Abstract: When a large amount of information in the form of document is transferred using internet, intruders can change the information according to their requirements or hack the data for their unethical need. So to ensure speedy communication and reduce the unauthorized access through information and communication technologies (ICT), it is required to use some techniques that impose data Integrity, data privacy and authenticity which must maintained with less communication costs using available bandwidth. There are many techniques now available such as encryption, digital signature etc. E-signature is one of these techniques used to attain the authenticity of digital documents.
I. INTRODUCTION
Applications like banking, stock trading, and the sale and purchase of goods are increasingly emphasizing electronic transactions to minimize operational costs. This has led to phenomenal increase in the amounts of electronic documents that are generated, processed, and stored in computers and transmitted over internet. This electronic information that we used to send is valuable and sensitive and must be protected against tampering by malicious third parties (who are neither the senders nor the recipients of the information).
There is a need to prevent some important information (in the form of some document such as business contracts) or items related to it (such as date/time it was created, sent, and received) from being tampered with by the sender and/or the recipient.
Traditionally, paper documents are validated and certified by written signatures, which work fairly well as a means of providing authenticity. For electronic documents, a similar mechanism is necessary. The concept of E- Signature is very much similar with the conventional signatures which are used to prove the originality of the document so that a recipient has a reason to believe that the document was send by the actual sender and was not distorted during transmission over networks.
E-signatures are somewhat similar to Digital Signatures and based on traditional pen-paper signature scheme. It serve the purpose of validation and authentication of electronic documents.
‘ Validation refers to the process of certifying the contents of the document.
‘ Authentication refers to the process of certifying the sender of the document.
II. NEED OF E-SIGNATURES
The traditional signatures are handwritten and are uniquely representative of one’s identity. The use of signature is mandatory in law in certain cases and holds an important legal position in the document as it signify two things, the identity of the person and its intent to it.
The Signature is one’s identity on a document and is used in day to day transaction. Traditional signatures can be applicable to plain documents, but when digital documents came into picture we need such a term which act digitally and also authentic in nature to assure a secure transaction. Online sending documents are prone to forgery and tampering hence needs e-signature which ensures the authenticity of the document.
III. TECHNICAL ASPECTS OF E-SIGNATURE
The e-signature is created and verified by using Cryptography, where Cryptography is the science to secure data transmission by encrypting data into cipher text(unreadable text) and decrypting the cipher text into plain text. E-signature based on Public Key Infrastructure (PKI) technology that requires two keys that is a public key and a private key for encrypting and decrypting the information.
The data to be transmitted is encrypted with a public key can only be decrypted using the corresponding private key and vice versa. The unique feature in public key infrastructure is that the public and private keys are related to each other and only the public key can be used for encrypting messages that can be decrypted using the corresponding private key. The public key is shared, whereas the private key is known only to its possessor.
IV. LEGAL ASPECTS OF E-SIGNATURE
The concept of electronic signature was coined under Section 3A of the Information Technology (Amendment) Act 2008. This Act assures the usage electronic signature technique as an authorized electronic signature.
Information Technology Act is enhanced with hybrid concept of electronic signature which is based on UNCITRAL Model Law on Electronic Signatures 2001 by United Nations which signifies the importance of e-signature. The main purpose of this law is to make e-documents as equivalent to legal documents and can use e-signature as a substitute for handwritten signature.
It ensures that to make an electronic Signature authentic it must
a) Belongs to the creator of the document
b) Follow the rules of maker of signature and
c) Must also able to detect alteration to signature.
According to Central Government Act, Section 2(1)(ta) in The Information Technology Act, 2000 ‘electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature.
The Information Technology Amendment Bill 2006, replaces the word ‘Digital’ with ‘Electronic’ in the principal act, which creates a slight difference between the two, e-signature is wide in nature, while the digital signature is one of the many kinds of electronic signature.
An electronic signature means authentication of an e-document by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.
It prescribes the use of an asymmetric crypto system and hash function for authentication of electronic records. Authentication of an e- document ensures that the message has not been tampered and confirms the creator’s identity, i.e., the sender cannot deny its creation.
IV.I. OFFENSES RELATED TO ELECTRONIC SIGNATURE
The offenses with e-signature are generally related to identity theft, publication of wrong e-signature certificate, publication of e-certificate with fraudulent purpose.
According to Indian Penal Code, Section 464, a person is said to make a false document or false electronic record when he dishonestly transmit any electronic record by affixing any false e-signature with any e-documents or tempering the authenticity of any e-signature.
Section 66C of the IT Act punishes for identity theft. This Act specifies whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh
Misrepresentation of fact in order to obtain e- signature is an offense under section 71 of the Information Technology Act. This section specifies the penalty for publishing e-signature certificate false in certain particulars. It mention that
(1) No person shall publish an Electronic Signature Certificate or make it available to any other person with the knowledge that
a) The Certifying Authority listed in the certificate has not issued it; or
b) The subscriber listed in the certificate has not accepted it; or
c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Sec 74 of the Act also punishes creation, publication or providing of electronic signature certificate for fraudulent purpose with imprisonment for a term which may extend up to two years or a fine which may extend up to one lakh.
V. E- SIGNATURE SOFTWARES
Two major challenges involved while using e- signature:
1) Authentication of user
2) Trusted method of providing signature.
Aadhaar based authentication is carried out to address the first challenge and for addressing the other one Authorized Electronic Signature Software is used.
There are many companies that provide Electronic signature technology and Digital Transaction Management services for facilitating electronic exchange of signed documents. Some of them are:
a) DocuSign
b) e-hastakshar:C-DAC’s Online Digital Signing Service
c) eSign Genie
d) GlobalSign
e) RightSignature
f) RMail
g) eSignLive
h) SignNow and many more.
Services by these companies are offered either by subscription or free as an App. Signatures and documents are encrypted after it has been uploaded. Each party must agree to review the document and apply the signature. Signature may be added from a stored copy of a signature or generated automatically by the software itself. Phone confirmation and background checks are also offered as premium services.
Most of the companies follow the underspecified steps for assigning e-signatures to user.
Step1-User Subscription
User who needs their documents to authenticate must get a Digital Certificate by subscribing themselves to some authorized e-sign software company. This helps to verify the identity of user.
Step 2-Upload the document
After subscription it simply ask to upload the document (word document, PDF etc) which user wants to authenticate.
Step3-Indicate who needs to sign
Next we need to add the names and email addresses of the recipients.
Step4-Locate the signature place
Specify where you need a signature, initial, or date. Here the signatures can be automatically generated or user specified. Link the Signature with the document and Send.
VI. BENEFITS OF E-SIGNATURE
A electronic signature has the same functions as that of a handwritten signatures. The Information Technology Act 2000 provides the required legal sanctity to electronic signatures based on asymmetric crypto systems. It provides benefits such as:
I. Secure Online Services
Documents sent via courier or person has handwritten signatures which could be forged or tampered on the way but when sent using e-signatures it gets encrypted that results in secure document transmission, even the sender is authorized via third party verification entity known as Certificate Authority.
II. Enhance Customer Relationships
Digital methods provide a clear audit trail to minimize the risk of fraud and compliance issues. Unlike a traditional paper signature, an e-signature is impossible to forge when combined with strong user authentication options. It also provide clear proof of owner identity and ensure that the document has not changed since it was signed. This lead to enhance the customer relationships.
III. Increase Speed and Reduce cost of sending Documents
Digital signatures save time, money and effort. It sends the documents in more secured way as compared to general courier services. For e.g. Business deal or contracts are easily written and signed by concerned parties in a little amount of time.
IV. Authenticity
An electronic document signed with e-signature is considered as a legal document. It can stand up in court just as any other signed paper document. The Information Technology Act has many Sections that describe offences regarding unauthorized use of e-signature.
V. Long Lasting
As e-signatures are digital, it prevents the traditional ink fading problem. The handwritten signatures with normal ink may fade or the ink might bloat as the time goes.
VII. DISADVANTAGES OF E-SIGNATURE
Just like all other digital products, e-signatures have some disadvantages. These include:
I. E Signatures has Expiry
E-signatures are highly dependent on the technology and the software which helps in creating it. In this era of fast technological advancements, most of them have a short life.
II. Need of Certificates
In order to effectively use electronic signatures, both senders and receivers have to buy digital certificates at some cost from trusted certification authorities.
III. Need of trusted Software
To create an e-signature or to work with it, senders and receivers have to buy verification software at some cost.
IV. Weak Law
In some states and countries, cyber laws are weak or even non-existent which leads to risky digital transmission. India's weak cyber laws and poor police enforcement coupled with long delays in the judicial system encourage cyber criminals.
VIII. CONCLUSION
The digitized India is now applying every transaction online for fast and paper-less communication. So for growing online transactions and contracts, a strong protection from intruders must be required which is fulfilled by e-signatures. For making secure digital and paper-less businesses people must have identify what is a digital signature and the advantages of using them, they also must know the multiple methods of authentication like the use of fingerprint and various ways to get authentication. E-signatures helps in curbing online frauds and ease online transaction and further enhance online security of users as to even today the factual identity of persons online is a mirage.