This document provides a comparative analysis of the Information Technology Act of 2000 and its amendment in 2008 in India. Some key changes introduced by the 2008 amendment include expanding the definition of electronic signatures to include technologies beyond digital signatures, increasing penalties for cybercrimes, strengthening privacy provisions and expanding the scope of offenses to include new cybercrimes like identity theft, cyber-stalking and cyber-terrorism. The amendment also granted new investigation powers to police officers and adjudication powers to specialized officers to handle cybercrime cases and disputes.
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.
Electronic Evidence is found in all computer and multimedia as well as communication devices. Increasingly most of the business transactions are done in paperless mode but when the disputes arise, then where to look for evidence? This presentation will help you in this field.
Privacy right under it act, 2000 and under other lawNitya Nand Pandey
After coming the computer age our privacy is not so secure. We are bening followed and traced if we are using multimedia mobile with internet connection. What are the remedies against this, this Notes reply.
Cybercrime Investigations and IT Act,2000Karnika Seth
This presentation was delivered by Cyberlaw Expert, Karnika Seth to chartered Accountants of ICAI dealing in cyber frauds and discusses the key features of IT Act,2000 and Cybercrime investigations.
It Amendment ActIT Amendment Act, 2008 notified w.e.f. 27/10/2009Neeraj Aarora
The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the both houses of parliament on December, 2008 and received the accent of the president on 5th February, 2009. However, the Amendment Act had not yet come into force and was only for information purpose. However, there was lots of confusion about the date of “Notification” of IT Amendment Act, 2008 as per the requirements of the Section 1 (2) of the same. However, after the wait of almost more than 8 months, the Information Technology (Amendment) Act, 2008 (ITAA, 2008) has been notified with effect from 27/10/2009 and is now become operational.
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.
Electronic Evidence is found in all computer and multimedia as well as communication devices. Increasingly most of the business transactions are done in paperless mode but when the disputes arise, then where to look for evidence? This presentation will help you in this field.
Privacy right under it act, 2000 and under other lawNitya Nand Pandey
After coming the computer age our privacy is not so secure. We are bening followed and traced if we are using multimedia mobile with internet connection. What are the remedies against this, this Notes reply.
Cybercrime Investigations and IT Act,2000Karnika Seth
This presentation was delivered by Cyberlaw Expert, Karnika Seth to chartered Accountants of ICAI dealing in cyber frauds and discusses the key features of IT Act,2000 and Cybercrime investigations.
It Amendment ActIT Amendment Act, 2008 notified w.e.f. 27/10/2009Neeraj Aarora
The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the both houses of parliament on December, 2008 and received the accent of the president on 5th February, 2009. However, the Amendment Act had not yet come into force and was only for information purpose. However, there was lots of confusion about the date of “Notification” of IT Amendment Act, 2008 as per the requirements of the Section 1 (2) of the same. However, after the wait of almost more than 8 months, the Information Technology (Amendment) Act, 2008 (ITAA, 2008) has been notified with effect from 27/10/2009 and is now become operational.
Misra, D.C. (2009) An E Governance Vision For India By 2020 Gvmitm 23.5.09Dr D.C. Misra
This an e-governance vision for India by 2020 by an e-governance researcher and consultant. India is already Internet nation no.4 in the world and is destined to become Internet nation no. 1 in the world in due course of time. However, if the steps suggested in this presentation are taken, not only will it hasten the process but provide firm foundations to e-government.
Introduction, Why netiquette, What is netiquette or what is internet etiquette or what is net etiquette, Different rules for netiquette , Rule No. 1: Remember the Human. Rule No. 1: Remember the Human. Rule no. 3: Know where you are in cyberspace. and so on...
National workshop on handling cybercrime ,1st feb 2014 it act,2000Karnika Seth
Cyber law expert Karnika Seth delivered a lecdture on rising Cybercrimes and the Information Technology Act,2000 applicable in India to combat Cybercrime. It discusses thye latest trends in Cyberlaw in India, case studies, IT Act,2000 and strategies to combat cybercrimes.
Cyberspace Usages Challenges And Disputeresolution Jautkarshjani
In todays world every 2nd company must have suffered some form of Cyber Crime at some point of time. Should it be ignored or should it be dealt with Iron Hands. Is there anything a company can or must do to prevent this? Yes, where there are problems, there are solutions and our IT Act give you such solutions. What is required is awareness and this presentation is just an attempt to sensitize todays corporates to arise to this issue and deal with it effectively.
This slide is a guide to the Cyber Law regime in India. It covers up the IT Act 200 in a simple childish approach.
Shankey Gupta
Advocate
Cyber Law & Forensic Consultant.
www.shivamgupta.com
Entry of E-commerce in the business scenario has changed the rules of the game and it has affected the economic relations between and within different countries and companies.
Hence, it becomes very important to create a policy and regulatory environment that favors the development of e-commerce and harmonizes national approaches in diverse areas such as telecommunications, trade, intellectual property, privacy etc.
So, here we’ll discuss about legal and policy issues which are associated with e-commerce along with the laws and environments effective to deal with them, with special reference to the laws applicable in India.
hello this is murthy there is no hard disks more than 5tb if any one wants create high storage capacity. please refer the information provided in the slides they can create 1024Yotabyte(trillion terabytes) storage capacity hard disk . for more information contact murthy gmail: m886776@gmail.com
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
it act
1. The Information Technology Act,
2000
and
The Information Technology
(amendment) Act, 2008
A Comparative analysis
By Prashanth Gowda.B.S
2. Birth of Cyber Laws
• The United Nations General Assembly have
adopted the Model Law on Electronic Commerce on
30th January 1997.
• It is referred to as the “UNCITRAL Model Law on
E-Commerce”.
3. Birth of Cyber Laws
• India passed the Information Technology Act,
2000 on 17th October, 2000.
• Amended on 27th October 2009.
Amended Act is known as -
The Information Technology (amendment) Act,
2008.
5. Electronic authentication
• The IT Act, 2000
specified “digital
signatures” as the means
of electronic
authentication.
• This approach was not a
technology neutral
approach and the law was
bound by a specific
technology.
6. Electronic authentication
• The IT Act, 2008 introduces the concept of
“electronic signatures” in addition to digital
signatures.
• Electronic signatures is the wider term covering
digital signatures, biometric authentication, etc.
• It has a technology neutral approach and not
bound by any specific technology.
7. Types of electronic signatures
• Passwords, personal
identification numbers
(PINs)
i.e. based on the
knowledge of the user.
8. Types of electronic signatures
• Biometric
authentication -
i.e. method based on the
physical features or
personal trait of the user
9. Types of electronic signatures
• Scanned handwritten
signatures.
• Signature by means of
a digital pen.
• “OK” or “I accept”
boxes.
• Secure Sockets Layer
(SSL) certificates.
10. Civil Provisions
• Section 43 - Unauthorised Access
– U/ the IT Act, 2008 no limit on
amount of compensation for
offences under Section 43
– U/ the IT Act , 2000 it was Rs. 1
Crore
11. Section 43
If any person
without
permission of
the owner or
incharge of a
computer -
Accesses
or secures
access to a
computer
Downloa
ds, copies
or
extracts
data
Introduce
s
computer
contamin
ant or
virus
Damages
computer
Disrupts
computer
or
network
Provides
assistance
to facilitate
illegal
access
Charges the
services availed
of by a person
to the account
of another
person
12. Civil Provisions
• Section 43(A) – new
provision
– Corporate bodies handling
sensitive personal
information in a computer
resource are under an
obligation to ensure
adoption of reasonable
security practices to
maintain its secrecy.
13. Civil Provisions
– Even mobile companies to respect privacy of
customers u/ Sec. 43(A).(Rutuja Tawade v/s
Vodafone)
– Nadeem Kashmiri’s case (credit card fraud)
– Liability on call centers, BPOs
14. Adjudication of Civil offences
– Under the IT Act, 2008 the “Adjudicating Officers” to try cases
where the claim is upto Rs. 5 crore.
– Above that the case will have to be filed before the “Civil
Courts”.
– Under the IT Act, 2000 civil courts did not have jurisdiction to
try civil suits.
15. Criminal Provisions
Section 66
• Provision has been significantly changed.
• Under IT Act, 2008 all the acts referred under
section 43, are also covered u/Sec. 66 if they are
done “dishonestly” or “fraudulently”.
• Many cybercrimes on which there were no express
provisions made in the IT Act, 2000 are now
included in the IT Act, 2008.
16. Section 66(A)
• Sending of offensive or false
messages - new provision
– Also known as “Cyber
Stalking”
– Covers sending of menacing,
offensive or false messages via
SMS/EMAIL/MMS
– Punishment – imprisonment
upto 3 years and fine
17. Section 66(B)
• Dishonestly receiving stolen
computer resource or
communication device - new
provision
– Also covers use of stolen
Computers, mobile phones,
SIM Cards, etc
– Punishment – imprisonment
upto 3 years or fine upto Rs. 1
lakh or both
18. Section 66(C)
• Identity theft - new provision
– Fraudulently or dishonestly
using someone else’s electronic
signature, password or any
other unique identification
feature
– Punishment - imprisonment
upto 3 years and fine upto Rs. 1
lakh
19. Section 66(D)
• Cheating by personation - new provision
– Cheating by pretending to be some other person
– Punishment – imprisonment upto 3 years and fine upto Rs.
1 lakh
20. Section 66(E)
• Violation of privacy - new provision
– Popularly known as Voyeurism
– Pune spy cam incident where a 58-year old man was
arrested for installing spy cameras in his house to
‘snoop’ on his young lady tenants
– Covers acts like hiding cameras in changing rooms,
hotel rooms, etc
– Punishment –imprisonment upto 3 years or fine upto
Rs. 2 lakh or both
21. Section 66(F)
• Cyber terrorism - new provision
– Whoever uses cyberspace with
intent to threaten the unity,
integrity, security or sovereignty
of India or to strike terror in the
people
– Punishment - Imprisonment
which may extent to life
imprisonment
22. Preservation of information by
intermediaries
• Section 67(C) – new provision
– Intermediary shall preserve and retain such
information as may be specified for such
duration and in such manner and format as
the Central Government may prescribe.
23. Government’s power to intercept
• Section 69 – new provision
– Government to intercept, monitor or decrypt any
information generated through any computer resource if it
thinks to do so in the interest of the sovereignty or integrity
of India.
24. Government’s power to intercept
– Punishment for refusing to hand over
passwords to an authorized official of the
Central or State Government
– Punishment – imprisonment upto 7 years and
fine
25. Liability of Intermediary not to
disclose any personal information
• Section 72(A) - new provision
– Intermediary to act as per the terms of its lawful contract
and not beyond it.
– Punishment – imprisonment upto 3 years or fine upto 5
lakh or both
26. Liability of Intermediary
• Section 79
– An intermediary not to be liable for any third
party information, data, or communication link
made available or hosted by him.
27. Liability of Intermediary
• Intermediary need to prove that he didn’t –
– Initiate the transmission,
– Select the receiver of the transmission, and
– Select or modify the information contained in the
transmission and
– The intermediary observes due diligence while
discharging his duties under the Act.
28. Abetment
• Section 84(B) – new provision
– Abetting to commit an offence is punishable
– Punishment – Same punishment provided for the
offence under the Act
29. Attempt
• Section 84(C) – new provision
– Attempt to commit an offence is punishable
– Punishment – Imprisonment which may extend
to one-half of the longest term of imprisonment
provided for that offence
30. Investigation Powers
• Section 78 – new provision
– As per the IT Act, 2008 Cyber crime cases can be
investigated by the “Inspector” rank police
officers.
– U/ the IT Act, 2000 such powers were with the
“DYSP/ACP”.
31. Compounding of Offences
• Section 77 (A) – new provision
– Compounding – “Out of court settlement”
– Offences
“for which less than three years imprisonment
has been provided”
can be compounded.
32. Compounding of Offences
– Such offence should not affect the socio
economic conditions of the country or
– has been committed against a child below the age
of 18 years or a woman.
34. Halifax May 10, 2006Electronic Contracts - NJI 34
Overview
Law generally has no form rule for contracts
Law of contracts is media-neutral
Question of enforceability comes down to a
question of the presence of consent, proof
of consent, validity of consent:
– These are traditional, basic contract concepts
• Legislation has supported these conclusions
• Consider examples
35. Halifax May 10, 2006 Electronic Contracts - NJI 35
Legislation
• United Nations – Canada and US (etc)
– All jurisdictions in Canada have something (exc NWT)
– MB’s key parts not in force – so does it matter?
– Application is subject to some exceptions
• General principle: non-discrimination
• Writing, signature, original, record-retention rules
• Consent to use is key security feature
• Legal standard vs prudent standard
• E-records do not have to be more reliable than paper
36. Halifax May 10, 2006 Electronic Contracts - NJI 36
Legislation
• “Functional equivalents”:
– Writing: “accessible so as to be usable for subsequent
reference”
• Accessible to whom: techie or newbie? “subsequent?”
• Not necessarily looking like print e.g. voice recognition
– Provision: “capable of being retained” (Ont. exception)
– Originals: “reliable assurance of integrity”
– Signature: “information in electronic form that a person
has created or adopted in order to sign a document and
that is in, attached to or associated with the document”
37. Halifax May 10, 2006 Electronic Contracts - NJI 37
Legislation
• Contract rules
– Electronic form does not prevent validity
– Contracts may be formed by clicking on icons, touching
screens, talking to a computer, etc
– Contracts may be made in dealing with “electronic agents”
i.e. software robots
– Mistakes in dealing with electronic agents may be
corrected if program does not allow verification of contract
before completion
– Time and place rules, but no mailbox rule
– Current issue: presumed receipt in the face of spam and
virus filters
38. Halifax May 10, 2006 Electronic Contracts - NJI 38
Forms of consent
• Shrinkwrap: terms (of licence) inside box, notice outside
– Systemshops v King in Canada (1980s case)
– Zeidenberg v ProCD in US
• Click-through/clickwrap: terms are shown, buyer clicks “I
agree” or “OK”
– Rudder v Microsoft - an easier case than shrink-wrap
• Consider examples from web
• Some limits: Zhu v. Merrill Lynch, Robet v Versus Brokerage
Services: experts knew web messages were not always
reliable, duty to check before acting on them.
– Note: these were cases about one-on-one messages, NOT someone
dealing with an impersonal web site, as are almost all of the others.
39. Halifax May 10, 2006 Electronic Contracts - NJI 39
Forms of consent
• “Browsewrap”: implied consent from mere use of or
access to web site
• Ticket cases etc as parallel in paper world
• Questions go to notice of terms, accessibility of
terms, and fairness
• Consider examples (inc. Zhu v Merrill Lynch)
• Enforcement has largely been where people are
doing something prohibited by terms that they
should have know was bad anyway, e.g.
– Canada: CREA v. Sutton
– US: Ticketmaster, Register.com, Cairo
40. Halifax May 10, 2006 Electronic Contracts - NJI 40
Forms of consent
• Unilateral Modification: implied or express consent
• Right to change is widely claimed in web terms
• Economic model understandable – adhesion
contracts
• Rogers v Kanitz – high-water mark (trial court only)
– “that’s how business is done on the Net”
• Aspencer1 v Paysystems
– Not so fast – at least in Quebec (with doubtful dicta)
• Consumer Protection Act, 2002 (Ontario)
– Reverses Kanitz on arbitration and class actions, i.e. not in
general about modifications
41. Halifax May 10, 2006 Electronic Contracts - NJI 41
Authentication
• of consent
– herein of signatures (very briefly)
• form and intent
– Singapore: e-mail headers as signatures (lease)
– England: e-mail headers as not signatures (guarantee)
• of parties
– reliability of attribution – question of proof
– seldom litigated – but in age of identity theft?
• of text
– how does the signer know what he/she is signing?
42. Halifax May 10, 2006 Electronic Contracts - NJI 42
Jurisdiction
• General principles and tests
– Interactivity, targeting, etc
• Rudder – click-through choice of forum upheld
• Specht – obscure choice of forum and process denied
• May involve choice of law, choice of forum
• Consumers - special rules
– Quebec Civil Code
– Uniform Law policy
– EU policies – Rome treaties
• Hague Convention on Choice of Court (2005)
43. Halifax May 10, 2006 Electronic Contracts - NJI 43
Substance of contract
• Unconscionability defences are media- neutral
• Some applications in the cases:
– arbitration clauses
– class action clauses (overlaps with preceding, not the same)
– some special rules e.g. Quebec in Dell (to SCC)
– jurisdiction – choice of lax/business-friendly/inaccessible places?
• French cases as examples of analysis - AOL.FR and its progeny
(at least 4 French ISPs have suffered the same fate now)
– “standard” North American clauses held illegal, unconscionable
44. Halifax May 10, 2006 Electronic Contracts - NJI 44
Open questions
• Errors in contracts – facts of Dell, etc
• Attempts to protect other interests
– Notably intersection with copyright
• Digital rights management, technical protection measures
• No reverse engineering
• Licences vs sales (“the age of access” but “access to knowledge”)
• Illegal contracts: e.g. gaming, etc - use of
intermediaries to block or enforce (e.g. role of credit
card companies, PayPal etc)
– Civil and criminal processes may overlap
45. Halifax May 10, 2006 Electronic Contracts - NJI 45
Other legal principles may apply
• The usual contract rules apply, e.g.:
– meeting of minds
– certainty of object
– consideration
– AND contracts as to form (legislation does not cure them)
• The usual contracting legislation applies, e.g.:
– Consumer Protection Act
– Internet Sales Harmonization template (as adopted)
• Other legislation may apply, as to form or content
– UECA yields to contrary intention
46. Halifax May 10, 2006 Electronic Contracts - NJI 46
Internet Sales Harmonization Template
• The template was adopted by the FPT
Consumer Measures Committee in 2001.
• It is in force in several provinces.
• Its main terms:
• Mandatory disclosure of information (& timing rules)
– seller’s identity, location, applicable law
– description of product, price, terms, remedies
• Receipts needed
• Cancellation rights for non-disclosure, non-delivery
47. Halifax May 10, 2006 Electronic Contracts - NJI 47
Conclusion
• “What’s old is new again” in the
electronic age
–Was there a meeting of the minds?
–Was the transaction affirmed by the
user/consumer?
–Was the transaction fair?
–AND questions of form, questions of proof
49. •is a type of asymmetric cryptography used to simulate the security
properties of a signature in digital, rather than written, form. Digital
signature schemes normally give two algorithms, one for signing which
involves the user's secret or private key, and one for verifying signatures
which involves the user's public key. The output of the signature process
is called the "digital signature.“
•is an electronic signature that can be used to authenticate the identity
of the sender of a message or the signer of a document, and possibly to
ensure that the original content of the message or document that has
been sent is unchanged. Digital signatures are easily transportable,
cannot be imitated by someone else, and can be automatically time-
stamped. The ability to ensure that the original signed message arrived
means that the sender cannot easily repudiate it later.
What is a digital signature?
50. How it works
• The use of digital signatures usually involves two processes,
one performed by the signer and the other by the receiver of
the digital signature:
• Digital signature creation uses a hash result derived from and
unique to both the signed message and a given private key.
For the hash result to be secure, there must be only a
negligible possibility that the same digital signature could be
created by the combination of any other message or private
key.
• Digital signature verification is the process of checking the
digital signature by reference to the original message and a
given public key, thereby determining whether the digital
signature was created for that same message using the
private key that corresponds to the referenced public key.
51. Example
• Assume you were going to send the draft of a contract to your lawyer in
another town. You want to give your lawyer the assurance that it was
unchanged from what you sent and that it is really from you.
1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical
summary) of the contract.
3. You then use a private key that you have previously obtained from a
public-private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note
that it will be different each time you send a message.)
• At the other end, your lawyer receives the message.
1. To make sure it's intact and from you, your lawyer makes a hash of the
received message.
2. Your lawyer then uses your public key to decrypt the message hash or
summary.
3. If the hashes match, the received message is valid.
52. Benefits of digital signatures
These are common reasons for applying a digital signature to communications:
• Authentication
Although messages may often include information about the entity sending a
message, that information may not be accurate. Digital signatures can be used to
authenticate the source of messages. When ownership of a digital signature secret
key is bound to a specific user, a valid signature shows that the message was sent
by that user. The importance of high confidence in sender authenticity is especially
obvious in a financial context. For example, suppose a bank's branch office sends
instructions to the central office requesting a change in the balance of an account.
If the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
• Integrity
In many scenarios, the sender and receiver of a message may have a need for
confidence that the message has not been altered during transmission. Although
encryption hides the contents of a message, it may be possible to change an
encrypted message without understanding it. (Some encryption algorithms, known
as nonmalleable ones, prevent this, but others do not.) However, if a message is
digitally signed, any change in the message will invalidate the signature.
Furthermore, there is no efficient way to modify a message and its signature to
produce a new message with a valid signature, because this is still considered to
be computationally infeasible by most cryptographic hash functions.
53. Drawbacks of digital signatures
Despite their usefulness, digital signatures do not alone solve all the
problems we might wish them to.
Non-repudiation
In a cryptographic context, the word repudiation refers to the act of
disclaiming responsibility for a message. A message's recipient may
insist the sender attach a signature in order to make later repudiation
more difficult, since the recipient can show the signed message to a
third party (eg, a court) to reinforce a claim as to its signatories and
integrity. However, loss of control over a user's private key will mean
that all digital signatures using that key, and so ostensibly 'from' that
user, are suspect. Nonetheless, a user cannot repudiate a signed
message without repudiating their signature key.
54. Main Questions?
1. In the digital signature who use the private key and who
use the public key?
2. What are the benefits of digital signatures?