Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION TECHNOLOGY ACT 2000 AN OVERVIEW. PRESENTATION OVERVIEW Need for the law Legal issues regarding offer, Acceptance and conclusion of contract.

Published byMarjory Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "INFORMATION TECHNOLOGY ACT 2000 AN OVERVIEW. PRESENTATION OVERVIEW Need for the law Legal issues regarding offer, Acceptance and conclusion of contract."— Presentation transcript:

1 INFORMATION TECHNOLOGY ACT 2000 AN OVERVIEW

2 PRESENTATION OVERVIEW Need for the law Legal issues regarding offer, Acceptance and conclusion of contract Issues of Digital Signature Public Key infrastructure Certifying Authorities.

3 Preamble of IT Act, 2000 An Act to provide Legal Recognition for E-Commerce EDI transactions and Electronic communications Use of alternatives to paper based methods of communication and storage of information. To facilitate electronic filing of documents with the Government agencies. And further to amend Indian penal code The Indian Evidence Act, 1872 The Bankers Books Evidence Act, 1891 & RBI Act 1934.

4 Components of the Act Legal Recognition to Digital Signatures Electronic Governance Mode of Attribution, Acknowledgement and Despatch of Electronic Records. Secure Electronic Records. Regulation of Certification Authorities. Digital Certificates.

5 Components of the Act (Cont) Duties of subscribers Penalties and Adjudication Offences Protection to Network Service Providers in certain situations.

6 Definitions – terms defined in the Act Access Addressee Computer Computer Resource Data Electronic Form Information Intermediary Secure System Asymmetric Cryptography Digital Signature.

7 E-commerce Simply put: E-commerce refers to doing business and transactions over electronic networks prominently the internet. Obviates the need for physical presence Two parties may never know, see or talk to each other but still do business. Has introduced the concept of electronic delivery of products and services. Unmanned round-the-clock enterprises – Available always.

8 E-Com- Potential Problems Security on Net-Confidentiality, Integrity and Availability. Cyber crimes-Hackers, Viruses Technological Complexities Lack of Information trail Complex cross border Legal Issues Desparate Regulatory Environment and Taxation Policies.

9 Challenges Protecting Information in Transit Protecting Information in storage Protecting Information in Process Availability and Access to information to those Authorised.

10 Concerns in E-Transactions Confidentiality Integrity Availability

11 Confidentiality concerns Eavesdropping Wire Tapping Active/Passive E-mail snooping Shoulder Surfing

12 Integrity Attacks Data Diddling Buffer Overflow Used to insert malicious code Channel violation Spoofing

13 Availability Threats Denial of Service (DDOS) Ping of Death SYN Flooding Remote Shut Down

14 Tools and Techniques Key Loggers Password Crackers Mobile Code Trap Doors Sniffers Smurf (Ping tools)

15 Tools and Techniques Viruses – Exe, Script, Datafile, Macro Worms Trojan Horse Logic Bombs Remote Access Trojans

16 Attacks on Cryptosystems Cipher-text only attacks Known plain text attacks Brute Force Attacks Man-in-middle attacks

17 Social Engineering The best bet ever Trickery and Deceit Targeting Gullible victims Most effective – can penetrate the most secure technologies

18 Parameters Data Confidentiality User Authentication Data Origin Authentication Data Integrity Non Repudiation.

19 Legal Recognition of Digital Signature All information in electronic form which requires affixing of signature for legal recognition now satisfies if authenticated by affixing digital signature. Applicability includes: Forms, licences, permits, receipt/payment of money.

20 DIGITAL SIGNATURES.

21 How Digital Signature Works XYZ wants to send a message relating to new Tender to DOD. XYZ computes message digest of the plain text using a Hash Algorithm. XYZ encrypts the message digest with his private key yielding a digital signature for the message. XYZ transmits the message and the digital signature to DOD.

22 Digital Signatures (Cont) When DOD receives the message, DOD computes the message digest of the message relating to plain text, using same hash functions. DOD decrypts the digital signature with XYZ’s public key. If the two values match, DOD is assured that: a. The originator of the message is XYZ and no other person. b. Message contents have not been tampered with.

23 Digital Signatures- How & Why Integrity, Authentication and Non Repudiation 1. Achieved by use of Digital Signatures 2. If a message can be decrypted by using a particular sender’s public key it can be safely presumed that the message was encrypted with that particular sender’s private key. 3. A message digest is generated by passing the message through a one-way cryptographic function-i.e it cannot be reversed.

24 Digital Signatures- How & Why 4. When combined with message digest, encryption using private key allows users to digitally sign a message. 5. When digest of the message is encrypted using senders private key and is appended to the original message,the result is known as Digital Signature of the message. 6. Changing one character of the message changes message digest in an unpredictable way. 7. Recipient can be sure that the message was not changed after message digest was generated if message digest remains unaltered.

25 Digital Signatures Central Government is conferred with powers to make rules in respect of Digital Signatures. Rules would prescribe Type of Digital Signature, Manner and form in which Digital Signature shall be affixed and procedure for identifying the person affixing the Digital Signature.

26 Enabling Principles of Electronic Commerce Legal Recognition of Electronic Record. Legal requirement of Information to be in writing shall be deemed to be satisfied if it is: a. Rendered or made available in an electronic form. b. Accessible so as to be usable for subsequent reference.

27 RETENTION OF ELECTRONIC RECORDS. Requirements of law as regards retention of records met even if in electronic form and if the: Information therein is accessible and usable. In original format or ensure accuracy Details as to Origin, Destination, Date and Time of Dispatch and Receipt of Electronic records are maintained.

28 Applicability of the Act Does not apply to: Negotiable Instrument Act Power of Attorney Act Trusts Will Contract for sale/conveyance of immovable property. Any other transactions that may be notified.

29 Public Key Infrastructure CERTIFYING AUTHORITIES CA is a person who has been granted a license to issue Digital Signature Certificate by the Controller. CA are licensed by the Controller on satisfaction of certain conditions and an approved Certification Practice Statement.

30 CERTIFICATION PRACTICE STATEMENT CAs shall generate and manage Digital Certificates and signatures in accordance with approved CPS. The controller shall issue a guide for preparation of Certification Practice Statement and any changes require approval.

31 KEY MANAGEMENT Cryptographic keys provide the basis for the functioning of Digital certificate and Authentication of Digital Signatures. Keys must be adequately secured at every stage. Key generation, distribution, storage, usage, backup, Archival CAs should take necessary precautions to prevent loss,disclosure,modification or unauthorised use. CA should use trustworthy Hardware, Software and encryption techniques approved by the controller for all operations requiring use of private key.

32 Information Technology – Security Procedure and Guideline Rules prescribe Physical and operational security Information Management Systems Integrity, risks and integrity controls Audit trail and verifications Data centre operations security Change Management Guidelines.

33 Offences Without permission Accesses or secures access to computer, computer system or computer network Downloads,copies or extracts any data, computer data base or information from such computer resource. Introduces or causes to be introduced any computer containment or computer virus into any computer resources Damages or causes to be damaged any computer resource.

34 Offences Under the Act Tampering with Computer Source Documents Hacking with computer System Publishing of information which is obscene in Electronic form.

35 Who is liable Every person who, At the time of contravention was committed Was in charge of, and was responsible to, the company for the conduct of business. Shall be guilty of the contravention and shall be liable to be proceeded against and punished.

36 Penalties Upto Rupees Two lakh with Imprisonment. Upto rupees one crore in case of impersonation and masquerading crimes involving Legal bodies-Adjudicating officer,The Cyber Regulations Appellate Tribunal.

Download ppt "INFORMATION TECHNOLOGY ACT 2000 AN OVERVIEW. PRESENTATION OVERVIEW Need for the law Legal issues regarding offer, Acceptance and conclusion of contract."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.

Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
INDIAN CYBERLAW- SOME PERSPECTIVES INDIAN CYBERLAW- SOME PERSPECTIVES.

INDIAN CYBERLAW- SOME PERSPECTIVES INDIAN CYBERLAW- SOME PERSPECTIVES.
I NFORMATION T ECHNOLOGY A CT 2000. B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.

I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google