c
c
 


 
c
c
   



c 

  c  
c
c


Electronic transactions are fast emerging as an alternative means of carrying out
transactions instead of paper based transactions. However with the increase in the
transactions taking place on the internet the issue of authenticity and veracity was
looming large. Contracts worth huge sum of money were being entered into
without ensuring the validity and authenticity of the parties.
Traditionally hand written signatures were used for the following purposes;
a)Ê To identify a person, by signing the signatory marks the text in his/her own
unique way and makes it attributable to him/her.
b)Ê To validate the personal involvement of the person in the act of signing.
c)Ê To associate the signer with the content of the document , or as a proof the
signer¶s intention that it has legal effect.
d)Ê To attest to the intent of a party to be bound by the signed contract.
e)Ê To show the intent of a person to endorse authorship of a text.
f)Ê To show intent of the person to associate himself with the content of a
document written by someone else;
g)Ê As a matter of ceremony signing calls to the signer attention the legal
significance of his act;
h)Ê To provide efficiency and logistics along with clarity.

Similarly a need was felt to incorporate an instrument that would validate online
transactions. using the technology of cryptography, the concept of Digital
Signatures was introduced. The UNCITRAL Model Law on E-Commerce is based
on the recognition of the functions of a signature in the paper form. It focuses on
the 2 basic functions of a digital signature namely;

a) Identifying the author of a document

b) Confirming the approval of the content by the author.

In the electronic environment basic legal functions of a signature are performed by

way of a method that identifies the originator of a data message and confirms that
the originator approved the content of the data message. This method uses the
techniques of cryptography and encryption. Public key cryptography is an
asymmetric scheme that uses a O
of keys for encryption: a O

, which
encrypts data, and a corresponding O
  or   
for decryption. You
publish your public key to the world while keeping your private key secret.
Anyone with a copy of your public key can then encrypt information that only you
can read.

The primary benefit of public key cryptography is that it allows people who have
no pre existing security arrangement to exchange messages securely. The need for
sender and receiver to share secret keys via some secure channel is eliminated; all
communications involve only public keys, and no private key is ever transmitted or
shared. The use of public key cryptography is made in digital signatures. They are
signatures used for marking or signing an electronic document. The process is
analogous to the paper based signatures and it is a digital code that can be attached
to an electronically attached message that uniquely identifies the sender and
ensures that the document has not been altered.
As is the case with Electronic Data Interchange (EDI), the process of creating and
verifying digital signatures can be completely automated with minimal human
interaction. Compared to the tedious and labour-intensive paper methods such as
checking specimen signature cards, digital signatures yield a high degree of
assurance without adding greatly to the resources required for processing
documents.

The following representation gives an illustration as to how digital signatures are

created and verified;

CREATION OF DIGITAL SIGNATURES

Message

Message Hash Function Hash Result Signing function Digital Signature--

To verifier

Private Key

VERIFICATION OF DIGITAL SIGNATURES

Message Hash Function Hash Result

FROM SIGNER  Digital Signature verify function  

VALID YES/NO?
Public key
A digital signature serves the same purpose as a handwritten signature. However, a
handwritten signature is easy to counterfeit. A digital signature is superior to a
handwritten signature as it is nearly impossible to counterfeit, plus it attests to the
contents of the information as well as to the identity of the signer.
The advantages of digital signatures are;
a) Uniqueness
b) Inability to forge
c) Ease of authentication
d) Impossibility of denial
e) Economy of generation
f) Ease of generation

Digital Signature means the authentication of any electronic record by a subscriber

by means of electronic method or procedure in accordance with the provisions of
section 3, which provides that any subscriber may authenticate an electronic record
by affixing his digital signature. The authentication of an electronic record shall be
affected by the use of asymmetric cryptosystem and hash function which transform
the initial electronic record into another electronic record. It further states that any
person by the use of the public key of the subscriber can verify the electronic
record. The private and the public key are unique to the subscriber and constitute a
functioning key pair. The American Bar Association defines Digital Signatures as
an electronic signature created and verified by means of cryptography, the branch
of applied Mathematics that concerns itself with transforming messages into
seemingly unintelligible forms and back again. In the United States at least 36
states have enacted or are in the process of enacting a legislation
legitimizing digital signatures.
A digital signature must ensure that it accomplishes the following purposes;

 !: If a public and a private key pair are associated with an
identified signer, the digital signature attributes the message to the signer. The
signature must indicate by whom the document or message is signed and shall be
difficult for any other person to produce without authorization.
! "#"$$ !: The digital signature identifies the signed
message with much greater certainty and precision than paper signatures. The
signature must comprise of a non repudiation service, which provides proof of the
origin or delivery of data in order to protect the sender against false denial by the
recipient or the sender that the data has been received or sent.
%%"& : Serving the ceremonial and approval functions of the signature, a
person should be able to create a signature to mark the event, indicate approval and
authorization and establishing legal consequences.

%%  ': Generally a signature must be able to provide the best possible
authenticity and validity with the least possible expenses.
From the above discussion we can conclude that Digital signatures are signatures
which are used to authentic and validate electronic transactions on the internet
through the use of technology.

To give legality to the use of digital signatures in India, the Information

Technology Act, 2000 recently amended in 2008 has incorporated provisions
recognizing digital signature, one of the forms of electronic signatures as a means
to authenticate electronic transactions which shall be discussed in detail in the
subsequent chapter(

c
  


c
c


Digital signatures are signatures which make use of a technology which is very
specific in nature and requires expertise and understanding of various technologies
required to obtain digital signatures. One such technology as introduced briefly in
the previous chapters is cryptography; it is the practice and study of hiding
information. The application of cryptography can be had in ATM cards, computer
passwords and Ecommerce. A cryptographic algorithm, or cipher, is a
mathematical function used in the encryption and decryption process. A
cryptographic algorithm works in combination with a key²a word, number, or
phrase²to encrypt the plaintext.

The same plaintext encrypts to different cipher text with different keys. The
security of encrypted data is entirely dependent on two things: the strength of the
cryptographic algorithm and the secrecy of the key. The science of cryptography
further includes Encryption and decryption techniques. In these two keys are
involved, a public key and a private key. Each user has a pair of keys of which the
private key is kept secret and the public key is made open to all. If X wants to send
a message to Y, Y shall encrypt the message with Ys Public Key and send it to Y.
The message shall be seen only by Y. This ensures the following purposes;
a)Ê it protects the information content
b)Ê establishes the authenticity of the sending party
c)Ê preventing undetected modification of the message
d)Ê preventing repudiation
e)Ê preventing unauthorized use

Cryptography can be symmetric as well as asymmetric, in case of a symmetric

cryptography, only one key is used to encrypt as well as decrypt a message
whereas in case of asymmetric cryptography a pair key is used to encrypt as well
as decrypt a message. Cryptography can be traced back to a paper published by
Whitfield Diffie and Martin Hellman proposed the notion of O

(also, more
generally, called 
 

) cryptography in which two different but
mathematically related keys are used ² a O
key and a O
  key.

In 1977, a year after the publication of the Diffie-Hellman paper, three researchers
at MIT developed a practical method using the suggested ideas. This became
known as RSA, after the initials of the three developers -- Ron Rivest, Adi Shamir,
and Leonard Adelman -- and is probably the most widely-used public key
cryptosystem. It was b patented in the US in 1983, duly adopted as a standard, and
has always been widely available outside the US in implementations developed
locally even though, until recently, its export was restricted. In addition to being
the first publicly known examples of high quality public-key algorithms, have been
among the most widely used. Others include the Cramer-Shoup cryptosystem,
ElGamal encryption. A digital signature is a two way process involving the signer
i.e a creator of the digital signature and the recipient i.e the verifier of the digital
signature.
Creating a digital signature involves the following steps;
a)Ê The signer demarcates what is to be signed which is termed as the message.
b)Ê A HASH function computes a hash result unique to the message.
c)Ê The signers software encrypts the hash result into a digital signature using
the signers private key. The resulting digital signature is thus unique to both
the message and the private key used to create it.
d)Ê The digital signature is attached to the message and stored or transmitted
with its message.
Verifying a digital signature involves the following steps;
a)Ê The recipient receives the digital signature and the message.
b)Ê The recipient applies the signers public key on the digital signature
c)Ê Recipient recovers the hash result or the message digest from the digital
signature
d)Ê The recipient creates a new hash result with the same hash function used by
the signer to create the digital signature.
e)Ê The two hash results are compared and if the same are identical then it
implies that the
message is unaltered.

Ê
)


c
c

c  c
*+ 


c  c


Digital signatures are a means to ensure validity of electronic transactions however
who guarantees about the authenticity that such signatures are indeed valid or not
false. In order that the keys are secure the parties must have a high degree of
confidence in the public and private keys issued. The user must have confidence in
the skill, knowledge and security arrangements of the parties issuing the public and
private keys. This brings in the role of TTPs or CAs, TTPs or CAs help in
establishing what is known as a public key infrastructure. A public key
infrastructure helps to provide confidence that;
a)Ê A user¶s public key has not been tampered with and it corresponds to the
user¶s private key.
b)Ê The entities issuing cryptographic keys can be trusted to retain or recreate
the public and private keys that may be used for confidentiality encryption
where the use of such a technique is authorized.
There is often a possibility of what is referred to as the man in middle attacks,
these are instances wherein a person uses a false key and intercepts a message
between two individuals, obtains the key of anyone through the false key and can
alter the message. In a public key environment, it is vital that you are assured that
the public key to which you are encrypting data is in fact the public key of the
intended recipient and not a forgery. One can encrypt only to those keys which
have been physically handed to him. However in case a person is completely
unknown or has never met then in such cases it is essential for a trustworthy
authority to step in. The purpose of a trusted third party is that with the help of a
certificate the prospective signer is associated with a key pair. This certificate that
binds the key with a particular holder is referred to as the digital signature
certificate. Certifying authorities issue certificates based on classes, class I
certificates are issued to individuals, business and government organizations,
primarily used for web browsing and personal e-mails. Class II certificates may be
issued to individuals belonging to business and government organizations that are
ready to assume the responsibility of verifying the accuracy of information
submitted to the individual. It is used primarily for organizations functional and
administrative needs. Class III certificates may be issued for both individuals and
organizations, are used primarily for e-commerce applications such as electronic
banking, EDI and membership based on-line services.

A recipient of the certificate desiring to rely upon an electronic signature created

by the holder named in the certificate can use the public key listed in the certificate
to verify that the electronic signature was created with the corresponding private
key. The digital signature certificates are issued by the certifying authorities who
are recognized by the controller of certifying authority which is a root certifying
authority in India. The Information Technology Act, 2000 defines a certifying
authority as one which has been granted a license to issue an electronic signature
certificate under section. It is important to note here that the term digital signatures
has been replaced with the term electronic signatures apparently to make the use
more technology neutral as earlier digital signatures was being referred to as much
more technology specific, however since the provisions of the Act are yet to be
notified therefore the amendment cannot be utilized at present.

Chapter VI of the Act provides for regulation of certifying authorities17 Section 17

provides for the appointment of controller by the central government by
notification in the official gazette. The controller shall perform such functions as
the central government may direct. The qualifications, experience and terms and
conditions of service of controller shall be prescribed by the central government.
There shall be a seal of the office of the controller and the head office as well as
the branch office of the controller shall be at such places as the central government
may specify.
Section 18 provides for the functions that the controller may perform. There have
been many foreign certifying authorities that issue digital signature certificates in
India. Section 19 of the Act provides for the recognition of foreign certifying
authorities, the section further prescribes that in case the authority contravenes any
of the conditions and restrictions subject to which it is granted recognition then the
controller may revoke such a recognition.

The controller of certifying authorities has established the Root Certifying

Authority. It is established under section 18(b) of the Information Technology Act,
2000 to certify public keys of all certifying authorities in India. Root certificate is a
self signed certificate that identifies the Root Certification Authority. A certificate
authority can issue multiple certificates in the form of a tree structure. A root
certificate is the top most certificate in the tree, the private key of which is used to
sign all other certificates. A root certificate helps the certificates to inherit the
trustworthiness.

Section 21 of the Act provides for license to issue electronic signature certificates
before the Controller of certifying authority. The license once granted shall be non
transferable and non heritable. Every application for issue of a license shall be in
the prescribed form as may be directed by the government. Section 22(2) provides
that every application for the issue of license shall be accompanied by
 a)Ê A certification practice statement
b)Ê A statement including the procedures with respect to identification of the
applicant
c)Ê Payment of such fee not exceeding 25000 as may be prescribed by the
central government.

The Act also lays down the provisions for the procedure of grant or rejection of
license as well as the renewal of license.

It must be noted here that the application for licensed certifying authority shall be
made in the prescribed format provided under Rule 10 of the Information
Technology (certifying Authorities) rules, 2000. The application for grant of a
license shall be accompanied by a non refundable fee of 25000, provided under
Rule 11 of the Rules.

The Act prescribes that every certifying Authority must follow certain procedures;
a)Ê Make use of hardware, software and procedures that are secure from
intrusion or misuse.
b)Ê Provide a reasonable level of reliability
c)Ê Adhering to security provisions to ensure that secrecy and privacy of digital
signatures is assured.
d)Ê Become the repository of all electronic signature certificate issued under the
Act
e)Ê Publish information regarding its practices, electronic signature certificates
and current status of such certificate.
Section 35 prescribes the certifying authority to issue electronic signature
certificates. A certifying authority while issuing digital signatures shall certify
amongst other factors that the subscriber holds the private key corresponding to the
public key listed in the Digital signature certificate. The subscriber holds a private
key which is capable of creating a digital signature. The public key to be listed in
the certificate can be used to verify a digital signature affixed by the private key
held by the subscriber. The subscriber¶s public key and private key constitute a
functioning pair. The information contained in the certificate is accurate.

Section 37 and section 38 prescribe for the conditions when the digital signature
may be revoked or suspended. Section 39 provides that where a digital signature
certificate has to be revoked or suspended a notice of suspension or revocation
shall be given.

Chapter VIII provides for the duties of subscribers which include the generation of
a key pair(section 40), acceptance of digital signature certificate(Section 40),
exercising reasonable care to retain control over private key corresponding to the
public key listed in the digital signature certificate and to take steps to prevent its
disclosure and in case the private key corresponding to the public key listed in the
digital signature certificate has been compromised the same shall be communicated
to the certifying authority without delay.

The central government under section 87 of the Act has the powers to make rules
and consequently the Information Technology Certifying Authority Rules (2000)
were framed. Rule 3 provides that a digital signature shall be created and verified
by cryptography that concerns itself with transforming electronic record into
seemingly unintelligible forms and back and again. It shall also use public key
cryptography and hash function necessary for creating and verifying a digital
signature. Rule 4 provides for the procedure of creation of digital signature, the
signer shall apply the hash function in the signers software, thereafter the hash
function shall compute a hash result of standard length which is unique to the
electronic record, the signers software shall transform the hash result into digital
signature using signers private key and the resulting digital signature shall be
unique to both the electronic record and private key used to create it and the digital
signature shall be attached to its electronic record and stored or transmitted with its
electronic record.
Rule 5 provides for the verification of the digital signature, the process being same
as discussed previously. Rule 8 prescribes for the persons who may apply for grant
of license to issue digital signature certificates. Rule 13 to 17 provide for validity,
suspension, renewal, issuance and refusal of license. Rule 23 provides for
compliances by the certifying authorities in addition to the requirements under
section 35 of the Act;

(a) The Digital Signature Certificate shall be issued only after a Digital Signature
Certificate application in the form provided by the Certifying Authority has been
submitted by the subscriber to the Certifying Authority and the same has been
approved by it:
Provided that the application Form contains the particulars given in the Form given
in
Schedule-IV;
(b) No interim Digital Signature Certificate shall be issued;
(c) The Digital Signature Certificate shall be generated by the Certifying Authority
upon receipt of an authorised and validated request for:-
a.Ê New Digital Signature Certificates;
 b.Ê Digital Signature Certificates renewal;
(d) The Digital Signature Certificate must contain or incorporate, by reference such
information, as is sufficient to locate or identify one or more repositories in which
revocation or suspension of the Digital Signature Certificate will be listed, if the
Digital Signature Certificate is suspended or revoked;
(e) The subscriber identity verification method employed for issuance of Digital
Signature Certificate shall be specified in the Certification Practice Statement and
shall be subject to the approval of the Controller during the application for a
licence;
(f)Where the Digital Signature Certificate is issued to a person (referred to in this
clause as a New Digital Signature Certificate) on the basis of another valid Digital
Signature Certificate held by the said person (referred in this clause as an
Originating Digital Signature Certificate) and subsequently the originating Digital
Signature Certificate has been suspended or revoked, the Certifying Authority that
issued the new Digital Signature Certificate shall conduct investigations to
determine whether it is necessary to suspend or revoke the new Digital Signature
Certificate;
(g) The Certifying Authority shall provide a reasonable opportunity for the
subscriber to verify the contents of the Digital Signature Certificate before it is
accepted;
(h) If the subscriber accepts the issued Digital Signature Certificate, the Certifying
Authority shall publish a signed copy of the Digital Signature Certificate in a
repository;
(i) Where the Digital Signature Certificate has been issued by the licensed
Certifying Authority and accepted by the subscriber, and the Certifying Authority
comes to know of any fact, or otherwise, that affects the validity or reliability of
such Digital Signature Certificate, it shall notify the same to the subscriber
immediately;
(j) All Digital Signature Certificates shall be issued with a designated expiry date.
Rule 25 provides that before issuing digital signature certificates the certifying
authority shall confirm that the users name does not appear in the list of
compromised users, comply with all privacy statements, obtain consent of the
person requesting the digital signature certificate that the details of such digital
signature certificate can be published on a directory service. Rule 26 prescribes for
all digital signature certificates to have a designated expiry date after which the
certificate shall expire and shall not be re-used.





,



c-
-
c  
c-
c+
c  

c 
c
c


The primary legislation that deals with Digital Signatures is the Information
Technology
Act, 2000, the Act has been recently amended in the year 2008 but is yet to be
notified, at many places the words Digital Signatures have been replaced with
electronic signatures primarily to make the system more technology neutral in
contrast to technology specific. The shortcoming which was prevalent in the
unamended act and which was widely criticized was that asymmetric cryptography
system was made with specific reference to digital signatures and any other means
of authentication that did not use this technology were not recognized under the
Act.

 !.)of the Act provides for penalty in case of publication of false electronic
signature certificates. no person shall publish an electronic signature certificate or
make it available to any person if the certifying authority listed in the certificate
has not issued it, or the subscriber listed in the certificate has not accepted it or the
certificate has been revoked or suspended, unless such publication is for the
purpose of verifying an electronic signature created prior to such suspension or
revocation. Any contravention of the provisions under this section shall entail a
punishment of 2 years and a fine of Rs 1 lakh.

 !.,deals with the case where publication, creation or making available of

the electronic signature certificate for any fraudulent purpose has been made shall
be punished with imprisonment up to 2 years or fine up to 1 lakh rupees or both.
After the introduction of Digital Signatures there have been various amendments to
give legal validity to these instruments however amongst all the /
&/ 
 01.( has witnessed the most significant amendments.

 !)of the Act, which consisted of only documents was substituted with
electronic records produced for the inspection of the courts, implying that all
audio, video, data text or multimedia files generated, stored, received or sent in
electronic form or microfilm or computer generated micro film could be produced
for inspection of the court and such electronic records shall be treated as
documentary evidence under the Indian Evidence Act, 1872.

 !.of the Indian Evidence Act reads that an admission is a statement, oral
or documentary contained in an electronic form, which suggests any inference as to
any fact in issue or relevant fact and which is made by any of the persons and
under the circumstances, hereinafter mentioned. This has led the admissibility of
evidences made through the electronic media, video conferences etc.

 !((assumes great importance with respect to digital signatures, the

section provides that oral admissions as to the contents of the electronic records are
not relevant, unless the genuineness of the electronic record is produced in
question. The genuineness and the authenticity of the e-record shall be made out
when the same has been electronically signed. A digitally signed e-record is a
relevant fact and oral admissions as to the contents of the record are relevant.
Further sections 34, 35 and 39 and 59 have been amended to include electronic
records thus giving authenticity to electronic documents as evidence in courts.
 !,.prescribes that where the opinion of the certifying authority which
issues a digital signature certificate shall be a relevant fact when the court has to
form an opinion as to the digital signature of any person.

 !23prescribes for relevancy of electronic records which confirm to

section 65B, which provides that any information contained in an electronic record
in any form printed on paper, stored, recorded or copied in optical or magnetic
media produced by a computer shall be deemed to be a document. The conditions
under sub section (2) are necessary to identify whether the computer in question
has properly processed, stored and reproduced whatever information it received.
Sub-Section (4) of the Act provides for certifying a statement given in an e- record
for the purpose of admissibility in any proceedings and the same shall be signed by
a person occupying a position of responsibility.

 !2.provides for the proof as to Digital Signatures, if the digital signature

of the subscriber is alleged to have been affixed to an electronic record the fact that
the signature is that of the subscriber must be proved. This section mandates that
proving that the digital signature is indeed of the subscriber and merely admitting
the execution of ere cord by affixing digital signature is not sufficient. When a
matter is pending before the court, it may wish to ascertain whether the digital
signature which has been affixed is the same as that of the person to whom it is
attributed.

 !.)provides for the proof as to digital signatures, the court in such cases
can direct the Certifying Authority or the person in question to produce the Digital
Signature Certificate. It may also ask any person to apply the public key listed in
the digital signature certificate and verify the digital signature purported to have
been affixed by that person.

 !13prescribes for presumption as to electronic agreements; the court shall

presume execution of an electronic agreement if the digital signatures of the parties
to the electronic agreement have authenticated it.

 !13prescribes that it shall be presumed that an electronic record is secure

from the time where any security procedure, in the present situation a digital
signature, has been applied to the time of verification unless anything contrary to it
is proved. The court shall also presume that a secure electronic signature is affixed
by the subscriber with the intention of signing or approving the electronic record.

 !13provides that the court shall presume that the digital signature
certificate is authentic and the information thus contained is valid and correct and
to the extent of only the information that has been verified and not beyond that.

 !45provides that where an electronic record is five years old and it is

produced from the custody which is proper18 it may be presumed that the digital
signature which purports to be the digital signature of any particular person was
affixed by him or any person authorised by him in this behalf. As science and
technology has developed enormously, there has been a need felt to improve the
way transactions and contracts are conducted. The internet is considered as the best
medium in the modern world to carry out transactions in an effective, cheaper and
fast manner. In India Patent and Trademark filing manually is a cumbersome
process; in order to make it more efficacious e-filing of patents and trademarks has
been allowed. Through the use of digital signatures one can file for patent as well
as trademarks online. The benefits of e-filing of patents are that one receives a
Patent application number immediately. Secondly, On-line verification to assure
error-free filing and obtain your filing date. Thirdly, one can speed up the
registration process. The Controller General of Patents, Designs and Trade Marks
(CGPDTM) has stipulated a Class-III category certificate for e-Filing of Patent and
Trade Marks applications in India. A person who already has a specified Digital
Signature Certificate (DSC) for any other application can use the same for e-filing
of a patent application and is not required to obtain a fresh DSC.
The procedure for e-filing involves the use of a class-3 digital signature from any
of the licensed certifying authorities.
1.Ê Thereafter one can login to the user name and password by applying for
online registration.
2.Ê Download the Client Software for preparing Patent Application Offline with
required documents and Digitally Sign it for uploading on IPO Server.
3.Ê Fill Patent Application offline and generate an XML file using Client
Software.
4.Ê After creating application(XML) file offline, Digitally Sign the XML
file(Max. file size permitted 5MB) for uploading on to the IPO Server.
5.Ê Login into e-Patent portal(http://ipindia.gov.in) for uploading Application
XML file on IPO Server.
6.Ê Upload & Submit Digitally Signed XML file to IPO Server.
7.Ê Process Application for EFT (Electronic Fund Transfer) using State Bank of
India (SBI) & Axis Bank Payment Gateways.
8.Ê Review Application Status on e-Patent Portal.
9.Ê On successful EFT acknowledgement details would be displayed/
generated.
10.ÊPrint Acknowledgement
Banking in India has never been so trouble free after the introduction of e-banking.
With the help of electronic banking transactions which generally took days to
complete now are just a click away. The Negotiable Instruments Act, 1881, under
section 6 explains that a cheque in the electronic form¶ means a cheque which
contains the exact mirror image of a paper cheque, and is generated, written and
signed by a secure system ensuring the minimum safety standards with the use of
digital signature (with or without biometrics signature) and asymmetric crypto
system.

The government of India in order to encourage electronic governance has

introduced the MCA 21 program which is a flagship program of the ministry of
corporate affairs. MCA-21 envisages electronic filing of these documents,
including registration and records of a company, adaptation of all statutory forms
for electronic filing, scanning and digitization of permanent records, annual returns
and balance sheets. This necessitated an amendment to the Act, the Ministry said.
The project commenced in March 2005 with the signing of a contract agreement
with the operator Tata Consultancy Services Ltd. The project cost is estimated at
Rs 345 crore22. The project would enable corporates to register a company and file
statutory documents easily. It would also make it easy for the public to access
relevant records and get quicker redressal of their grievances. The Companies
(Electronic Filing and Authentication of Documents) Rules, 2006, provides for
provisions concerning electronic filing, Rule 3 prescribes that every e-form or
application or document or declaration required to be filed or delivered under the
Act and rules made, shall be filed in computer readable electronic form, in portable
document format (pdf) and authenticated by a managing director, director or
secretary or person specified in the Act for such purpose by the use of a valid
digital signature. Every managing director, director or secretary or person specified
in the Act for authentication of e-form, documents or application etc., which are
required to be filed or delivered under the Act or rules made there under, shall
obtain a digital signature certificate from the Certifying Authority for the purpose
of such authentication and such certificate shall not be valid unless it is of Class II
or Class III specification under the Information Technology Act, 2000 Act. The
use of internet has been so vast that the government of India is now considering
including the use of signatures on the mobile phone. We often use the internet for
carrying out transaction on the mobile phone, such as mobile payment of bills,
mobile banking etc. However, these transactions are neither authenticated nor
secure. These transactions don¶t follow basic requirements of security and thus the
need of mobile signatures is being felt. In the wake of increasing transactions over
the mobile phone, The Department of Payments and Settlement¶ of Reserve Bank
of India has on September 19, 2008 issued Draft Operating Guidelines on Mobile
Banking Transactions in India.

The present procedure for Mobile Banking transactions in India is as follows:-

ƒÊ A customer needs to purchase an item worth Rs 200.
ƒÊ The customer asks for the outlet owner¶s bank account number.
ƒÊ The customer sends a message from the mobile phone with the
following code -³*543*123*(the outlet¶s bank account
number)*200*(Amount) Customers 10- digit Pin code#´
ƒÊ The SMS is sent to the bank.
ƒÊ Instantly the amount is debited from the customer¶s account.
ƒÊ In order to confirm the transaction the bank sends an SMS to
the Customer stating that Rs. 200 has been debited from the
account.
The given scenario doesn¶t ensure authenticity, confidentiality, integrity or non
repudiation and hence is not secure at all. If the device gets stolen anyone can
misuse the facility and hence there is a need to secure these transactions . The
mobile signature is created by typing a secret code (i.e. your signing PIN) into the
signing device (for example: your mobile phone). This secret code in combination
with your key storage token (for example: SIM card) and a chosen text triggers a
cryptographic algorithm to generate the (digital) signature. The Indian Government
has come up with a discussion paper which discusses Mobile signatures, its
applicability in India and the position in different countries.


  

With the growth of technology the use of internet has gone through serious
changes. All transactions are carried on the internet and it is being used as the most
efficient and trouble free mode of conducting business, be it tax returns, patent
filing, electronic banking and almost all transactions which took hours to complete
manually can just be completed with the help of a click in minimal time. However
as the online transactions increase the issue of authenticity has also been a factor to
consider. Keeping this in mind the concept of digital signatures was introduced in
India. The concept though initially was not very well accepted in the industry
however with the increase in the amount of transactions that are being performed
on the internet the laws have been liberalized a little bit to include these
instruments for almost all kind of transactions. Though a welcome step to
encourage electronic commerce and at the same time ensure authenticity, presents
in front of us certain issues which are as follows;
1.Ê Digital signature essentially is a technology specific instrument which has
because of its technical complexities not been received well in the
industry. The recent amendments in the Information Technology Act have
substituted the words electronic signatures in place of digital signatures.
The attempt is to make it more technology neutral and stating that digital
signatures are one class of electronic signatures. However the absurdity in
the Act can be viewed from the instance that the words electronic
signatures have not been substituted evenly throughout the Act.
2.Ê As there has been an increase in the use of digital signatures the need of
the hour is to educate and impart awareness to people regarding the use of
digital signatures.
 3.Ê Verification of digital signatures is an important procedure for
establishing evidence in the court of law. The procedure again is very
complex technically and it is required that a process which is more
flexible and easily understood should be adopted.
4.Ê A concern that may creep up with the passage of time is the over
dependence on digital signatures as a means to authenticate and validate
electronic transactions and the question if we have any other means of
authentication of electronic transactions. The reason for this concern apart
from digital signatures being technology specific is that they are
expensive in terms of establishing and utilizing certifying authorities.

As has always been the case with technology, it is extremely difficult to prepare a
regulatory framework that aptly corresponds to the changes in technology. In case
of digital signatures the recent amendments must be lauded for making changes
that lessen the technical complexities and encourage the use of digital signatures in
carrying out electronic transactions.