1

DIGITAL SIGNATURES DIGITAL SIGNATURES

AND AND

VERIFICATION OF ELECTRONIC VERIFICATION OF ELECTRONIC RECORDS RECORDS

DIGITAL SIGNATURES DIGITAL SIGNATURES

AND AND

VERIFICATION OF ELECTRONIC VERIFICATION OF ELECTRONIC RECORDS RECORDS

2

INDEX DEFINITIONDIFFERENCE BETWEEN ELECTRONIC SIGNATURE & DIGITAL SIGNATUREFEATURES OF DIGITAL SIGNATURECRYPTOGRAPHYHOW DOES DIGITAL SIGNATURE WORK?SIGNATURE AND LAWDIGITAL SIGNATURE CERTIFICATES(DSC)ENCRYPTION CHALLENGES AND BENEFITS

3

DEFINITION OF DIGITAL SIGNATURE

Digital signature simply means signature in digital form.

From the legal point of view , signature is a mark to authenticate a document with an intention to give it a legal effect.

As per section 3 of Information Technology Act, 2000, Digital signature means authentication of any electronic record by the subscriber by means of an electronic method.

4

HOW IS IT DIFFERENT FROM ELECTRONIC SIGNATURE?

Electronic signature means Electronic signature means any any identifier (letters, symbols) identifier (letters, symbols) manifested by electronic meansmanifested by electronic means adopted by a party to a transaction with adopted by a party to a transaction with an intent to authenticate a message.an intent to authenticate a message.

On the other hand, On the other hand, a digital signature a digital signature is an electronic identifier that is an electronic identifier that utilizes an information security utilizes an information security measuresmeasures to ensure the to ensure the integrity ,authenticity and non-integrity ,authenticity and non-repudiation of the message to which it repudiation of the message to which it corresponds. corresponds.

Continued……Continued……

5

FEATURES OF DIGITAL SIGNATURE

Digital signature ensures privacy, verifies the origin and integrity of the message. It is considered safe and secure as it uses asymmetric cryptography which consist a key pair:- A Private key to create a digital signature, known to user only A Public key to verify the signature and more widely known

6

MAJOR APPLICATIONS OF DIGITAL SIGNATURES

Filing of documents as per various legal

requirements like MCA-21, ITR, etc.To sign E-Tenders, bids , quotations etc.To communicate confidential message within the organizations.

7

HOW DOES DIGITAL SIGNATURE WORK?

A) Creation of a Digital SignatureA digital signature was first proposed by WHITFIELD DIFFIE of Stanford University in 1976. It transforms the message which

is signed so that anyone who reads it can be sure of real sender. It is a message content called a message digest that

represents a private. Encrypting a message digest with a private key creates a digital signature as explained in the next

slide.

Digital signature works in two steps :

1.Creation of a digital signature.

2.Verification of a Digital Signature

8

Creation of a Digital Signature

9

VERIFICATION OF DIGITAL SIGNATURE

The sender generates a message digest , The sender generates a message digest , encrypts it with his private key and sends the encrypts it with his private key and sends the digital signature to the recipient along with the digital signature to the recipient along with the plain text message.plain text message.

The recipient uses the sender’s pubic key to The recipient uses the sender’s pubic key to decrypt the digital signature which authenticates decrypt the digital signature which authenticates that the message was from the trusted sender .that the message was from the trusted sender .

The recipient uses “Hash function” to encode its The recipient uses “Hash function” to encode its own message digest of the sender’s text . own message digest of the sender’s text . If the If the encoded message turns out the same as one encoded message turns out the same as one send by the sender , the digital signature is send by the sender , the digital signature is considered to be authentic and the message considered to be authentic and the message has not been tampered with .has not been tampered with .

10

Verification of Digital Signature

11

Signing a document serves the following purposes:-

Evidence-A signature authenticates writing by identifying the signer and the writing becomes attributable to the signer who makes a mark in a distinctive manner

Ceremony-The art of signing a document calls to the signers attention the legal significance of the signer’s act , prevents inconsiderate agreements

Continued…………………

Signature and Law

12

Approval- A signature expresses the signers approval or authorization of the writing , or the signers intention that it has legal effect.Efficiency and Logistics- A signature on a written document imparts a sense of clarity and finality to the transaction, lessens the subsequent need to inquire beyond the face of the documents

like negotiable instruments.

13

ATTRIBUTES OF A SIGNATURE

Signer’s authentication-Should indicate who has signed a document, message or record, and should be difficult for another person to produce without authorization.Document Authentication- Identify what is signed, making it impracticable to falsify or alter either the signed matter or signature without detection.

Continued………

14

Affirmative Act-The fixing of the signature should be an affirmative act –serving the ceremonial and approval functions of a signature and establishing the sense of having legally accomplish a transactionEfficiency- A signature- its creation and verification processes should provide the greatest possible assurance of both signers authenticity and document authenticity , with the least possible expenditure of resources

15

DIGITAL SIGNATURE CERTIFICATES(DSC)

A digital certificate is a electronic document issued by a Certificate Authority (CA) to establish a merchants identity by verifying its name and public keyThese are the electronic counter parts to drive licenses , passports and membership cards.One can present DSC electronically and prove ones identity or right to access information or services online

16

What does Digital Certificate contain?

Owners nameOwners public keyExpiration date of the public keyName of the Certifying AuthoritySerial No. of digital certificateDuration and class of certificateCertificate ID number

17

Classes of Digital Certificate

Certificates can be issued (for a fee) in the following 4 classes:-Class 1 certificates- Quickest and simplest to issue as they contain minimum checks on the user’s background. Only the name of the user, address, email address are checked

Example: Library Card.

18

Class 2 certificates- Check for information like real name, social security number and date of birth. It requires proof of physical address and email

Example: Credit CardClass 3 certificates- Strongest types . It is used for loans acquired online and other sensitive transactions

Example: Driving License

19

Class 4 certificates- most secured business certificates. In addition to the class 3 requirements, the certificate authority checks on things like Users position in his/her organization.

NOTE:-Considering the security in mind, Class 3 certificates and above are authorized by Ministry of Company Affairs 21 for online transactions

20

Uses and Need of a Digital CertificateUsed for following electronic transactions:-

EmailE- CommerceGroupwareElectronic Fund Transfers

Need: Encryption alone is not enough as it provides no proof of the identity of the sender of the encrypted information.

Digital certificates addresses the above problem by providing an electronic means of verifying the senders identity .

21

Types and Status Services for Digital Certificate

Certifying Authorities provide issuing, revocation and status services for following 3 types of digital certificates:

Server Certificates- Enable web servers to operate in a secure mode.

Developers Certificates- Used in conjunction with Microsoft Authenticode TM Technology, Provides customers with information and assurance they need when downloading software from the internet.

Personal Digital Certificates- Used by individuals when they exchange messages with other users or online services.

22

ENCRYPTION

It is based on the use of mathematical procedures to scramble data so that it is extremely difficult for anyone other than authorized recipients to recover the original message. The formula or algorithm converts the intended data into an encoded message using a key to decode or decipher the message.

23

E- Security needs for Encryption

Authentication :- identifies or verifies that the sender of a message is in fact who he or she is.

Integrity :- verifies that neither the message is not altered in transit and also means the message is not reached the recipient twice. Non Repudiation :- Prevents sender and vendor in a transaction or communication activity from later falsely denying that the transaction occurredPrivacy :- Shields communications from unauthorized viewing or access. Privacy protection implies confidentiality and anonymity

24

CryptographyCryptography is a branch of Applied Mathematics which is

used in computer science at a large scale.There are 3 classes of Cryptography: Symmetric Encryption/Secret Key- The sender and

recipient possesses the same single key. Both parties can encrypt and decrypt messages with the same key

Asymmetric Encryption/Public Key- Involves 2 related keys called key pairs :one Public key and other a private key

Public key can encrypt an information while private key decrypts it.

Hash function – It converts a message into code that is known as fingerprint or Message Digest

25

ChallengesDigital signature involves the following costs:Institutional Overhead- The cost of establishing and utilizing certification authorities, repositories and other important services, as well as assuring quality in the performance of their functionsSubscriber and Relying Party cost-A digital signer will require software and has to pay Certifying Authority some price to issue a certificate

26

BenefitsReliable authentication of messagesMinimizes risk of dealing with imposters or persons who attempt to escape responsibility by claiming to have been impersonatedMinimizing the risk of undetected message , tampering , forgery and of false claims that a message was altered after it was sentFormal legal requirements accepted as digital signatures are superior to writing a signature on paperRetaining a high degree of information security

27

THANK YOUTHANK YOUPRESENTED BY:- •Sunny Kumar

•Aniket Agrawal•Neha Sinha

•Vishwanath Jindal•Paras Goel

•Prachi Mangaliya•Shailender Jha