citi7ens, filing the taxreturns, registration of land records and birth and death rates in India, and tele medicines , and the serviceslike e chaupalhave lead to an efficient, and easy to use of system for the citi7ens irrespective of any disparity amongthem. :overnment can provide services and information electronically to its citi7ens and business enterprises.Ausiness transactions with the government can be done by :overnment to Ausiness Transactions (:0A)where the information is delivered and transactions are made electronically with the businesses. It even helps ingovernment to government transactions, or inter departmental transactions within the government, and with governmentemployees called, Intergovernmental $dministration, (:0:). Through e governance the transactions would be more

Page 8: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 8/9

efficient, effective and transparent. - governance can also help increasing the exports and tourism and raise foreign tradeof the country through :05 Transactions@ governance is a scheme to connect the citi7ens, businesses and other arms of the government and help them interact in a better way to improve the economy of the country as a whole. <ot only this,it also helps in the empowerment of the citi7ens, as all the new government policies, rules etc. would be put on theforefront through e governance.

This would facilitate right to information to the citi7ens enshrined under $rticle +B of the #onstitution, andempower them to avail of their rights in better way, as before it was hard to keep themselves updatedwith policies and rules adopted by the government. o the system has not only made the administration better butalso helped citi7ens get updated with the new policies, processes and the help lines been offered by thegovernment at all levels. The e governance has made the system more transparent, by cutting down the practice of red tapism, corruption by the officials, as now the government can reach the citi7ens directly. -governance in along run would surely bring the benefit of improving the revenue collections, and therefore would helpthe government to gain higher revenue for enhancing the welfare of citi7ens. <ot only this it would also at the same timereduce the cost of running the government as every service offered by the government would be governed throughthe technology, at the same time there wouldn@t be un employment as the employees previously employedwould be transferred to alternative ?obs for their livelihood. $t present, India is providing - governance services in thefield of $griculture, education and power and is yet to provide the same for income tax returns and revenue collectionsalso. ther #ountries like ingapore , #anada have already introduced the most commonly used services online for theefficiency of the citi7ens by 011C, and improved the same by now with increased citi7en@s satisfaction.

$nd in case of nited tates, citi7ens can access the services offered by the government within threeclicks, why should India be left behind8 It s delightful to note that, the national action‟ plan has beenapproved for the implementation in the year 011D 011>, with +1 components and 0Cmission mode pro?ects,like Aanking, Income tax, passport visa and immigration pro?ects, <ational citi7en database, #entral excise, pensions,land records, property registration, municipalities, commercial taxes etc. This can be said to be the way of reengineering the government services according to the changing needs of time, by providing integrated services asone stop shop for all services of the government. ther important advantage being, accountability of the government as

the payment made is stored into the data of the computer system with the receipt of the payment.

Page 9: ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

8/18/2019 ELECTRONIC RECORDS/DIGITAL SIGNATURES & CERTIFIACTES

http://slidepdf.com/reader/full/electronic-recordsdigital-signatures-certifiactes 9/9

C ' %$It can be seen from the discussions made so far, that there is no 3ata !rotection $ct in India, theonly provisions whichtalks about data protection is ection >0 and ection ED of Information Technology $ct 0112 those too doesn@t

provide complete protection to e governance but talks about the same vaguely. -ither there must beamendment in the law to regulate e governance, or an efficient &egislation to deal with the situation for theeffective implementation to reach the purpose and the ob?ects for which e governance came into existence. Thediscussions on these legislations make it evident that India lacks a proper legislation to regulate governance. Faving toomany legislation on the sub?ect and not dealing with the sub?ect efficiently, but vaguely mentioning it would notsuffice. It s pertinent to take it into account that the legislation mustn@t be o‟ ver regulative so that it stifles thegrowth of the technology. Therefore at the time of drafting the Aill the &egislature must take into account the regulationsto be provided for better administration of e governance, and at the same time also keep the possible growthof technology in their mind to maintain the balance between the two, so that overall benefit is observed by the nationin all spheres, and at all levels.