It had been reported in these columns about the usage of Digital
Signatures by ICICI Bank while sending demat statements to the clients.
The e-mail contained the following information:
Your transaction statement for Demat account
IN300183 - 10896842
The Statement is for the period
ended May 31, 2004. Please download/save the attachment on your computer
to view the same.
e-mail statement is authenticated by a digital signature obtained
from a Certifying Authority under the Information Technology Act, 2000.
This allows you to verify that the statement is sent by ICICI Bank only
and that the contents of the same have not been altered during
Click here for the details of the verification process. To download
ICICI Phone Banking made easy
Customer Relationship Number for Self Phone Banking (IVR) can be
difficult. From May 15, 2004, you can use your demat account number to
access your Demat account details with ease. You have to simply dial
the numeric characters of your DP ID along with your Demat account
number and your TPIN (Telephone personal identification number) to
access your Demat account details. Use of CRN is being discontinued.
must be also aware that Minimum charges for transfer instructions
submitted through Internet/Phone(IVR) have been reduced by 50%. To
register, visit your bank branch along with a proof of your identity. To
know more about
e-Instructions facility, click on the link or call us on the
ICICI Phone Banking numbers or write to us at
you best services always.
ICICI Bank Demat Services
Assuring you best services
ICICI Bank Demat
There were two attachments to the e-mail as indicated in the article of
September 7th. The first was the statement as a .HTML file. The second was named
xxx.HTML.SSIG where xxx is the name of the first .HTML file.
Both the files could be saved on to the computer. The first
file could be opened and read directly by the browser. The second required
downloading of the SafeDoXX, an application which was downloaded and installed.
Once this application is in the user's computer, double clicking of the .SSIG
file opens a dialogue box of SafeDoXX from which we can select the file and
verify the signature. After verification the file is resaved in the same format.
(See here for the sequence of
It had been pointed out to ICICI that the mail gave the
impression that there was a statement file and then an attached digital
signature file of the same document and the verification of the second document
was independent of the first document.
A clarification has been received from ICICI Bank today which
states as follows:
"We are sending 2 files 1)
.html and 2) .SSIG. Both are independent files i.e
not depending on each other.
file (.html) is original statement containing transactions. This is not signed
document. Purpose is those who are (majority falls in this category) not
interested in signed document can open it without verifier.
file is signed document which also self-contains original document. This can
be open with verifier utility only. Customer here is assuming that to open
SSIG file, first file is required to exist which is not the case. In fact SSIG
file can be opened and then save as normat .html
We thank ICICI Bank
for the clarification.
However, the earlier
communication appeared to be misleading. We would like to
also point out that after opening the SSIG file it was not possible to save it
directly as a html file. Hence the recipient cannot view the document after
verifying the signature. ( Except by renaming the file removing .SSIG
We suggest that the
following changes are made to the system to avoid confusion.
verification of the signature it should be possible to open the original
(.HTML) file and read.
2. Only one
attachment containing the digitally signed statement should be sent.
3. If a person
does not want to verify the signature, it should be possible for him to open
the .HTML file and continue.
We hope these changes would be incorporated soon.
October 20 2004
Earlier article of September 7, 2004 is here.