INFORMATION TECHNOLOGY ACT
n 1996 the United Nations Commission on International Trade Law approved a model law on the subject of E-Commerce. In the year 2000 India passed Information Technology Act, 2000 for the purpose of encouraging Electronic Commerce in India and in keeping with the (UNCITRAL).
The Information Technology Act, 2000 facilitates both e-commerce and e-governance.
The Act has the provisions of :
• Legal recognition to electronic records (Section 4 of the Act)
• Legal recognition to digital signatures (Section 5 of the Act)
• Provision of retention of electronic records and publication of electronic gazzettes.
• Provision for penalties in case of cyber offences (Section 43 to 47 of the Act)
• Provision for Cyber Appellate Tribunal (Section 48 to 64 of the Act)
• Cyber offences (Section 65 to 78 of the Act).
The definition of digital signature has been provided in Section 2(1)(p) of the Act, it states "digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with provisions of Section 3
Digital Signature is a transformation of an electronic record into another electronic record with the help of private key.
Section 2(1)(f) defines 'asymmetric crypto system', as – "asymmetric crypto system means a system of a secure key pair consisting of a private key for creating digital signature and a public key to verify the digital signature",
Cryptography – The word has a Greek origin and means secret writing. It is the science of codification, which converts a normal text into coded characters (known as cipher text). The process of coding is called encryption and the process of decoding is called decryption. Encryption and decryption is done through software. The software are called Public Key and Private Key. Private Key is kept secret and the Public Key is made public.
Section2(1)(zc) and Section 2(1)(zd) defines 'private key' and 'public key' as - "private key means the key of a key pair used to create digital signature" and "public key means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate".
Section 3(2) states, "The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record".
Section 3(2) states, "hash function means an algorithm mapping or translation of one sequence bits into another, generally a smaller set, known as 'hash result' such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible –
(a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm
(b) that two electronic records can produce the same hash result using the algorithm."