Secure Electronic Records & Secure Digital Signatures - Legal Aspects of E-Commerce | E-Commerce - B Com PDF Download

Secure Electronic Records and Secure Digital Signatures:

In the age of e-commerce where the electronic records and digital signatures are of crucial significance for proper functioning of e-commerce and business in the globalised free market economy it is imperative that the transactions of ecommerce in the form of electronic record and digital signatures should be secure, authentic and must be suitably confidential from the general public and third parties. The relevant parties to the electronic records and digital signatures must be confident while conducting e-commerce or business that their transactions are secure and cannot be tampered with by any unrelated persons to the transactions of e-commerce between the relevant parties. Therefore, in order to have proper security procedures to secure electronic records and digital signatures, proper cyber laws are very essential. Many countries in the world have tried to frame such laws suiting to their unique business environment, the political system and the necessity of properly conducting e-commerce or business in the modern world of cyberspace and the internet.

We find that in the new environment of the development of technology of information and communication have witnessed several new legal and moral issues while conducting e-commerce and business. For many of those issues there may not be clear-cut answers but certainly these issues have very important impact on the communication systems and the internet. We find that the internet has given a sudden growth of new and speedy means of communication in the globalised market place. These transactions are very lucrative commercial transactions through the internet and no business which wants to have competitive advantage in the world market can do without the internet for the purposes of e-commerce and business.

IT ACT, 2000 includes the legal norms relating to security of electronic records and electronic signatures. It means when the ‘electronic record’ and ‘electronic signature’ are deemed secure

1. Secure electronic record (sec14) An electronic record can be secured for the purposes of the Act if it has been authenticated by means of a secure digital signature.
If any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.

2. Secure digital signature (Section 15) Section 15 lies down that an electronic signature shall be deemed to be a secure electronic signature if:

a) The signature creation data, at the time of affixing, was under the exclusive control of signatory and no other person; and

b) The signature creation data was stored and affixed in such exclusive manner as may be prescribed.

3. Security procedure The Central Government may for the purpose of sections 14 and 15 prescribe the security procedures and practices having regard to the commercial circumstances, nature of transactions and such other related factors as it may consider appropriate. The digital signature infrastructure depends largely on process of encryption and decryption for maintaining security. This process is called as cryptography.

Figure: Cryptography

The purpose of encryption is to ensure confidentiality by keeping the information hidden from any one for whom it is not intended and even for those who can see the encrypted addressee of the data protection and privacy issues, including data integrity and confidentiality, allows secure communication over insecure channels.
An important condition for e-commerce’s survival is the ability to safeguard all electronic transactions. Unless an electronic transaction is secure it would be difficult to determine its authenticity. Moreover, the users will be hesitant to send confidential information over the net. Existence of safeguards and assurance that such transmission are fool proof will go a long way towards boosting e-commerce and the common way of protecting electronic transactions is through cryptography. Cryptography uses sophisticated mathematical algorithms, particularly a technology which is known as asymmetric cryptography.

Any person would like hid transactions to be confidential and this can be achieved through encryption and decryption techniques. Encryption process would code a message and the coded message would then be transmitted over the net. Thus only users having capacity to decrypt the coded message would have access to the content. For successful decryption, it is important that the decrypting technique is corresponding to that particular encrypting technique. It is also important that the encryption process is secure enough, so that it cannot be easily cracked. The strength of the encryption depends on the key length used by the encryption software.  The techniques of encryption and decryption involve the use of two kinds of keys, public and private keys, both of which are mathematically linked. One key is used for encryption and the other corresponding key is used for decryption. Each user has a pair of keys of which the private key is kept secret and the public key is open to all. Therefore, if X wants to send a message to Y, X will encrypt the message with Y’s public key and send it to Y. it is only Y who would be able to access the message.

The nature of digital signature is the importance of digital signature which is also known as advanced or secure electronic signature. Authentication of digital signature and how much reliable and secure the digital signatures are determined with the help of Encryption and Decryption techniques with pairs of keys.