Knowledge base | Whitepaper | News   

Useful links >> Knowledge base
Public Key Infrastructure (PKI)
PKI uses a standardized set of transactions using asymmetric public key cryptography, a more secure and potentially much more functional mechanism for access to digital resources. The same systems can be used for securing physical access to controlled environments, such as your home or office.
In a PKI world, everyone would be issued at least one cryptographic key pair. Each key pair would consist of a secret (private) cryptographic key and a public cryptographic key. These keys are typically a 1024-bit or a 2048-bit string of binary digits with a unique property: when one is used with an encoding algorithm to encrypt data, the other can be used with the same algorithm to decrypt the data. The encoding key cannot be used for decoding. A responsible party such as a notary public, passport office, government agency or trusted third party certifies public keys. The public key is widely distributed often through a directory or a database that can be searched by the public. But he private key remains a tightly guarded secret by the owner. Between sender and receiver, secure messaging (or the other secure transaction) would work as described below.

For the sender (Fig 1) the following steps occur:
  • Message data is hashed; that is a variable -length input string is converted to a fixed- length output string. Hash functions are mainly used with public key algorithms to create Digital signatures.
  • A symmetric key is created and used to encrypt the entire message. DES and IDEA are examples of symmetric key cryptography.
  • The symmetric key is encrypted with the receiver's asymmetric public key.
  • The message hash is encrypted with the sender's asymmetric private key, creating a digital signature independent of the encrypted message.
  • The encrypted message, encrypted symmetric key and signed message hash are send to the receiver.
     

For the receiver (Fig 2) these steps occur:
  • The encrypted symmetric key is decrypted using the receiver's asymmetric private key.
  • The symmetric key is then used to decrypt the message body.
  • The encrypted hash is decrypted with the sender's asymmetric public key.
  • The decrypted message is then rehashed with the original hashing algorithm.
  • The two hashes are compared to verify the senders identity and serves as proof that the message was not altered in transit.
Cyber laws in India / Advantages of Cyber laws
Cyber Laws in India
In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:

  • Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber.
  • Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.
  • The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.
Advantages of Cyber Laws
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.
In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.
  • From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.
  • Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. 
  • Digital signatures have been given legal validity and sanction in the Act.
  • The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.
  • The Act now allows Government to issue notification on the web thus heralding e-governance.
  • The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.
  • The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.
  • Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.