• Home
  • Blog
  • PKI, E-Governance & E-Contracts: MBA Lecture Notes

PKI, E-Governance & E-Contracts: MBA Lecture Notes

Essential notes covering PKI basics (public/private keys), the role of CAs, e-governance frameworks, and the legal aspects of e-contracts for managers.
PKI, E-Governance & E-Contracts MBA Lecture Notes

Explore key concepts of PKI, Certification Authorities, digital signatures, e-governance (IT Act), and e-contracts with these concise lecture notes.

Course: MBA Program

Module: Legal Aspects of Business / IT Management (or relevant module)

Topics: Public/Private Keys, Certification Authorities, Digital Signatures, Electronic Signature Certificates, E-Governance (Electronic Records & Signatures), E-Contracts (Formation, Types, Legal Approach), Email Contracting.

1. Public Key & Private Key Concept (Asymmetric Cryptography)

What is cryptography and why is it needed in business?

Cryptography is the science of secure communication in the presence of third parties (adversaries). It provides:

  • Confidentiality: Preventing unauthorized access to information.
  • Integrity: Ensuring information has not been altered.
  • Authentication: Verifying the identity of the sender/receiver.
  • Non-repudiation: Preventing the sender from denying they sent the message.

What are Public and Private Keys?

They are core components of Asymmetric Cryptography (also known as Public Key Cryptography):

  • Key Pair: Each user has a mathematically related pair of keys: a Public Key and a Private Key.
  • Private Key: Kept secret by the owner. Used for signing digital documents or decrypting messages encrypted with the corresponding public key. Compromise of the private key compromises the user’s digital identity.
  • Public Key: Freely distributed. Used for verifying digital signatures created with the corresponding private key or encrypting messages intended only for the owner of the corresponding private key.
  • How it Works: What one key encrypts, only the other key in the pair can decrypt. What one key signs, only the other key can verify. They work together but cannot be derived from each other easily.

Analogy: Think of a mailbox. Anyone can drop a letter (encrypt using the public key) into your mailbox slot (public key is widely known). But only you have the key (private key) to open the mailbox and read the letters (decrypt). For signatures, imagine you use a unique stamp (private key) that only you possess. Anyone can use a public directory (public key) to check if the stamp mark is genuinely yours.

Business Relevance: Forms the foundation for secure online transactions, digital signatures, and secure communication (like HTTPS/SSL on websites).

(Potential Exam Question: Explain the concept of asymmetric cryptography, detailing the roles of the public key and the private key.)

2. Role of Certification Authorities (CAs)

If anyone can create a key pair, how do you trust that a public key truly belongs to the person or entity it claims to?

This is where Certification Authorities (CAs) come in. They are trusted third parties that verify the identity of individuals or organizations.

Role of a CA:

  1. Verification: CAs perform checks (like verifying identity documents, company registration details) to confirm the identity of the entity requesting a digital certificate.
  2. Issuance of Digital Certificates: If verification is successful, the CA issues a Digital Certificate (also called an Electronic Signature Certificate or Public Key Certificate). This certificate digitally binds the verified identity to the applicant’s public key.
  3. Certificate Management: CAs manage the lifecycle of certificates, including issuance, renewal, and revocation (if a private key is compromised or details change).
  4. Publishing Certificates: Often maintain public repositories or directories where certificates can be accessed for verification.
  5. Establishing Trust: Users trust the CA, and therefore, they can trust the certificates issued by that CA. This creates a chain of trust.

In India: The Controller of Certifying Authorities (CCA) licenses and regulates the working of CAs under the IT Act, 2000. Examples of licensed CAs in India include eMudhra, Capricorn, NSDL, etc.

Business Relevance: CAs enable trustworthy identification in the digital world, crucial for secure e-commerce, online banking, e-tendering, and legally valid digital signatures.

(Potential Exam Question: What is the primary role of a Certification Authority (CA) in the context of public key infrastructure? Why are they necessary?)

3. Creation & Authentication of Digital Signatures

What is a Digital Signature?

A Digital Signature is an electronic equivalent of a handwritten signature or a stamped seal, but it offers far more inherent security. It’s a mathematical scheme used to demonstrate the authenticity, integrity, and non-repudiation of a digital message or document.

How is a Digital Signature Created? (Simplified)

  1. Hashing: The original electronic record (e.g., a document, email) is processed through a mathematical function called a ‘hash function’. This creates a unique, fixed-size string of characters called a ‘hash’ or ‘message digest’. Even a tiny change in the original record results in a completely different hash.
  2. Encryption with Private Key: The sender encrypts this hash value using their Private Key.
  3. Appending: This encrypted hash is the Digital Signature. It is appended to the original electronic record.

How is a Digital Signature Authenticated/Verified? (Simplified)

  1. Decryption with Public Key: The receiver uses the sender’s Public Key (obtained typically from the sender’s Digital Certificate issued by a CA) to decrypt the attached digital signature. This reveals the original hash value (Hash A).
  2. Hashing by Receiver: The receiver independently calculates the hash of the received electronic record using the same hash function the sender used. This creates a second hash value (Hash B).
  3. Comparison: The receiver compares Hash A (from the decrypted signature) and Hash B (calculated from the received document).
  • If Hash A == Hash B: The signature is valid. This proves:
  • Authenticity: Only the sender’s private key could have created the signature verified by their public key.
  • Integrity: The document hasn’t been tampered with since it was signed (otherwise the hashes wouldn’t match).
  • Non-repudiation: The sender cannot deny signing the document (as only they possess the private key).
  • If Hash A != Hash B: The signature is invalid, indicating either the document was altered after signing or the signature was not created with the claimed sender’s private key.

Legal Status in India: Digital Signatures created as per the IT Act, 2000 (using asymmetric crypto system and hash function) are legally recognized equivalents to handwritten signatures for most purposes.

(Potential Exam Question: Describe the process of creating and authenticating a digital signature. What three key security aspects does a valid digital signature ensure?)

4. Concept of Electronic Signature Certificates

What is an Electronic Signature Certificate / Digital Signature Certificate (DSC)?

As mentioned under CAs, this is an electronic file issued by a Certification Authority (CA) that serves as a digital identity credential.

Key Components of a DSC:

  • Owner’s Public Key
  • Owner’s Name and other identification details (email, organization, address etc.)
  • Issuing CA’s Name
  • Serial Number of the Certificate
  • Validity Period (Start and End Date)
  • Digital Signature of the Issuing CA (to verify the certificate’s authenticity)
  • Recommended uses of the certificate (e.g., for signing, encryption)

Purpose:

  • Binds Identity: Links a specific public key to a verified identity (individual or organization).
  • Enables Verification: Allows recipients to confidently obtain the sender’s authentic public key to verify their digital signature.
  • Establishes Trust: Relies on the trust placed in the issuing CA.

Classes of Certificates in India: Different classes (e.g., Class 1, Class 2, Class 3) were historically issued based on the level of verification performed by the CA and intended usage, with Class 3 involving the highest level of scrutiny (often requiring in-person verification) and being used for high-security applications like e-tendering, e-filing. (Note: The specific classification system may evolve).

How are they stored? Often stored on secure hardware tokens (USB crypto tokens) to protect the associated private key.

(Potential Exam Question: What is an Electronic Signature Certificate (or DSC)? What key information does it contain, and what is its primary purpose?)

5. Electronic Governance: Electronic Records & Electronic Signatures

What is Electronic Governance (E-Governance)?

E-Governance refers to the application of Information and Communication Technology (ICT) for delivering government services, exchanging information, communicating transactions, and integrating various stand-alone systems and services between Government-to-Citizen (G2C), Government-to-Business (G2B), Government-to-Government (G2G), and Government-to-Employees (G2E).

Role of Electronic Records & Signatures in E-Governance (as per IT Act, 2000):

  • Section 4: Legal Recognition of Electronic Records: Where any law requires information to be in writing or typewritten form, such requirement is deemed satisfied if the information is available in an electronic record and accessible for subsequent reference.
  • Impact: Allows government filings, applications, notices, licenses, permits etc., to be created, stored, and processed electronically.
  • Section 5: Legal Recognition of Electronic Signatures: Where any law requires a signature, such requirement is deemed satisfied if the document is authenticated by means of an electronic signature affixed in a manner prescribed by the Central Government. (The IT Act initially focused on ‘Digital Signatures’ based on asymmetric PKI, but amendments broadened the term to ‘Electronic Signatures’ to potentially include other technologies like Aadhaar eSign, though specific rules apply).
  • Impact: Enables secure and legally valid authentication of electronic documents in government processes, replacing physical signatures.
  • Section 6: Use of Electronic Records and Electronic Signatures in Government and its Agencies: Provides the legal framework for governments to accept filings, issue licenses/permits, and receive/make payments electronically.
  • Section 7: Retention of Electronic Records: Specifies conditions under which electronic records can be legally retained, ensuring accessibility, integrity, and origin information.

Benefits of E-Governance enabled by Electronic Records & Signatures:

  • Efficiency & Speed: Faster processing of applications and delivery of services.
  • Transparency: Reduced scope for corruption, easier tracking of status.
  • Accessibility: Services available 24/7 from anywhere.
  • Cost Reduction: Lower administrative overheads (paper, storage, manual processing).
  • Accountability: Clear digital trails for transactions.

Examples in India: MCA21 (Ministry of Corporate Affairs), Income Tax e-filing, Passport Seva, DigiLocker, MyGov.in, Government e-Marketplace (GeM).

(Potential Exam Question: Explain how the IT Act, 2000 facilitates E-Governance through the legal recognition of electronic records and electronic signatures (Sections 4 & 5).)

(Potential Exam Question: Discuss the benefits of using electronic records and signatures in government processes.)

6. E-Contracts: Formation, Types & Indian Legal Approach

What is an E-Contract?

An E-Contract is simply a contract formed, either wholly or partly, through electronic means. The principles of contract law remain the same, but the medium of formation, communication, and execution is electronic.

Formation of E-Contracts (Indian Contract Act, 1872 + IT Act, 2000):

The essential elements of a valid contract (as per the Indian Contract Act, 1872) must still be present:

  1. Offer: Made electronically (e.g., displaying goods on a website).
  2. Acceptance: Communicated electronically (e.g., clicking “I Agree”, sending an acceptance email).
  3. Lawful Consideration: Something of value exchanged.
  4. Lawful Object: Purpose must be legal.
  5. Capacity to Contract: Parties must be legally competent.
  6. Free Consent: Consent must not be obtained by coercion, undue influence, fraud, misrepresentation, or mistake.
  7. Intention to Create Legal Relations.

IT Act, 2000 – Section 10A: Validity of contracts formed through electronic means:

  • Explicitly states that where offer, acceptance, or their revocation are expressed in electronic form or via electronic records, such a contract shall not be deemed unenforceable solely on the ground that electronic means were used.
  • Impact: Gives legal sanctity to e-contracts, provided they fulfill the requirements of the Indian Contract Act.

Types of E-Contracts:

  • Click-Wrap Agreements: User clicks “I Agree” or “Accept” to terms and conditions presented online (common for software licenses, website T&Cs). Generally enforceable if terms were reasonably accessible before acceptance.
  • Shrink-Wrap Agreements: Terms are packaged with a product (historically, inside the cellophane shrink-wrap of software boxes). Opening the package or using the product implies acceptance. Enforceability can be debated, especially if terms aren’t visible before purchase.
  • Browse-Wrap Agreements: Terms are available via a hyperlink on a webpage. Using the website is deemed acceptance. Often less enforceable than click-wrap, especially if the link is inconspicuous and no active assent is required.
  • Email Contracts: Offer and acceptance exchanged via email (discussed below).
  • EDI (Electronic Data Interchange) Contracts: Structured exchange of business documents (like purchase orders, invoices) electronically between business partners using standardized formats.

Indian Legal Approach:

  • E-contracts are valid and enforceable if they meet the criteria of the Indian Contract Act, 1872.
  • Section 10A of the IT Act removes doubts about their validity based on the electronic medium.
  • Electronic signatures (as per IT Act) can be used for authentication where signatures are required.
  • Rules of evidence (Indian Evidence Act, amended) allow admissibility of electronic records, subject to conditions (Section 65B).

(Potential Exam Question: What is an E-Contract? Explain how Section 10A of the IT Act, 2000 supports the validity of E-Contracts in India.)

(Potential Exam Question: Describe different types of E-Contracts (e.g., Click-wrap, Browse-wrap, Email) and discuss their general enforceability.)

7. Email Contracting

Can a legally binding contract be formed via email?

Yes, absolutely. Emails are electronic records, and exchanging them can fulfill the requirements of offer and acceptance under the Indian Contract Act, 1872.

Key Considerations for Email Contracts:

  • Clear Offer & Acceptance: The emails must clearly show an offer was made and unequivocally accepted. Ambiguous language can lead to disputes.
  • Intention to Create Legal Relations: The communication should indicate that the parties intended their agreement to be legally binding, not just preliminary discussions.
  • Certainty of Terms: Essential terms (subject matter, price, quantity, timeline) should be clear or ascertainable from the email exchange.
  • Authentication: While not always mandatory for simple contracts, using electronic signatures can help prove the identity of the parties and prevent disputes about who sent the email. Even without formal signatures, email headers and context can serve as evidence.
  • Record Keeping: Businesses should maintain records of email exchanges that form contracts.

Potential Issues:

  • Timing of Acceptance: When is acceptance effective (when email is sent or received)? The IT Act provides rules (Section 13) regarding dispatch and receipt of electronic records.
  • Authority: Was the person sending the email authorized to bind the company?
  • Incorporation of Terms: Are standard terms and conditions mentioned or linked in the email effectively incorporated?

Business Practice: While emails are convenient, for high-value or complex agreements, it’s often prudent to follow up with a formal, signed contract document (which can still be executed electronically using digital signatures). However, businesses must be aware that even seemingly informal email exchanges can create binding obligations.

(Potential Exam Question: Discuss the validity and enforceability of contracts formed through email exchanges in India. What are some key factors and potential issues to consider?)

Conclusion for MBA Students:

Understanding the mechanisms behind digital identity verification (PKI, CAs, DSCs) and the legal framework supporting electronic transactions (IT Act provisions for electronic records, signatures, and contracts) is fundamental for modern business operations. Whether engaging in e-commerce, participating in e-governance initiatives, or simply using email for agreements, businesses must navigate the legal and technical landscape of the digital world effectively. This knowledge enables secure transactions, ensures legal compliance, and fosters trust in the digital ecosystem.

Related reading:

Cybersecurity practical guide for MBA students

MBA Lecture notes on Cybercrime and data privacy

April 22, 2025
Avatar of Debajyoti Banerjee
Posts | Courses
Debajyoti Banerjee

Debajyoti Banerjee is the Founder, Director & CEO of Seven Boats - A leading digital marketing agency & digital marketing training institute in India since 2011. He is a TEDx Speaker, Google & LinkedIn Certified Digital Marketer & Trainer, Brand Strategist, Consultant & Entrepreneur. Debajyoti has 18+ years of domain expertise & successful track records in Digital Marketing & emerging technologies. B. Tech in computer engineering & post graduate diploma in Marketing, Debajyoti has 18+ years of domain experience and successful track records in digital marketing services & digital marketing training with 500+ clients & 100K+ students in 165+ countries. He has been invited & felicitated by 25+ Top B Schools & universities including London Business School, AICTE ATAL FDP, UGC-HRDC, IIM Shillong, IIM ROHTAK, IIT KGP, IIT Guwahati, Calcutta University, Ranchi University, St. Xavier’s, Brainware, Techno India, JIS Group, Jaypee Group, Shikshayatan Foundation, IIEST Shibpur, Bhavan’s, ICFAI Business School, GITAM Deemed University, Swami Vivekananda Group of Institutions & many more. He has been awarded with more than 20 national awards and he has received notable media coverage. Learn more

Website : https://www.7boats.com/

0 responses on "PKI, E-Governance & E-Contracts: MBA Lecture Notes"

Leave a Message

Your email address will not be published. Required fields are marked *

Learn digital marketing for free - Seven Boats

Want to learn Digital Marketing?

Sign Up for our FREE Digital Marketing Certification Courses →

1. Sign up & start free courses → 2. Start a blog  → 3. Read Digital Marketing Tutorials → 4. Check Tools → 5. Upgrade to Premium Courses

Digital Marketing Tools

Seven Boats SiteAuditor Tool

Seven Boats Free SEO Tools

Award winning
Digital Marketing Institute
in India

Seven Boats Academy (A Unit of Seven Boats Info-System Private Limited) is an award-winning digital marketing institute located in Kolkata India, offering digital marketing courses for job seekers, working professionals, and entrepreneurs. This digital marketing institute has set a new benchmark for digital marketing education in India by training over 100K+ students in digital marketing through their online, classroom, corporate training and workshops. Seven Boats provides digital marketing solutions tailored to each student’s requirements while ensuring they acquire the latest industry skills that are required to kickstart their digital career. With their committed team of experienced digital professionals by their side and interactive teaching pedagogy, it’s no wonder Seven Boats has become one of the premier digital marketing institutes in India.

Seven Boats Academy Centres

Nagerbazar

Unit No.304, Diamond Arcade 1/72, Cal, Jessore Rd, Kolkata, West Bengal 700055, India

Phone: 08017049042
Secondary phone: 09674937499
Email: [email protected]

Khardah

P.O, 1095, Lodh House, Arunachal, Khardaha, Rahara, Kolkata, West Bengal 700118, India

Phone: 08017049042
Secondary phone: 09766470193
Email: [email protected]

Bhowanipore

SHIVAYAN, Flat No. G-2, 41B, Suhasini Ganguly Sarani, Bhowanipore, Kolkata, West Bengal 700025, India

Phone: 08017049042
Email: [email protected]

Baranagar

14/4/1, Behari Lal Paul St, Baranagar, Kolkata, West Bengal 700036, India
Phone: 08017049042
Email: [email protected]

Seven Boats on Udemy

Seven Boats on Google Play

Listen on Spotify Podcasts
top
Copyright © 2011-2025 Seven Boats Academy. All rights reserved.
Login / Sign up
Download Brochure
WhatsApp Chat