Understanding Digital Signatures, PPIs, and Cybercrime

Posted on Feb 16, 2025 in Management Assistance

Digital Signature Certificates and Certifying Authorities

Function of Certifying Authority (CA)

  • Acts as a regulatory certifying authority.
  • Recognizes foreign certifying authorities.
  • Grants licenses to certifying authorities to issue electronic signature certificates.
  • Suspends licenses.

Rules to Obtain a License to Issue Electronic Certificates (EC)

  • Application for license.
  • Submission of application.
  • Validity of license.
  • Issuance of license.
  • Renewal of license.
  • Suspension of license.

Duties of a Certifying Authority (CA)

  • Follow certain procedures regarding security systems.
  • Ensure compliance with the act.
  • Display the license.
  • Surrender the license.
  • Make certain disclosures.

Contents of a Digital Signature Certificate

  • Owner’s name, organization name, location.
  • Issuer’s name, organization, and location.
  • Date of issue.
  • Serial number of certificate.
  • Signature algorithm identifier.
  • Owner’s public key.
  • Date of expiry.
  • Issuer’s public key and digital signature.

Procedures Relating to Electronic Certificates (EC)

  • Issue of ESC:
    • Making application.
    • Grant of certificate.
    • Rejection of certificate.
  • Suspension of digital signature certificate.
  • Revocation of digital signature certificate.

Duties of a Subscriber

  • Definition.
  • Generating key pair.
  • Duty of subscriber of electronic signature certificate.
  • Acceptance of digital signature certificate.
  • Control of private keys.

Payment Instruments (PPIs)

Who is Eligible to Issue PPIs?

  • All banks.
  • Mobile banking transactions approved by RBI can launch mobile-based PPIs.
  • Non-banking financial institutions: closed system and semi-closed system PPI issuance allowed.
  • Mobile service providers.

Types of PPIs

  • Closed system.
  • Semi-closed system.
  • Open system.

Protecting Company Data

Methods to Protect Company Data

  • Maintaining backup of data.
  • Disk encryption.
  • Insert firewall.
  • Antivirus software.
  • Public key infrastructure.
  • Internet protocol security.
  • Hardcopy.
  • Secure wireless transmission.
  • Check received files (antivirus may contain).

Steps for Creation and Verification of Digital Signatures

  • Preparation of message.
  • Application of hash function.
  • Encryption of message digest.
  • Attachment of digital signature.
  • Sending digital signature and encrypted message.
  • Verification.

Cybercrime

Different Kinds of Cybercrime

  • Unauthorized access and hacking.
  • Virus, worms, and trojan attacks.
  • DoS attack.
  • Email-related crimes.
  • Sale of illegal articles.
  • Online gambling, cyber pornography.
  • Phishing.
  • Intellectual property crime.
  • Web defacement.
  • Cyber stalking and cyber vandalism.

Various Categories of Cybercrime

  • Cybercrime against a person.
  • Cybercrime against property.
  • Cybercrime against government firms.
  • Cybercrime against society.

Reasons for Growing Cybercrime

  • Cyber criminals almost never get caught.
  • Indefinite legal jurisdiction.
  • Lack of legal evidence.
  • Companies under-invest in protection and detection.
  • Less space required for storage of data.
  • Easy accessibility.

Various Categories of Criminals

  • Children and adolescents between ages 16 to 18.
  • Organized hackers.
  • Professional hackers.
  • Discontented employees.
  • Scammers.
  • Phishers.
  • Insiders.
  • Advanced persistent threat agents.
  • Malware authors.
  • Spammers.

Various Effects of Cybercrime

  • Loss of revenue.
  • Wastage of time.
  • Damage of reputation.
  • Reduction in productivity.
  • Cost of production.
  • Intellectual property theft.
  • Legal consequences.
  • Blackmailing of corporation.