ICICI Bank Clarifies on Digital Signature Usage



It had been reported in these columns about the usage of Digital Signatures by ICICI Bank while sending demat statements to the clients.

The e-mail contained the following information:

icicidemat.gif (3654 bytes)




Your transaction statement for Demat account IN300183 - 10896842 is enclosed. The Statement is for the period ended May 31, 2004. Please download/save the attachment on your computer to view the same.

This e-mail statement is authenticated by a digital signature obtained from a Certifying Authority under the Information Technology Act, 2000. This allows you to verify that the statement is sent by ICICI Bank only and that the contents of the same have not been altered during transmission. Click here for the details of the verification process. To download verify utility click here.

ICICI Phone Banking made easy

 Remembering your Customer Relationship Number for Self Phone Banking (IVR) can be difficult. From May 15, 2004, you can use your demat account number to access your Demat account details with ease. You have to simply dial the numeric characters of your DP ID along with your Demat account number and your TPIN (Telephone personal identification number) to access your Demat account details. Use of CRN is being discontinued.

 You must be also aware that Minimum charges for transfer instructions submitted through Internet/Phone(IVR) have been reduced by 50%. To register, visit your bank branch along with a proof of your identity. To know more about e-Instructions facility, click on the link or call us on the ICICI Phone Banking numbers or write to us at customer.care@icicibank.com

 Assuring you best services always.

 ICICI Bank Demat Services

 Assuring you best services always. 

ICICI Bank Demat Services

There were two attachments to the e-mail as indicated in the article of September 7th. The first was the statement as a .HTML file. The second was named  xxx.HTML.SSIG where xxx is the name of the first .HTML file.

Both the files could be saved on to the computer. The first file could be opened and read directly by the browser. The second required downloading of the SafeDoXX, an application which was downloaded and installed. Once this application is in the user's computer, double clicking of the .SSIG file opens a dialogue box of SafeDoXX from which we can select the file and verify the signature. After verification the file is resaved in the same format. (See here for the sequence of activity)

It had been pointed out to ICICI that the mail gave the impression that there was a statement file and then an attached digital signature file of the same document and the verification of the second document was independent of the first document.

A clarification has been received from ICICI Bank today which states as follows:

"We are sending 2 files 1) .html and 2) .SSIG.  Both are independent files i.e not depending on each other.

 First file (.html) is original statement containing transactions. This is not signed document. Purpose is those who are (majority falls in this category) not interested in signed document can open it without verifier.

 Second file is signed document which also self-contains original document. This can be open with verifier utility only. Customer here is assuming that to open SSIG file, first file is required to exist which is not the case. In fact SSIG file can be opened and then save as normat .html file."

We thank ICICI Bank for the clarification.

However, the earlier communication appeared to be misleading. We would like to also point out that after opening the SSIG file it was not possible to save it directly as a html file. Hence the recipient cannot view the document after verifying the signature. ( Except by renaming the file removing .SSIG extension).

We suggest that the following changes are made to the system to avoid confusion.

1. After verification of the signature it should be possible to open the original (.HTML) file and read.

2. Only one attachment containing the digitally signed statement should be sent.

3. If a person does not want to verify the signature, it should be possible for him to open the .HTML file and continue.

We hope these changes would be incorporated soon.


October 20 2004

Earlier article of September 7, 2004 is here.

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com


Back To Naavi.org