Cyberspace has been defined as ‘a global domain within the information environment

consisting of the interdependent network of information technology infrastructures and

resident data, including the Internet, telecommunications networks, computer
systems, and embedded processors and controllers.
A more comprehensive definition is that offered by Kuehl according to which cyberspace is
‘a global domain within the information environment whose distinctive and unique
character is framed by the use of electronics and the electromagnetic spectrum to
create, store, modify, exchange, and exploit information via interdependent and
interconnected networks using information-communication technologies’. It transpires
from the above that cyberspace has three layers:
 a physical layer which consists of computers, integrated circuits, cables,
communications infrastructure and the like;
 a second layer which consists of the software logic; and,
 finally, a third layer which consists of data packets and electronics.
E-Contracts
E-contracts can be defined as contracts which are formed between two parties through the
negotiations via any electronic means. They can also be known as online contracts, digital
contracts and cyber contracts.
In e-contracts also, the goods and services are exchanged between the two parties for a
certain amount of consideration. These contracts are very similar in nature with the paper
contracts except that they are drafted and signed electronically. Thus, the seller can directly
reach to the consumer without the interference of a middleman.
E-contracts are formed on the basis of Uberrimae fidei doctrine. The “Uberrima fides” is a
Latin term which means “utmost good faith”. In e-contracts, the parties are in direct contact
with each other due to which the chances of misinformation or hiding of some material facts
is very negligible and thus both the parties are completely dependent on each other for all the
information. However, to complete the e-contract there are certain essentials which need to be
fulfilled. They are stated below.
Essentials of an e-contract
Refer Indian Contract Act, 1872 Section 2(a), 2(b), 2(c), 2(e) and 2(h)
As there are certain essential requirements to fulfil the paper-based contracts, in a very
similar way, there are certain elements that need to be present in the formation of an e-
contract. These elements are stated below.
 Offer: In numerous contracts (whether be it on the web or regular) the offer isn’t made
legitimately person to person. The buyer ‘peruses’ the accessible merchandise and
enterprises which appear at the vendor’s site and afterwards picks whatever he might
want to buy. This recommendation is not made by the site exhibiting the items
accessible to be buying at a particular cost. This is chiefly a challenge to the proposal
and hence it can be revoked whenever up to the hour of acknowledgment. The
proposal is given by the customer on presenting the things in the practical ‘crate’ or
‘the shopping basket’ for installment.
  Acceptance: There should be acceptance of offer. Generally, acceptance is the next
step by the seller when the offer has been made by the client in light of a proposal to
treat. The offer can be revoked anytime before the acknowledgment is done.
 Lawful consideration: There must be the presence of lawful consideration for any
contract to get enforceable by law i.e., there should be trade of something legal
between both the parties.
 Lawful object: There should be the presence of lawful object in the contract. A
contract surmises legality of the object of contract. In this manner, an arrangement for
selling opiate medications or erotic entertainment films online is void.
 Competent party: All the parties who are getting into the contract must be legitimately
able to form a contract.
 Intention to form legal relationship: In contract, the parties forming contract should
have the aim of forming legal relations.
 Free consent: There must be free and veritable assent. The consent by an individual is
supposed to be free when it isn’t brought about by pressure, deception, unnecessary
impact or misrepresentation. If all the above-mentioned essential elements are
fulfilled in an e-contract, then the contract formed is a valid e-contract.
Section 10A of IT Act incorporates the validity of e-contracts. It states as follows: “Where in
a contract formation, the communication of proposals, the acceptance of proposals, the
revocation of proposals and acceptances, as the case may be, are expressed in electronic form
or by means of an electronic record, such contract shall not be deemed to
be unenforceable solely on the ground that such electronic form or means was used for that
purpose.”
Types of e-contract
The essential element which makes e-contracts different from paper based contract is that it
takes place on an electronic platform. There are different types of e-contracts based on the
mode of formation. These types are stated below:
Electronic mail Agreements
A message through an e-mail that passes on the unmistaken able intentions of the association
may be considered as the binding contract which we can derive by the choice on account
of Trimex International FZE versus Vedanta Aluminum Limited. In this case, while
recognizing the adaption in the implementation of the business exchanges the honorable SC
ignored the argument which said that the business exchanges on email didn’t certify to form
agreements. The judgment came that when a contract is finished up either orally or it is saved
in the form of hard copy, the basic fact which states that the parties should initiate and lay out
the conventional agreement would affect neither the agreements acknowledgment which went
into nor its use, nevertheless if the proper agreement was initialed”.
Online Agreements
The online agreements are of three kinds. They are:
The Click Wrap Agreements
In click-wrap arrangements, a party subsequent to experiencing the rules and situations
mentioned on the site or system need basically to demonstrate their consent in front of the
corresponding, by just clicking the ‘I Agree’ symbol or decrease by clicking on ‘I Disagree’.
The famous case in which click wrap agreement was accepted as valid and enforceable is
Rudder vs. Microsoft Corporation. In this case, the offended parties started a legitimate
demand asserting break by the Microsoft Company of some particular payment conditions in
relation to Microsoft’s MSN Member Agreement. This agreement can be seen as the on-line
“click-wrap” arrangement on which everyone was supposed to look down and read the
instructions and after that give their consent by clicking on “I Agree” symbol before giving
admittance to the management. Irrespective of the reality that the party to the contract who
claimed wanted to lean on some of the standing of the Member Agreement, in putting forth
the pursuit, the aggrieved side contested the resolution made with the help of law and
gathering determination provisos whose sanction was tried by Microsoft. The aggrieved side
claimed in the recognition of the fact that the complete Member Agreement was not possible
at one moment as they weren’t informed of any arrangement like this due to which they were
not able to enforce it. The honorable court discovered that the Member Agreement was
enforceable because skimming some pages was like turning some pages of a big paper based
contract and by not maintaining the arrangement, there is the possibility of tumult within
commercial center, render inadequate e-trade & subvert the uprightness of any understanding
went into thereby.
One may refer to the decision in CompuServe, Inc. v. Patterson, where it was decided that a
click-wrap contracts was enforceable.
One of the first instances to implicitly rule that a click-wrap contract, more precisely, a
“terms of service” email agreement, is legitimate is Hotmail Corporation v. Van$ Money Pie
Inc., although there is not a true discussion of the enforceability of “click-wrap agreements”
in this case, it is one of the first rulings that subtly supports their legality.
In Caspi v. Microsoft Network, it was upheld that the validity of click-wrap contracts as
legitimate electronic contracts, as long as users receive fair notice and consent. It highlighted
forum selection conditions, addressing jurisdictional concerns in electronic transactions.
Shrink Wrap Agreements
Shrink-wrap agreements derive their name from the clear plastic wrapping that encloses the
goods (such as software packages). These contracts include a note requiring acceptance of
terms and conditions, including arbitration, choice of law, disclaimers, warranty restrictions,
and remedy limitations. The main objection is that the buyer or customer may be subject to
undisclosed terms and circumstances.
The early response to shrink-wrap agreements was to limit the application of such clauses. In
Step-Saver Data Systems, Inc. v. Wyse Technology, it was ruled that a shrink-wrap license,
not visible until after the program was purchased, was not legally enforceable as it was not
offered at the time of sale. This decision highlighted the need for software sellers to disclose
all contractual conditions, raising questions about the enforceability of shrink-wrap licenses.
The enforceability of shrink-wrap licences was upheld in ProCD, Inc. v. Zeidenberg, so long
as the buyer has access to the conditions and can accept or reject them. This has given
software providers legal certainty and affirmed a standard business practice.
Browse Wrap or Web Wrap Contracts
The contract where the online clients can discover the rules and regulations at any place on
the page which offers to sell items and travelling is known as web wrap contract. As indicated
in these rules and regulations, utilizing their web page for purchasing a product or
administration which is proposed comprises acknowledgment of the situations mentioned in
that. In Pollstar v. Gigmania, it was ruled that the licence agreement’s conditions couldn’t be
enforced due to the poorly stated link on the website. The issue was that Pollstar maintained
concert details on its website, which users could download by agreeing to the licence
conditions, but the licence was located on a different page.
In Specht v. Netscape Communications Corp it was ruled that software license agreement
clauses were unenforceable due to insufficient user permission. It highlighted that browse-
wrap agreements must be created so consumers are aware and agree to the terms, and
consumers have to consent reasonably.
Challenges existing in e-contract
 One of the essential ingredients of the e-contract is that an individual who is
becoming party to a contract is lawfully competent to become a part of an agreement.
Regularly there is an anonymous person becoming the part an agreement. The person
sitting on the other side does not have any idea about the person who clicked on “I
Agree” symbol is lawfully skillful to become the part of an agreement.
 Free assent is a fundamental essential of a substantial agreement. In online
agreements there is no extension for exchange. This is an incredible hindrance for the
client. However, the alternative “live with or without it” exchange is consistently to
the client. On account of LIC of India Vs Consumer Education and Research Center,
the honorable SC gave judgment that “In spotted line contracts there would be no
event for a more fragile gathering to deal as to accept to have equivalent bartering
power”. He has either to acknowledge or leave the administration or merchandise as
far as the dabbed line contract.
 E-contracts give a wide extension for the reason of activity emerging at a lot of
topographical areas. This may prompt recording of cases at better places.
Safeguarding claims at numerous topographical areas could be both costly and
disappointing. Consequently, decisions of party statements should be remembered for
all online agreements. It bodes well for the online specialist provider to restrict their
presentation to one purview as it were.
 The developing size of web based business in India permits shoppers to buy
merchandise through exchanges that are concurred, moved and gotten comfortable an
open virtual organization climate. Therefore, there are various security and protection
gives that are of Worry to the buyers which should be tended to.
 Innovation has assumed a fantastic part in upgrading the limit of web associations and
organizations to gather and dissect tremendous measures of information identifying
with the clients who only visit their sites. Accordingly, this raises a lot of worries
about how this information is dealt with and utilized.
 The problem of theft of identity is a big worry for the buyers who face encroachment
on their privacy in this practical environment. The theft of identity is the wrongdoing
of getting the individual or monetary data of someone else to utilize their personality
to submit extortion, for example, making unapproved exchanges or buys. Data fraud
 is submitted from multiple points of view and the outcome is that casualties are
regularly left with harm shockingly, finances, and notoriety.
UNCITRAL MODEL LAW ON E-COMMERCE,1996
The UNCITRAL Model Law on Electronic Commerce established non-discrimination,
technological neutrality, and functional equivalence as the foundational principles of modern
electronic commerce law. The principle of non-discrimination makes sure that a document
would not be denied legal effect, validity or enforceability solely on the grounds that it is in
electronic form (Article 5). The principle of technological neutrality mandates the adoption of
provisions that are neutral with respect to technology used. Neutral rights seek to
accommodate any future developments without the need for further legislative labour in light
of which technology is developing. The functional equivalence principle lays out criteria
under which electronic communications may be considered equivalent to paper-based
communications (Article 6,7,8). Specifically, it lays forth the conditions that electronic
communications must satisfy to serve the same tasks and achieve the same goals as those
specific ideas in the conventional paper-based system.
The goals of Model Law which include granting equal treatment to consumers of computer-
based data and paper-based documents, as well as promoting or supporting the utilisation of
electronic commerce are crucial to promote cost effectiveness in international trade. The
adopting State would establish a media-neutral environment by implementing the processes
of Model Law into its national legislation, for instances, in which the parties choose to
employ electronic methods of communication.
UNCITRAL Model Law on Electronic Signatures, 2001
The purpose of the Model Law on Electronic Signatures is to enable and facilitate the use of
electronic signatures by establishing criteria of technical reliability for the equivalence
between electronic and hand-written signatures.38 The increasing prevalence of electronic
authentication methods to replace signatures that are written and other conventional
authentication processes raised the possibility that a particular legal framework was required
to reduce legal confusion around the use of electronic methods. This Model Law expands
upon the essential idea that underpins Article 7 of the Model Law of the UNCITRAL on
Electronic Commerce in order to address such demands. It has to do with carrying out the
signing function in an electronic setting while avoiding encouraging the use of any particular
technology or procedure by adopting a technology-neutral approach. This really implies that
laws based on this Model Law can acknowledge electronic signatures utilising other
technologies as well as those based on cryptography, such public key infrastructure.
The UNCITRAL principles of functional equivalency, technical neutrality, and non-
discrimination serve as the foundation for this Model Law. It offers principles for determining
the obligations and responsibilities of the signatory, the relying party, and reliable third
parties. It also specifies technological reliability requirements for the equivalency between
electronic and handwritten signatures. Additionally, it endorses the acceptance of
international certifications and electronic signatures on the basis of substantial equivalency,
ignoring the origin of the foreign signature.
Understanding Communication Processes: Despatch and Receipt of Electronic Records
 For a Contract to happen, there should be a communication of proposal and communication
of acceptance as well. The
The contract is concluded when the letter of acceptance is posted. If the letter of acceptance
reaches later than usual then that does not entitle the offeror to allege that he is not bound by
the contract. It has been argued that the 'postal rule' is harsh on proposer/offeror and no
matter whether it was the delay or negligence on the part of the postal department, it is the
proposer/offeror who suffers.
The applicability of 'postal rule' was put to test in: Entores Ltd. v. Miles Far Eastern
Corporation, wherein the plaintiffs, in London, made an offer by telex to the agents of the
defendant corporation, in Holland. This was accepted by a telex, which was received on the
plaintiff's telex machine in London. The relevant issue was whether the contract was made in
England. If it were, that would provide a basis for the plaintiffs to serve a writ on the
defendant corporation outside of the jurisdiction. The court held that the contract was made in
London. Denning, L.J., who delivered the principal judgment of the Court observed:
"When a contract is made by post it is clear law throughout the common-law countries that
the acceptance is complete as soon as the letter is put into the post box, and that is the place
where the contract is made. But there is no clear rule about contracts made by telephone or by
telex. Communication by these means is virtually instantaneous and stands on a different
footing". He concluded, .....that the rule about instantaneous communications between the
parties is different from the rule about the post. The contract is only complete when the
acceptance is received by the offeror: and the contract is made at the place where the
acceptance is received"
A similar view was expressed by the Supreme Court in Bhagwandas Goverdhandas Kedia v.
Girdharilal Parshottamdas and Co. In this case, the plaintiffs commenced an action in the
City Civil Court at Ahmedabad against the Kedia Ginning Factory & Oil Mills of Khamgaon
[defendants] for a decree of Rs. 31, 150 on a plea that the defendant had failed to supply
cotton seed cake, which they had agreed to supply under an oral contract dated July 22, 1959
negotiated between the parties by conversation on long distance telephone. The plaintiffs
submitted that the cause of action for the suit arose at Ahmedabad, because the defendants
had offered to sell cotton seed cake, which offer was accepted by the plaintiffs at Ahmedabad.
The decision by majority view was that telephone is an instantaneous mode of
communication, just as if the parties were in presence of each other. The exception to the
general rule, as applied to post, would not apply here. So, in this case, the contract would be
made at the place where acceptance is received, i.e., Ahmedabad.
It is clear from the aforesaid judgments that the courts have reinterpreted the contractual
obligations of offeror/acceptor by evaluating the technological applications. It is an
established law that the contract is complete only when the acceptance is received by the
offeror and the contract is made at the place where the acceptance is received (instantaneous
communication rule).
Mere mechanical application of either 'postal rule' or 'instantaneous communication rule'
without taking into accounts the facts and circumstances would be fallacious. In WWE v.
Reshma Collection, the Delhi High Court has decided the issue of territorial jurisdiction on
the basis of instantaneous communication rule. One should not forget that the difference
between "postal" and "instantaneous" is the speed of communication.
In Trimex International FZE Ltd. v. Vedanta Aluminium Ltd. India, the Supreme Court has
held that in the absence of signed agreement between the parties, it would be possible to infer
from various documents duly approved and signed by the parties in the form of exchange of
e-mails, letter, telex, telegrams and other means of telecommunications.
IT ACT Provisions
Parties to the communication Process:
Refer:
1. Originator 2(1)(za): a person who sends, generates, stores or transmits any electronic
message or causes any electronic message to be sent, generated, stored or transmitted
to any other person but does not include an intermediary;
2. Intermediary 2(1)(w): with respect to any particular electronic records, means any
person who on behalf of another person receives, stores or transmits that record or
provides any service with respect to that record and includes telecom service
providers, network service providers, internet service providers, web-hosting service
providers, search engines, online payment sites, online-auction sites, online-market
places and cyber cafes;
3. Addressee 2(1)(b): a person who is intended by the originator to receive the
electronic record but does not include any intermediary;
Section 11: Attribution of Electronic Records: An electronic record shall be attributed to
the originator—
(a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf of the originator in respect of that
electronic record; or
(c) by an information system programmed by or on behalf of the originator to operate
automatically. ( Same as Article 13 of UNCITRAL MLEC)
12. Acknowledgment of receipt.—(1) Where the originator has not 3 [stipulated] that the
acknowledgment of receipt of electronic record be given in a particular form or by a
particular method, an acknowledgment may be given by—
(a) any communication by the addressee, automated or otherwise; or
(b) any conduct of the addressee, sufficient to indicate to the originator that the electronic
record has been received.
(2) Where the originator has stipulated that the electronic record shall be binding only on
receipt of an acknowledgment of such electronic record by him, then unless acknowledgment
has been so received, the electronic record shall he deemed to have been never sent by the
originator.
(3) Where the originator has not stipulated that the electronic record shall be binding only on
receipt of such acknowledgment, and the acknowledgment has not been received by the
originator within the time specified or agreed or, if no time has been specified or agreed to
within a reasonable time, then the originator may give notice to the addressee stating that no
acknowledgment has been received by him and specifying a reasonable time by which the
acknowledgment must be received by him and if no acknowledgment is received within the
aforesaid time limit he may after giving notice to the addressee, treat the electronic record as
though it has never been sent. ( Same as Article 14 of UNCITRAL MLEC)
13. Time and place of despatch and receipt of electronic record.—(1) Save as otherwise
agreed to between the originator and the addressee, the despatch of an electronic record
occurs when it enters a computer resource outside the control of the originator.
(2) Save as otherwise agreed between the originator and the addressee, the time of receipt of
an electronic record shall be determined as follows, namely:—
(a) if the addressee has designated a computer resource for the purpose of receiving
electronic records,—
(i) receipt occurs at the time when the electronic record enters the designated
computer resource; or
(ii) if the electronic record is sent to a computer resource of the addressee that is
not the designated computer resource, receipt occurs at the time when the
electronic record is retrieved by the addressee;
(b) if the addressee has not designated a computer resource along with specified timings,
if any, receipt occurs when the electronic record enters the computer resource of the
addressee.
(3) Save as otherwise agreed to between the originator and the addressee, an electronic record
is deemed to be despatched at the place where the originator has his place of business, and is
deemed to be received at the place where the addressee has his place of business.
(4) The provisions of sub-section (2) shall apply notwithstanding that the place where the
computer resource is located may be different from the place where the electronic record is
deemed to have been received under sub-section (3). ( Similar to Article 15 of UNCITRAL
MLEC)
(5) For the purposes of this section,– (a) if the originator or the addressee has more than one
place of business, the principal place of business, shall be the place of business; (b) if the
originator or the addressee does not have a place of business, his usual place of residence
shall be deemed to be the place of business; (c) ―usual place of residence‖, in relation to a
body corporate, means the place where it is registered.
Adoption of Digital signatures
Realisation that Internet being a public network would never be secure enough and there
would always be a fear of interception, transmission errors, delays, deletion, authenticity or
verification of an electronic message using Internet as a medium. Hence the goal was to
protect the message, not the medium.
The idea was to adopt a technology that makes communications or transactions legally
binding. The functional equivalent approach extended notions such as "writing", "signature"
and "original" of traditional paper-based requirements to a paperless world. That is, in order
to be called legally binding all electronic communications or transactions must meet the
fundamental requirements, one authenticity of the sender to enable the recipient (or relying
party) to determine who really sent the message, two message's integrity, the recipient must
be able to determine whether or not the message received has been modified enroute or is
incomplete and third, non-repudiation, the ability to ensure that the sender cannot falsely
deny sending the message, nor falsely deny the contents of the message.
It led to the Adoption of cryptographic system evolving symmetric Crypto system and
asymmetric crypto system.
Refer to Sections:
 2(1)(p) defines digital signature.
 2(1)(t) defines electronic record.
 2(1)(ta) defines electronic signature.
 2(1)(f) defines Asymmetric Crypto system.
 2(1)(zc) defines private key
 2(1)(zd) defines public key
 2(1)(x) defines key pair.
 3- Authentication of Electronic Records by Affixing Digital signature.
 3A- Authentication of Electronic Records by electronic signature or electronic
authentication technique- Similar to Article 7 of UNCITRAL MLEC
 5- Legal recognition of Electronic Signatures.
Creation of digital signature using Asymmetric Crypto system
 Step 1: Signer demarcates what is to be signed. The delimited information to be
signed is termed the "message".
 Step 2: A hash function in the signer's software computes a hash result (message
digest or digital fingerprint) unique to the message.
 Step 3: The signer’s software then transforms the hash result into a digital signature
using the signer's private key. The resulting digital signature is thus unique to both the
message and the private key used to create it.
 Step 4: The digital signature (a digitally signed hash result of the message) is attached
to its message and stored or transmitted with its message. Since a digital signature is
unique to its message, it is useful if it maintains a reliable association with its message
Verification of digital signature
 Step 1: receives digital signature and the message
 Step 2: applies signer's public key on the digital signature
 Step 3: recovers the hash result from the digital signature
 Step 4: computes a new hash result of the original message by means of the same hash
function used by the signer to create the digital signature
 Step 5: compares the hash results recovered in Step 3 and Step 4
If the hash result computed by the verifier is identical to the hash result extracted from the
digital signature during the verification process, it indicates that the message remained
unaltered. If they are not equal, it would mean that the message either originated elsewhere or
was altered after it was signed, and the recipient can reject the message.
Creation of Electronic Signature
  Step 1: Signer subscribes/uses a reliable electronic signature or electronic
authentication technique
 Step 2: Signer holds the 'electronic key' at the time of signing, authenticating him
 Step 3: Signer affixes the electronic signature
Verification of Electronic Signature
 Step 1: Recipient receives electronically signed electronic record
 Step 2: Recipient verifies the integrity of the said electronically signed electronic
record
 Step 3: Recipient accepts the said record if no alteration is detected
Difference Between Digital signature and Electronic signature:
 Electronic Signatures are simple and easy to use but less secure whereas Digital
Signatures provide strong security through cryptographic System.
 Electronic Signature is a generic and universal term encompassing digital Signature
also.
 Electronic Signature is a technology neutral term whereas digital Signature is a
technologic specific term.
Refer to section 15- secure Electronic record
Refer to Section 16- Secure Electronic Signature
Public Key Infrastructure
One or more trusted third parties which will not only authenticate that a digital signature
belongs to a specific signer but also dispense the public keys. Such a trusted third party is
referred to as a "certification authority". Its function is to verify and authenticate the identity
of a subscriber (a person in whose name the Digital Signature Certificate is issued).
A certifying authority has to receive a licence from the 'root' certifying authority or controller
of certifying authorities, before it starts issuing digital signature certificates to the subscribers.
The issuing certification authority's digital signature on the digital signature certificate can
also be verified by using the public key of the certification authority listed in the repository of
root or controller of certifying authorities. Repositories are on-line databases of certificates
and other information available for retrieval and use in verifying digital signatures.
This establishes multi level authorities, often referred to as Public Key Infrastructure (PKI)
hierarchy where a set of Certifying Authorities is subordinate to the superior Certifying
Authority (Controller of Certifying Authorities).
A PKI system is much more than the subordinate-superior relationship existing between
certifying authorities and controller. It is a set of policies, processes, server platforms,
software and workstations used for the purpose of administering Digital Signature
Certificates and public-private key pairs, including the ability to generate, issue, maintain,
and revoke public key certificates, PKI represents a brand new system of creating and
authenticating digital binding relationships.
This multiple party system of creating and authenticating digital binding relationships is
based on trust. Basically it involves: (a) an individual or entity identified by the certificate
(Subscriber) (b) the issuer of the certificate, which includes identification and authentication
of subject (subscriber) information contained in the certificate (Certifying Authority) and (c)
the company, agency or individual relying on the certificate (Relying Party).
By virtue of section 17 of the Act, Controller of Certifying Authorities shall be appointed by
the Central government. The Controller may additionally carry out all or any of the following
functions:
(iii) Supervises the activities of Certifying Authorities.
(iv) Certifies public keys of the Certifying Authorities.
(v) Drafts the requirements to be maintained by way of Certifying Authorities.
(vi) Specifies the qualifications and revel in of employees of the Certifying
Authorities.
(vii) Specifies the situations below which the Certifying Authority shall conduct
their business;
(viii) Specifies the contents of written, revealed or visual materials and commercials
that may be distributed or utilized in a Digital Signature Certificate and the
general public key;
(ix) Specifies the format and content of a Digital Signature Certificate and the
important thing;
(x) Specifies the layout wherein Certifying Authorities shall keep the bills.
(xi) Specifies the terms and situations for the appointment of the auditors and their
remuneration.
(xii) Helps the Certifying Authorities in organizing any digital machine and law of
such gadget.
(xiii) Specifies the way wherein the Certifying Authorities shall address the
subscribers.
(xiv) Resolves any warfare that arises between the Certifying Authorities and the
subscribers;
(xv) Lays down the duties of the Certifying Authorities;
(xvi) Maintains a database containing the disclosure record of ever Certifying
Authority.
(xvii) Maintains the database of public keys in a way that it is available to the
general public.
(xviii) Issues the license to issue the Electronic Signature Certificate.(Sec.21)
(xix) Can suspend the license if he isn’t pleased with the validity of the applicant.
(Sec 25)
The IT Act presents for the Controller of Certifying Authorities (CCA) to license and adjust
the running of Certifying Authorities. The Certifying Authorities (CAs) issue electronic
signature certificate under section 35, for electronic authentication of users.
It ambitions at selling the growth of E-Commerce and E- Governance through the wide use of
virtual signatures. The Controller of Certifying Authorities (CCA) has established the Root
Certifying Authority (RCAI) of India underneath section 18(b) of the IT Act to digitally
signal the general public keys of Certifying Authorities (CA) within the country. The RCAI is
operated as according to the requirements laid down under the Act.
The CCA certifies the public keys of CAs the use of its own non-public key, which permits
customers in the our on-line world to verify that a given certificate is issued by a licensed
CA. For this reason it operates, the Root Certifying Authority of India (RCAI). The CCA
additionally continues the Repository of Digital Certificates, which incorporates all the
certificates issued to the CAs inside the country.