⚖️ Digital Signature and Secured Digital Signature under the Information Technology Act, 2000
Introduction
In today’s digital world, most transactions — like filing income tax, online contracts, e-tenders, and banking — happen electronically.
But how do we trust that a message or document sent online is genuine, untampered, and truly from the person who claims to send it?
That’s where Digital Signatures come in.
They are the electronic form of a handwritten signature, legally recognized under the Information Technology (IT) Act, 2000.
๐ป 1️⃣ Meaning of Digital Signature
๐ Section 2(1)(p) of the IT Act defines:
“Digital Signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of Section 3.”
In simple words —
๐ A digital signature is an electronic code or unique key used to verify the authenticity of an electronic document or message.
It proves that:
- The message truly came from the sender, and
- The message or document has not been changed after signing.
๐งฉ 2️⃣ How Does a Digital Signature Work? (Simple Explanation)
Digital signatures use a process called Public Key Infrastructure (PKI), involving two special keys:
| Key Type | Purpose |
|---|---|
| Private Key | Used by the sender to “sign” the document. It is secret and known only to the signer. |
| Public Key | Used by the receiver to “verify” that the signature is genuine. |
๐ Process (Step-by-step):
- The sender uses their private key to digitally sign the electronic record.
- The receiver uses the sender’s public key to verify the signature.
- If the signature matches, it proves:
- The sender is authentic, and
- The document is unaltered.
This system prevents forgery and tampering in online transactions.
⚖️ 3️⃣ Legal Recognition of Digital Signature
Section 3 of the IT Act, 2000:
It provides that:
“A subscriber may authenticate an electronic record by affixing his digital signature.”
๐น Important Points:
- It gives legal status to digital signatures — same as handwritten ones.
- Digital signatures can be used in all e-governance and e-commerce activities.
- The Controller of Certifying Authorities (CCA) regulates their issue and use.
4️⃣ Meaning of Secured Digital Signature
Section 15 of the IT Act, 2000 defines:
“A digital signature shall be a secured digital signature if—
(a) it is created in a secure manner; and
(b) the means of creation and verification are under the sole control of the person.”
In simple words:
A secured digital signature is a more protected version of a normal digital signature.
It ensures maximum safety, confidentiality, and non-repudiation (the signer cannot deny signing).
5️⃣ Difference Between Digital Signature and Secured Digital Signature
| Point of Difference | Digital Signature | Secured Digital Signature |
|---|---|---|
| Definition | General method to authenticate electronic records. | Digital signature created through secure, controlled, and verified systems. |
| Security Level | Provides normal level of authentication. | Provides high security using encryption and secure hardware. |
| Legal Provision | Section 3 | Section 15 |
| Control of Keys | Keys may not always be securely stored. | Keys are stored and used under sole control of signer. |
| Verification | Verified using public key. | Verified using secure digital certificate from a licensed Certifying Authority. |
| Use Case | Routine e-mails, filings. | Government tenders, e-contracts, legal submissions, confidential documents. |
⚙️ 6️⃣ Working Example (Easy to Understand)
- Suppose Ravi sends a digital contract to Neha.
- Ravi uses his private key to digitally sign it.
- Neha uses Ravi’s public key to check whether:
- The message truly came from Ravi.
- The message wasn’t changed.
If everything matches, the signature is valid — this is a digital signature.
Now, if Ravi’s digital signature was created through a secure device, such as a certified token or smart card issued by a licensed Certifying Authority (like e-Mudhra or NIC), it becomes a secured digital signature.
7️⃣ Role of Certifying Authorities (CA) in Digital Signatures
- Only licensed Certifying Authorities (CAs) can issue Digital Signature Certificates (DSCs) in India.
- Examples: NIC, e-Mudhra, (n)Code Solutions, Safescrypt, IDRBT.
- These CAs are regulated by the Controller of Certifying Authorities (CCA) under Section 17.
⚖️ 8️⃣ Judicial Interpretation — Case Laws
1️⃣ Tamil Nadu Organic Pvt. Ltd. v. Union of India (2009)
Court: Madras High Court
Facts: A company used a private (unauthorized) digital signature to file documents. The government refused to accept it.
Held:
- Only digital signatures issued by licensed Certifying Authorities are valid under the IT Act.
- This ensures authenticity and trustworthiness of electronic records.
Principle:
Only secured digital signatures, created and verified under authorized systems, have legal recognition.
2️⃣ Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473
Court: Supreme Court of India
Issue: Admissibility of electronic evidence in court.
Held:
- Electronic records are admissible only if authenticated and certified properly.
- The process of digital authentication relies on valid digital signatures from authorized sources.
Principle:
Digital signatures ensure integrity and authenticity of electronic evidence in legal proceedings.
3️⃣ State of Maharashtra v. Dr. Praful B. Desai (2003) 4 SCC 601
Facts: Recording of witness statement through video conferencing in a criminal trial.
Held:
- Electronic communications and recordings are valid evidence if authenticated.
- Authentication depends on secure and verifiable electronic signature systems.
Principle:
Recognized the importance of digital verification in maintaining the integrity of online communication.
9️⃣ Importance of Digital and Secured Digital Signatures
| Aspect | Importance |
|---|---|
| Authenticity | Confirms identity of sender. |
| Integrity | Ensures data has not been altered. |
| Non-repudiation | Sender cannot deny the message later. |
| Legal validity | Recognized under Section 3 & 15 of IT Act. |
| Security | Protects e-transactions from fraud. |
๐งพ 10️⃣ Conclusion
Digital signatures are the digital equivalent of handwritten signatures, providing trust and authenticity to online communication.
A secured digital signature adds another layer of protection and reliability, making sure the signer’s identity is genuine and the document is tamper-proof.
Together, they form the legal backbone of India’s e-governance and e-commerce system, ensuring that electronic transactions are safe, valid, and enforceable.
SECURED DIGITAL SIGNATURE — CASE LAWS ANALYSIS
⚖️ Case 1: Sanjay Kumar vs State of Haryana (2003)
Facts:
In this case, the accused used someone else’s digital signature to send fake e-mails and documents. The victim filed a complaint claiming that his electronic signature was misused without his consent.
Issue:
Whether misuse of another person’s digital signature can amount to cybercrime under the Information Technology Act, 2000?
Judgment:
The court held that digital signatures are equivalent to handwritten signatures, and using someone else’s digital signature is an act of forgery under Section 66C of the IT Act (identity theft).
The court further said that a person is liable even if the misuse occurs electronically.
Legal Principle:
Digital signatures have the same legal value as physical signatures.
Forgery of a digital signature is a punishable cyber offence.
⚖️ Case 2: State of Tamil Nadu vs Suhas Katti (2004)
Facts:
The accused posted obscene and defamatory material about a woman on a cyber platform using a fake email account and digital identification.
Issue:
Whether electronic identification (digital signature or authentication) can be used as evidence in cybercrime?
Judgment:
The Chennai Cyber Court accepted digital records and signature evidence as valid proof under Section 65B of the Indian Evidence Act.
This was India’s first conviction under the IT Act.
Legal Principle:
Digital signatures and electronic records are admissible in court if properly authenticated.
⚖️ Case 3: Shreya Singhal vs Union of India (2015)
Facts:
Though this case was about Section 66A of the IT Act (free speech online), the court discussed digital communication and authentication under the IT framework.
Judgment:
The Supreme Court highlighted that digital authentication and secure online identity are important to protect individuals’ rights in cyberspace.
It upheld the legality of digital evidence and secure authentication systems under the IT Act.
Legal Principle:
Digital signatures and secured authentication systems protect users’ freedom, privacy, and identity in cyberspace.
⚖️ Case 4: Anvar P.V. vs P.K. Basheer (2014)
Facts:
The case involved electronic records submitted as evidence in an election petition.
Issue:
How can electronic records (like digitally signed documents) be accepted as evidence?
Judgment:
The Supreme Court held that digital or electronic records are admissible only if certified under Section 65B(4) of the Evidence Act.
This ensures authenticity of digital signatures and secured data.
Legal Principle:
A valid digital signature certificate ensures the authenticity and reliability of electronic evidence in legal proceedings.
⚖️ Case 5: Tata Sons Ltd. vs Manu Kosuri & Ors. (2001)
Facts:
The defendant registered domain names similar to “tata.com” and used fake digital credentials to mislead users.
Judgment:
The Delhi High Court held that digital identities and signatures must be genuine and traceable.
Unauthorized or misleading digital signatures violate Section 43 and Section 66 of the IT Act.
Legal Principle:
Digital identity fraud or misuse of electronic signature is punishable under cybercrime and intellectual property law.
Summary Table for Exam
| Concept | Legal Section | Case Law | Principle Established |
|---|---|---|---|
| Digital Signature | Sec. 2(p), 3 IT Act | Sanjay Kumar vs State of Haryana | Misuse = Forgery |
| Secured Digital Signature | Sec. 15 IT Act | Anvar P.V. vs P.K. Basheer | Must be certified to be valid |
| Evidence Admissibility | Sec. 65B Evidence Act | State of Tamil Nadu vs Suhas Katti | Digital proof is valid |
| Digital Identity | Sec. 43, 66 IT Act | Tata Sons vs Manu Kosuri | Misuse = Cyber offence |
| Authentication & Freedom | Sec. 3A IT Act | Shreya Singhal vs UOI | Protects privacy & |
Comments
Post a Comment