FAQ on Digitally Signed Contract Note
Digital Signature Certificates
Digitally Signed Contract Notes
- What is the legal framework for digitally signed documents?
Government has enacted the IT Act 2000 on 7th June 2000
with an aim to provide a legal and regulatory framework
for promotion of e-Commerce and e-Governance. The Act contains
the provisions with regard to Legal recognition of digital
signatures, security procedure for electronic records and
digital signature, appointment of Certifying Authorities
and Controller of Certifying Authorities, Issue of license
to Certifying Authorities to issue digital signature certificates,
etc. among other legislative provisions. Use of electronic
records or digital signature would be valid in Government
and its agencies as per the provision of the Act
- What is a digital signature?
A digital signature should not be confused
with a digitized signature (a scan of a hand-written signature).
A digital signature is an encryption and
decryption process that does two things
- positively identifies the author of an electronic message
(who has digitally signed the message)
- Verifies the integrity of the message (that it has not
been tampered with during its transmission).
Digital signatures are based on the RSA
public key encryption system. In this system the author
of a message keeps his/her private key secret and publishes
the corresponding public key. Any text encrypted with the
private key can be decrypted with the public key, and vice
versa. However, the knowledge of the public key is not sufficient
to deduce the private key.
Therefore the holder of a public key cannot
pretend to be the holder of the corresponding private key.
- How does a digital signature look like?
A sample digital signature looks as under:
- Can you actually see the signer's handwritten signature?
No, there is no relationship to the signer's
handwritten signature. The visible portion of the digital
signature contains the signer's name, title and organization
name, along with the certificate serial number and the
Certifying Authority name.
- What is a Digital Signature Certificate?
A digital signature certificate is a
computer-generated record. It contains the identity record.
It contains the identity of the subscriber (holder of
the certificate), the public key which is digitally signed
by the Certifying Authority. The digital signature certificate
is associated with both a public key and a private key.
- Who can issue a digital signature certificate to a subscriber?
A Certifying Authority can issue a digital
signature certificate to a subscriber. The IT Act and
the Certifying Authorities Rules framed under the Act
stipulates the methods for issuance of a digital signature
- What is a Certification Authority?
A Certification Authority is a trusted
third party that verifies the identity of an applicant
registering for a digital certificate. Once a Certification
Authority is satisfied as to the authenticity of an applicant's
identity, it issues that person a digital certificate
binding his or her identity to a public key. In case of
ICICIdirect, the certifying authority is Safe Scrypt.
- Have Certifying Authorities been appointed by the Controller?
Yes, the Controller of Certifying Authorities
has appointed Safe Scrypt as the first Certifying Authority
- Can a digital signature be forged?
Not likely. It is protected by several
layers of highly complex encryption.
With digital signatures, forgery is -much more difficult
than forging a handwritten signature. First, a digital
signature is more of a process than just affixing a signature.
For example, when the document is "digitally signed,"
the digital software scans the document and creates a
calculation, which represents the document. This calculation
becomes part of the "digital signature." When the recipient
authenticates the signature, a similar process is carried
out. The sender's and the receiver's calculations are
then compared. If the results are the same, the signature
is valid; if they are different, the signature is not
- How does a digital signature work?
We would explain it with simple example
digitally signed emails.
Suppose A and B wishes
to correspond electronically. A wants to assure B that
he originated the electronic message, and that its contents
have not been tampered with. A can do so by signing the
message with his digital signature.
When A clicks on the digital signature
option on his e-mail application, a mathematical formula
known as a hash function is applied to the message, The
message is converted it to a fixed-length string of characters
called a "message digest". The digest acts as a "digital
fingerprint" of the original message. If the original
message is changed in any way, it will not produce the
same message digest when the hash function is applied
again. A's software then encrypts the message digest
with his private key, producing a digital signature of
the message. He transmits the message and digital signature
B uses A's public key to
decrypt the digital signature, revealing the message digest.
Since only A's public key can decrypt the digital
signature, he is able to verify that A was the
sender of the message. To verify the message content,
B's software applies the hash function to the message
he received from A. The message digests should be identical.
If they are, B knows the message has not been changed
and he is assured of its integrity.
Digitally Signed Contract Notes
- How is ICICIdirect making use of this technology?
ICICIdirect is making use of this technology
to sign the contract notes digitally and making the same
available online. Digitally signed contract notes would
be made available to the customers by evening on the trading
day itself. Features include the provision to verify the
authenticity of the digital signatures.
SEBI has permitted issuance of digitally
signed contract notes vide its Circular (SMDRP/POLICY/CIR-56/00
dated December 15, 2000), With the appointment of
Certifying Authorities, and the approval from SEBI, Digitally
Signed Contract Notes are now acceptable as legally valid
- How can I view the Digital Singed Contract Note?
After you log in, you would have to go
to the customer service page. There you will have to click
on the link for Digital Contract Note. You would have
to select the details and click on 'verify'.
- Will I continue to receive physical contract notes?
ICICIdirect would send a consolidated
physical statement for the transactions done during the
quarter. This statement would be designed in a very
user friendly format and will be sent to you physically,
once in a quarter.
- Do I pay anything for the Digital Signed Contract Notes?
No. You do not have to pay anything for
the Digital Signed Contract Notes.
- Can I print the Contract Note?
Yes, there is an option of both saving
as well as printing the Contract Note.
- For what duration would the Digital Signature Certificate
be available on the website?
You can view the Digital Signature Certificate
on the website upto seven years.