Preamble of IT Act, 2000

 Objective of the Act

1. To provide legal recognition for transactions carried out by
means of electronic data interchange and other means of electronic
communication, commonly referred to as ―electronic commerce‖,
i. Use of alternatives to paper-based methods of communication
and storage of information,
ii. to facilitate electronic filing of documents with the
Government agencies
iii. to amend the Indian Penal Code, the Indian Evidence Act, 1872,
the Banker’s Books Evidence Act, 1891 and the Reserve Bank of
India Act, 1934 and for matters connected therewith or incidental
thereto.
2. To adopt Model Law on Electronic Commerce adopted by the
United Nations Commission on International Trade Law and enact
or revise their laws, in view of the need for uniformity of the law
applicable to alternatives to paper-based methods of
communication and storage of information;
3. To promote efficient delivery of Government services by
means of reliable electronic records.
1
 Salient Features of IT Act
 Provides extra-territorial jurisdiction.
 Gives legal recognition to electronic records and digital
signatures.
 Lays down procedures for use of digital signatures.
 Authentication has been given to electronic records.
 Provides Civil Liability through cyber contraventions.
 Defines cybercrimes and prescribes penalties.
 Provides for establishment of adjudicating officers and
tribunals.
 Empowers government to make rules and regulations.
 Facilitate e-commerce and e-governance.
 Defines roles and responsibilities of intermediaries.
 Establishes Indian Computer Emergency Response
Team (CERT-In).
 Intended to be flexible to remain relevant with the
2 changing times.
 Definition of a Computer
 Section 2 of the Act defines :
 (i)"computer" means any electronic magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic, and memory functions
by manipulations of electronic, magnetic or optical impulses, and includes all input,
output, processing, storage, computer software, or communication facilities which are
connected or related to the computer in a computer system or computer network.
 (l) "computer system" means a device or collection of devices, including input and
output support devices and excluding calculators which are not programmable and
capable of being used in conjunction with external files, which contain computer
programmes, electronic instructions, input data and output data, that performs logic,
arithmetic, data storage and retrieval, communication control and other functions;
 (j) "computer network" means the interconnection of one or more computers through—
○ (i) the use of satellite, microwave, terrestrial line or other communication media;
and
○ (ii) terminals or a complex consisting of two or more interconnected computers
whether or not the interconnection is continuously maintained;
 (k) "computer resource" means computer, computer system, computer network, data,
computer data base or software;
 (ha) communication device: means cell phones, personal digital assistance or
combination of both or any other device used to communicate, send or transmit any
3 text, video, audio or image
 Other Important Definitions
 Section 2 of the Act defines :
 (a) access: with its grammatical variations and cognate expressions means gaining entry
into, instructing or communicating with the logical, arithmetical, or memory function
resources of a computer, computer system or computer network;
 (t) electronic record: means data, record or data generated, image or sound stored,
received or sent in an electronic form or micro film or computer generated micro fiche
 (v) information: includes 2[data, message, text,] images, sound, voice, codes, computer
programmes, software and data bases or micro film or computer generated micro fiche
 (w) intermediary: with respect to any particular electronic records, means any person who
on behalf of another person receives, stores or transmits that record or provides any service
with respect to that record and includes telecom service providers, network service providers,
internet service providers, web-hosting service providers, search engines, online payment
sites, online-auction sites, online-market places and cyber cafes.
 (o) data: means a representation of information, knowledge, facts, concepts or instructions
which are being prepared or have been prepared in a formalised manner, and is intended to
be processed, is being processed or has been processed in a computer system or computer
network, and may be in any form (including computer printouts magnetic or optical storage
media, punched cards, punched tapes) or stored internally in the memory of the computer
 (za) originator: means a person who sends, generates, stores or transmits any electronic
message or causes any electronic message to be sent, generated, stored or transmitted to any
other person but does not include an intermediary
 (b) addressee: means a person who is intended by the originator to receive the electronic
4 record but does not include any intermediary.
 Digital Signature and Electronic Signature
 Section 3: Digital Signature
 Sec. 2(p): digital signature
 Sec. 2 (f): asymmetric crypto system
 Sec. 2 (x): key pair
 Sec. 2 (zc): private key
 Sec. 2 (zd): public key
 Sec 2 (d): affixing electronic
signature
 Section3A: Electronic Signature
5
 2(ta) electronic signature.
 Digital Signature
 2(p) digital signature: means authentication of any electronic record by a
subscriber by means of an electronic method or procedure in accordance
with the provisions of section 3.
 2(ta) electronic signature: means authentication of any electronic record
by a subscriber by means of the electronic technique specified in the
Second Schedule and includes digital signature
 2(f) asymmetric crypto system: means a system of a secure key pair
consisting of a private key for creating a digital signature and a public key
to verify the digital signature
 2(x) key pair: in an asymmetric crypto system, means a private key and
its mathematically related public key, which are so related that the public
key can verify a digital signature created by the private key.
 2(zc) private key: means the key of a key pair used to create a digital
signature.
 2(zd) public key: means the key of a key pair used to verify a digital
6 signature and listed in the Digital Signature Certificate;
 Section-3: Digital Signature
 Authentication of electronic records.–
 Any subscriber may authenticate an electronic record by affixing his digital
signature.
• The authentication of the electronic record shall be effected by the use of
asymmetric crypto system and hash function which envelop and transform the
initial electronic record into another electronic record.
 Hash function: means an algorithm mapping or translation of one sequence of bits
into another, generally smaller set known as hash result, such that an electronic
record yields the same hash result every time the algorithm is executed with the
same electronic record as its input making it computationally infeasible–
 (a) to derive or reconstruct the original electronic record from the hash result
produced by the algorithm;
 (b) that two electronic records can produce the same hash result using the
algorithm.
 (3) Any person by the use of a public key of the subscriber can verify the
electronic record.
 (4) The private key and the public key are unique to the subscriber and constitute
7 a functioning key pair.
Symmetric-key cryptography
Asymmetric-key cryptography
Comparison between two categories of cryptography
How it WORKS…….?
Hash Function
 Section-3A: Electronic Signature
 Electronic signature:
 a subscriber may authenticate any electronic record by such electronic signature or
electronic authentication technique which—
 (a) is considered reliable; and
 (b) may be specified in the Second Schedule.
 Any electronic signature or electronic authentication technique shall be considered
reliable if—
 (a) the signature creation data or the authentication data are, within the context in
which they are used, linked to the signatory or, as the case may be, the authenticator
and to no other person;
 (b) the signature creation data or the authentication data were, at the time of
signing, under the control of the signatory or, as the case may be, the authenticator
and of no other person;
 (c) any alteration to the electronic signature made after affixing such signature is
detectable;
 (d) any alteration to the information made after its authentication by electronic
signature is detectable; and
13  (e) it fulfils such other conditions which may be prescribed.
 Digital and Electronic Signature

Digital signature (A subset of Electronic

Signature)
Additionally provide…
Electronic
Signature

AUTHENTICATION DATA INTEGRITY NON-

REPUDIATION

A scanned • proof of who • proof that the • the signer

NON-REPUDIATION
DATA INTEGRITY
AUTHENTICATON

image of ink actually signed document has should not be

signature the document. not been able to falsely
i.e. digital changed since deny having
A biometric signatures signing. The signed their
linking the user’s digital signature signature. That
hand signature signature to an depends on is, it should be
actual every binary bit possible to prove
identifiable of the document in a court that
A video or entity. and therefore the signer in fact
voice signature can’t be re- created the
attached to any signature
other document
Click on the ‘I
Agree’ tab etc.