A small description on IT Act 2000
The Information Technology Act 2000 (IT Act) is an Indian law that governs electronic transactions and the use of electronic records and signatures. The act was enacted in 2000 with the goal of promoting electronic commerce in India, and has since been amended several times to keep pace with the rapidly changing technology landscape.
The purpose of the IT Act 2000 is to provide a legal framework for the use of electronic records and digital signatures in India and to regulate electronic commerce. The act was enacted with the goal of promoting the growth of electronic commerce in India and ensuring the secure and reliable conduct of electronic transactions.
The IT Act provides for the legal recognition of electronic records and digital signatures, making it possible for individuals and organizations to conduct business transactions online with the same legal standing as paper-based transactions. It also establishes a certifying authority responsible for issuing digital signatures, which provides a secure and reliable means of conducting transactions over the internet.
Digital Signature: A digital signature is a code created using cryptography that is added to an electronic document to verify the authenticity and integrity of the information contained in the document. The digital signature provides a secure and reliable way to confirm the identity of the signer and to ensure that the document has not been altered in any way since it was signed.
Digital Signature Certificate: A Digital Signature Certificate is a secure digital key that is issued by a certifying authority to validate the identity of the certificate holder. The certificate contains information about a user's identity (for example, their name, pin code, country, email address, the date the certificate was issued, and the name of the Certifying Authority that issued it)
Key Pair: A key pair is a set of two keys used in public key cryptography. Public key cryptography is a method of encryption where the keys used for encryption and decryption are different. The two keys in a key pair are mathematically related and are used for secure communication.
Public Key: A public key is one of the two keys in a key pair and is used for encrypting messages. It is intended to be made widely available to others and is used to encrypt messages so that only the owner of the corresponding private key can decrypt and read them. The public key is also used to verify digital signatures and to encrypt data that is sent between two parties.
Private Key: A private key is one of the two keys in a key pair and is used for decrypting messages and creating digital signatures. Unlike the public key, which is intended to be made widely available to others, the private key must be kept secret by its owner. The private key is used to decrypt messages that have been encrypted with their corresponding public key, and it is also used to create digital signatures that can be verified using the public key.
Certification Authority (CA): A certification authority (CA) is a trusted third-party organization that provides digital certificates, which are used to establish the identity of a person or entity, such as an individual or a company, in the digital world.
Asymmetric Cryptography: Asymmetric cryptography, also known as public-key cryptography, is a method of cryptography that uses pairs of keys: a public key and a private key. Information encrypted with the public key can only be decrypted with the private key and vice versa. This allows for secure communication, digital signatures, and other cryptographic protocols without the need for the parties to share a secret key beforehand.
Symmetric Cryptography: Symmetric cryptography, also known as secret-key cryptography, is a method of cryptography that uses the same key to encrypt and decrypt data. It is faster than asymmetric cryptography and is commonly used to secure large amounts of data, such as when encrypting the contents of a disk or a file. The key must be shared between the sender and the receiver, so it is essential to ensure that the key is kept secure.
A certifying authority is an organization or entity that is responsible for verifying the identity of individuals or entities and issuing digital certificates that are used to secure electronic transactions, including those over the internet. The certificates are used to establish trust in online interactions and secure the transfer of sensitive information.
These organizations issue and manage digital certificates that are trusted by browsers and other software to secure online transactions.
Some common regulations and standards for CAs:
Adherence to industry standards such as X.509, SSL/TLS, and PKI (Public Key Infrastructure) standards.
Implementation of robust security measures to protect the CA's own infrastructure, as well as the digital certificates and private keys under its management.
Establishment and enforcement of rigorous validation procedures to verify the identity of individuals or entities before issuing digital certificates to them.
Regular security audits to ensure that the CA's operations and infrastructure are secure and compliant with industry standards.
Transparency in operations, including the publication of its certificate policies and practices.
Offenses related to tampering with computer source documents: Tampering with computer source documents, such as altering or destroying computer source code, is a punishable offense under the IT Act 2000. The penalty for this offense can be imprisonment for up to three years and a fine.
Offenses related to hacking: Hacking, or unauthorized access to a computer system, is a punishable offense under the IT Act 2000. The penalty for hacking can be imprisonment for up to three years and a fine.
Adjudication: The IT Act 2000 provides for the establishment of a Cyber Regulations Advisory Committee, which can be called upon to adjudicate disputes related to violations of the IT Act 2000.
Tampering with computer source documents
Hacking with a computer system.
Publishing of information that is obscene in electronic form
The Information Technology (IT) Act 2000 has undergone several amendments since its inception, as the use of technology and the threat of cybercrime have continued to evolve.
Amendment in 2008: The 2008 amendment to the IT Act 2000 introduced provisions related to cyber terrorism, cyber security, and the protection of sensitive personal data.
Amendment in 2011: The 2011 amendment to the IT Act 2000 introduced provisions related to electronic signatures and electronic records, making it easier for businesses to conduct transactions electronically.
Amendment in 2018: The 2018 amendment to the IT Act 2000 introduced provisions related to data protection, privacy, and security.