Judge means

S19. “Judge”. – The word “Judge” denotes not only every person who is officially designated as a Judge, but also every person,- who is empowered by law to give, in any legal proceeding, civil or criminal, a definitive judgment, or a judgment which, if not appealed against, would be definite, or a judgment which, if confirmed by some other authority, would be definitive, or who is one of a body of persons, which body of persons is empowered by law to give such a judgment.


ILLUSTRATIONS

(a) A Collector exercising jurisdiction in a suit under Act 10 of 1859, is a Judge.

(b) A Magistrate exercising jurisdiction in respect of a charge on which he has power to sentence to fine or imprisonment, with or without appeal, is a Judge.

(c) A member of a panchayat which has power, under Regulation VII, 1816, of the Madras Code, to try and determine suits, is a Judge.

(d) A Magistrate exercising jurisdiction in respect of a charge on which he has power only to commit for trial to another Court, is not a Judge.


Indian Penal Code 1860 [IPC]

Open and Distance Learning mode means

“Open and Distance Learning (ODL)” mode means a mode of providing flexible learning opportunities by overcoming separation of teacher and learner using a variety of media, including print, electronic, MOOCs, online and occasional interactive face-to-face meetings arranged by Institution through Learner Support Services to deliver teaching-learning experience, including practical or work experience[S 2.12]


AICTE (Open and Distance Learning Education) Guidelines for Institutions – Deemed to be Universities 2019

Digital signature

Cyber Crime,Cyber Security,Cyber Law

A digital signature is a way to ensure the integrity and origin of data.

A digital signature provides strong evidence that the data has not been altered since it was signed and it confirms the identity of the person or entity who signed the data.

A digital signature enables the important security features of integrity and nonrepudiation, which are essential for secure electronic commerce transactions.

Digital signatures are typically used when data is distributed in plaintext, or unencrypted form. In these cases, while the sensitivity of the message itself might not warrant encryption, there could be a compelling reason to ensure that the data is in its original form and has not been sent by an impostor because, in a distributed computing environment, plaintext can conceivably be read or altered by anyone on the network with the proper access, whether authorized or not.

Information Technology Act 2000

2(p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;

2(q) “Digital Signature Certificate” means a Digital Signature Certificate issued under sub-section (4) of section 35;

Information Technology Glossary

Cyber Crime,Cyber Security,Cyber Law

Information Technology (Certifying Authorities) Rules, 2000

SCHEDULE—V

Glossary

ACCEPT (A DIGITAL SIGNATURE CERTIFICATE)
To demonstrate approval of a Digital Signature Certificate by a Digital Signature Certificate applicant while knowing or having notice of its informational contents.

ACCESS
Gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;

ACCESS CONTROL
The process of limiting access to the resources of a computer system only to authorized users, programs or other computer systems.

ACCREDITATION
A formal declaration by the Controller that a particular information system, professional or other employee or contractor, or organization is approved to perform certain duties and to operate in a specific security mode, using a prescribed set of safeguards.

AUTHORITY REVOCATION LIST (ARL)
A list of revoked Certifying Authority certificates. An ARL is a CRL for Certifying Authority cross-certificates.

ADDRESSEE
A person who is intended by the originator to receive the electronic record but does not include any intermediary.

AFFILIATED CERTIFICATE
A certificate issued to an affiliated individual. (See also AFFILIATED INDIVIDUAL)

AFFIRM / AFFIRMATION
To state or indicate by conduct that data is correct or information is true.

AFFIXING DIGITAL SIGNATURE
With its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature;

ALIAS
A pseudonym.

APPLICANT (See CA APPLICANT; CERTIFICATE APPLICANT)

APPLICATION SOFTWARE
A software that is specific to the solution of an application problem. It is the software coded by or for an end user that performs a service or relates to the user’s work.

APPLICATION SYSTEM
A family of products designed to offer solutions for commercial data processing, office, and communications environments, as well as to provide simple, consistent programmer and end user interfaces for businesses of all sizes.

ARCHIVE
To store records and associated journals for a given period of time for security, backup, or auditing purposes.

ASSURANCES
Statements or conduct intended to convey a general intention, supported by a good-faith effort, to provide and maintain a specified service. “Assurances” does not necessarily imply a guarantee that the services will be performed fully and satisfactorily. Assurances are distinct from insurance, promises, guarantees, and warranties, unless otherwise expressly indicated.

ASYMMETRIC CRYPTO SYSTEM
A system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

AUDIT
A procedure used to validate that controls are in place and adequate for their purposes. Includes recording and analyzing activities to detect intrusions or abuses into an information system. Inadequacies found by an audit are reported to appropriate management personnel.

AUDIT TRAIL
A chronological record of system activities providing documentary evidence of processing that enables management staff to reconstruct, review, and examine the sequence of states and activities surrounding or leading to each event in the path of a transaction from its inception to output of fi9nal results.

AUTHENTICATED RECORD
A signed document with appropriate assurances of authentication or a message with a digital signature verified by a relying party. However, for suspension and revocation notification purposes, the digital signature contained in such notification message must have been created by the private key corresponding to the public key contained in the Digital Signature Certificate.

AUTHENTICATION
A process used to confirm the identity of a person or to prove the integrity of specific information. Message authentication involves determining its source and verifying that it has not been modified or replaced in transit. (See also VERIFY (a DIGITAL SIGNATURE))

AUTHORIZATION
The granting of rights, including the ability to access specific information or resources.

AVAILABILITY
The extent to which information or processes are reasonably accessible and usable, upon demand, by an authorized entity, allowing authorized access to resources and timely performance of time-critical operations.

BACKUP
The process of copying critical information, data and software for the purpose of recovering essential processing back to the time the backup was taken.

BINDING
An affirmation by a Certifying Authority of the relationship between a named entity and its public key.

CERTIFICATE
A Digital Signature Certificate issued by Certifying Authority.

CERTIFICATE CHAIN
An ordered list of certificates containing an end-user subscriber certificate and Certifying Authority certificates (See VALID CERTIFICATE).

CERTIFICATE EXPIRATION
The time and date specified in the Digital Signature Certificate when the operational period ends, without regard to any earlier suspension or revocation.

CERTIFICATE EXTENSION
An extension field to a Digital Signature Certificate which may convey additional information about the public key being certified, the certified subscriber, the Digital Signature Certificate issuer, and/or the certification process. Standard extensions are defined in Amendment 1 to ISO/IEC 9594-8:1995 (X.509). Custom extensions can also be defined by communities of interest.
CERTIFICATE ISSUANCE
The actions performed by a Certifying Authority in creating a Digital Signature Certificate and notifying the Digital Signature Certificate applicant (anticipated to become a subscriber) listed in the Digital Signature Certificate of its contents.

CERTIFICATE MANAGEMENT [MANAGEMENT OF DIGITAL SIGNATURE CERTIFICATE]
Certificate management includes, but is not limited to, storage, distribution, dissemination, accounting, publication, compromise, recovery, revocation, suspension and administration of Digital Signature Certificates. A Certifying Authority undertakes Digital Signature Certificate management functions by serving as a registration authority for subscriber Digital Signature Certificates. A Certifying Authority designates issued and accepted Digital Signature Certificates as valid by publication.

CERTIFICATE POLICY
A specialized form of administrative policy tuned to electronic transactions performed during Digital Signature Certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

CERTIFICATE REVOCATION (SEE REVOKE A CERTIFICATE)

CERTIFICATE REVOCATION LIST (CRL)
A periodically (or exigently) issued list, digitally signed by a Certifying Authority, of identified Digital Signature Certificates that have been suspended or revoked prior to their expiration dates. The list generally indicates the CRL issuer’s name, the date of issue, the date of the next scheduled CRL issue, the suspended or revoked Digital Signature Certificates’ serial numbers, and the specific times and reasons for suspension and revocation.

CERTIFICATE SERIAL NUMBER
A value that unambiguously identifies a Digital Signature Certificate generated by a Certifying Authority.

CERTIFICATE SIGNING REQUEST (CSR)
A machine-readable form of a Digital Signature Certificate application.

CERTIFICATE SUSPENSION (SEE SUSPEND A CERTIFICATE)

CERTIFICATION / CERTIFY
The process of issuing a Digital Signature Certificate by a Certifying Authority.

CERTIFYING AUTHORITY (CA)
A person who has been granted a licence to issue a Digital Signature Certificate under section 24 of Information Technology Act, 2000.

CERTIFYING AUTHORITY SOFTWARE
The cryptographic software required to manage the keys of end entities.

CERTIFYING AUTHORITY SYSTEM
All the hardware and software system (e.g. Computer, PKI servers, network devices etc.) used by the Certifying Authority for generation, production, issue and management of Digital Signature Certificate.

CERTIFICATION PRACTICE STATEMENT (CPS)
A statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates.

CERTIFIER (See ISSUING AUTHORITY)

CHALLENGE PHRASE
A set of numbers and/or letters that are chosen by a Digital Signature Certificate applicant, communicated to the Certifying Authority with a Digital Signature Certificate application, and used by the Certifying Authority to authenticate the subscriber for various purposes as required by the Certification Practice Statement. A challenge phrase is also used by a secret share holder to authenticate himself, herself, or itself to a secret share issuer.

CERTIFICATE CLASS
A Digital Signature Certificate of a specified level of trust.

CLIENT APPLICATION
An application that runs on a personal computer or workstation and relies on a server to perform some operation.

COMMON KEY
Some systems of cryptographic hardware require arming through a secret-sharing process and require that the last of these shares remain physically attached to the hardware in order for it to stay armed. In this case, “common key” refers to this last share. It is not assumed to be secret as it is not continually in an individual’s possession.

COMMUNICATION/NETWORK SYSTEM
A set of related, remotely connected devices and communications facilities including more than one computer system with the capability to transmit data among them through the communications facilities (covering ISDN, lease lines, dial-up, LAN, WAN, etc.).

COMPROMISE
A violation (or suspected violation) of a security policy, in which an unauthorized disclosure of, or loss of control over, sensitive information may have occurred. (Cf., DATA INTEGRITY)

COMPUTER
Any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

COMPUTER CENTRE (See DATA CENTRE)

COMPUTER DATA BASE
Means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network.

COMPUTER NETWORK
Interconnection of one or more computers through—
(i) the use of satellite, microwave, terrestrial line or other communication media; and
(ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained.

COMPUTER PERIPHERAL
Means equipment that works in conjunction with a computer but is not a part of the main computer itself, such as printer, magnetic tape reader, etc.

COMPUTER RESOURCE
Means computer, computer system, computer network, data, computer database or software.

COMPUTER SYSTEM
A device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions.

COMPUTER VIRUS (See VIRUS)
CONFIDENTIALITY
The condition in which sensitive data is kept secret and disclosed only to authorized parties.

CONFIRM
To ascertain through appropriate inquiry and investigation. (See also AUTHENTICATION; VERIFY A DIGITAL SIGNATURE)

CONFIRMATION OF DIGITAL SIGNATURE CERTIFICATE CHAIN
The process of validating a Digital Signature Certificate chain and subsequently validating an end-user subscriber Digital Signature Certificate.

CONTINGENCY PLANS
The establishment of emergency response, back up operation, and post-disaster recovery processes maintained by an information processing facility or for an information system.
Establish the strategy for recovering from unplanned disruption of information processing operations. The strategy includes the identification and priority of what must be done, who performs the required action, and what tools must be used.
A document, developed in conjunction with application owners and maintained at the primary and backup computer installation, which describes procedures and identifies the personnel necessary to respond to abnormal situations such as disasters. Contingency plans help managers ensure that computer application owners continue to process (with or without computers) mission-critical applications in the event that computer support is interrupted.

CONTROLS
Measures taken to ensure the integrity and quality of a process.

CORRESPOND
To belong to the same key pair. (See also PUBLIC KEY; PRIVATE KEY)

CRITICAL INFORMATION
Data determined by the data owner as mission critical or essential to business purposes.

CROSS-CERTIFICATE
A Certificate used to establish a trust relationship between two Certifying Authorities.

CRYPTOGRAPHIC ALGORITHM
A clearly specified mathematical process for computation; a set of rules that produce a prescribed result.

CRYPTOGRAPHY (See also PUBLIC KEY CRYPTOGRAPHY)
(i) The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and key.
(ii) A discipline that embodies the principles, means, and methods for transforming data in order to hide its information content, prevent its undetected modification, and/or prevent its unauthorized uses.

DAMAGE
Means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.

DATA
Means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

DATA BASE (See COMPUTER DATABASE)

DATA CENTRE (as also COMPUTER CENTRE)
The facility covering the computer room, media library, network area, server area, programming and administration areas, other storage and support areas used to carry out the computer processing functions. Usually refers to the computer room and media library.

DATA CONFIDENTIALITY (See CONFIDENTIALITY)

DATA INTEGRITY
A condition in which data has not been altered or destroyed in an unauthorized manner. (See also THREAT; COMPROMISE)

DATA SECURITY
The practice of protecting data from accidental or malicious modification, destruction, or disclosure.

DEMO CERTIFICATE
A Digital Signature Certificate issued by a Certifying Authority to be used exclusively for demonstration and presentation purposes and not for any secure or confidential communications. Demo Digital Signature Certificates may be used by authorized persons only.

DIGITAL CERTIFICATE APPLICANT
A person that requests the issuance of a public key Digital Signature Certificate by a Certifying Authority. (See also CA APPLICANT; SUBSCRIBER)

DIGITAL CERTIFICATE APPLICATION
A request from a Digital Signature Certificate applicant (or authorized agent) to a Certifying Authority for the issuance of a Digital Signature Certificate. (See also CERTIFICATE APPLICANT; CERTIFICATE SIGNING REQUEST)

DIGITAL SIGNATURE
Means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3 of the Information Technology Act, 2000.

DIGITAL SIGNATURE CERTIFICATE
Means a Digital Signature Certificate issued under sub-section (4) of section 35 of the Information Technology Act, 2000.

DISTINGUISHED NAME
A set of data that identifies a real-world entity, such as a person in a computer-based context.

DOCUMENT
A record consisting of information inscribed on a tangible medium such as paper rather than computer-based information. (See also MESSAGE; RECORD)

ELECTRONIC FORM
With reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro-film, computer generated micro fiche or similar device.

ELECTRONIC MAIL (“E-MAIL”)
Messages sent, received or forwarded in digital form via a computer-based communication mechanism.

ELECTRONIC RECORD
Means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated micro-fiche.

ENCRYPTION
The process of transforming plaintext data into an unintelligible form (cipher text) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decryption process (two-way encryption).

EXTENSIONS
Extension fields in X.509 v3 certificates. (See X.509)
FIREWALL/DOUBLE FIREWALL
One of several types of intelligent devices (such as routers or gateways) used to isolate networks. Firewalls make it difficult for attackers to jump from network to network. A double firewall is two firewalls connected together. Double firewalls are used to minimise risk if one firewall gets compromised or provide address translation functions.

FILE TRANSFER PROTOCOL (FTP)
The application protocol that offers file system access from the Internet suite of protocols.

FUNCTION
In relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer.

GATEWAY
Hardware or software that is used to translate protocols between two or more systems.

GENERATE A KEY PAIR
A trustworthy process of creating private keys during Digital Signature Certificate application whose corresponding public keys are submitted to the applicable Certifying Authority during Digital Signature Certificate application in a manner that demonstrates the applicant’s capacity to use the private key.

HARD COPY
A copy of computer output that is printed on paper in a visually readable form; e.g. printed reports, listing, and documents.

HASH (HASH FUNCTION)
An algorithm that maps or translates one set of bits into another (generally smaller) set in such a way that :
i) A message yields the same result every time the algorithm is executed using the same message as input.
ii) ii) It is computationally infeasible for a message to be derived or reconstituted from the result produced by the algorithm.
iii) It is computationally infeasible to find two different messages that produce the same hash result using the same algorithm.

HIGH-SECURITY ZONE
An area to which access is controlled through an entry point and limited to authorized, appropriately screened personnel and properly escorted visitors. High-Security Zones should be accessible only from Security Zones, and are separated from Security Zones and Operations Zones by a perimeter. High-Security Zones are monitored 24 hours a day a week by security staff, other personnel or electronic means.

IDENTIFICATION / IDENTIFY
The process of confirming the identity of a person. Identification is facilitated in public key cryptography by means of certificates.

IDENTITY
A unique piece of information that marks or signifies a particular entity within a domain. Such information is only unique within a particular domain.

INFORMATION
Includes data, text, images, sound, voice, codes, computer programmes, software and databases or micro-film or computer generated micro fiche.

INFORMATION ASSETS
Means all information resources utilized in the course of any organisation’s business and includes all information, application software (developed or purchased), and technology (hardware, system software and networks).

INTERMEDIARY
With respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message.

INFORMATION TECHNOLOGY SECURITY
All aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, accountability, authenticity, and reliability.

INFORMATION TECHNOLOGY SECURITY POLICY
Rules, directives and practices that govern how information assets, including sensitive information, are managed, protected and distributed within an organization and its Information Technology systems.

KEY
A sequence of symbols that controls the operation of a cryptographic transformation (e.g. encipherment, decipherment, cryptographic check function computation, signature generation, or signature verification).

KEY GENERATION
The trustworthy process of creating a private key/public key pair.

KEY MANAGEMENT
The administration and use of the generation, registration, certification, deregistration, distribution, installation, storage, archiving, revocation, derivation and destruction of keying material in accordance with a security policy.

KEY PAIR
In an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.

LICENCE
Means a licence granted to a Certifying Authority.

LOCAL AREA NETWORK (LAN)
A geographically small network of computers and supporting components used by a group or department to share related software and hardware resources.

LOW-SENSITIVE
Applies to information that, if compromised, could reasonably be expected to cause injury outside the national interest, for example, disclosure of an exact salary figure.

MANAGEMENT OF DIGITAL SIGNATURE CERTIFICATE [SEE CERTIFICATE MANAGEMENT]

MEDIA
The material or configuration on which data is recorded. Examples include magnetic taps and disks.

MESSAGE
A digital representation of information; a computer-based record. A subset of RECORD. (See also RECORD)

NAME
A set of identifying attributes purported to describe an entity of a certain type.

NETWORK
A set of related, remotely connected devices and communications facilities including more than one computer system with the capability to transmit data among them through the communications facilities.

NETWORK ADMINISTRATOR
The person at a computer network installation who designs, controls, and manages the use of the computer network.
NODE
In a network, a point at which one or more functional units connect channels or data circuits.
NOMINATED WEBSITE
A website designated by the Certifying Authority for display of information such as fee schedule, Certification Practice Statement, Certificate Policy etc.

NONREPUDIATION
Provides proof of the origin or delivery of data in order to protect the sender against a false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent. Note: Only a trier of fact (someone with the authority to resolve disputes) can make an ultimate determination of non-repudiation. By way of illustration, a digital signature verified pursuant to this Certification Practice Statement can provide proof in support of a determination of non-repudiation by a trier of fact, but does not by itself constitute non-repudiation.

NOTARY
A natural person authorized by an executive governmental agency to perform notarial services such as taking acknowledgments, administering oaths or affirmations, witnessing or attesting signatures, and noting protests of negotiable instruments.

ON-LINE
Communications that provide a real-time connection.

OPERATIONS ZONE
An area where access is limited to personnel who work there and to properly escorted visitors. Operations Zones should be monitored at least periodically, based on a threat risk assessment (TRA), and should preferably be accessible from a Reception Zone.

OPERATIONAL CERTIFICATE
A Digital Signature Certificate which is within its operational period at the present date and time or at a different specified date and time, depending on the context.

OPERATIONAL MANAGEMENT
Refers to all business/service unit management (i.e. the user management) as well as Information Technology management.

OPERATIONAL PERIOD
The period starting with the date and time a Digital Signature Certificate is issued (or on a later date and time certain if stated in the Digital Signature Certificate) and ending with the date and time on which the Digital Signature Certificate expires or is earlier suspended or revoked.

ORGANIZATION
An entity with which a user is affiliated. An organization may also be a user.

ORIGINATOR
A person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary.

PASSWORD (PASS PHRASE; PIN NUMBER)
Confidential authentication information usually composed of a string of characters used to provide access to a computer resource.

PARTICULARLY SENSITIVE
Applies to information that, if compromised, could reasonably be expected to cause serious injury outside the national interest, for example loss of reputation or competitive advantage.

PC CARD (SEE ALSO SMART CARD)
A hardware token compliant with standards promulgated by the Personal Computer Memory Card International Association (PCMCIA) providing expansion capabilities to computers, including the facilitation of information security.

PERSON
Means any company or association or individual or body of individuals, whether incorporated or not.

PERSONAL PRESENCE
The act of appearing (physically rather than virtually or figuratively) before a Certifying Authority or its designee and proving one’s identity as a prerequisite to Digital Signature Certificate issuance under certain circumstances.

PKI (PUBLIC KEY INFRASTRUCTURE) / PKI SERVER
A set of policies, processes, server platforms, software and workstations used for the purpose of administering Digital Signature Certificates and public-private key pairs, including the ability to generate, issue, maintain, and revoke public key certificates.

PKI HIERARCHY
A set of Certifying Authorities whose functions are organized according to the principle of delegation of authority and related to each other as subordinate and superior Certifying Authority.

PLEDGE (See SOFTWARE PUBLISHER’S PLEDGE)

POLICY
A brief document that states the high-level organization position, states the scope, and establishes who is responsible for compliance with the policy and the corresponding standards. Following is an abbreviated example of what a policy may contain
• Introduction
• Definitions
• Policy Statement identifying the need for “something” (e.g. data security)
• Scope
• People playing a role and their responsibilities
• Statement of Enforcement, including responsibility

PRIVATE KEY
The key of a key pair used to create a digital signature.

PROCEDURE
A set of steps performed to ensure that a guideline is met.

PROGRAM
A detailed and explicit set of instructions for accomplishing some purpose, the set being expressed in some language suitable for input to a computer, or in machine language.

PROXY SERVER
A server that sits between a client application such as a web browser and a real server. It intercepts all requests to the real server to see if it can fulfill the request itself. If not, it forwards the request to the real server.

PUBLIC ACCESS ZONE
Generally surrounds or forms part of a government facility. Examples include the grounds surrounding a building, and public corridors and elevator lobbies in multiple-occupancy buildings. Boundary designators such as signs and direct or remote surveillance may be used to discourage unauthorized activity.

PUBLIC KEY
The key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.

PUBLIC KEY CERTIFICATE (See CERTIFICATE)

PUBLIC KEY CRYPTOGRAPHY (See CRYPTOGRAPHY)
A type of cryptography that uses a key pair of mathematically related cryptographic keys. The public key can be made available to anyone who wishes to use it and can encrypt information or verify a digital signature; the private key is kept secret by its holder and can decrypt information or generate a digital signature.

PUBLIC KEY INFRASTRUCTURE (PKI)
The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. It includes a set of policies, processes, server platforms, software and workstations, used for the purpose of administering Digital Signature Certificates and keys.

PUBLIC/PRIVATE KEY PAIR (See PUBLIC KEY; PRIVATE KEY; KEY PAIR)

RECIPIENT (of a DIGITAL SIGNATURE)
A person who receives a digital signature and who is in a position to rely on it, whether or not such reliance occurs. (See also RELYING PARTY)

RECORD
Information that is inscribed on a tangible medium (a document) or stored in an electronic or other medium and retrievable in perceivable form. The term “record” is a superset of the two terms “document” and “message”. (See also DOCUMENT; MESSAGE)

RE-ENROLLMENT (See also RENEWAL)

RELY / RELIANCE (on a CERTIFICATE and DIGITAL SIGNATURE)
To accept a digital signature and act in a manner that could be detrimental to oneself were the digital signature to be ineffective. (See also RELYING PARTY; RECIPIENT)

RELYING PARTY
A recipient who acts in reliance on a certificate and digital signature. (See also RECIPIENT; RELY OR RELIANCE (on a CERTIFICATE and DIGITAL SIGNATURE))

RENEWAL
The process of obtaining a new Digital Signature Certificate of the same class and type for the same subject once an existing Digital Signature Certificate has expired.

REPOSITORY
A database of Digital Signature Certificates and other relevant information accessible on-line.

REPUDIATION (See also NONREPUDIATION)
The denial or attempted denial by an entity involved in a communication of having participated in all or part of the communication.

REVOKE A CERTIFICATE
The process of permanently ending the operational period of a Digital Signature Certificate from a specified time forward.

RISK
The potential of damage to a system or associated assets that exists as a result of the combination of security threat and vulnerability.

RISK ANALYSIS
The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards.

RISK ASSESSMENT
An analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of the occurrence of those events.

RISK MANAGEMENT
The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect Information Technology system resources.

RSA
A public key cryptographic system invented by Rivest, Shamir & Adelman.

SECRET SHARE
A portion of a cryptographic secret split among a number of physical tokens.

SECRET SHARE HOLDER
An authorized holder of a physical token containing a secret share.

SECURE CHANNEL
A cryptographically enhanced communications path that protects messages against perceived security threats.

SECURE SYSTEM
Means computer hardware, software, and procedure that—
(a) are reasonably secure from unauthorised access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures.

SECURITY PROCEDURE
Means the security procedure prescribed under section 16 of the Information Technology Act, 2000.

SECURITY
The quality or state of being protected from unauthorized access or uncontrolled losses or effects. Absolute security is impossible to achieve in practice and the quality of a given security system is relative. Within a state-model security system, security is a specific “state” to be preserved under various operations.

SECURITY POLICY
A document which articulates requirements and good practices regarding the protections maintained by a trustworthy system.

SECURITY SERVICES
Services provided by a set of security frameworks and performed by means of certain security mechanisms. Such services include, but are not limited to, access control, data confidentiality, and data integrity.

SECURITY ZONE
An area to which access is limited to authorised personnel and to authorised and properly escorted visitors. Security Zones should preferably be accessible from an Operations Zone, and through a specific entry point. A Security Zone need not be separated from an Operations Zone by a secure perimeter. A Security Zone should be monitored 24 hours a day and 7 week by security staff, other personnel or electronic means.

SELF-SIGNED PUBLIC KEY
A data structure that is constructed the same as a Digital Signature Certificate but that is signed by its subject. Unlike a Digital Signature Certificate, a self-signed public key cannot be used in a trustworthy manner to authenticate a public key to other parties.

SERIAL NUMBER (See CERTIFICATE SERIAL NUMBER)

SERVER
A computer system that responds to requests from client systems.

SIGN
To create a digital signature for a message, or to affix a signature to a document, depending upon the context.

SIGNATURE (See DIGITAL SIGNATURE)

SIGNER
A person who creates a digital signature for a message, or a signature for a document.
SMART CARD
A hardware token that incorporates one or more integrated circuit (IC) chips to implement cryptographic functions and that possesses some inherent resistance to tampering.

S/MIME
A specification for E-mail security exploiting a cryptographic message syntax in an Internet MIME environment.

SUBJECT (OF A CERTIFICATE)
The holder of a private key corresponding to a public key. The term “subject” can refer to both the equipment or device that holds a private key and to the individual person, if any, who controls that equipment or device. A subject is assigned an unambiguous name, which is bound to the public key contained in the subject’s Digital Signature Certificate.

SUBJECT NAME
The unambiguous value in the subject name field of a Digital Signature Certificate, which is bound to the public key.

SUBSCRIBER
A person in whose name the Digital Signature Certificate is issued.

SUBSCRIBER AGREEMENT
The agreement executed between a subscriber and a Certifying Authority for the provision of designated public certification services in accordance with this Certification Practice Statement.

SUBSCRIBER INFORMATION
Information supplied to a certification authority as part of a Digital Signature Certificate application. (See also CERTIFICATE APPLICATION)

SUSPEND A CERTIFICATE
A temporary “hold” placed on the effectiveness of the operational period of a Digital Signature Certificate without permanently revoking the Digital Signature Certificate. A Digital Signature Certificate suspension is invoked by, e.g., a CRL entry with a reason code. (See also REVOKE A CERTIFICATE)

SYSTEM ADMINISTRATOR
The person at a computer installation who designs, controls, and manages the use of the computer system.

SYSTEM SECURITY
A system function that restricts the use of objects to certain users.

SYSTEM SOFTWARE
Application-independent software that supports the running of application software. It is a software that is part of or made available with a computer system and that determines how application programs are run; for example, an operating system.

TEST CERTIFICATE
A Digital Signature Certificate issued by a Certifying Authority for the limited purpose of internal technical testing. Test certificates may be used by authorized persons only.

THREAT
A circumstance or event with the potential to cause harm to a system, including the destruction, unauthorized disclosure, or modification of data and/or denial of service.

TIME-OUT
A security feature that logs off a user if any entry is not made at the terminal within a specified period of time.

TIME STAMP
A notation that indicates (at least) the correct date and time of an action, and identity of the person or device that sent or received the time stamp.

TOKEN
A hardware security token containing a user’s private key(s), public key certificate, and, optionally, a cache of other certificates, including all certificates in the user’s certification chain.

TRANSACTION
A computer-based transfer of business information, which consists of specific processes to facilitate communication over global networks.

TRUST
Generally, the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity and a Certifying Authority. An authenticating entity must be certain that it can trust the Certifying Authority to create only valid and reliable Digital Signature Certificates, and users of those Digital Signature Certificates rely upon the authenticating entity’s determination of trust.

TRUSTED POSITION
A role that includes access to or control over cryptographic operations that may materially affect the issuance, use, suspension, or revocation of Digital Signature Certificates, including operations that restrict access to a repository.

TRUSTED THIRD PARTY
In general, an independent, unbiased third party that contributes to the ultimate security and trustworthiness of computer-based information transfers. A trusted third party does not connote the existence of a trustor-trustee or other fiduciary relationship. (Cf., TRUST)

TRUSTWORTHY SYSTEM
Computer hardware, software, and procedures that are reasonably secure from intrusion and misuse; provide a reasonable level of availability, reliability, and correct operation; are reasonably suited to performing their intended functions; and enforce the applicable security policy. A trustworthy system is not necessarily a “trusted system” as recognized in classified government nomenclature.

TYPE (OF CERTIFICATE)
The defining properties of a Digital Signature Certificate, which limit its intended purpose to a class of applications uniquely, associated with that type.

UNAMBIGUOUS NAME (See DISTINGUISHED NAME)

UNIFORM RESOURCE LOCATOR (URL)
A standardized device for identifying and locating certain records and other resources located on the World Wide Web.

USER
An authorized entity that uses a certificate as applicant, subscriber, recipient or relying party, but not including the Certifying Authority issuing the Digital Signature Certificate. (See also CERTIFICATE APPLICANT; ENTITY; PERSON; SUBSCRIBER)

VALID CERTIFICATE
A Digital Signature Certificate issued by a Certifying Authority and accepted by the subscriber listed in it.

VALIDATE A CERTIFICATE (i.e., of an END-USER SUBSCRIBER CERTIFICATE)
The process performed by a recipient or relying party to confirm that an end-user subscriber Digital Signature Certificate is valid and was operational at the date and time a pertinent digital signature was created.

VALIDATION (OF CERTIFICATE APPLICATION)
The process performed by the Certifying Authority or its agent following submission of a Digital Signature Certificate application as a prerequisite to approval of the application and the issuance of a Digital Signature Certificate. (See also AUTHENTICATION; SOFTWARE VALIDATION)
VALIDATION (OF SOFTWARE) (See SOFTWARE VALIDATION)

VERIFY (A DIGITAL SIGNATURE)
In relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether —
(a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;
(b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

VIRUS
Means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource.

VULNERABILITY
A weakness that could be exploited to cause damage to the system or the assets it contains.

WEB BROWSER
A software application used to locate and display web pages.

WORLD WIDE WEB (WWW)
A hypertext-based, distributed information system in which users may create, edit, or browse hypertext documents. A graphical document publishing and retrieval medium; a collection of linked documents that reside on the Internet.

WRITING
Information in a record that is accessible and usable for subsequent reference.

X.509
The ITU-T (International Telecommunications Union-T) standard for Digital Signature Certificates. X.509 v3 refers to certificates containing or capable of containing extensions.

ACRONYMS
ARL Authority Revocation List
CA Certification Authority
CP Certificate Policy
CPS Certification Practice Statement
CRL Certificate Revocation List
CSR Certificate Signing Request
DN Distinguished Name
e-mail Electronic Mail
FTP File Transfer Protocol
ISDN Integrated Service Digital Network
ITU International Telecommunications Union
LAN Local Area Network
PIN Personal Identification Number
PKI Public Key Infrastructure
PKIX Public Key Infrastructure X.509
URL Uniform Resource Locator
WAN Wide Area Network


 

Computer and Computer print out

LAW LIBRARY

“Computer” means any electronic, magnetic, optical or other high-speed data processing service device or system which performs logical, arithmetical and memory functions by manipulation of electronic, magnetic or optical impulses and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network;

“Computer print out” shall include ledgers, day-books, account books and other records, maintained in the ordinary course of business of the Bank or of the agent, printed on paper from the information stored in the computer or derived from such information;

Section 25 of The Government Securities Act, 2006

Government security

“Government security” means a security created and issued by the Government for the purpose of raising a public loan or for any other purpose as may be notified by the Government in the Official Gazette and having one of the forms mentioned in section 3;

Section 3 of The Government Securities Act, 2006

3. Forms of Government securities

A Government security may, subject to such terms and conditions as may be specified, be in such forms as may be prescribed or in one of the following forms, namely:-

(i) a Government promissory note payable to or to the order of a certain person; or

(ii) a bearer bond payable to bearer; or

(iii) a stock; or

(iv) a bond held in a bond ledger account.

Explanation .-For the purpose of this section, “stock” means a Government security,-
(i) registered in the books of the Bank for which a stock certificate is issued; or

(ii) held at the credit of the holder in the subsidiary general ledger account including the constituents subsidiary general ledger account maintained in the books of the Bank, and transferable by registration in the books of the Bank.

Unregulated Deposit Scheme

“Unregulated Deposit Scheme” means a Scheme or an arrangement under which deposits are accepted or solicited by any deposit taker by way of business and which is not a Regulated Deposit Scheme, as specified under column (3) of the First Schedule. [S.2 17]

Regulated Deposit Schemes

(1) The Regulator and Regulated Deposit Scheme refers to the regulators and schemes and arrangements listed in the following Table, namely: –

Table

Sl. No.

Regulator

Regulated Deposit Scheme

(1)

(2)

(3)

1.

The Securities and Exchange Board of India

(i) Any scheme or an arrangement [as defined under section 11AA of the Securities and Exchange Board of India Act, 1992 (15 of 1992)] launched, sponsored or carried out by a Collective Investment Management Company registered with the Securities and Exchange Board of India under the Securities and Exchange Board of India (Collective Investment Scheme) Regulations, 1999.

(ii) Any scheme or an arrangement registered with the Securities and Exchange Board of India under the Securities and Exchange Board of India (Alternative Investment Funds) Regulations, 2012.

(iii) Any scheme or an arrangement, pursuant to which funds are managed by a portfolio manager, registered under the Securities and Exchange Board of India (Portfolio Managers) Regulations, 1993.

(iv) Any scheme or an arrangement regulated under the Securities and Exchange Board of India (Share Based Employee Benefits) Regulations, 2014 or providing for employee benefits as permitted under the Companies Act, 2013 (18 of 2013).

(v) Any other scheme or an arrangement registered under the Securities and Exchange Board of India Act, 1992 (15 of 1992), or the regulations made thereunder.

(vi) Any amount received as contributions in the nature of subscriptions to a mutual fund registered with Securities and Exchange Board of India under the Securities and Exchange Board of India (Mutual Funds) Regulations, 1996.

2.

The Reserve Bank of India

(i) Any scheme under which deposits are accepted by Non-Banking Financial Companies as defined in clause (f) of section 45-I of the Reserve Bank of India Act, 1934 (2 of 1934) and registered with the Reserve Bank of India; or any other scheme or an arrangement registered under the Reserve Bank of India Act, 1934.

(ii) Any scheme or an arrangement under which funds are accepted by individuals or entities engaged as Business Correspondents and Facilitators by banks subject to the guidelines and circulars issued by the Reserve Bank of India from time to time.

(iii) Any scheme or an arrangement under which funds are received by a system provider operating as an authorised payment system under the Payment and Settlement Systems Act, 2007 (51 of 2007).

(iv) Any other scheme or an arrangement regulated under the Reserve Bank of India Act, 1934 (2 of 1934), or the guidelines or circulars of the Reserve Bank of India.

3.

The Insurance Regulatory and Development Authority of India

A contract of insurance pursuant to a certificate of registration obtained in accordance with the Insurance Act, 1938 (4 of 1938).

4.

The State Government or Union territory Government

(i) Any scheme or an arrangement made or offered by a co-operative society registered under the Co-operative Societies Act, 1912 (2 of 1912) or a society being a society registered or deemed to be registered under any law relating to co-operative societies for the time being in force in any State or Union territory.

(ii) Any scheme or an arrangement commenced or conducted as a chit business with the previous sanction of the State Government in accordance with the provisions of the Chit Funds Act, 1982 (40 of 1982).

(iii) Any scheme or an arrangement regulated by any enactment relating to money lending which is for the time being in force in any State or Union territory.

(iv) Any scheme or an arrangement by a prize chit or money circulation scheme under section 11 of the Prize Chits and Money Circulation Schemes (Banning) Act, 1978 (43 of 1978).

5.

The National Housing Bank

Any scheme or an arrangement for acceptance of deposits registered under the National Housing Bank Act, 1987 (53 of 1987).

6.

The Pension Fund Regulatory and Development Authority

Any scheme or an arrangement under the Pension Fund Regulatory and Development Authority Act, 2013 (23 of 2013).

7.

The Employees’ Provident Fund Organisation

Any scheme, Pension Scheme or Insurance Scheme framed under the Employees’ Provident Fund and Miscellaneous Provisions Act, 1952 (19 of 1952).

8.

The Central Registrar, Multi-State Co-operative Societies

Any scheme or an arrangement for acceptance of deposits from voting members by a Multi-State Co-operative Society registered under the Multi-State Co-operative Societies Act, 2002 (39 of 2002).

9.

The Ministry of Corporate Affairs, Government of India

(i) Deposits accepted or permitted under the provisions of Chapter V of the Companies Act, 2013 (18 of 2013).

(ii) Any scheme or an arrangement under which deposits are accepted by a company declared as a Nidhi or a Mutual Benefit Society under section 406 of the Companies Act, 2013 (18 of 2013).

(2) The following shall also be treated as Regulated Deposit Schemes under this Act, namely: –

(a) deposits accepted under any scheme or an arrangement registered with any regulatory body in India constituted or established under a statute; and

(b) any other scheme as may be notified by the Central Government under this Act.

Banning of Unregulated Deposit Schemes

3. Banning of Unregulated Deposit Schemes. – On and from the date of commencement of this Act, –

(a) the Unregulated Deposit Schemes shall be banned; and

(b) no deposit taker shall, directly or indirectly, promote, operate, issue any advertisement soliciting participation or enrolment in or accept deposits in pursuance of an Unregulated Deposit Scheme.

4. Fraudulent default in Regulated Deposit Schemes. – No deposit taker, while accepting deposits pursuant to a Regulated Deposit Scheme, shall commit any fraudulent default in the repayment or return of deposit on maturity or in rendering any specified service promised against such deposit.

5. Wrongful inducement in relation to Unregulated Deposit Schemes. – No person by whatever name called shall knowingly make any statement, promise or forecast which is false, deceptive or misleading in material facts or deliberately conceal any material facts, to induce another person to invest in, or become a member or participant of any Unregulated Deposit Scheme.

6. Certain scheme to be Unregulated Deposit Scheme. – A prize chit or a money circulation scheme banned under the provisions of the Prize Chits and Money Circulation Scheme (Banning) Act, 1978 shall be deemed to be an Unregulated Deposit Scheme under this Act.


Banning of Unregulated Deposit Schemes Act, 2019

National Exit Test [Medical NET]

Medical Negligence

15. National Exit Test. – (1) A common final year undergraduate medical examination, to be known as the National Exit Test shall be held for granting licence to practice medicine as medical practitioners and for enrolment in the State Register or the National Register, as the case may be.

(2) The Commission shall conduct the National Exit Test through such designated authority and in such manner as may be specified by regulations.

(3) The National Exit Test shall become operational on such date, within three years from the date of commencement of this Act, as may be appointed by the Central Government, by notification.

(4) Any person with a foreign medical qualification shall have to qualify National Exit Test for the purpose of obtaining licence to practice medicine as medical practitioner and for enrolment in the State Register or the National Register, as the case may be, in such manner as may be specified by regulations.

(5) The National Exit Test shall be the basis for admission to the postgraduate broad-speciality medical education in medical institutions which are governed under the provisions of this Act or under any other law for the time being in force and shall be done in such manner as may be specified by regulations.

(6) The Commission shall specify by regulations the manner of conducting common counselling by the designated authority for admission to the postgraduate broad-speciality seats in the medical institutions referred to in sub-section (5):

Provided that the designated authority of the Central Government shall conduct the common counselling for All India seats and the designated authority of the State Government shall conduct the common counselling for the seats at the State level.


National Medical Commission Act, 2019

The National Medical Commission

3. Constitution of National Medical Commission. – (1) The Central Government shall constitute a Commission, to be known as the National Medical Commission, to exercise the powers conferred upon, and to perform the functions assigned to it, under this Act.
(2) The Commission shall be a body corporate by the name aforesaid, having perpetual succession and a common seal, with power, subject to the provisions of this Act, to acquire, hold and dispose of property, both movable and immovable, and to contract, and shall, by the said name, sue or be sued.
(3) The head office of the Commission shall be at New Delhi.

4. Composition of Commission. – (1) The Commission shall consist of the following persons to be appointed by the Central Government, namely: –
(a) a Chairperson;

(b) ten ex officio Members; and

(c) twenty-two part-time Members.

(2) The Chairperson shall be a medical professional of outstanding ability, proven administrative capacity and integrity, possessing a postgraduate degree in any discipline of medical sciences from any University and having experience of not less than twenty years in the field of medical sciences, out of which at least ten years shall be as a leader in the area of medical education.
(3) The following persons shall be the ex officio Members of the Commission, namely: –
(a) the President of the Under-Graduate Medical Education Board;

(b) the President of the Post-Graduate Medical Education Board;

(c) the President of the Medical Assessment and Rating Board;

(d) the President of the Ethics and Medical Registration Board;

(e) the Director General of Health Services, Directorate General of Health Services, New Delhi;

(f) the Director General, Indian Council of Medical Research;

(g) a Director of any of the All India Institutes of Medical Sciences, to be nominated by the Central Government;

(h) two persons from amongst the Directors of Postgraduate Institute of Medical Education and Research, Chandigarh; Jawaharlal Institute of Postgraduate Medical Education and Research, Puducherry; Tata Memorial Hospital, Mumbai; North Eastern Indira Gandhi Regional Institute of Health and Medical Sciences, Shillong; and All India Institute of Hygiene and Public Health, Kolkata; to be nominated by the Central Government; and

(i) one person to represent the Ministry of the Central Government dealing with Health and Family Welfare, not below the rank of Additional Secretary to the Government of India, to be nominated by that Ministry.

(4) The following persons shall be appointed as part-time Members of the Commission, namely: –
(a) three Members to be appointed from amongst persons of ability, integrity and standing, who have special knowledge and professional experience in such areas including management, law, medical ethics, health research, consumer or patient rights advocacy, science and technology and economics;

(b) ten Members to be appointed on rotational basis from amongst the nominees of the States and Union territories, under clauses (c) and (d) of sub-section (2) of section 11, in the Medical Advisory Council for a term of two years in such manner as may be prescribed;

(c) nine members to be appointed from amongst the nominees of the States and Union territories, under clause (e) of sub-section (2) of section 11, in the Medical Advisory Council for a term of two years in such manner as may be prescribed.

Explanation. – For the purposes of this section and section 17, the term “leader” means the Head of a Department or the Head of an organisation.

10. Powers and functions of Commission. – (1) The Commission shall perform the following functions, namely: –
(a) lay down policies for maintaining a high quality and high standards in medical education and make necessary regulations in this behalf;

(b) lay down policies for regulating medical institutions, medical researches and medical professionals and make necessary regulations in this behalf;

(c) assess the requirements in healthcare, including human resources for health and healthcare infrastructure and develop a road map for meeting such requirements;

(d) promote, co-ordinate and frame guidelines and lay down policies by making necessary regulations for the proper functioning of the Commission, the Autonomous Boards and the State Medical Councils;

(e) ensure co-ordination among the Autonomous Boards;

(f) take such measures, as may be necessary, to ensure compliance by the State Medical Councils of the guidelines framed and regulations made under this Act for their effective functioning under this Act;

(g) exercise appellate jurisdiction with respect to the decisions of the Autonomous Boards;

(h) lay down policies and codes to ensure observance of professional ethics in medical profession and to promote ethical conduct during the provision of care by medical practitioners;

(i) frame guidelines for determination of fees and all other charges in respect of fifty per cent. of seats in private medical institutions and deemed to be universities which are governed under the provisions of this Act;

(j) exercise such other powers and perform such other functions as may be prescribed.

(2) All orders and decisions of the Commission shall be authenticated by the signature of the Secretary.
(3) The Commission may delegate such of its powers of administrative and financial matters, as it deems fit, to the Secretary.
(4) The Commission may constitute sub-committees and delegate such of its powers to such sub-committees as may be necessary to enable them to accomplish specific tasks.


National Medical Commission Act, 2019