A digital signature should not be confused with a digitized signature (a scan of a hand-written signature).

A digital signature is an encryption and decryption process that does two things

Digital signatures are based on the RSA public key encryption system. In this system the author of a message keeps his/her private key secret and publishes the corresponding public key. Any text encrypted with the private key can be decrypted with the public key, and vice versa. However, the knowledge of the public key is not sufficient to deduce the private key.

Therefore the holder of a public key cannot pretend to be the holder of the corresponding private key.

A sample digital signature looks as under:

No, there is no relationship to the signer's handwritten signature. The visible portion of the digital signature contains the signer's name, title and organization name, along with the certificate serial number and the Certifying Authority name.

A digital signature certificate is a computer-generated record. It contains the identity record. It contains the identity of the subscriber (holder of the certificate), the public key which is digitally signed by the Certifying Authority. The digital signature certificate is associated with both a public key and a private key.

A Certifying Authority can issue a digital signature certificate to a subscriber. The IT Act and the Certifying Authorities Rules framed under the Act stipulates the methods for issuance of a digital signature certificate.

A Certification Authority is a trusted third party that verifies the identity of an applicant registering for a digital certificate. Once a Certification Authority is satisfied as to the authenticity of an applicant's identity, it issues that person a digital certificate binding his or her identity to a public key. In case of ICICIdirect, the certifying authority is Safe Scrypt.

Yes, the Controller of Certifying Authorities has appointed Safe Scrypt as the first Certifying Authority in India.

Not likely. It is protected by several layers of highly complex encryption.

With digital signatures, forgery is -much more difficult than forging a handwritten signature. First, a digital signature is more of a process than just affixing a signature. For example, when the document is "digitally signed," the digital software scans the document and creates a calculation, which represents the document. This calculation becomes part of the "digital signature." When the recipient authenticates the signature, a similar process is carried out. The sender's and the receiver's calculations are then compared. If the results are the same, the signature is valid; if they are different, the signature is not valid.

We would explain it with simple example digitally signed emails.

Suppose A and B wishes to correspond electronically. A wants to assure B that he originated the electronic message, and that its contents have not been tampered with. A can do so by signing the message with his digital signature.

When A clicks on the digital signature option on his e-mail application, a mathematical formula known as a hash function is applied to the message, The message is converted it to a fixed-length string of characters called a "message digest". The digest acts as a "digital fingerprint" of the original message. If the original message is changed in any way, it will not produce the same message digest when the hash function is applied again. A's software then encrypts the message digest with his private key, producing a digital signature of the message. He transmits the message and digital signature to B.

B uses A's public key to decrypt the digital signature, revealing the message digest. Since only A's public key can decrypt the digital signature, he is able to verify that A was the sender of the message. To verify the message content, B's software applies the hash function to the message he received from A. The message digests should be identical. If they are, B knows the message has not been changed and he is assured of its integrity.

ICICIdirect is making use of this technology to sign the contract notes digitally and making the same available online. Digitally signed contract notes would be made available to the customers by evening on the trading day itself. Features include the provision to verify the authenticity of the digital signatures.

SEBI has permitted issuance of digitally signed contract notes vide its Circular (SMDRP/POLICY/CIR-56/00 dated December 15, 2000), With the appointment of Certifying Authorities, and the approval from SEBI, Digitally Signed Contract Notes are now acceptable as legally valid document

After you log in, you would have to go to the customer service page. There you will have to click on the link for Digital Contract Note. You would have to select the details and click on 'verify'.

ICICIdirect would send a consolidated physical statement for the transactions done during the quarter. This statement would be designed in a very user friendly format and will be sent to you physically, once in a quarter.

No. You do not have to pay anything for the Digital Signed Contract Notes.

Yes, there is an option of both saving as well as printing the Contract Note.

You can view the Digital Signature Certificate on the website upto seven years.