Class it act


Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Class it act

  2. 2. IT Act, 2000  Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws  IT Act is based on Model law on e-commerce adopted by UNCITRAL(United Nations Commission on International Trade Law)
  3. 3. Preamble of IT Act, 2000 To provide legal recognition for transactions:-  Carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as "electronic commerce―  To facilitate electronic filing of documents with Government agencies and E-Payments  To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934
  4. 4. Components of the Act  Legal Recognition to Digital Signatures  Electronic Governance  Mode of Attribution, Acknowledgement and Despatch of Electronic Records.  Secure Electronic Records.  Regulation of Certification Authorities.  Digital Certificates.
  5. 5. Components of the Act (Cont)  Duties of subscribers  Penalties and Adjudication  Offences  Protection to Network Service Providers in certain situations.
  6. 6. Terms defined in the Act  Access  Addressee  Computer  Computer Resource  Data  Electronic Form  Information  Intermediary  Secure System  Asymmetric Cryptography  Digital Signature.
  7. 7. E-commerce  Refers to doing business and transactions over electronic networks prominently the internet. • Prevents the need for physical presence • Two parties may never know, see or talk to each other but still do business. • Has introduced the concept of electronic delivery of products and services. • Unmanned round-the-clock enterprises – Available always.
  8. 8. E-Commerce- Potential Problems  Security on Net-Confidentiality, Integrity and Availability.  Cyber crimes-Hackers, Viruses  Technological Complexities  Lack of Information trail  Desparate Regulatory Environment and Taxation Policies.
  9. 9. Challenges Protecting Information in Transit Protecting Information in Storage Protecting Information in Process Availability and Access to information to those Authorised.
  10. 10. Concerns in E-Transactions Confidentiality Integrity Availability Non Repudiation
  11. 11. Confidentiality Concerns  Eavesdropping  Wire Tapping  Active/Passive  E-mail snooping  Shoulder Surfing
  12. 12. Integrity Attacks  Data Diddling  Buffer Overflow  Used to insert malicious code  Channel violation  Spoofing
  13. 13. Availability Threats  Denial of Service (DOS)  Ping of Death  SYN Flooding  Remote Shut Down
  14. 14. Tools and Techniques  Key Loggers  Password Crackers  Mobile Code  Trap Doors  Sniffers  Viruses  Worms  Trojan Horse  Logic Bombs
  15. 15. Parameters Data Confidentiality User Authentication Data Origin Authentication Data Integrity Non Repudiation.
  16. 16. IT Act 2000  It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention there under committed outside India by any person.
  17. 17. IT Act 2000-Terms Explained a. "access" with its grammatical variations means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network; b. "addressee" means a person who is intended by the originator to receive the electronic record but does not include any intermediary; c. "adjudicating officer" means a judge appointed under subsection (1) of section 46
  18. 18. IT Act 2000-Terms Explained d. "affixing digital signature― means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature e. "asymmetric crypto system" means a system of a secure key pair consisting of a private key for creating a digital signature & public key to verify it f. "Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate under section 24
  19. 19. IT Act 2000-Terms Explained g. "computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
  20. 20. IT Act 2000-Terms Explained h. "computer network" means the interconnection of one or more computers through— (i) the use of satellite, microwave, terrestrial line or other communication media; and (ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained; i. "computer resource" means computer, computer system, computer network, data,computer data base or software;
  21. 21. IT Act 2000-Terms Explained j. "Controller" means the Controller of Certifying Authorities appointed under sub-section (l) of section 17 k. "Cyber Appellate Tribunal" means Cyber Regulations Appellate Tribunal established under sub-section (1) of section 48 l. "digital signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with provisions of section 3 m."Digital Signature Certificate" means a Digital Signature Certificate issued under subsection (4) of section 35
  22. 22. IT Act 2000-Terms Explained n. "electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche o. "intermediary" with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message p. "originator" means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary
  23. 23. Digital Signature Authentication of Electronic Records  All information in electronic form which requires affixing of signature for legal recognition now satisfies if authenticated by affixing digital signature.  Applicability includes: Forms, licences, permits, receipt/payment of money.
  24. 24. Electronic Governance Legal recognition of electronic records.  Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is- (a) rendered or made available in an electronic form; (b) accessible so as to be usable for a subsequent reference.
  25. 25. Electronic Governance Legal recognition of digital signatures  Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.
  26. 26. Attribution, Acknowledgment & Despatch Of Electronic Records Attribution of electronic records.  An electronic record shall be attributed to the originator- (a) if it was sent by the originator himself; (b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or (c) by an information system programmed by or on behalf of the originator to operate automatically
  27. 27. Attribution, Acknowledgment & Despatch Of Electronic Records  Acknowledgment of receipt. (1) Where the originator has not agreed with the addressee that the acknowledgment of receipt of electronic record be given in a particular form or by a particular method, an acknowledgment may be given by— (a) any communication by the addressee, automated or otherwise; or (b) any conduct of the addressee, sufficient to indicate to the originator that electronic record has been received
  28. 28. Attribution, Acknowledgment & Despatch Of Electronic Records  Acknowledgment of receipt. (2) Where the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgment of such electronic record by him else deemed to have been never sent by the originator.
  29. 29. Attribution, Acknowledgment & Despatch Of Electronic Records  Acknowledgment of receipt. (3) Where the originator has not stipulated that the electronic record shall be binding only on receipt of such acknowledgment, and the acknowledgment has not been received within the time agreed or within a reasonable time, then the originator may give notice to the addressee stating that no acknowledgment has been received by him and if no acknowledgment is received within the aforesaid time limit he may after giving notice to the addressee, treat the electronic record as though it has never been sent.
  30. 30. Attribution, Acknowledgment & Despatch Of Electronic Records  Time & place of despatch & receipt of electronic record (1) Dispatch of an electronic record occurs when it enters a computer resource outside the control of the originator. (2)Time of receipt of an electronic record shall be determined as follows, namely :— (a) if the addressee has designated a computer resource for the purpose of receiving electronic records,— receipt occurs at the time when the electronic, record enters the designated computer resource; or received by the addressee