The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Published by Enhelion, 2020-12-28 00:32:32

Module 8

Module 8

MODULE 8
TECHNOLOGIES FACILITATING ELECTRONIC BUSINESS AND

COMMERCIAL TRANSACTIONS

8.1. INTRODUCTION

Experts estimated that in future E-Commerce exchanges would overtake conventional
exchanges all through the world. A huge employment chance of E-Commerce
personnel was additionally expected. In line with development in other countries,
Govt. of India enacted Information Technology act, 2000 to facilitate E-Commerce
exchanges, inter alia other objectives.

This new area is a deviation from our conventional subjects since it involves some
technical know-how. The UGC model educational program (2001) for commerce
courses emphasizes the point of awareness of such legal developments.

When Internet is used as the medium of exchange, it is called Internet Commerce (I-
Commerce). At present, the words E-Commerce and I-Commerce have become
synonymous. It is because the concept of E-Commerce became well known distinctly
during the Internet era, in spite of the fact that it was in practice for a considerable
length of time. In future, with the convergence of correspondence technologies, E-
Commerce can be accomplished through any of the networks that make up the
Information Superhighway (I-way).1

1 David M. Cielusniak, Note, You Cannot Fight What you Cannot See: Securities.
Regulation on the Internet, 22 FORDHAM INT'L L J. 612, 615-616 (1998).

8.2. NON-INTERNET BASED E-COMMERCE

There are numerous electronic devices, other than the Internet, which are used with the
end goal of E-Commerce. For example (I) Bar-Code Machines, (ii) Vending
Machines, (iii) Telephone and Telegraphs (iv) Fax (v) Television (vi) Stand alone
Computers (vii) Computer Network etc. Exchanges made through the devices
mentioned here, are easy to understand except the use of Computer Network for
Electronic Data Interchange (EDI). A dialog on EDI pursues.2

8.2.1. Electronic Data Interchange (EDI)

This is a business-to-business (B2B) type of E-Commerce. EDI is the computer-to-
computer exchange of structured business data in standard electronic organization.
Data stored in one computer is translated by software programs into standard EDI
group for transmission to one or more exchanging partners. Exchanging partner’s
computer, thus, translates the data utilizing software programs into a structure they can
understand. There is no human involvement in the processing of the data. EDI was
developed during the 1960s. However, just during the 1980s, wide range of industries
started utilizing this technique.

Associations receiving JIT (Just In Time) acquiring, might be much benefited on the
off chance that they embrace EDI. With the help of EDI, the supplier continually gets
data of stock situation of the customer(s) on line. Based on such data, the supplier can
supply products without a moment to spare. Let us suppose that a chicken homestead
has numerous outlets in a city, which sells varieties of chicken based items. On the off
chance that the principle office has a computer network with EDI office with its
outlets, it can easily screen stock situation of the outlets. Whenever stock situation of a

2 Glee Harrah Cady & Pat Mcgregor, Mastering The Internet (2d Ed. 1996).

specific item in an outlet reaches reorder level, the principle office computer will
consequently initiate the reorder process. In this way, it reduces time and expense of
paperwork. 3

Besides this, EDI is likewise used in international trade, electronic reserve transfer
(EFT) between supplier and customer by means of banker, insurance guarantee
settlement etc. EDI can save a generous measure of costs involved in exchange
processing.4

8.2.2. Supply Chain Management (SCM)

As a piece of internal E-commerce, Supply Chain Management is a milestone concept
in inventory management. SCM is an integrated methodology which involves-supplier
management, inventory management, circulation management and payment
management. SCM considers that instead of treating these as separate capacities, an
all-encompassing view is needed. Associations are experiencing that they have to
respond to the needs of the quick evolving world; cross capacity integration and use of
data and correspondence technology is an absolute necessity. Every one of the
capacities in SCM is done electronically. SCM software arrangements are likewise
available in the market.

8.3. INTERNET BASED E-COMMERCE (I-COMMERCE)

Internet Commerce means the use of the worldwide Internet and World Wide Web
(WWW) for commerce. With the advent of Internet and Website (World Wide Web),
being the all-pervasive specialized instruments, scope of E-Commerce has increased
widely. At present, it is the most powerful conveyance channel among every one of

3 Ibid.
4 Securities Activity on the Internet: Report of the Internet Task Force to the Technical.
Committee, 1128 Practising Law Inst. 533, 546 (Sept 19, 1998).

the channels. Hence, the term I-Commerce has become synonymous with the term E-
Commerce. In the following passages, we will use these two terms exchangeably. In
this context, a fundamental idea about E-Commerce website is essential.

8.3.1. E-Commerce websites

If Internet is viewed as an Information Highway (I-way), then websites are data
storehouses located on the interstate. Websites must be developed and hosted on the
Internet. They will then be accessible from any part of the world. All websites don’t
have the office of E-Commerce. For E-Commerce office, a special type of website
needs to be developed called ‘E-Commerce websites’. These websites enable online
advertisement, online supply of data about the item/service, online placement of order,
online supply of order (in case of advanced items just), online charging, and
furthermore, online payment for the item/service through credit card/debit card.5

8.3.2. Major Advantages of I-Commerce

a) Easy access to worldwide market-Through Internet, a seller can reach multiple
customers on the planet simultaneously, cutting over the geographic and time barrier.
Of course, there must be Internet at the customer’s end.

b) Reduction in dispersion costs-It establishes direct connection between the
customers and the supplier. Commission paid to the middlemen is done away with.
Moreover, cost of documentation, transportation cost (in case of computerized items
just) and cost of collection from customers are negligible.

c) Time sparing-An exchange can be completed in a few seconds without physically
reaching out to the customer. Moreover, there is no hassle of office hours in case of I-

5 Barrett Schaefer, International Taxation of Electronic Commerce Income: A proposal to
utilize software agentsfor source-based taxation, 16 SANTA CLARA COMPUTER & HIGH TCH. L.J. 111, 120.

Commerce exchanges. A customer need not visit the place of the supplier. He/she can
make exchange seated in his/her home/office.

d) Building customer relationship-For business success, accumulating long haul
relation with the customers is an absolute necessity. Internet is a decent medium to
assemble this relationship. Regular feedback from the customers can easily be
obtained with the help of e-mail. After sales service has also become easy through the
Internet.6

8.3.3. I-Commerce Value Chain

Value chain means a chain of enhancing the item. ‘All out Value Chain’ comprises of
including value in each stage beginning from processing of crude material to after
sales service. I-Commerce value chain is a piece of the ‘Complete Value Chain’,
which starts from advertising. It is mentioned below:

Attract ® Interact ® Act ® React

Attract involves attraction of customers through sales promotion.
Interact involves negotiation with prospective customers.
Act involves order processing, delivery & realization of payments.
React involves after sales service on the basis of feed back from customers.

8.3.4. Network Security

Network, in general, and the Internet specifically, suffers from severe security hazard.
Therefore, for proper working of e-commerce, security is of prime importance. Only
known and reliable customers/business partners are to be allowed access to database in

6 quoting Shikhar Ghosh, co-founder and chairman of Open Market, Inc., and CEO of iBelong Inc.

case of EDI. To ensure this, mechanisms like data encryption utilizing different
cryptographic methods, computerized signature, secret key, encrypted Smart Card,
bio-matrices, firewall etc. are used. The Information Technology Act, 2000 has
defined digital signature in Section 2(1)(p) and has made detail arrangement in Section
3. 7

8.3.5. Electronic Payment System

In I-commerce, normally payments are to be ensured first before delivery of goods and
services is done. Payments are made through Electronic Fund Transfer (EFT).
Electronic payment might be made through Debit Card, Credit Card, Electronic Cash,
and Electronic Checks etc. Electronic Payment System isn’t entirely free from hazards.
Only a well designed electronic payment system can minimize the hazards. Other
problems associated with payments are currency and tax collection issues. 8

8.3.6. Electronic payment system and it’s importance

An electronic payment system (EPS) is a system of money related exchange between
buyers and sellers in the online environment that is facilitated by a computerized
budgetary instrument, (for example, encrypted credit card numbers, electronic checks,
or advanced money) backed by a bank, an intermediary, or by legal tender. EPS
assumes a significant role in e-commerce because it closes the e-commerce circle. In
developing countries, the underdeveloped electronic payments system is a serious
impediment to the development of e-commerce. In these countries, entrepreneurs are
not able to accept credit card payments over the Internet due to legal and business
concerns. The essential issue is exchange security. The absence or inadequacy of legal
infrastructures governing the operation of e-payments is another concern. The
relatively undeveloped credit card industry in many developing countries is an

7 The Information Technology Act, 2000, § 2(1)(p).
8 William F. Fox, Jr., international Electronic Commerce, SE06 A.L.L.A.B.A. 159, 161 (1999).

additional barrier to e-commerce. Only a small segment of the populace can purchase
merchandise and ventures over the Internet due to the miniscule credit card market
base. There is also the problem of the requirement of “explicit consent” (i.e., a
signature) by a card owner before an exchange is considered a legitimate requirement.
What is the confidence level of consumers in the use of an EPS? Many developing
countries are still money based economies. Money is the preferred mode of payment
by virtue of security as well as because of namelessness, which is useful for tax
avoidance purposes or keeping secret where one's money is being spent on. For other
countries, security concerns have a great deal to do with an absence of a legal
framework for settling misrepresentation and the uncertainty of as far as possible on
the risk associated with a lost or stolen credit card. 9In totality, among the relevant
issues that need to be resolved with respect to EPS are: consumer protection from
misrepresentation through efficiency in record-keeping; exchange security and safety,
competitive payment services to ensure equal access to all consumers, and the
privilege to choice of foundations and payment methods. Legal frameworks in
developing countries ought to begin to recognize electronic exchanges and payment
schemes.

E-banking includes natural and relatively mature electronically-based items in
developing markets, for example, telephone banking, credit cards, ATMs, and direct
deposit. It also includes electronic bill payments and items generally in the developing
stage, including stored-value cards (e.g., shrewd cards/keen money) and Internet based
stored value items.10

8.3.7. Electronic commerce technology
• enhanced data sharing enables greater coordination of activities between
business partners;

9 LARRY DOWNES & CHUNKAMUI, UNLEAS ION THE KILLER APP: DIGITAL STRATEGIES FOR MARKPLACE
DOMINANCE (1998).
10 Greg Schneider, Net Firms Get Down to Business, WASH. POST, Apr. 5, 2000, at GI.

• money flows are accelerated and payments are received sooner.

Despite these advantages, for most companies EDI is as yet the exception, not the rule.
A recent survey in the United States showed that very nearly 80 percent of the data
stream between firms is on paper. Paper ought to be the exception, not the rule. Most
EDI traffic has been handled by value-added networks (VANs) or private networks.
VANs add correspondence services to those provided by basic carriers (e.g., AT&T in
the U.S. what's more, Telstra in Australia). However, these networks are unreasonably
expensive for everything except the largest 100,000 of the 6 million businesses in
existence today in the United States. As a result, numerous businesses have not been
able to participate in the benefits associated with EDI. However, the Internet will
enable these smaller companies to take advantage of EDI. Internet correspondence
expenses are normally less than with customary EDI.11 Furthermore, the Internet is a
worldwide network, potentially accessible by nearly every firm. Consequently, the
Internet is uprooting VANs as the electronic vehicle way between exchanging
partners. The simplest methodology is to use the Internet as a means of replacing a
VAN by utilizing a commercially available Internet EDI package. EDI, with its
foundations during the 1960s, is a system for exchanging text, and the chance to use
the multimedia capabilities of the Web is missed if a pure replacement strategy is
applied. The multimedia ability of the Internet creates an open door for new
applications that generate a qualitatively different type of data exchange inside a
partnership. Once multimedia capacity is added to the data exchange equation, then, a
new class of utilizations can be developed (e.g., educating the other partner about a
company's acquiring procedures).12

11 Jim Fox, co-founder of EqualFooting.com, Inc., an online market for small construction companies,
states that Internet will enable these smaller companies to take advantage of EDI.
12 Ibid.

8.3.8. Security

Security is an ongoing concern for associations as they face the dual problem of
protecting stored data and transported messages. Associations restrict acess to
sensitive data only to a few authorized people. Such data is stored in restricted areas
(e.g., a vault) or is encoded. Electronic commerce poses extra security problems. To
start with, the intent of the Internet is to give people remote access to data. The system
is inherently open, and conventional approaches of restricting access by the use of
physical barriers are less viable, however, associations still need to restrict physical
access to their servers. Second, because electronic commerce is based on computers
and networks, these same technologies can be used to assault security systems.
Hackers can use computers to intercept network traffic and output it for confidential
data. They can use computers to run repeated assaults on a system to breach its
security (e.g., attempting all words in the lexicon for a record's secret key).13

8.3.9. Access control

Data access control is a significant method of controlling access to stored data.It
often begins with some kind of guest authentication, however, this isn't generally the
case with the Web because numerous associations are more interested in drawing in
rather than restricting guests to their Web site. A variety of authentication mechanisms
might be used. The basic techniques for the Internet are record number, secret key, and
IP address.

8.3.10. Firewall

A system may often use multiple authentication methods to control data access,
especially because hackers are often persistent and ingenious in their efforts to

13 OECD Adopts Guidelines for lnternational Protection In E-Commerce, 17 COMPUTER LJ.
30 (2000).

increase unauthorized access. A second layer of defense can be a firewall, a device
(e.g., a computer) placed between an association's network and the Internet. This
barrier screens and controls all traffic between the Internet and the intranet. Its purpose
is to restrict the access of outsiders to the intranet. A firewall is normally located at the
point where an intranet connects to the Internet, yet it is additionally feasible to have
firewalls inside an intranet to further restrict the access of those inside the barrier.
There are several approaches to operate a firewall. The simplest method is to restrict
traffic to packets with designated IP addresses (e.g., just permit those messages that
come from the University of Georgia–i.e., the address ends with uga.edu). Another
screening rule is to restrict access to certain applications (e.g., Web pages). More
elaborate screening rules can be implemented to decrease the capacity of unauthorized
people to access an intranet. Implementing and dealing with a firewall involves a
tradeoff between the expense of keeping up the firewall and the misfortune caused by
unauthorized access. An association that essentially needs to publicize its items and
services may operate a simple firewall with limited screening rules. Alternatively, a
firm that needs to share sensitive data with selected customers may introduce a more
complex firewall to offer a high degree of protection.14

8.3.11. Coding

Coding or encryption techniques, as old as composing, have been used for a great
many years to look after confidentiality. Despite the fact that encryption is principally
used for protecting the integrity of messages, it can likewise be used to complement
data access controls. To counteract the probability of circumventing authentication
controls, encryption can be used to obscure the meaning of data. The intruder can't
read the data without knowing the method of encryption and the key. Societies have
constantly needed secure methods of transmitting exceptionally sensitive data and

14 Sufficient information includes, but is not limited to, general disclosures about conducting business
transactions online, the warranties regarding the quality of the goods being sold by the company,
and the terms and conditions of the sale.

affirming the identity of the sender. In earlier times, messages were sealed with the
sender's personal signet ring–a simple, yet easily forged, method of authentication.
Despite everything, we rely on personal signatures for checks and legal agreements,
however, how would you sign an e-mail message? In the data age, we need electronic
encryption and marking for the orderly lead of business, government, and personal
correspondence. 15

Internet messages can go through numerous computers on their way from sender to
receiver, and there is consistently the danger that a sniffer program on an intermediate
computer briefly intercepts and reads a message. By and large, this won't cause you
great concern, however, what happens if your message contains your name, credit card
number, and expiration date? The sniffer program, searching for a commonplace credit
card number organization of four squares of four digits (e.g., 1234 5678 9012 3456),
copies your message before letting it continue its ordinary progress. Presently, the
owner of the rogue program can use your credit card details to purchase items in your
name and charge them to your record. Without a secure means of transmitting
payment data, customers and merchants will be very reluctant to place and receive
orders, respectively.16 When the customer places an order, the Web browser ought to
naturally encrypt the order before transmission–this isn't the customer's errand. Credit
card numbers are not the only sensitive data transmitted on the Internet. Because, it is
a general vehicle system for electronic data, the Internet can convey a wide range of
confidential data (money related reports, sales figures, marketing strategies,
technology reports, etc). On the off chance that senders and receivers can't be sure that
their correspondence is carefully private, they won't use the Internet. Secure
transmission of data is necessary for electronic commerce to thrive. 17

15 William F. Fox, Jr., International Electronic Commerce, SE06 A.L.L-A.B.A. 159, 161 (1999).
16 Ibid.
17 Electronic Commerce Guide to Enactment of the Uncitral Model Law on Electronic Commerce, 7 TUL
J. INT'L&COMP. L 251 (1999).

8.3.12. Encryption

Encryption is the process of masking messages or data to protect their meaning.
Encryption scrambles a message with the goal that it is meaningful just to the person
knowing the method of encryption and having the key for deciphering it. To
everybody else, it is gobbledygook. The reverse process, decryption, converts a
seemingly senseless character string into the first message. A mainstream type of
encryption, readily available to Internet users, goes by the name of Pretty Good
Privacy (PGP) and is distributed on the Web. PGP is an open space implementation of
open key encryption. Customary encryption, which uses the same key to encode and
decode a message, has a very critical problem. How would you securely distribute the
key? It can't be sent with the message because if the message is intercepted, the key
can be used to decipher it. You should locate another secure medium for transmitting
the key. Anyway, do you fax the key or phone it? Either method isn't completely
secure and is time-devouring whenever the key is changed. Additionally, how would
you realize that the key's receiver will protect its secrecy? An open key encryption
system has two keys: one private and the other open. An open key can be freely
distributed because it is quite separate from its corresponding private key. To send and
receive messages, communicators first need to create separate sets of private and open
keys and afterward exchange their open keys. The sender encrypts a message with the
intended receiver's open key, and after receiving the message, the receiver applies her
private key. The receiver's private key, the one in particular that can decrypt the
message, must be kept secret to permit secure message exchanges.18

18 Ibid.

8.3.13. Signing

What's more, an open key encryption system can be used to authenticate messages. In
cases where the content of the message isn't confidential, the receiver may in any case
wish to verify the sender's identity.19

8.3.14. Cookies

The creator of a Web site often needs to remember realities about you and your visit.
A cookie is a mechanism for remembering details of a single visit or store realities
between visits. A cookie is a small file (not more than 4k) stored on your hard circle
by a Web application. Cookies have several uses-

• Visit tracking: A cookie may be used to determine which pages a person views
on a specific Web site visit. The data collected could be used to improve site
design.

• Storing data: Cookies are used to record personal details with the goal that you
don't have to supply your name and address details each time you visit a
specific site. Most membership services (e.g., The Wall Street Journal) and on-
line stores (e.g., Amazon.com) use this methodology.

• Customization: Some sites use cookies to customize their service. A cookie
may be used by CNN to remember that you are for the most part interested in
news about ice skating and cooking

• Marketing: A cookie can be used to remember what sites you have visited with
the goal that relevant advertisements can be supplied. For example, in the event
that you frequently visit travel sites, you may get a banner promotion from
Delta springing up next time you do a search. Cookies are a useful method for
collecting data to provide guests with better service. Without accurate data
about people's interest, it is very hard to provide great service. Both, Internet

19 ROBERT E. LTAN & WILIAM A. NISKANEN, GOING DIGITALI: A GUIDE TO POLICY IN THE
DIGITAL AGE 26 (1998).

Explorer and Netscape Navigator, enable surfers to set choices for different
levels of admonitions about the use of cookies. Guests who are concerned
about the misuse of cookies can reject them absolutely, with the consequent
loss of service.20

8.3.15. Electronic money

When commerce goes electronic, the means of paying for merchandise and
enterprises should likewise go electronic. Paper based payment systems can't
bolster the speed, security, protection, and internationalization necessary for
electronic commerce. In this section, there are four methods of electronic payment-

Ø electronic funds transfer
Ø digital cash
Ø e-cash
Ø credit card

There are four fundamental concerns regarding electronic money: security ,
authentication, namelessness, and detachability. Consumers and associations need
to be assured that their on-line orders are protected, and associations must be able
to securely transfer their money. Buyers and sellers must be able to verify that the
electronic money they receive is real; consumers must have confidence in
electronic currency. Exchanges, when required, ought to remain confidential.
Electronic currency must be spendable in limited quantities (e.g., less than
onetenth of a cent) with the goal that high-volume, little value Internet exchanges
are feasible (e.g., paying 0.1 cent to read an article in an encyclopedia). The
different approaches to electronic money change in their capacity to solve these
concerns. Any money system, real or electronic, must have a reasonable level of
security and an elevated level of authentication, otherwise people won't use it. All

20 Patrick Thibodeau, Trade group readies international Ecommerce guidelines, NETWORK WORLD
FUSION (Oct. 18, 1999).

electronic money systems are potentially divisible. There is a need, however, to
adjust some systems so exchanges can be automated. For example, you would
prefer not to have to type your full credit card details each time you spend one-
tenth of a cent. A modified credit card system, which naturally sends previously
stored details from your personal computer, could be used for small exchanges.
The technical problems of electronic money have not been completely resolved,
however, numerous people continue using it because electronic money promises
efficiencies that will reduce the expenses of exchanges between buyers and sellers.
It will also enable access to the worldwide marketplace. In the next few years,
electronic currency will displace notes and coins for some exchanges.21

8.3.16. Secure electronic transactions

Electronic commerce requires members to have a secure means of transmitting the
confidential data necessary to perform an exchange. For instance, banks (which
bear the brunt of the expense of credit card extortion) prefer credit card numbers to
be hidden from prying electronic eyes. Likewise, consumers need assurance that
the Web site with which they are dealing is anything but a counterfeit operation.
Two types of protecting electronic exchanges are SSL and SET.

8.3.17. SSL

Secure Sockets Layer (SSL) was created by Netscape for dealing with the security
of message transmissions in a network. SSL uses open key encryption to encode
the transmission of secure messages (e.g., those containing a credit card number)
between a browser and a Web server. The client part of SSL is a piece of
Netscape's browser. If a Web site is utilizing a Netscape server, SSL can be
enabled and specific Web pages can be identified as requiring SSL access. Other

21 This problem is more acute in the case of purely web-based companies which have no real physical
presence, except on the Internet.

servers can be enabled by utilizing Netscape's SSLRef program library, which can
be downloaded for noncommercial use or licensed for commercial use.

8.3.18. SET

Secure Electronic Transaction (SET) is a monetary industry development designed
to increase consumer and merchant confidence in electronic commerce. Backed by
significant credit card companies, MasterCard and Visa, SET is designed to offer
an elevated level of security for Web-based money related exchanges. SET ought
to reduce consumers' fears of buying over the Web and increase use of credit cards
for electronic shopping. A proposed revision, due in 1999, will extend SET to help
business-to-business exchanges, for example, inventory payments. Visa and
MasterCard founded SET as a joint venture on February 1, 1996. They realized
that so as to promote electronic commerce, consumers and merchants would need a
secure, reliable payment system. What's more, credit card issuers looked for the
protection of more advanced enemy of extortion measures. American Express has
subsequently joined the venture. SET is based on cryptography and advanced
certificates. Open key cryptography ensures message confidentiality between
parties in a money related exchange. Computerized certificates uniquely identify
the parties to an exchange. They are issued by banks or clearing houses and kept in
registries with the goal that authenticated users can look into other users' open
keys. Think about a computerized certificate as an electronic credit card. It
contains a person's name, a serial number, expiration date, a duplicate of the
certificate holder’s open key (used for encrypting and decrypting messages and
verifying advanced signatures), and the computerized signature of the certificate-
giving power with the goal that a recipient can verify that the certificate is real. A
computerized signature is used to guarantee a message sender’s identity.

8.4. INFORMATION TECHNOLOGY ACT, 2000

8.4.1. Background of Information Technology Act 2000-
§ United Nations Commission on International Trade Law (UNCITRAL)
adopted a model law on Electronic Commerce in 1996.
§ The United Nations in 1997 recommended that all member countries
should give favourable consideration to the model law.
§ In India, the Information Technology Act was passed in 2000, based on
the model law. Date of commencement of the Act- 17.10.2000. It is a
landmark Act in the direction of boosting E-commerce in India.

8.4.2. Salient Features
1. The Act simultaneously amended the following Acts-
• The Indian Penal Code Act, 1860;
• The Indian Evidence Act, 1872;
• The Reserve Bank of India Act, 1934;
• The Banker’s Book Evidence Act, 1891.
2. Gives legal recognition to electronic records (Section 4 of the Act)
3. Gives legal recognition to digital signatures (Section 5 of the Act)
4. Provides for Certifying Authorities and Subscribers in connection with digital
signature (Section 17 to 42 of the Act)
5. Makes provision for penalties for cyber offences (Section 43 to 47 of the Act)
6. Established Cyber Appellate Tribunal (Section 48 to 64 of the Act)
7. Lists cyber offences (Section 65 to 78 of the Act).

8.4.3. Digital Signature

Role of computerized signature in e-commerce security system is exceptionally
significant. Consequently, the Information Technology Act 2000 has made detailed
arrangement on advanced signature.

Section 2(1)(p) of the Act has defined computerized signature as – “advanced
signature means authentication of any electronic record by a subscriber by means of an
electronic method or procedure as per arrangements of Section 3” . Section 3(2) states,
“The authentication of the electronic record will be effected by the use of asymmetric
crypto system and hash work which envelop and change the underlying electronic
record into another electronic record”. 22

Section 2(1)(f) defines ‘asymmetric crypto system’, as – “asymmetric crypto system
means a system of a secure key pair comprising of a private key for creating advanced
signature and an open key to verify the computerized signature”, Section 2(1)(zc) and
Section 2(1)(zd) defines ‘private key’ and ‘public key’ as - “private key means the key
of a key pair used to create advanced signature” and “open key means the key of a key
pair used to verify a computerized signature and listed in the Digital Signature
Certificate”. It might be noted that computerized signature is unlike a conventional
signature. It is a mere change of an electronic record into another electronic record
with the help of private key. In this connection, let us talk about cryptography.”

Cryptography- In Greek, it means secret composition. It is the science of codification,
which converts an ordinary text into garbage characters (known as cipher text). The
process of coding is called encryption and the process of decoding is called
decryption. Encryption and decryption is done through software. These softwares are

22 Dow JONES REPORT, COMM. DAILY, Oct. 29, 1999, available at 1999 WL 7580703.

called Public Key and Private Key. Private Key is kept secret and the Public Key is
made open.23

Explanation to Section 3(2) states, “hash function” means a calculation mapping or
interpretation of one sequence bits into another, generally a smaller set, known as
‘hash result’ to such an extent that an electronic record yields the same hash result
every time the calculation is executed with the same electronic record as its
information making it computationally infeasible–
(a) to derive or reconstruct the first electronic record from the hash result produced by
the calculation;
(b) that two electronic records can produce the same hash result utilizing the
calculation.’

In short it can be said that the process of digital signature involves the converting
electronic record in to secret code first, and then translating the codes into a small
number by applying a formula. Each licensed Subscriber uses unique secret code and
formula, which is known to him only. This is done through private key. Based on
private key techniques, public key is designed.24

8.5. CONCLUSION

The rapid development of electronic commerce is clear evidence of the reliability and
robustness of the underlying technology. A large number of pieces necessary to
facilitate electronic commerce are mature, well-tested technologies, for example, open
key encryption. The future is likely to see advances that make electronic commerce
faster, less expensive, more reliable, and more secure.

23 Alan Reynolds, The Coming of E-Commerce Boom, AM. OUTLOOK, Spring 1999, at p. 34.
24 Ibid.


Click to View FlipBook Version