Authentication of Electronic Records - Legal Aspects of E-Commerce | E-Commerce - B Com PDF Download

Authentication of Electronic Records: All users of the internet whether he/she is an originator or addressee is constantly worried about the security, privacy and trustworthiness of the electronic record.  The main interest of the addressee is the authenticity of electronic records.

Before developing any commercial relationship over internet, any person would be particular about:

1. Who sent the message?

2. Who would receive the message?

3. When message was sent?

4. When message was received?

1.  Data security: Data security is the shield of data against unintentional or deliberate damage, disclosure or modification. Data reliability occurs when data does not vary from its source records and has not by mistake or meanly altered or destroyed.
 

Authentication: It is a way to discover the reliability of particular data and with reference to message, it comprises of determining its source and that it has not been altered or substituted in transit.

The message truthfulness, reliability and non-repudiation, which are three essentials of a record to form legal basis of a claim, can be achieved by the different encryption methods. This includes electronic signature.

The second chapter of the IT Act is entitled 'DIGITAL AND ELECTRONIC SIGNATURE'. According to this chapter, authentication of electronic records can be determined by digital signature using asymmetric crypto system and hash function.

Whereas, Section 3A mentions that, authentication of records can be ascertained by using any electronic signature or electronic authentication technique, which is considered reliable and mentioned in the second schedule. However, no such technique is mentioned in the second schedule.

According to section 2(f) of the IT Act 2000, Asymmetric crypto system means a pair of keys comprising of a private key to create digital signature and a public key to verify digital signature.

Figure 2: Signing a message using a symmetric signature

2.  Private Key A private key has one and only one public key and correspondingly a public key has only one and one private key. As the name suggests, the private key remains with the subscriber and he/she is required to take steps to prevent its disclosure (section 42). Public key is listed in the Digital Signature certificate. The certifying authority issues these certificates (section 35) and is repository of all such certificates.

Figure 3: Signing a message with an asymmetric signature

4.3 Difference between Public and Private Keys: 

 4. Hash and Hash Function : Hash is an algorithm mapping or translation of one sequence into another. Hashing transforms an electronic record into a unique shorter fixed-length value called the hash results. The Hash result is an index or a fingerprint of the original text. The receiver of electronic record can check its integrity by finding out the hash result of the record and compare it with the hash result sent along with the record. If they are the same then record was not changed but if they are not the same then it means that the record got corrupted. Apart from the generation of key pairs, another fundamental process known as the hash function is used in both creating and verifying a digital signature. A hash function is a mathematical process based on algorithm which creates a digital representation or compressed form of the message, often referred to as a ‘message digest’ or ‘fingerprint’ of the message in the form of a ‘hash value’ or ‘hash result’ of a standard length which is usually much smaller than the message, but nevertheless substantially unique to it.

It is seen that encrypting a document with a public key system requires a lot of time. To speed up the procedure, it is possible to apply the private key, not to the whole message but only on its message digest (or hash code). The message digest is a short of an excerpt of the original text, known as ‘digital fingerprint’. This excerpt is much shorter than the original message and it is the result of the application of hash function.

As hash function is public and therefore no private key is required. It takes the message as input and gives back always the same string, which will always have the same dimension. This function maps the data to fix sized hash values in such a way that it would match this particular hash value. The idea is based on the fact that the message digest represents concisely the ‘original data from which it was computed. It could be considered as a digital fingerprint of the ‘larger data string’. Thus we see that the security of the hash function is very significant to the integrity of the digital signature. To use the hash functions for digital authentication they must have certain properties to make them secure enough for cryptographic usage. It must be mentioned that a data string can be found that hashes to a given value and that two distinct data strings hash to the same values.