With the widespread digitization around the world, the whole world has become a global village and we can do almost everything digitally. Bangladesh is moving to smart Bangladesh vision completing its digital journey successfully. Digital Signature in Bangladesh is getting more and more focus to make the digital lifestyle secure, efficient and tension-free.
A digital signature is an electronic version of a handwritten signature that can be used to authenticate the identity of the sender of a message or the signer of a document. In Bangladesh, digital signatures are regulated by Information and Communication Technology Act 2006 (ICT Act) amended in 2013, The Information Technology (Certifying Authority) Rules 2010 (CA Rules); National Information and Communication Technology Policy 2018 etc.
Digital Signature is very important for digital and smart Bangladesh. It helps to ensure the security of online communications, and transactions and prevents fraud.
Table of Contents
What is a Digital Signature
A digital signature is an electronic equivalent of a handwritten signature that can be used to authenticate the identity of the sender of a message or the signer of a document. A digital signature can be used to verify the authenticity and integrity of a message, software or digital document. In order for a digital signature to be valid, it must be generated and verified using a set of cryptographic rules and parameters known as public key infrastructure (PKI).
Digital signatures are based on asymmetric cryptography, which uses pairs of keys – one public and one private – to encrypt and decrypt data. The sender uses their private key to generate a digital signature for a message or document, which can then be verified by anyone who has access to the sender’s public key. When verifying a digital signature, the recipient uses the signer’s public key to decrypt the signature and compare it to the original message or document.
If the two matches, then the recipient can be confident that the message or document came from the signer and has not been tampered with. Digital signatures are commonly used in email applications such as Microsoft Outlook and Mozilla Thunderbird, software downloads from websites as well as in PDF documents. They provide an additional layer of security by ensuring that only the intended recipients can read messages or open documents, and they also help to ensure that any changes made to these files are immediately detectable.
Follow the link and get some insight: https://www.facebook.com/RashedBiplobOfficial/videos/163332008885299
Digital Signature vs Electronic Signature
Digital signatures and electronic signatures are two terms that are often used interchangeably, but there are actually some key differences between the two. There are a few key differences between digital signatures and electronic signatures. For starters, electronic signatures are simply a representation of your signature in an electronic form, while digital signatures are based on complex mathematical algorithms that encrypt and verify the authenticity of your identity. Digital signatures are much more secure than electronic signatures, as they’re nearly impossible to forge.
In short, all digital signatures are electronic signatures but all electronic signatures are not digital signatures.
Electronic signatures can be easily copied and pasted, which makes them far less secure. Additionally, digital signatures allow you to track when a document was signed and by whom, while electronic signatures do not offer this same level of security or tracking ability.
For one, digital signatures are based on a public key infrastructure (PKI), which means they require a third party to verify the signature. Electronic signatures, on the other hand, can be verified without any outside help.
Another big difference is that digital signatures are much more difficult to forge than electronic signatures. That’s because they rely on complex algorithms that create a unique signature for each document. Electronic signatures, on the other hand, can be created with just a few clicks of a mouse.
Electronic signatures can be easily copied and pasted, which makes them far less secure. Additionally, digital signatures allow you to track when a document was signed and by whom, while electronic signatures do not offer this same level of security or tracking ability.
Finally, digital signatures are legally binding in many countries, while electronic signatures are not always recognized as such. This means that if you sign a contract with a digital signature, you could be held accountable if you break the terms of the agreement. With an electronic signature, however, there’s no such guarantee.
E-Signatures vs. Digital Signatures explained in the one minute video below:
Methods of Digital Signature
Digital Signature facilities are available using some methods. Two of them are prominent.
1. Dongle-based Digital Signature: It is A Pendrive like a small electronic device or token for a Digital Signature Certificate. It may contain some in-built data encryption software in addition to the unique digital signature. Digital signature dongles, e-tokens, USB tokens, etc.) are some of the other names for this device.
2. Donge less Digital Signature: You may avail the digital signature without using any moveable device i.e, a dongle.
Steps in Digital signature:
Key generation: The first step is to create the public key and its correlated private key.
Signing: The message is signed by the user with his/her private key.
Verification: The signature in the message against the public key is verified.
Benefits of the Digital Signature
1. Legality
2. Verifiability
3. International Acceptance
4. Low-cost method
5. Saves money
6. Paperless activities
7. Fast services
8. Green Economy
9. Remote access
10. Virtual appearance
11. Fraud Prevention
12. Convenience
13. Eco-friendliness
How Can Businesses Benefit from Digital Signatures?
Digital signatures are becoming increasingly popular in the business world as a way to securely sign documents and contracts. There are many benefits of using digital signatures for businesses.
1. Workflow automation, Robotics Process Automation (RPA), and the preparation for the fourth industrial revolution will be easy and efficient.
2. The ease of doing business will improve dramatically as the red-tapism will disappear as the audit trail is available as to where the work is facing bottlenecks. Besides, data validation will help to identify and solve incomplete data issues. The accuracy of documentation will be higher than the traditional wet signatures.
3. Remote communication and contracts will be of no headache for the businesses as the physical visits will be of no necessity. Any document is easy to sign and reach to the deal globally when you are sitting at your home.
4. It can save a lot of time and hassle compared to traditional paper-based methods. Documents can be signed electronically without having to print them out, sign them, and then scan them back in. This can be a huge time-saver for busy professionals.
4. It can save a lot of time and hassle compared to traditional paper-based methods. Documents can be signed electronically without having to print them out, sign them, and then scan them back in. This can be a huge time-saver for busy professionals.
5. With more accuracy, efficiency, speed, and fewer red-tapisms, and physical movements, it will lower the costs of the business radically.
6. Another benefit is that digital signatures are much more secure than traditional signatures. They cannot be forged, and they provide a record of when and where the document was signed. This helps to prevent fraud and protects businesses from being taken advantage of. This means that businesses can be confident that when they receive a document with a digital signature, they can be sure that it has not been tampered with and is exactly as the original sender intended.
7. Digital signatures offer a convenient and secure way for businesses to sign documents electronically. They save time, reduce paper waste, and help to prevent fraud. If your business is not already using digital signatures, it may be worth considering doing so in the future.
8. Another advantage of using digital signatures is that they are much more efficient than traditional signatures. This is because once a digital signature has been created, it can be easily applied to any number of documents without any additional effort required. In contrast, each handwritten signature must be individually added to each document, which can be time-consuming and impractical for businesses who need to send out large numbers of documents on a regular basis. They are more secure and efficient than traditional signatures, making them an ideal solution for companies who need to send out sensitive or important documents regularly.
How Does Using a Digital Signature Improve Security for Businesses
Digital signatures are becoming increasingly popular as a means of securing business documents. There are several advantages of using digital signatures for businesses.
First, digital signatures are more secure than traditional handwritten signatures. This is because it is much harder to forge a digital signature than it is to forge a handwritten signature. Second, digital signatures can be used to authenticate the identity of the signer.
This
Overall, using digital signatures can improve security for businesses in many ways. By making it more difficult for documents to be forged and by allowing businesses to verify the identity of signers and the integrity of documents, digital signatures can help businesses protect themselves from fraud and other risks.
Use Cases of Digital Signature in Bangladesh
Digital Signature is not widely used in Bangladesh. However, it is getting momentum with the passage of time. By June 2022, there have been 56,201 electronic signatures with more than 6,00,000 digitally signed incidences. Here are some of the organizations using digital signatures to some extent:
- RJSC uses in Internal Office Applications, QR code, Web Applications etc.
- NBR uses in TIN Certificate
- Directorate General of Food uses in Document Signing
- Office of the Controller of Certifying Authorities (CCA) uses in Document Signing
- BCC in VPN Service of National Data Center
- Robi Axiata in Purchase and Corporate Affairs
- Agrani Bank Limited uses in Remittance Solution
- Pubali Bank Limited uses in Audit Service
- Brac Bank Limited in Purchase and Corporate Affairs
- BUET uses in Document Signing
- Bangladesh Police applies in Online Police Clearance
- Finance Division applies in IBAS++ System
- A2i applies in d-nothi
- CPTU applies in e-GP
- Office of the Chief Electric Inspector uses in Electrical Contractor, approval of Power sub-station
- BDCCL uses in Corporate Affairs
Where a digital signature is more value-adding
1. Income Tax Return
2. BRTA Office
3. Online G2C Service
4. Banking and Insurance
5. Education for Certificate, Registration and Admit card
6. E-judiciary
7. E-commerce
8. Foreign Trade
9. Customs
Use Cases of Digital Signature in India
India Uses digital signature in many services including:
Income Tax File Return
Registration for Goods and Services Tax
E-Tendering
VAT Return
Import and Export Code
Company and Limited Liability Registration
Use Cases of Digital Signature in Estonia
Estonia is a fully digital country and uses digital signatures in all cases. The nature and use of digital signatures in Estonia are regulated by the Digital Signature Act passed on March 8, 2000, and effected on December 15, 2000.
Office of the Controller of Certifying Authorities (CCA)
Establishment: Office of the Controller of Certifying Authorities (CCA) started its journey in May 2011 being established under the ICT Act 2006 (Amended).
Vision: The vision of the CCA is to ensure Secure Cyber Space
Mission: Ensuring secure transition of Information and eradicating cyber Crime through the implementation of a Digital Signature Certificate.
Objectives: Helping secure cyberspace in the country, operating Public Key Infrastructure (PKI) program within the legal framework, and awareness of secure e-transaction
Functions of CCA
- Issuing CA licenses to CAs as per the ICT Act 2006 (Amended 2013) and ICT (CA) Rules 2010.
- Governing the functions of licensed Certifying Authorities (CAs)
- Running of Public Key Infrastructure (PKI) activities.
- Controlling PKI standard.
- Investigation of Cybercrimes under ICT Act, 2006.
- Constituting Audit firm for auditing IT.
- Root CA Bangladesh
Achievements of CCA
OIC-CERT membership in 2014
06 Web trust Seals from CA Browser Forum, Canada in June 2021
IOC/IEC 270001:2013 Certification on March 2022
Training provided to more than 28000 Govt. officials on digital signature by December 2022
Cyber awareness training for around 100000 school-going girls till December 2022
Awarded 7 Certifying Authority licenses. One of them is Bangladesh Bank which can greatly reduce fraud in the financial sector.
Established Digital Forensic Lab in April, 2018 and produced 52 forensic reports so far
Established Security Operations Center at the World’s 7th largest Tier-IV Data Center in Kaliakoir, Gazipur
Established Disaster Recover Center at Sheikh Hasina Software Technology Park, in Jashore
First position in implementing NIS Workplan 2020-21 in ICT Division
First position in implementing APA Workplan 2021-22 in ICT Division
Innovation Award from ICT Division for the fiscal year 2020-21
Using Digital Signature in birth and death registration process.
Introducing Digital Signature in e-TIN.
Future Plans of CCA for 2041
CCA has been working with a smart and comprehensive plan to ensure a tension-free digital society in Bangladesh by 2041 to use 100% digital signatures.
- Smart CCA Building
- PKI enabled ecosystem
- Secured Social media
- High-Speed internet
- Tension-free citizens
- Skilled Manpower
- BD Vault
- National Web Browser
- Own National Social Network(Jogajog, Alapon)
- Secured and Trusted Electronic environment
- 5-Helix Collaboration (Govt, Academia, Industry, Entrepreneurs, Private Sector )
- 100% Secured Transactions
- More options for Dongle-less methods
- Making mandatory usage as willingly interested are little in number
- More promotions and Training
- Verification ID Database
- More legal supports and frameworks
- 100% Digital Signature by 2041 countrywide.
Challenges for CCA
CCA has been in operation for almost 10 years but could not attain the expected momentum for few challenges. They include but not limited to the following odds:
Lack of knowledge in cybersecurity for online services
Lack of interest for digital signatures
BD Root Certificates are yet to be internationally trusted on Mozilla, Google, Microsoft
Less Budget for awareness and promotion
Systems are not PKI enabled
Three Classes of Digital Signature Certificates
A digital signature certificate (DSC) is an electronic document that uses a digital signature to bind a public key with an identity. The purpose of a DSC is to ensure the authenticity of the signer and the integrity of the data in the document. Personal digital signature certificates are the most common type and are typically used for signing email messages and documents. Organization digital signature certificates can be used by businesses to sign documents on behalf of the company. Extended validation digital signature certificates offer the highest level of security and are typically used by banks and other financial institutions. There are different types of digital signature certificates (DSC) available in the market, which cater to different needs and requirements. There are three classes of DSCs: Class 1, Class 2, and Class 3.
Class 1
Class 1 certificates are used to identify an individual for e-commerce transactions such as online banking and shopping. These certificates contain the name and email address of the signer and are issued by a Certificate Authority (CA). Class 1 certificates are issued to individuals/private subscribers. These certificates will confirm that user’s name (or alias) and E-mail address with low assurance level.
Class 2
Class 2 certificates are used to identify an individual and organization. These certificates are issued for both business personnel and private individuals use for medium-security transactions such as email signatures and code signing. These certificates contain the name, email address, and organization name of the signer, and are also issued by a CA.
Class 3
Class 3 certificates are used to identify an individual for high-security transactions such as financial transactions or legal documents. These certificates contain all of the information in Class 2 certificates plus additional information such as addresses, dates of birth, passport numbers, etc. They are usually issued by banks or other organizations that require this level of security. As high assurance certificates, primarily intended for e-commerce applications, such certificates are usually issued by the Certifying Authorities with appropriate documents. SSL certificate, device certificate, VPN certificates, code signing certificates etc. are some of the examples of Class 3 certificates
Certifying Authority in Bangladesh
A Certifying Authority (CA) is an organization that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely on signatures or on assertions made about the private key that corresponds to the certified public key.
A CA acts as a trusted third-party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. CAs are characteristic of many public-key infrastructure (PKI) schemes. In Bangladesh seven CAs have so far been approved:
- Mango Teleservices Ltd.-www.mangoca.com.bd
- Dohatec New Media-www.dohatec-ca.com.bd
- Data edge limited- www.dataedgeid.com/
- Banglaphone Ltd.-www.banglaphone.net.bd
- Computer Services Ltd.-www.computerservicesltd.com
- Bangladesh Computer Council-http://www.bcc.gov.bd
- Bangladesh Bank-https://ca.bb.org.bd
Services by a CA
A CA can provide versatile services based on its capacity and licensing from CCA and other authorities. Some of the services available from the CAs in Bangladesh are listed below:
- Digital Certificates & PKI Services
- Data Security Solution
- Encryption Certificate
- Strong Authentication Solution
- Secure Email Certificate
- Application Security Solution
- SSL Certificate
- Transaction Security Solution
- OCSP Responder Certificate
- Two-Factor Security Solution
- PDF Signer, DocSigner
- Manage PKI Solution
- Proxy Server
- Database Server
- Web Hosting
- Risk-Based Authentication
- Internal PKI Solution
- Dedicated Private Lease Line
- Ethernet Service
- Live Broadcasting
- Website Trust and Online Security
How Can I Get a Digital Signature for My Documents
If you need to sign a document electronically, you can use a digital signature. The National Root CA issues certificate only to Certifying Authorities. CAs issue Digital Certificate to subscribers. You can approach any one of the CAs for getting Digital Certificate. Once you have an account with a company that offers digital signatures, you can start signing documents right away.
Legal Framework of Digital Signature in Bangladesh
The digital signatures in Bangladesh has been legally backed by many legal and policy supports. Such signatures are recognized under the country’s Information and Communication Technology Act 2006 (ICT Act) amended in 2013 for signing in any documents requiring a signature, subject to certain exceptions. Besides, The Information Technology (Certifying Authority) Rules 2010 (CA Rules); National Information and Communication Technology Policy 2018; and the Certification Practice Statement published by the Office of the Controller of Certifying Authorities (CCA) are playing roles by providing legal frameworks for the digital signatures in Bangladesh.
Digital signatures must be able to ensure:
- Integrity
- Authenticity
- Credentiality
- Identify the signatory;
- Affix with the signatory uniquely;
- Created in a safe manner; and
- Capable of identifying any alteration made in the data thereafter.
There are certain types of documents or agreements that generally require the person executing them to be physically present before the Government office. Examples may include:
- Will;
- Power of Attorney;
- Deed of Sale of immovable property;
- Agreements with stamp duty payable;
- Documents to be signed before the notary public;
- Documents to be sworn before an affidavit commissioner.
How to sign digitally?
Here we are considering a word file for digital signature.
- Open the word file
- Go to the file menu
- Info>Protect Document>Add a digital signature
- Insert certificate using crypto token
- Use PIN
Some Scopes of Digital Signature in Bangladesh
Digital Signatures can be used in many ways. Some of the issues are as follows:
- Standard Documents: Digital Signatures are easy to use in documents like Word, Excel, and PDF. With dongle, it is easy and secure to use signatures.
- 2. Server Level: Servers can store and use digital signatures in the operations of check processing, payment transfers, and transactions.
- 3. Applications: To implement Digital Signature in special applications, developers are to consider how to integrate and use them.
Digital Signature in Bangladesh FAQs
Who can issue digital signatures in Bangladesh?
A licensed Certifying Authority (CA) obtaining a CA license under ICT Act 2006 (Amendment 2013) and ICT (CA) Rules 2010 can issue digital signatures in Bangladesh. There are 7 CAs in Bangladesh now.
How many types of Digital Signature Certificates are there?
There are mainly three classes of DSC, Class 1, 2, and 3. The DCS Classes are for different purposes.
Why should regulators like Bangladesh Bank use Digital Signatures?
Regulators like Bangladesh Bank should use Digital Signatures to efficiently and securely communicate for data sharing, document sharing, and other purposes. Employees, applications or servers, and communications with stakeholders are some of the areas where such signatures may help a lot.
Is It Mandatory to Have a Digital Signature in Bangladesh?
A digital signature is not mandatory so far in Bangladesh. However, the process is ongoing to make it compulsory for competent parties. Moreover, it is recommended for businesses to use them in order to protect their online transactions.
Is it necessary to bring international CAs?
The Bangladeshi software sector is greatly efficient and the existing CAs are able to deal with Digital Signature in Bangladesh. There is no urgency of bringing any international CAs now. There might be audit regarding the performance of the existing CAs and equip them if necessary or cancel certificates if any of them fail to serve the roles properly.
How can an individual take signature from a CA?
Any individual requiring a digital signature should approach to the website of CAs and apply accordingly to avail a digital signature.
Can an individual take signatures from multiple CAs?
Yes, it is possible.
Can private organizations can be a CA?
Yes, they can. 5 out of the existing 7 CAs are private CAs now.
Are OTP and facial recognitions digital signatures?
No, OTP and facial recognitions are not digital signatures.
Few Suggestions
1. Cost-effective: The cost for Digital Signatures should be logically low to attract mass users. It must be viable and make sense of money.
2. CAs Should think long-term: CAs Should think long-term ROI and provide services at lower costs to popularize and attract more users for such signatures. When the ecosystem is in place, the CAs will be able to earn a handsome amount. So, their pricing should be considering the long-run profitability, not pricey for the short-run.
3. Compulsory: Making the use of digital signatures compulsory will in all services like SIM registration, land registration, etc can make it more effective. Only banking or a few service coverage will not make the idea popular to adopt.
4. Continuous awareness: There must be continuous awareness and publicity from both the public and private initiatives that will make the journey more effective. All three elements of adoption including tools, code, and know-how should be easily available. Target people should be equipped with the necessary know-how of digital signatures.
5. Hack-proof technology: The certifying authorities must ensure that their systems are hack-proof. Digital certificates are tough to forge but if the certification process is compromised, there will be devastation. Blockchain, Cloud-based robust security-focused, etc may be adopted.
6. Interoperability: Verification must be made easy and fast. There should be interoperability and technical integration among the CAs.
7. Piloting: With some POC and piloting, the issues to be settled before formal launching countrywide. There should the testing for flawless transactions. Any faulty hiccups may hit back the initiatives.
8. Infrastructures: There should be an effective infrastructure to initiate the digital signature in Bangladesh. The required devices and ecosystem are to be ensured in a holistic mannaer.
Conclusion
In Bangladesh, digital signatures are becoming increasingly popular as a means of verifying the identity of online users. This is because they offer a number of advantages over traditional methods such as passwords and PINs.
Digital signatures are more difficult to forge than traditional signatures, so they offer greater security.
They also allow organisations to verify the identity of individuals without having to store sensitive information such as passwords.
Interestingly, Bangladesh is not the only country where digital signatures are gaining popularity. In fact, they are being used increasingly all over the world as a way of ensuring security and compliance with regulations.
Leave a Reply