But guess how signatures work in the digital world where the document becomes an electronic record and our signature becomes digital?
The following article will be dealing with all the relevant information one needs to have about digital signatures, the article is formulated in a way where I have tried to give you all the relevant information about digital signatures and digital signature certificates so that you need not search for any other article on the same issue.
So, let’s begin!
WHAT IS A DIGITAL SIGNATURE?
|Signature, but digital!|
If you want to authenticate a document, you need to sign that particular document. In fact, signing is essential if you want to create a contract.
Signing a document means that we have given our consent to it; similarly for one to authenticate an electronic record one needs to have a digital signature and that digital signature is affixed in a particular electronic record. Section 2(p) of The Information and Technology Act, 2000 hereinafter referred to as the “Act” defines digital signature.
In simpler terms, the digital signature which an individual has contains a pattern of algorithm mapping and when that is entered, it results in a hash result.
This pattern exists because every time that algorithm is entered it results in the same result which is in the form of a hash result.
Now, the purpose of this cryptosystem and “hash function” is to create a unique identity of a digital signature.
Hash functions take a potentially long message as the input and generate a unique output value from the content. Since hashing is a one-way function, no one can reverse it to see the original input.
The person who is issued this signature is also granted a public as well as a private key for that particular electronic record so anybody who has subscribed for the public key of that electronic record can view it and the private key is with the original user.
DIGITAL SIGNATURE WHEN SECURE
- The digital signature has a cryptographic module in it which is used to create the key pair i.e. public key and private key.
- The private key that is used to create the digital signature is kept secure in the smart card or any other hardware; meaning a safe space.
- The hash result, when taken from a host system used to create the digital signature, is returned to the host system; to simplify things it means as I mentioned above in the introduction that digital signature is generated through a hash function and that hash function belongs to the host which means the original user of the digital signature. When that hash is used to create a digital signature then after the signature is formed it should be returned to its original user to avoid privacy infringement.
- The information stored in the smart card is solely under the control of the person who has created a digital signature.
- The digital signature can be verified with the public key mentioned in the digital signature certificate.
- The entire process of obtaining a digital signature complies with the rules mentioned in the IT act 2000.
It has a few more conditions to it which are mentioned below in pointers:-
- It has to comply with the provisions of the IT Act and rules and regulation made under the act.
- The applicant holds the private key which is in correspondence with the public key mentioned in the digital signature certificate.
- The private key which the applicant holds should be competent to create a digital signature.
- The public key which is listed in the certificate can be used by the certifying authority (CA) to verify the digital signature with the help of private key which is affixed by the applicant.
- It has published the digital signature certificate or otherwise made it available to the applicant relying on it and the same has been accepted by the applicant.
- The subscriber’s public and private key constitute a pair.
- The information entered in the digital signature certificate is accurate.
- The certifying authority (CA) has no material knowledge of the fact, which if it would have been included in the digital signature certificate would violate any of the provision which has been mentioned from clauses (a) to (d) under section 36 of the IT Act.
WHY DO I NEED A DIGITAL SIGNATURE CERTIFICATE?
I am assuming that once you started reading this article the most recurring question in your mind must be as to why do you need a digital signature certificate in the first place. I have answered the “why” question below in pointers:-
- Saves time and reduces the cost
- Data security
- Statutory compliance
- Monetary transactions
COST OF OBTAINING A DIGITAL SIGNATURE CERTIFICATE
CLASSES OF DIGITAL SIGNATURE CERTIFICATES
CLASS I Digital Signature Certificate
CLASS II Digital Signature Certificate
The difference between the class I and II is that class II certificates are issued to businesses which have lesser risk related to the transactional value and other data. So this certificate is issued to those whose data is less sensitive and require lesser security.
The documents required for this type of certificate are similar to what is mentioned for the class I certificate.
CLASS III Digital Signature Certificate
The requirements of the documents are the same as mentioned for the Class I and Class II certificates.
PROFESSIONALS WHO REQUIRE DIGITAL SIGNATURE CERTIFICATE
Therefore individuals who require a DSC include directors, CA’ auditors, company secretary whether in house or practising independently, banking personnel.
SUSPENSION AND REVOCATION OF DIGITAL SIGNATURE CERTIFICATES
The CA is under the obligation to communicate the same with the subscriber. However, a digital signature certificate shall not be suspended for more than fifteen days unless the subscriber has been given an opportunity to be heard in the matter.
The second category of revocations includes that if the certifying authority (CA) finds any of the following issues, then he may revoke the digital signature certificate:-
- Any important fact mentioned in the certificate is either false or concealed.
- There was a requirement for the issuance of the digital signature certificate which was not satisfied.
- The certifying authority’s private key was compromised in a manner which affected the reliability of the digital signature certificate.
- The subscriber has been declared insolvent or dead or if he is a firm or a company the same has wound-up, dissolved or ceases to exist.
OFFENCES RELATED TO DIGITAL SIGNATURE CERTIFICATE
Section 71 – Penalty for Misrepresentation
Misrepresentation here means hiding any fact without the intention of hiding it would still attract the punishments mentioned under this section.
Section 72- Penalty for breach of confidentiality and privacy
Section 72A- Punishment for disclosure of information in breach of lawful contract
Section 73- Penalty for publishing electronic signature certificate false in certain matters
Any person who contravenes this provision shall be punished with an imprisonment of two years or fine of one lakh rupees or both.
Section 74 – Publication for fraudulent purposes
WRAPPING IT UP
Digital signatures have made the process in the company easy as now a person need not be physically present for him to carry on a financial transaction also the other affairs of the companies now can easily be managed with the help of a digital signature.
Digital signature ensures safety and security of data of the companies and also the financial transactions which are carried on by these entities.
Now an electronic record cannot be altered or forged by any third party and any such effort would go in vain as digital signature has a private key which is with the original subscriber and the public key which is mentioned in the digital signature certificate can be used to verify the signature as to whether the signature belongs to a particular individual or not.
This has brought in great transparency in corporate dealings wherein companies need not worry about its important transactions and data.
SUGGESTIONS FOR IMPROVEMENT
First is the user design. There have been issues regarding the signature not working in some applications or systems.
Therefore this aspect need to be improved.
The signature should be made in a way which is flexible with any application on the web.
Signature services should be compatible with multiple devices. At times, there is a lack of integration between the digital signature and the client’s application because of which there is a problem in the exchange of documents, emails etc.
That’s all. Hope you liked the piece. If you did, do give it a share and if you have any questions, leave it down below in the comments and I will get back to you.