Unit 3 Cyber Security PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document contains information about the Information Technology Act of 2000, its key elements, and its impact on various aspects of online activities including e-commerce and cybercrimes. It includes discussions on digital signatures and their legal validity, as well as outlining the importance of cyber laws in India.
Full Transcript
**Table of Content** Key Elements of IT Act, 2000 Rationale Behind the IT Act 2000 IT Act 2000: Electronic Commerce and Internet Amendments to the IT Act 2000 Non-applicability of the IT Act 2000 Conclusion Information Technology Act, 2000- FAQs **Information Technology Act, 20...
**Table of Content** Key Elements of IT Act, 2000 Rationale Behind the IT Act 2000 IT Act 2000: Electronic Commerce and Internet Amendments to the IT Act 2000 Non-applicability of the IT Act 2000 Conclusion Information Technology Act, 2000- FAQs **Information Technology Act, 2000: Elements, Applicability and Amendments** The Information Technology Act, 2000 holds significant importance in India as a pivotal piece of legislation addressing issues related to cybercrime and electronic commerce. This act establishes a legal framework for electronic governance by acknowledging the validity of electronic records and digital signatures. The primary goal of the IT Act 2000 is to facilitate lawful and reliable electronic, digital, and online transactions while also serving as a deterrent against cybercrimes. Encompassing offenses related to computers, computer systems, and networks, the act confers legal validity to electronic contracts and recognizes electronic signatures. The act was enacted to provide legal support to electronic commerce, enable e-governance, and combat cybercrime. IT Act 2000 comprises 13 chapters, 4 schedules, and 94 sections, making it one of the most stringent privacy laws globally. ***Key Takeaways:*** - *The Information Technology Act, 2000 is pivotal Indian legislation addressing cybercrime and e-commerce issues.* - *The primary goal is to facilitate lawful and reliable digital transactions while deterring cybercrimes. It also aims to enable e-governance.* - *The act establishes a legal framework for e-governance by recognizing electronic records and digital signatures. It confers validity on electronic contracts and signatures.* - *IT Act 2000 encompasses offenses related to computers, computer systems, and networks.* - *It comprises 13 chapters, 4 schedules and 94 sections, making it one of the most stringent privacy laws globally.* *The IT Act, of 2000 has two schedules: * - ***First Schedule: **Deals with documents to which the Act shall not apply.* - ***Second Schedule: **Deals with electronic signature or electronic authentication method.* ***What are the Features of The Information Technology Act, 2000?*** *The features of The IT Act, 2000 are as follows:* 1. *The digital signature has been changed to an electronic signature to make it a greater generation-impartial act.* 1. *It elaborates on offenses, penalties, and breaches.* 1. *It outlines the Justice Dispensation Systems for cyber crimes.* 1. *The Information Technology Act defines in a new segment that a cyber cafe is any facility wherein access to the net is offered by any person inside the normal business to the general public.* 1. *It offers the constitution of the Cyber Regulations Advisory Committee.* 1. *The Information Technology Act is based totally on The Indian Penal Code, of 1860, The Indian Evidence Act, of 1872, The Bankers' Books Evidence Act, of 1891, The Reserve Bank of India Act, of 1934, and many others.* 1. *It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained inside the Act shall limit any person from exercising any right conferred under the Copyright Act, of 1957.* ***The Offenses and the Punishments in IT Act 2000*** *The offenses and the punishments that fall under the IT Act, of 2000 are as follows:-* 1. *Tampering with the computer source documents.* 1. *Directions of Controller to a subscriber to extend facilities to decrypt information.* 1. *Publishing of information that is obscene in electronic form.* 1. *Penalty for breach of confidentiality and privacy.* 1. *[Hacking ](https://www.geeksforgeeks.org/what-is-hacking-definition-types-identification-safety/)for malicious purposes.* 1. *Penalty for publishing [Digital Signature Certificate](https://www.geeksforgeeks.org/digital-signatures-certificates/) false in certain particulars.* 1. *Penalty for misrepresentation.* 1. *Confiscation.* 1. *Power to investigate offenses.* 1. *Protected System.* 1. *Penalties for confiscation are not to interfere with other punishments.* 1. *Act to apply for offense or contravention committed outside India.* 1. *Publication for fraud purposes.* 1. *Power of Controller to give directions.* **Key Elements of IT Act, 2000** **1. Legal Recognition for Electronic Records and Digital Signatures: **IT Act, 2000 provides a fundamental legal framework for the acknowledgment and enforceability of electronic records and digital signatures. It goes beyond merely facilitating transactions; it establishes a foundation for the digital realm's legal infrastructure. According to the legal validity of electronic documents and signatures, the act enables a seamless transition towards electronic governance and commerce, streamlining processes and fostering a more efficient and legally recognized digital environment. **2. Facilitation of Electronic Governance and Commerce: **Recognizing the legal validity of electronic records and signatures, IT Act 2000 actively promotes the facilitation of electronic governance and commerce. It extends to electronic delivery of government services, aiming to enhance accessibility and efficiency in public service delivery. Additionally, the act seeks to create a conducive environment for secure and legally recognized transactions between entities, further boosting the growth of e-commerce. **3. Promotion of IT Sector Growth and Innovation: **IT Act 2000 goes beyond its role in governance and commerce; it is a key driver in promoting growth within the Information Technology (IT) sector. By providing a comprehensive legal framework for digital technologies, the act encourages innovation and entrepreneurship. It not only safeguards the interests of firms but also stimulates a dynamic and competitive landscape that fosters continuous technological advancements and economic growth within the IT sector. **4. Cybercrime Regulation and Data Protection:** The act serves as a critical regulatory tool in addressing the multifaceted challenges posed by digital technology, electronic communication, and cybersecurity. With a specific focus on cybercrime regulation and data protection, IT Act 2000 strives to safeguard digital data and combat cyber threats. It delineates offenses related to computers, computer systems, and networks, offering a legal apparatus to address and mitigate cybersecurity risks in an increasingly interconnected digital landscape. **5. Strict Privacy Laws: **IT Act 2000 is acknowledged as one of the world's strictest privacy laws, going beyond conventional legalities. It extends its jurisdiction to cover offenses related to computers, computer systems, or computer networks. By providing legal validity to electronic contracts and recognizing electronic signatures, the act not only ensures the legal standing of digital transactions but also establishes a robust legal framework for privacy protection in the digital domain. This comprehensive approach underscores the commitment to maintaining the privacy and security of individuals and entities engaging in electronic activities. **Rationale Behind the IT Act 2000** Enacted to tackle the evolving challenges of the digital age, the Information Technology Act, 2000 serves as a comprehensive legal framework in India, addressing electronic transactions, data protection, and the prevention of cybercrime. This legislation seeks to regulate diverse aspects of digital technology, electronic communication, and cybersecurity. Key objectives encompass providing legal recognition to electronic records and digital signatures, facilitating electronic governance and commerce, promoting IT sector growth, and encouraging innovation in information technology. Recognized globally as one of the strictest privacy laws, IT Act 2000 covers offenses related to computers, systems, or networks, validating electronic contracts and signatures. It establishes provisions for offenses involving data breaches and individual privacy violations, prescribing penalties. Notably, the act regulates and safeguards sensitive data held by social media and other electronic platforms, ensuring the protection of electronic transactions and endorsing electronic bookkeeping under the Reserve Bank 1934 regulations. Strengthening its stance, India has further fortified ITA-2000 through the introduction of new IT rules in 2021 and additional data protection and privacy laws, reflecting the nation's commitment to enhancing its IT regulations and safeguarding the interests of its citizens. **IT Act 2000: Electronic Commerce and Internet** **1. [E-Commerce](https://www.geeksforgeeks.org/impact-of-e-commerce-on-traditional-retail-business/) Regulation under IT Act 2000: **The advent of the internet has propelled a rapid surge in online activities, particularly in the realm of e-commerce. With a staggering 2.41 billion online shoppers as of 2021, the e-commerce industry is anticipated to constitute a substantial 22.0 percent of global retail sales by 2023. This surge in online transactions has necessitated a robust legal framework to address pertinent issues such as copyright concerns, data protection, and the pervasive challenges tied to the dynamic e-commerce landscape. **2. [Intellectual Property Rights](https://www.geeksforgeeks.org/importance-and-types-of-intellectual-property-rights-ipr/) and Privacy Concerns in E-Commerce:** E-commerce, being a dynamic and expansive marketplace, grapples with significant challenges related to intellectual property rights (IPR) protection and user privacy. The vastness of the internet and the absence of comprehensive regulations create an environment where safeguarding IPR becomes a complex task. Additionally, the collection of personal information during e-commerce transactions raises privacy concerns, emphasizing the need for stringent regulations to ensure data protection. **3. Cybercrime Challenges in E-Commerce:** While e-commerce continues to thrive, it also becomes a prime target for cybercrime, posing a significant threat to online transactions. Cybercriminals exploit vulnerabilities in e-commerce platforms to gain unauthorized access, compromise consumer information, engage in activities such as the illicit exchange of valuable financial data, or deploy malware to compromise computer systems. **4. Amendments and Evolving Legislation:** The IT Act 2000 has spurred amendments to existing acts to incorporate provisions related to IT offenses. Notable amendments include changes to the Indian Penal Code and the Indian Evidence Act to recognize electronic records and documents. The Information Technology (Amendment) Act, 2008 made the IT Act more technology-neutral and acknowledged the legal validity of digital signatures and electronic records. The Consumer Protection (E-Commerce Law) Rules, 2020, under the Consumer Protection Act 2019, further fortify regulations in e-commerce to prevent unfair practices, protect consumer interests, and ensure transparency on e-commerce platforms. These continuous legal adaptations signify India's commitment to refining its e-commerce laws and safeguarding the interests of its consumers in an evolving digital landscape. **Amendments to the IT Act 2000** **1. 2008 Amendment:** In 2008, the IT Act 2000 underwent a pivotal amendment to effectively combat cybercrimes and regulate electronic communication. **Section 66A** was introduced, penalizing the transmission of "offensive messages," while **Section 69** granted the government authority to intercept, monitor, or decrypt computer-generated information. These amendments aimed to fortify the legal framework, keeping pace with the growing complexity of cyber threats in India. **2. Reinforcement through 2011 Amendments:** Building upon the foundation laid in 2008, the 2011 amendments expanded the scope of cybercrimes. Offenses such as child pornography, voyeurism, identity theft, and privacy breaches were incorporated, accompanied by increased penalties for various offenses. These amendments demonstrated a commitment to staying ahead of emerging threats and bolstering the act's efficacy in addressing a broader spectrum of cybercrimes. **3. Enforcement Mechanisms and Oversight:** The IT Act 2000 empowers the central government to appoint controlling officers, ensuring vigilant oversight and compliance with its provisions. Supervision of data protection, storage, and cybersecurity adherence falls under the purview of the Indian Computer Emergency Response Team (CERT-In), highlighting the act's commitment to fostering a secure and resilient digital environment. **4. Institutional Framework and Impact: **The act established the Cyber Regulations Appellate Tribunal, dedicated to adjudicating IT-related disputes and hearing appeals, providing a specialized mechanism for legal recourse in the digital realm. Furthermore, the legislative framework facilitated the creation of the[ Unique Identification Authority of India (UIDAI)](https://www.geeksforgeeks.org/uidai-full-form-features-and-importance/), responsible for issuing UID numbers to Indian residents. **5. Scrutiny and Calls for Comprehensive Reform:** Despite its commendable contributions, certain provisions of the act, particularly those related to intermediary liability, surveillance, and data protection, have faced criticism from experts. The evolving digital landscape has spurred calls for a more comprehensive data protection law to address contemporary challenges and uphold the rights of individuals in the digital domain. **6. Catalyst for Growth and Governance: **Notwithstanding the critiques, the IT Act 2000 played a pivotal role in fostering the growth of the IT and business process outsourcing sectors in India. Additionally, it has been instrumental in facilitating e-governance initiatives, positioning itself as a key enabler in India's digital transformation journey. **Non-applicability of the IT Act 2000** **1. Limitations on Document Types: **The scope of the Information Technology Act (IT Act) is distinctly defined regarding the types of documents it governs. Primarily, the IT Act does not extend its applicability to physical or paper-based documents and transactions. This exclusion is exemplified by instances such as a handwritten signature on a traditional contract, which falls outside the purview of this law. The IT Act exclusively pertains to electronic documents and e-signatures, emphasizing its focus on the digital realm. **2. Inadequacies in Addressing Cyber Crimes: **The IT Act's provisions on cybercrimes exhibit limitations in their comprehensiveness. Various cyber offenses, including online stalking, bullying, phishing, and fraud, remain conspicuously absent from explicit inclusion in this legislation. The narrow definition of cybercrimes within the IT Act poses challenges for law enforcement agencies, hindering their ability to effectively investigate emerging digital offenses. This gap underscores the need for a more expansive and up-to-date legal framework to address the evolving landscape of cyber threats. **3. Content Regulation and Censorship: **Distinct from the IT Act, matters concerning content regulation and censorship are governed by separate laws, notably the **Information Technology (Intermediary Guidelines) Rules 2021.** The IT Act itself lacks the authority to empower the government to block websites or remove content, except in specific cases involving the dissemination of obscene information. Content regulation primarily falls within the purview of the Constitution of India rather than the IT Act, elucidating the nuanced governance structure surrounding digital content. **4. Evolution with Personal Data Protection Bill: **With the advent of the Personal Data Protection Bill, a crucial shift in the regulatory landscape is imminent. Once enacted, this bill is poised to supersede the privacy sections of the IT Act. The Personal Data Protection Bill will assume jurisdiction over matters relating to privacy and data protection, marking a significant evolution in India's legal framework to align with contemporary challenges in safeguarding sensitive digital information. This impending transition signifies a proactive step toward enhancing privacy and data protection regulations beyond the confines of the IT Act. **Information Technology Act, 2000- FAQs** **What does the technology law in India mean?** *In India, cyber laws are encapsulated in the Information Technology Act 2000, which became effective on October 17, 2000. The primary objective of the act is to provide legal recognition to electronic commerce and facilitate the submission of electronic records to the government.* **What are the features of the 2000 IT Act with the 2008 amendment?** *The 2008 amendment to the IT Act brought about significant changes, expanding the definition of cybercrime and introducing penalties for offenses such as identity theft, unauthorized publication of private images, cheating by impersonation, and transmitting offensive or sexually explicit content through electronic means.* **What are the latest amendments to the IT Act?** *The latest amendments to the Information Technology Act 2000, as notified through the Jan Vishwas (Amendment of Provisions) Act, 2023, came into effect on November 30. These amendments include the decriminalization of five offenses and an increase in penalties.* **What are the pivotal objectives of the IT Act 2000?** *The primary objectives of the IT Act 2000 include granting legal recognition to electronic records and digital signatures. It aims to confer legal validity and enforceability on electronic records and digital signatures, treating them equivalently to physical documents and handwritten signatures.* **Whom does the IT Act apply to?** *The IT Act 2000 extends its applicability to the entire country, encompassing the whole of India. Unless specified otherwise in the act, it also applies to offenses or contraventions committed outside India by any person.* *Sections and Punishments under the Information Technology Act, of 2000 are as follows :* ***SECTION*** ***PUNISHMENT*** -------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ***Section 43*** ***This section of the IT Act, 2000 states that any act of destroying, altering, or stealing a computer system/network or deleting data with malicious intentions without authorization from the owner of the computer is liable for the payment to be made to the owner as compensation for damages.*** ***Section 43A*** ***This section of the IT Act, 2000 states that any corporate body dealing with sensitive information that fails to implement reasonable security practices causing the loss of another person will also be liable as a convict for compensation to the affected party.*** ***Section 66*** ***Hacking a Computer System with malicious intentions like fraud will be punished with 3 years imprisonment or a fine of Rs.5,00,000 or both.*** ***Section 66 B, C, D*** ***Fraud or dishonesty using or transmitting information or **[identity theft](https://www.geeksforgeeks.org/cyber-crime-identity-theft/)** is punishable with 3 years imprisonment or a Rs. 1,00,000 fine or both.*** ***Section 66 E*** ***This Section is for Violation of privacy by transmitting an image of a private area is punishable with 3 years imprisonment or a 2,00,000 fine or both.*** ***Section 66 F*** ***This Section is on **[Cyber Terrorism](https://www.geeksforgeeks.org/what-is-cyber-terrorism/)** affecting the unity, integrity, security, and sovereignty of India through digital mediums is liable for life imprisonment.*** ***Section 67*** ***This section states publishing obscene information or pornography or transmission of obscene content in public is liable for imprisonment of up to 5 years or a fine of Rs. 10,00,000 or both.*** ***Digital Signatures and Certificates*** ***Encryption** -- Process of converting electronic data into another form, called ciphertext, which no one except the authorized parties can easily understand. This assures data security. \ * ***Decryption**-- Process of translating code to data. * - *The message is encrypted at the sender's side using various encryption algorithms and decrypted at the receiver's end with the help of the decryption algorithms.* - *When some message is to be kept secure like username, password, etc., encryption and decryption techniques are used to assure data security.* *Experience the ease of obtaining legally binding signatures online, all while maintaining the highest standards of security and compliance with the leading e-signature platform,[ SignNow](https://signnow.sjv.io/baEbJm). It is a secure and efficient electronic signature solution designed to streamline your document signing process while ensuring top-tier security features.* ***Types of Encryption *** *Data encryption transforms information into a code that is only accessible to those with a password or secret key, sometimes referred to as a decryption key. Data that has not been encrypted is referred to as plaintext, whereas data that has been encrypted is referred to as ciphertext. In today's business sector, encryption is one of the most popular and effective data protection solutions. By converting data into ciphertext, which can only be decoded with a special decryption key generated either before or at the time of the encryption, data encryption serves to protect the secrecy of data.* - ***Symmetric Encryption**\ Data is encrypted using a key and the decryption is also done using the same key. There are a few strategies used in cryptography algorithms. For encryption and decryption processes, some algorithms employ a unique key. In such operations, the unique key must be secured since the system or person who knows the key has complete authentication to decode the message for reading.* Screenshot44 ***Fig: Symmetric Encryption*** - ***Asymmetric Encryption**\ Asymmetric Cryptography is also known as public-key cryptography. It uses public and private keys for the encryption and decryption of message. One key in the pair which can be shared with everyone is called the public key. The other key in the pair which is kept secret and is only known by the owner is called the private key.* ![Screenshot46](media/image2.png) *Asymmetric Encryption* ***Public key**-- Key which is known to everyone. Ex-public key of A is 7, this information is known to everyone. \ **Private key**-- Key which is only known to the person who's private key it is. \ **Authentication**-Authentication is any process by which a system verifies the identity of a user who wishes to access it. \ **Non- repudiation**-- Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. \ **Integrity**-- to ensure that the message was not altered during the transmission. \ **Message digest** -The representation of text in the form of a single string of digits, created using a formula called a one way hash function. Encrypting a message digest with a private key creates a digital signature which is an electronic means of authentication.. \ * ***Digital Signature*** ***What is a digital signature?*** *A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. * 1. ***Key Generation Algorithms**: Digital signature is electronic signatures, which assure that the message was sent by a particular sender. While performing digital transactions authenticity and integrity should be assured, otherwise, the data can be altered or someone can also act as if he was the sender and expect a reply.* 1. ***Signing Algorithms**: To create a digital signature, signing algorithms like email programs create a one-way hash of the electronic data which is to be signed. The signing algorithm then encrypts the hash value using the private key (signature key). This encrypted hash along with other information like the hashing algorithm is the digital signature. This digital signature is appended with the data and sent to the verifier. The reason for encrypting the hash instead of the entire message or document is that a hash function converts any arbitrary input into a much shorter fixed-length value. This saves time as now instead of signing a long message a shorter hash value has to be signed and moreover hashing is much faster than signing.* 1. ***Signature Verification Algorithms** : Verifier receives Digital Signature along with the data. It then uses Verification algorithm to process on the digital signature and the public key (verification key) and generates some value. It also applies the same hash function on the received data and generates a hash value. If they both are equal, then the digital signature is valid else it is invalid.* ***The steps followed in creating digital signature are : *** 1. *Message digest is computed by applying hash function on the message and then message digest is encrypted using private key of sender to form the digital signature. (digital signature = encryption (private key of sender, message digest) and message digest = message digest algorithm(message)).* 1. *Digital signature is then transmitted with the message.(message + digital signature is transmitted)* 1. *Receiver decrypts the digital signature using the public key of sender.(This assures authenticity, as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender's public key).* 1. *The receiver now has the message digest.* 1. *The receiver can compute the message digest from the message (actual message is sent with the digital signature).* 1. *The message digest computed by receiver and the message digest (got by decryption on digital signature) need to be same for ensuring integrity.* *Message digest is computed using one-way hash function, i.e. a hash function in which computation of hash value of a message is easy but computation of the message from hash value of the message is very difficult. * \* * ***Assurances about digital signatures*** *The definitions and words that follow illustrate the kind of assurances that digital signatures offer.* 1. ***Authenticity**: The identity of the signer is verified.* 1. ***Integration:** Since the content was digitally signed, it hasn't been altered or interfered with.* 1. ***Non-repudiation: **demonstrates the source of the signed content to all parties. The act of a signer denying any affiliation with the signed material is known as repudiation.* 1. ***Notarization: **Under some conditions, a signature in a Microsoft Word, Microsoft Excel, or Microsoft PowerPoint document that has been time-stamped by a secure time-stamp server is equivalent to a notarization.* ***Benefits of Digital Signatures*** - ***Legal documents and contracts:** Digital signatures are legally binding. This makes them ideal for any legal document that requires a signature authenticated by one or more parties and guarantees that the record has not been altered.* - ***Sales contracts: **Digital signing of contracts and sales contracts authenticates the identity of the seller and the buyer, and both parties can be sure that the signatures are legally binding and that the terms of the agreement have not been changed.* - ***Financial Documents: **Finance departments digitally sign invoices so customers can trust that the payment request is from the right seller, not from a bad actor trying to trick the buyer into sending payments to a fraudulent account.* - ***Health Data: **In the healthcare industry, privacy is paramount for both patient records and research data. Digital signatures ensure that this confidential information was not modified when it was transmitted between the consenting parties.* ***Drawbacks of Digital Signature*** - ***Dependency on technology:** Because digital signatures rely on technology, they are susceptible to crimes, including hacking. As a result, businesses that use digital signatures must make sure their systems are safe and have the most recent security patches and upgrades installed.* - ***Complexity: **Setting up and using digital signatures can be challenging, especially for those who are unfamiliar with the technology. This may result in blunders and errors that reduce the system's efficacy. The process of issuing digital signatures to senior citizens can occasionally be challenging.* - ***Limited acceptance: **Digital signatures take time to replace manual ones since technology is not widely available in India, a developing nation.* ***Digital Certificate*** *Digital certificate is issued by a trusted third party which proves sender's identity to the receiver and receiver's identity to the sender. \ A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the identity of the certificate holder. Digital certificate is used to attach public key with a particular individual or an entity. * ***Digital certificate contains*** - *Name of certificate holder.* - *Serial number which is used to uniquely identify a certificate, the individual or the entity identified by the certificate* - *Expiration dates.* - *Copy of certificate holder's public key.(used for decrypting messages and digital signatures)* - *Digital Signature of the certificate issuing authority.* *Digital certificate is also sent with the digital signature and the message. * ***Advantages of Digital Certificate*** - ***NETWORK SECURITY : **A complete, layered strategy is required by modern cybersecurity methods, wherein many solutions cooperate to offer the highest level of protection against malevolent actors. An essential component of this puzzle is digital certificates, which offer strong defence against manipulation and man-in-the-middle assaults.* - ***VERIFICATION : **Digital certificates facilitate cybersecurity by restricting access to sensitive data, which makes authentication a crucial component of cybersecurity. Thus, there is a decreased chance that hostile actors will cause chaos. At many different endpoints, certificate-based authentication provides a dependable method of identity verification. Compared to other popular authentication methods like biometrics or one-time passwords, certificates are more flexible.* - ***BUYER SUCCESS : **Astute consumers demand complete assurance that the websites they visit are reliable. Because digital certificates are supported by certificate authority that users' browsers trust, they offer a readily identifiable indicator of reliability.* ***Disadvantages of Digital Certificate*** - ***Phishing attacks:** To make their websites look authentic, attackers can fabricate bogus websites and obtain certificates. Users may be fooled into providing sensitive information, such as their login credentials, which the attacker may then take advantage of.* - ***Weak encryption: **Older digital certificate systems may employ less secure encryption methods that are open to intrusions.* - ***Misconfiguration:** In order for digital certificates to work, they need to be set up correctly. Websites and online interactions can be attacked due to incorrectly configured certificates.* ***Digital certificate vs digital signature*** *Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is assuring that the message is sent by the known user and not modified, while digital certificate is used to verify the identity of the user, maybe sender or receiver. Thus, digital signature and certificate are different kind of things but both are used for security. Most websites use digital certificate to enhance trust of their users\ * ***Feature*** ***Digital Signature*** ***Digital Certificate*** --------------------------- -------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- ***Basics / Definition*** *A digital signature secures the integrity of a digital document in a similar way as a fingerprint or attachment.* *Digital certificate is a file that ensures holder's identity and provides security.* ***Process / Steps*** *Hashed value of original data is encrypted using sender's private key to generate the digital signature.* *It is generated by CA (Certifying Authority) that involves four steps: Key Generation, Registration, Verification, Creation.* ***Security Services*** ***Authenticity** of Sender, **integrity** of the document and **non-repudiation**.* *It provides security and **authenticity** of certificate holder.* ***Standard*** *It follows Digital Signature Standard (DSS).* *It follows X.509 Standard Format* **[Cyberlaw ]** Cyber law is the legal framework that governs digital activities, including online communication, e-commerce, and cybercrime. It also includes laws that protect data privacy and balance the rights of individuals with the interests of data controllers. ***Cyber Laws yields legal recognition to electronic documents and a structure to support e-filing and e-commerce transactions and also provides a legal structure to reduce cyber crime**.* Some examples of cyber law include: Software and source code licenses, Trademark law, Semiconductor law, Patent law, and Data protection and privacy laws. Cybercrime is a criminal activity that involves a computer, network, or networked device. Cybercriminals may use cybercrime to generate a profit. Cyberstalking is a type of cybercrime that involves harassing or stalking a victim through electronic or digital means. Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal system thet is related to legal informatics and supervises the digital circulation of information, e-commerce, software and information security. It is associated with legal informatics and electronic elements, including information systems, computers, software, and hardware. It covers many areas, such as access to and usage of the Internet, encompassing various subtopics as well as freedom of expression, and online privacy. Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale with the help of protecting information access from unauthorized people, freedom of speech related to the use of the [Internet](https://www.javatpoint.com/internet), privacy, communications, email, websites, intellectual property, hardware and software, such as data storage devices. As Internet traffic is increasing rapidly day by day, that has led to a higher percentage of legal issues worldwide. Because cyber laws are different according to the country and jurisdiction, restitution ranges from fines to imprisonment, and enforcement is challenging. **Importance of Cyber Law:** 1. It covers all transactions over the internet. 2. It keeps eye on all activities over the internet. 3. It touches every action and every reaction in cyberspace. \ **Why are cyber laws needed?** There are many security issues with using the Internet and also available different malicious people who try to unauthorized access your computer system to perform potential fraud. Therefore, similarly, any law, cyber law is created to protect online organizations and people on the network from unauthorized access and malicious people. If someone does any illegal activity or breaks the cyber rule, it offers people or organizations to have that persons sentenced to punishment or take action against them. **What happens if anyone breaks a cyber law?** If anyone breaks a cyber law, the action would be taken against that person on the basis of the type of cyberlaw he broke, where he lives, and where he broke the law. There are many situations like if you break the law on a website, your account will be banned or suspended and blocked your [IP (Internet Protocol)](https://www.javatpoint.com/ip-full-form) address. Furthermore, if any person performs a very serious illegal activity, such as causing another person or company distress, hacking, attacking another person or website, advance action can be taken against that person. **Importance of Cyber Law** Cyber laws are formed to punish people who perform any illegal activities online. They are important to punish related to these types of issues such as online harassment, attacking another website or individual, data theft, disrupting the online workflow of any enterprise and other illegal activities. If anyone breaks a cyber law, the action would be taken against that person on the basis of the type of cyberlaw he broke, where he lives, and where he broke the law. It is most important to punish the criminals or to bring them to behind bars, as most of the cybercrimes cross the limit of crime that cannot be considered as a common crime. These crimes may be very harmful for losing the reliability and confidentiality of personal information or a nation. Therefore, these issues must be handled according to the laws. - When users apply transactions on the Internet, cyber law covers every transaction and protect them. - It touches every reaction and action in cyberspace. - It captures all activities on the Internet. - **Areas involving in Cyber Laws** These laws deal with multiple activities and areas that occur online and serve several purposes. Some laws are formed to describe the policies for using the Internet and the computer in an organization, and some are formed to offer people security from unauthorized users and malicious activities. There are various broad categories that come under cyber laws; some are as follows: **Fraud** Cyber laws are formed to prevent financial crimes such as identity theft, credit card theft and other that occurring online. A person may face confederate or state criminal charges if he commits any type of identity theft. These laws have explained strict policies to prosecute and defend against allegations of using the internet. **Copyrighting Issues** The Internet is the source that contains different types of data, which can be accessed anytime, anywhere. But it is the authority of anyone to copy the content of any other person. The strict rules are defined in the cyber laws if anyone goes against copyright that protects the creative work of individuals and companies. **Scam/ Treachery** There are different frauds and scams available on the Internet that can be personally harmful to any company or an individual. Cyber laws offer many ways to protect people and prevent any identity theft and financial crimes that happen online. **Online Insults and Character Degradation** There are multiple online social media platforms that are the best resources to share your mind with anyone freely. But there are some rules in cyber laws if you speak and defaming someone online. Cyber laws address and deal with many issues, such as racism, online insults, gender targets to protect a person\'s reputation. **Online Harassment and Stalking** Harassment is a big issue in cyberspace, which is a violation of both criminal laws and civil. In cyber laws, there are some hard laws defined to prohibit these kinds of despicable crimes. **Data Protection** People using the internet depends on cyber laws and policies to protect their personal information. Companies or organizations are also relying on cyber laws to protect the data of their users as well as maintain the confidentiality of their data. **Contracts and Employment Law** When you are visiting a website, you click a button that gives a message to ask you to agree for terms and conditions; if you agree with it, that ensures you have used cyber law. For every website, there are terms and conditions available that are associated with privacy concerns. **Trade Secrets** There are many organizations that are doing online businesses, which are often relying on cyber laws to protect their trade secrets. For example, online search engines like Google spend much time to develop the algorithms that generate a search result. They also spend lots of time developing other features such as intelligent assistance, flight search services, to name a few and maps. Cyber laws help these organizations to perform legal action by describing necessary legal laws for protecting their trade secrets. **Advantages of Cyber Law:** - Organizations are now able to carry out e-commerce using the legal infrastructure provided by the Act. \ - Digital signatures have been given legal validity and sanction in the Act. \ - It has opened the doors for the entry of corporate companies for issuing Digital Signatures Certificates in the business of being Certifying Authorities. \ - It allows Government to issue notifications on the web thus heralding e-governance. \ - It gives authority to the companies or organizations to file any form, application, or any other document with any office, authority, body, or agency owned or controlled by the suitable Government in e-form using such e-form as may be prescribed by the suitable Government. \ - The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. \ - Cyber Law provides both hardware and software security.