class it act

INFORMATION TECHNOLOGY ACT 2000

IT Act, 2000IT Act, 2000 Enacted on 17th May 2000- India is 12th nation in

the world to adopt cyber laws IT Act is based on Model law on e-commerce

adopted by UNCITRAL(United Nations Commission on International Trade Law)

Preamble of IT Act, 2000Preamble of IT Act, 2000

To provide legal recognition for transactions:- Carried out by means of electronic data interchange, and

other means of electronic communication, commonly referred to as "electronic commerce“

To facilitate electronic filing of documents with Government agencies and E-Payments

To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934

Components of the ActComponents of the Act

Legal Recognition to Digital SignaturesElectronic GovernanceMode of Attribution, Acknowledgement and

Despatch of Electronic Records.Secure Electronic Records.Regulation of Certification Authorities.Digital Certificates.

Components of the Act (Cont)Components of the Act (Cont)

Duties of subscribersPenalties and AdjudicationOffencesProtection to Network Service Providers in

certain situations.

Terms defined in the ActTerms defined in the Act Access Addressee Computer Computer Resource Data Electronic Form Information Intermediary Secure System Asymmetric Cryptography Digital Signature.

E-commerceE-commerce

Refers to doing business and transactions over electronic networks prominently the internet.• Prevents the need for physical presence• Two parties may never know, see or talk to each other

but still do business.• Has introduced the concept of electronic delivery of

products and services.• Unmanned round-the-clock enterprises – Available

always.

E-Commerce- Potential ProblemsE-Commerce- Potential Problems

Security on Net-Confidentiality, Integrity and Availability.

Cyber crimes-Hackers, VirusesTechnological ComplexitiesLack of Information trailDesparate Regulatory Environment and

Taxation Policies.

ChallengesChallenges

Protecting Information in TransitProtecting Information in StorageProtecting Information in ProcessAvailability and Access to

information to those Authorised.

Concerns in E-TransactionsConcerns in E-Transactions

ConfidentialityIntegrityAvailabilityNon Repudiation

Confidentiality ConcernsConfidentiality Concerns

Eavesdropping Wire Tapping Active/Passive E-mail snooping Shoulder Surfing

Integrity Attacks

Data Diddling Buffer Overflow Used to insert malicious code Channel violation Spoofing

Availability Threats

Denial of Service (DOS)Ping of DeathSYN FloodingRemote Shut Down

Tools and TechniquesTools and Techniques Key Loggers Password Crackers Mobile Code Trap Doors SniffersVirusesWorms Trojan Horse Logic Bombs

ParametersParameters

Data ConfidentialityUser AuthenticationData Origin AuthenticationData IntegrityNon Repudiation.

IT Act 2000IT Act 2000

It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention there under committed outside India by any person.

IT Act 2000-Terms ExplainedIT Act 2000-Terms Explained

a. "access" with its grammatical variations means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;

b. "addressee" means a person who is intended by the originator to receive the electronic record but does not include any intermediary;

c. "adjudicating officer" means a judge appointed under subsection (1) of section 46

IT Act 2000-Terms ExplainedIT Act 2000-Terms Explainedd. "affixing digital signature“ means adoption of any

methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature

e. "asymmetric crypto system" means a system of a secure key pair consisting of a private key for creating a digital signature & public key to verify it

f. "Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate under section 24


g. "computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;


h. "computer network" means the interconnection of one or more computers through—

(i) the use of satellite, microwave, terrestrial line or other communication media; and

(ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained;

i. "computer resource" means computer, computer system, computer network, data,computer data base or software;


j. "Controller" means the Controller of Certifying Authorities appointed under sub-section (l) of section 17

k. "Cyber Appellate Tribunal" means Cyber Regulations Appellate Tribunal established under sub-section (1) of section 48

l. "digital signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with provisions of section 3

m."Digital Signature Certificate" means a Digital Signature Certificate issued under subsection (4) of section 35

IT Act 2000-Terms ExplainedIT Act 2000-Terms Explainedn. "electronic record" means data, record or data generated,

image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche

o. "intermediary" with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message

p. "originator" means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary

Digital SignatureDigital Signature

Authentication of Electronic Records All information in electronic form which requires

affixing of signature for legal recognition now satisfies if authenticated by affixing digital signature.

Applicability includes: Forms, licences, permits, receipt/payment of money.

Electronic GovernanceElectronic GovernanceLegal recognition of electronic records. Where any law provides that information or any

other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is-

(a)rendered or made available in an electronic form;

(b)accessible so as to be usable for a subsequent reference.

Electronic GovernanceElectronic GovernanceLegal recognition of digital signatures Where any law provides that information or any

other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

Attribution, Acknowledgment & Despatch Attribution, Acknowledgment & Despatch Of Electronic RecordsOf Electronic Records

Attribution of electronic records. An electronic record shall be attributed to the

originator-

(a) if it was sent by the originator himself;

(b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) by an information system programmed by or on behalf of the originator to operate automatically


Acknowledgment of receipt.

(1) Where the originator has not agreed with the addressee that the acknowledgment of receipt of electronic record be given in a particular form or by a particular method, an acknowledgment may be given by—

(a) any communication by the addressee, automated or otherwise; or

(b) any conduct of the addressee, sufficient to indicate to the originator that electronic record has been received



(2) Where the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgment of such electronic record by him else deemed to have been never sent by the originator.



(3) Where the originator has not stipulated that the electronic record shall be binding only on receipt of such acknowledgment, and the acknowledgment has not been received within the time agreed or within a reasonable time, then the originator may give notice to the addressee stating that no acknowledgment has been received by him and if no acknowledgment is received within the aforesaid time limit he may after giving notice to the addressee, treat the electronic record as though it has never been sent.


Time & place of despatch & receipt of electronic record

(1) Dispatch of an electronic record occurs when it enters a computer resource outside the control of the originator.

(2)Time of receipt of an electronic record shall be determined as follows, namely :—

(a) if the addressee has designated a computer resource for the purpose of receiving electronic records,— receipt occurs at the time when the electronic, record enters the designated computer resource; or received by the addressee

class it act

Education