X
Facebook
LinkedIn

Secure Digital Signature

Our Vision to provide Secure Digital Signature in Indiaa
Section 67A of the Indian Evidence Act stated:

67A: Proof as to digital Signature : Except in the case of a secure digital signature, if the digital signature of any subscriber is alleged to an electronic record, the fact that such digital signature is the digital signature of the subscriber must be proved.

Section 15 defining Secure Digital Signature was fulfilled by the ordinary digital signature itself and hence the difference sought to be made in this regard between the secure digital signature and the other digital signature was not perceptible to layman.

Sections 15 of Information Technology Act-2000 had defined what was called a Secure Digital Signature

15 Secure Digital Signature If, by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was -

Signatures
  1. unique to the subscriber affixing it
  2. capable of identifying such subscriber
  3. created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature

Notification dated October 29, 2004, the MCIT sought to bring in the distinction between the Secure Digital Signature and the other Digital Signature by the following notification.

Extract from Notification Dated October 29, 2004

Secure digital signature : A digital signature shall be deemed to be a secure digital signature for the purposes of the Act if the following procedure has been applied to it, namely :

  1. that the smart card or hardware token, as the case may be, with cryptographic module in it, is used to create the key pair
  2. that the private key used to create the digital signature always remains in the smart card or hardware token as the case may be
  3. that the hash of the content to be signed is taken from the host system to the smart card or hardware token and the private key is used to create the digital signature and the signed hash is returned to the host system
  4. that the information contained in the smart card or hardware token, as the case may be, is solely under the control of the person who is purported to have created the digital signature
  5. that the digital signature can be verified by using the public key listed in the Digital Signature Certificate issued to that person
  6. that the standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 have been complied with, in so far as they relate to the creation, storage and transmission of the digital signature; and
  7. that the digital signature is linked to the electronic record in such a manner that if the electronic record was altered the digital signature would be invalidated
Our commitment to security research and willingness to share knowledge sets us apart from the other Indian IT Security companies.

There are three cornerstones to that commitment: Setting the highest standards of intellectual rigor: This also forms a part of our commitment to our employees - to foster their creative talents and create an environment for them to learn and sharpen their security skills. We encourage their own research ideas and enable them to claim credit for their discoveries, tools, and papers.

Promoting internationalism: We test critical software - operating systems, databases, etc. - and release advisories under our Responsible Disclosure program. We also develop free tools, and white papers on secure digital signature, auditing and implementing security.

Building strong relationships: Each assignment that we undertake is capped off with an intense Knowledge Transfer to the client giving him details on our tools and methodologies for carrying out the assignment. We even hand over any new techniques or tools that we develop during that assignment.

;