Digital signature is a mathematical scheme to verify the authenticity of digital documents or messages. Also, a valid digital signature allows the recipient to trust the fact that a known sender sent the message and it was not altered in transit. In this article, we will look at the sections of the Information Act, 2000 which deal with digital certificates.
Like written signatures, digital signatures provide authentication of the associated input or messages.
Further, digital signatures authenticate the source of messages like an electronic mail or a contract in electronic form.
The three important features of digital features are:
- Authentication: They authenticate the source of messages. Since the ownership of a digital certificate is bound to a specific user, the signature shows that the user sent it.
- Integrity: Sometimes, the sender and receiver of a message need an assurance that the message was not altered during transmission. A digital certificate provides this feature.
- Non-Repudiation: A sender cannot deny sending a message which has a digital signature.
According to the Information Technology Act, 2000, digital signatures mean authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. Further, the IT Act, 2000 deals with digital signatures under Sections 2, 3, and 15.
According to Section 2(1)(p), digital signature means ‘authentication of any electronic record using an electronic method or procedure in accordance with the provisions of Section 3‘.
Further, authentication is a process for confirming the identity of a person or proving the integrity of information. Authenticating messages involves determining the source of the message and verifying that is has not been altered or modified in transit.
Section 3 of the Information technology Act, 2000 provides certain provisions for the authentication of electronic records. The provisions are:
- Subject to the provisions of this section, any subscriber can affix his digital signature and hence authenticate an electronic record.
- An asymmetric crypto system and hash function envelop and transform the initial electronic record into another record which affects the authentication of the record.
- Also, any person in possession of the public key can verify the electronic record.
- Further, every subscriber has a private key and a public key which are unique to him and constitute a functioning key pair.
Secure Digital Signature (Section 15)
Let’s say that two parties agree to apply a certain security procedure. If it is possible to verify that a digital signature affixed was
- Unique to the subscriber affixing it.
- Capable of identifying the subscriber.
- Created in a manner under the exclusive control of the subscriber.
- Also, it is linked to the electronic record in such a manner that a change in the record invalidates the digital signature
It is a secure digital signature.