SlideShare a Scribd company logo

CPE (4) - Understanding Digital Signature & Law

Download as PPT, PDF
Mamunur Rahman, CISA
Mamunur Rahman, CISA

It is about digital signature

Technology
1 of 17
March 11, 2008 ISACA Dhaka Chapter CPE Session on Legal Aspects of Electronic Signatures By Mamunur Rahman, CISA, Engineer IT Auditor (Consultant), Audit & Internal Control Div., Dhaka Bank Ltd.
Objectives & Synopsis of this Session Legal Aspects of a Signature  Basic Attributes  Types & Forms Review of Digital Signature Process Flow • How it works Applying the Law thru Digital Signature • Mapping the Law to Process Familiarization with ICT Act 2006 • Signature Issues • Cyber Crimes & Processes
Types & Forms of Signatures Manuscript  The mark of a cross  The use of a printed name  The use of a lithographed name  The use of a stamp  Digital marks by human action (telex, facsimile, e-mail) Electronic  Typing a name into an e-mail or electronic document  Clicking the ‘I accept’ or ‘I agree’ icon  Using a personal identification number (PIN)  Using a scanned signature  Using a biometric measurement  Using a digital signature (more accurately, a hash cryptographic signature)
Definition of a Signature This is an information, in an recognized form, associated with a record and executed or adopted by a person with the intent to sign the record.  Primary purpose  evidence that the signatory approves and adopts the contents of the document  content of the document shall be binding  Secondary purpose  authenticate the identity of the person  content of the document has not been altered subsequently to the affixing of the signature  Record keeping purpose
Electronic Signature An electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. (1) The sender cannot later disavow the message, (2) the receiver cannot forge the message or signature, and (3) the receiver can prove to others that the contents of the message are genuine and originated with the sender. Forms: 1. Sound 2. Symbol (e.g., scanned signature; name & desig as e-mail footer) 3. Process (e.g., digital signature, end-user license agr. clickwrap, etc)
Digital Signature A form of Electronic Signature. It employs an asymmetric cryptographic algorithm. Each party must have a pair (private key, public key) unique to it. Mapping the Law to Process: 1. Sender’s approval/consent by using his private key in encryption 2. Authentication by sender’s identification (certificate evaluation) 3. Sender’s consent/approval as non-repudiation 4. Transmission confidentiality by encryption 5. Content extraction confidentiality by the privacy of recipient’s private key 6. Integrity by comparing the message digest (hash value)
D. Envelope D.Signature Non-repu Confidentiality Digital Signature Process Flow
Safety: Manuscript vs. Electronic A manuscript signature is under the total physical control of the individual, but it is not necessarily reliable:  Variability of the signature  Signature may be obtained as a result of unconscionable conduct - fraud instigated by a third party - undue influence by a third party  A signature may also be forged The number of people involved in the chain of a digital signature:  Key generating company  Registration authority  Certification authority will issue a certificate  Security of the entire structure is, in essence, predicated on ensuring the private key is kept secure
ICT Act 2006
Summary of the Act  Electronic Signature  Legal Protection of Electronic Transactions  Certificate Authority  Language Issue  Law for Cyber Crimes  Cyber Tribunal & Trial Process  Penalty for Crimes  Redemption of ISP Wherever a Bangladeshi citizen performs crimes from whatever place, he/she will be brought under this law & the trial process will apply it for him/her.
Chapter-2: Electronic Sig. & Record 5. Authentication of electronic records by electronic signature 6. Recognition of electronic records 7. Recognition of electronic signature 8. Use of electronic records & electronic signature in govt. offices 9. Preservation of electronic records 11. No govt. office will be bound to accept electronic records/docs 12. Govt. can specify everything about electronic sig.
Chapter-4: Secure Electronic Records & Secure Electronic Signature 16. Secure Electronic Record: If a security measure is taken to protect the record. 17. Secure Electronic Signature: If it confirms that a. it was the sender’s own, b. it had the clue to identify the sender, and c. only the sender had the control over its creation & attaching.
Chapter-5: Controller & Certificate Issuing Authority 20. Recognition of Foreign Certificate Authority 21. Controller’s Responsibility for Repository of Issued Certificates 22. License for Issuing Digital Certificate
Chapter-8: Crime, Investigation, Trial & Penalty 54. Crime If a person in a computer system or computer network without the permission of the owner or custodian of it intrudes or helps others for the purpose of making harms to it or its users in whatsoever form, and/or stealing/damaging data stored in it willingly, his act will be treated as a crime under this Act. Penalty A maximum of 10 years in jail, or 10 lac taka, or both.
Chapter-8: … 55. Unauthorized change of computer source code Max of 3 years in jail, or 3 lac taka, or both. 56. Hacking Max of 10 years in jail, or 1 crore taka, or both. 57. Publishing, in any electronic form, any information that is fictitious, obscene or dishonoring Max of 10 years in jail, or 1 crore taka, or both. 63. Breach of Confidentiality Max of 2 years in jail, or 1 crore taka, or both. 66. Committing crimes by using computers The penalty already prescribed by other Acts for the actual crime performed using the computer. 66. Crimes committed by companies Board directors, MD, Secretary & staff directly concerned with the crime, unless they prove their unawareness or preventing efforts.
Cyber Tribunal 68. Govt. will form this in consultation with Supreme Court. This tribunal will conduct the trial process only by this Act Redemption of ISP 79. The third party ISP will not be held responsible for making the availability of information/data, if it can be proved that the concerned crime is committed without its awareness or it tried to prevent this at its level best.
An authentic English text will be published. If translation creates any sort of conflict/confusion, Bangla will take over. Next Step: Software Piracy, Forensic Audit Thanking you, questions welcome.

Recommended

IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)
Ms. Parasmani Jangid
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
atuljaybhaye
 
It act
It actIt act
It act
Yogesh Thawait
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Anirban Mandal
 
Cyber crime 1
Cyber crime 1Cyber crime 1
Cyber crime 1
Anirban Mandal
 
Information Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewInformation Technology Act 2000 An Overview
Information Technology Act 2000 An Overview
Anubhav
 
Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2
Suryadev Maity
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000
Onkar Sule
 

Recommended

IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)
Ms. Parasmani Jangid
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
atuljaybhaye
 
It act
It actIt act
It act
Yogesh Thawait
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Anirban Mandal
 
Cyber crime 1
Cyber crime 1Cyber crime 1
Cyber crime 1
Anirban Mandal
 
Information Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewInformation Technology Act 2000 An Overview
Information Technology Act 2000 An Overview
Anubhav
 
Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2
Suryadev Maity
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000
Onkar Sule
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
SuvabrataSamanta
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
shahulgk
 
Class it act
Class it actClass it act
Class it act
Aryan Ajmer
 
Information Technology Act 2008
Information Technology Act 2008Information Technology Act 2008
Information Technology Act 2008
Mohit Goswami
 
Cyber law
Cyber lawCyber law
Cyber law
Arnab Roy Chowdhury
 
Cyber law
Cyber lawCyber law
Cyber law
Robin Varghese
 
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptxINFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
akshitarathi77
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crime
SumedhaBhatt2
 
It act law ppt
It act law pptIt act law ppt
It act law ppt
Vishesh Dalal
 
IT Act,2000
IT Act,2000IT Act,2000
IT Act,2000
2coolshivani
 
Chapter 06 Information Technology Act 2000
Chapter 06 Information Technology Act 2000Chapter 06 Information Technology Act 2000
Chapter 06 Information Technology Act 2000
Robin Kapoor
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
Sagar Rahurkar
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
Diya Mirza
 
IT ACT 2000.ppt
IT ACT 2000.pptIT ACT 2000.ppt
IT ACT 2000.ppt
reenu40
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
Sonu Mishra
 
Unit 6 IT and RTI Act.pptx
Unit 6 IT and RTI Act.pptx Unit 6 IT and RTI Act.pptx
Unit 6 IT and RTI Act.pptx
Dr. Nidhi Raj Gupta
 
IT (4).pdf
IT (4).pdfIT (4).pdf
IT (4).pdf
Madhavi38
 
Business Law - Unit 3
Business Law - Unit 3Business Law - Unit 3
Business Law - Unit 3
SOMASUNDARAM T
 
Ds over
Ds overDs over
Ds over
jolly9293
 
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
International journal of scientific and technical research in engineering (IJSTRE)
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
Marcus Vechiato
 

More Related Content

Similar to CPE (4) - Understanding Digital Signature & Law

Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
SuvabrataSamanta
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
shahulgk
 
Chapter 06 Information Technology Act 2000
Chapter 06 Information Technology Act 2000Chapter 06 Information Technology Act 2000
Chapter 06 Information Technology Act 2000
Robin Kapoor
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
Sagar Rahurkar
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
Diya Mirza
 
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
International journal of scientific and technical research in engineering (IJSTRE)
 

Similar to CPE (4) - Understanding Digital Signature & Law (20)

Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
 
Class it act
Class it actClass it act
Class it act
 
Information Technology Act 2008
Information Technology Act 2008Information Technology Act 2008
Information Technology Act 2008
 
Cyber law
Cyber lawCyber law
Cyber law
 
Cyber law
Cyber lawCyber law
Cyber law
 
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptxINFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
INFORMATION TECHNOLOGY ACT 2000 and its provisions.pptx
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crime
 
It act law ppt
It act law pptIt act law ppt
It act law ppt
 
IT Act,2000
IT Act,2000IT Act,2000
IT Act,2000
 
Chapter 06 Information Technology Act 2000
Chapter 06 Information Technology Act 2000Chapter 06 Information Technology Act 2000
Chapter 06 Information Technology Act 2000
 
Legal aspects of handling cyber frauds
Legal aspects of handling cyber fraudsLegal aspects of handling cyber frauds
Legal aspects of handling cyber frauds
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
 
IT ACT 2000.ppt
IT ACT 2000.pptIT ACT 2000.ppt
IT ACT 2000.ppt
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Unit 6 IT and RTI Act.pptx
Unit 6 IT and RTI Act.pptx Unit 6 IT and RTI Act.pptx
Unit 6 IT and RTI Act.pptx
 
IT (4).pdf
IT (4).pdfIT (4).pdf
IT (4).pdf
 
Business Law - Unit 3
Business Law - Unit 3Business Law - Unit 3
Business Law - Unit 3
 
Ds over
Ds overDs over
Ds over
 
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
A Secure Proxy Signature Scheme with Fault Tolerance Based On Discrete Logari...
 

Recently uploaded

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 

CPE (4) - Understanding Digital Signature & Law

  • 1. March 11, 2008 ISACA Dhaka Chapter CPE Session on Legal Aspects of Electronic Signatures By Mamunur Rahman, CISA, Engineer IT Auditor (Consultant), Audit & Internal Control Div., Dhaka Bank Ltd.
  • 2. Objectives & Synopsis of this Session Legal Aspects of a Signature  Basic Attributes  Types & Forms Review of Digital Signature Process Flow • How it works Applying the Law thru Digital Signature • Mapping the Law to Process Familiarization with ICT Act 2006 • Signature Issues • Cyber Crimes & Processes
  • 3. Types & Forms of Signatures Manuscript  The mark of a cross  The use of a printed name  The use of a lithographed name  The use of a stamp  Digital marks by human action (telex, facsimile, e-mail) Electronic  Typing a name into an e-mail or electronic document  Clicking the ‘I accept’ or ‘I agree’ icon  Using a personal identification number (PIN)  Using a scanned signature  Using a biometric measurement  Using a digital signature (more accurately, a hash cryptographic signature)
  • 4. Definition of a Signature This is an information, in an recognized form, associated with a record and executed or adopted by a person with the intent to sign the record.  Primary purpose  evidence that the signatory approves and adopts the contents of the document  content of the document shall be binding  Secondary purpose  authenticate the identity of the person  content of the document has not been altered subsequently to the affixing of the signature  Record keeping purpose
  • 5. Electronic Signature An electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. (1) The sender cannot later disavow the message, (2) the receiver cannot forge the message or signature, and (3) the receiver can prove to others that the contents of the message are genuine and originated with the sender. Forms: 1. Sound 2. Symbol (e.g., scanned signature; name & desig as e-mail footer) 3. Process (e.g., digital signature, end-user license agr. clickwrap, etc)
  • 6. Digital Signature A form of Electronic Signature. It employs an asymmetric cryptographic algorithm. Each party must have a pair (private key, public key) unique to it. Mapping the Law to Process: 1. Sender’s approval/consent by using his private key in encryption 2. Authentication by sender’s identification (certificate evaluation) 3. Sender’s consent/approval as non-repudiation 4. Transmission confidentiality by encryption 5. Content extraction confidentiality by the privacy of recipient’s private key 6. Integrity by comparing the message digest (hash value)
  • 8. Safety: Manuscript vs. Electronic A manuscript signature is under the total physical control of the individual, but it is not necessarily reliable:  Variability of the signature  Signature may be obtained as a result of unconscionable conduct - fraud instigated by a third party - undue influence by a third party  A signature may also be forged The number of people involved in the chain of a digital signature:  Key generating company  Registration authority  Certification authority will issue a certificate  Security of the entire structure is, in essence, predicated on ensuring the private key is kept secure
  • 10. Summary of the Act  Electronic Signature  Legal Protection of Electronic Transactions  Certificate Authority  Language Issue  Law for Cyber Crimes  Cyber Tribunal & Trial Process  Penalty for Crimes  Redemption of ISP Wherever a Bangladeshi citizen performs crimes from whatever place, he/she will be brought under this law & the trial process will apply it for him/her.
  • 11. Chapter-2: Electronic Sig. & Record 5. Authentication of electronic records by electronic signature 6. Recognition of electronic records 7. Recognition of electronic signature 8. Use of electronic records & electronic signature in govt. offices 9. Preservation of electronic records 11. No govt. office will be bound to accept electronic records/docs 12. Govt. can specify everything about electronic sig.
  • 12. Chapter-4: Secure Electronic Records & Secure Electronic Signature 16. Secure Electronic Record: If a security measure is taken to protect the record. 17. Secure Electronic Signature: If it confirms that a. it was the sender’s own, b. it had the clue to identify the sender, and c. only the sender had the control over its creation & attaching.
  • 13. Chapter-5: Controller & Certificate Issuing Authority 20. Recognition of Foreign Certificate Authority 21. Controller’s Responsibility for Repository of Issued Certificates 22. License for Issuing Digital Certificate
  • 14. Chapter-8: Crime, Investigation, Trial & Penalty 54. Crime If a person in a computer system or computer network without the permission of the owner or custodian of it intrudes or helps others for the purpose of making harms to it or its users in whatsoever form, and/or stealing/damaging data stored in it willingly, his act will be treated as a crime under this Act. Penalty A maximum of 10 years in jail, or 10 lac taka, or both.
  • 15. Chapter-8: … 55. Unauthorized change of computer source code Max of 3 years in jail, or 3 lac taka, or both. 56. Hacking Max of 10 years in jail, or 1 crore taka, or both. 57. Publishing, in any electronic form, any information that is fictitious, obscene or dishonoring Max of 10 years in jail, or 1 crore taka, or both. 63. Breach of Confidentiality Max of 2 years in jail, or 1 crore taka, or both. 66. Committing crimes by using computers The penalty already prescribed by other Acts for the actual crime performed using the computer. 66. Crimes committed by companies Board directors, MD, Secretary & staff directly concerned with the crime, unless they prove their unawareness or preventing efforts.
  • 16. Cyber Tribunal 68. Govt. will form this in consultation with Supreme Court. This tribunal will conduct the trial process only by this Act Redemption of ISP 79. The third party ISP will not be held responsible for making the availability of information/data, if it can be proved that the concerned crime is committed without its awareness or it tried to prevent this at its level best.
  • 17. An authentic English text will be published. If translation creates any sort of conflict/confusion, Bangla will take over. Next Step: Software Piracy, Forensic Audit Thanking you, questions welcome.