Electronic Commerce and Digital Signature
-
Upload
pratima-dabholkar -
Category
Documents
-
view
218 -
download
0
Transcript of Electronic Commerce and Digital Signature
-
7/31/2019 Electronic Commerce and Digital Signature
1/26
Electronic Commerce
E-commerce consists primarily of thebuying and selling of products or
services over electronic systems suchas the internet and other computernetworks.
-
7/31/2019 Electronic Commerce and Digital Signature
2/26
Electronic Commerce
Types of e-Commerce transactions:1. Online goods and services Streaming media content
www.mp3.com
Electronic bookswww.ebooks.com
Softwarewww.download.com
http://www.mp3.com/http://www.ebooks.com/http://www.download.com/http://www.download.com/http://www.ebooks.com/http://www.mp3.com/ -
7/31/2019 Electronic Commerce and Digital Signature
3/26
Electronic Commerce
2. Retail product sales Online retailers
www.amazon.com Online ticket sales
www.indianrail.gov.in Online banking
www.icicidirect.com
http://www.amazon.com/http://www.indianrail.gov.in/http://www.icicidirect.com/http://www.icicidirect.com/http://www.indianrail.gov.in/http://www.amazon.com/ -
7/31/2019 Electronic Commerce and Digital Signature
4/26
Electronic Commerce
3. Marketplace services. Facilitate b2b, b2c, c2c, b2e, g2b, and other
transactions through an online community oronline auction business model. E.g.www.ebay.com , ww w.dell.com ,www.echoupal.com
Online wallet services. (stores online shoppinginformation)
Online advertising Price comparison service
http://www.echoupal.com/http://www.echoupal.com/http://www.echoupal.com/http://www.dell.com/http://www.echoupal.com/http://www.echoupal.com/http://www.dell.com/http://www.ebay.com/ -
7/31/2019 Electronic Commerce and Digital Signature
5/26
Electronic Commerce
Government to citizen sales and services
www.mca.gov.in
E-procurement
www.eprocurement.gov.in
http://www.mca.gov.in/http://www.eprocurement.gov.in/http://www.eprocurement.gov.in/http://www.mca.gov.in/ -
7/31/2019 Electronic Commerce and Digital Signature
6/26
Online payment system Credit cards Smart cards Paypal Electronic bill presentment and payment Mobile payment Electronic fund transfer Bank wire transfer
Electronic money
Assignment-1 : Describe functioning of each of the onlinepayment system.
-
7/31/2019 Electronic Commerce and Digital Signature
7/26
Setting up ecommerce website
This section is divided into the following issues. Registering a domain name Hosting the domain Uploading content to the website Setting up email accounts Enabling online payments Legal issues
Terms of use Privacy policy disclaimer
Search engine optimization
-
7/31/2019 Electronic Commerce and Digital Signature
8/26
E-commerce Indian Law
The Indian Information Technology Act, 2000aims to facilitate the development of a securesignature regulatory environment forelectronic commerce by providing legalinfrastructure governing electronicscontracting, security and integrity of electronic transactions, the use of digital
signatures and other issues relating toelectronic commerce.
-
7/31/2019 Electronic Commerce and Digital Signature
9/26
Act provides: Minimize the incidence of electronic forgeries; Enable and foster authentication of computer based
documents; Facilitate commerce by means of computerized
transactions. Legal recognition of electronic contracting and acceptance
and use of electronic records and electronic signatures bythe government entities.
Also provides for civil and criminal liabilities for fraudulentfalsifying computer records, circumventing controls,unauthorized use or access into the computer system andunauthorized alteration or destruction of computer data orsystem
-
7/31/2019 Electronic Commerce and Digital Signature
10/26
Digital signature
The Information Technology Act, 2000 (IT Act)prescribes digital signature as a means of authentication of electronic record.
-
7/31/2019 Electronic Commerce and Digital Signature
11/26
Digital signature
Digital signatures are an application of asymmetrickey cryptography.
Cryptography is primarily used as a tool to protectnational secrets and strategies.
In 1978, Ron Rivest, Adi Shamir and Leonard
Adleman discovered the first practical public keyencryption and signature scheme, now referredto as RSA.
-
7/31/2019 Electronic Commerce and Digital Signature
12/26
Digital signature
How it works:
It is the science of using mathematics to encryptand decrypt data.
-
7/31/2019 Electronic Commerce and Digital Signature
13/26
Digital signature
Objective: Confidentiality
Data integrity Authentication Non-repudiation
-
7/31/2019 Electronic Commerce and Digital Signature
14/26
Digital signature
Different types of cryptography
Symmetric cryptography Asymmetric cryptography Hash function
-
7/31/2019 Electronic Commerce and Digital Signature
15/26
Digital signature
The digital signature creation and verificationprocess achieves the following:
Signer authentication Message authentication
Affirmative act
-
7/31/2019 Electronic Commerce and Digital Signature
16/26
Digital signature
Digital signature certificate contains a publickey as certified by a Certifying authority(CA).
-
7/31/2019 Electronic Commerce and Digital Signature
17/26
Digital signature
Digital signature should satisfy following conditions: It should be unique to the subscriber affixing it. It should be capable of identifying such
subscriber. It should be created in a manner or using ameans under the exclusive control of thesubscriber.
It should be linked to the electronic record towhich it relates in such a manner that if theelectronic record were altered, the digitalsignature would be invalidated.
-
7/31/2019 Electronic Commerce and Digital Signature
18/26
According to notification G.S.R. 735 (E), notified by the Centralgovernment on the 29 th of October, 2004, as secure digital signature isone to which the following security procedure has been applied.
A smart card or a hardware token is used to create key pair. Private key always remain present in smart card. Private key retrieval and returning should be take place in smart card. Smart card is solely under the control of the person who is purported to
have created the digital signature.
Digital signature can be verified by using public key listed in the digitalsignature certificate issued to that person. Rule 6 of the IT (CA) rules, 2000 have been complied with, in so far as they
relate to the creation, storage and transmission of the digital signatures. The digital signature is linked to the electronic record in such a manner
that if the electronic record was altered the digital signatures would be
invalidated.
-
7/31/2019 Electronic Commerce and Digital Signature
19/26
According to notification G.S.R. 735 (E), notified by the Centralgovernment on the 29 th of October, 2004, as secure digital signature isone to which the following security procedure has been applied.
A smart card or a hardware token is used to create key pair. Private key always remain present in smart card. Private key retrieval and returning should be take place in smart card. Smart card is solely under the control of the person who is purported to
have created the digital signature.
Digital signature can be verified by using public key listed in the digitalsignature certificate issued to that person. Rule 6 of the IT (CA) rules, 2000 have been complied with, in so far as they
relate to the creation, storage and transmission of the digital signatures. The digital signature is linked to the electronic record in such a manner
that if the electronic record was altered the digital signatures would be
invalidated.
-
7/31/2019 Electronic Commerce and Digital Signature
20/26
List of licenced CAs
Safescrypt NIC IDRBT TCS MTNL Customs and Central Excise (n)code solutions CA (GNFC)
-
7/31/2019 Electronic Commerce and Digital Signature
21/26
Digital signature Certificate
Digital signature certificate cannot be grantedunless the certifying authority is satisfied that:
The applicants holds the private key
corresponding to the public key to be listed in thedigital signature certificate The applicants holds a private key, which is
capable of creating a digital signature The public key to be listed in the certificate can be
used to verify a digital signature affixed by theprivate key held by the applicant.
-
7/31/2019 Electronic Commerce and Digital Signature
22/26
Representations upon issuance of Digital signature Certificate
1. It has complied with the Provisions of the ITAct and allied rules.
2. It has published the digital signaturecertificate or otherwise made it available tosuch person relying on it and the subscriberhas accepted it.
3. The subscriber hold private corresponding tothe public key, listed in the digital signature
-
7/31/2019 Electronic Commerce and Digital Signature
23/26
Representations upon issuance of Digital signature Certificate
5. The subscribers public key and private keyconstitute a functioning key pair.
6. The information containing in the digital
certificate is accurate. It has no knowledge of any material fact,
which if it had been included in the digital
signature certificate would adversely affectthe reliability of the representation made in(1) and (6) above.
-
7/31/2019 Electronic Commerce and Digital Signature
24/26
Suspension of a digital certificate
On a request from the subscriber listed in thedigital signature certificate
On a request from any person duly authorizedto act on behalf of that subscriber
If it is of opinion that the certificate should besuspended in public interest.
Cannot be suspended for a period exceeding 15days.
-
7/31/2019 Electronic Commerce and Digital Signature
25/26
Revocation of digital signaturecertificate
Request of the subscriber Request of any person authorized by him or Upon the death, dissolution or winding up of the subscriberIt can be revoke at any time Any material fact is false or has been concealed. Requirement is not satisfied The certifying authoritys private key or security system was
compromised in a manner materially affecting the digitalsignature certificates reliability
The subscriber has been decaled insolvent or dead, hasbeen dissolved, wound up or otherwise ceased to exist.
-
7/31/2019 Electronic Commerce and Digital Signature
26/26
Certifying authority to follow certainprocedure
Make use of hardware, software and procedures thatare secure from intrusion and misuses.
Provide a reasonable level of reliability in its serviceswhich are reasonably suited to the performance of
intended functions Adhere to security procedures to ensure that the
secrecy and privacy of the digital signature are assuredand
Observe other specified standards.Assignment-2: Describe regulation of Controller and
procedure to issue and suspension and revocation of digital signature license to Certifying Authority.