Hong Kong Ordinances

ELECTRONIC TRANSACTIONS ORDINANCE - SECT 2

Interpretation

Caution: This is a past version. See the current version here.

(1) In this Ordinance, unless the context otherwise requires- "accept a
certificate" (接受證書), in relation to a person to whom a certificate is
issued, means that the person while having notice of the contents of the
certificate-

   (a)  authorizes the publication of the certificate to one or more persons
        or in a repository;

   (b)  uses the certificate; or

   (c)  otherwise demonstrates the approval of the certificate; "addressee"
        (收訊者), in relation to an electronic record sent by an
        originator, means the person who is specified by the originator to
        receive the electronic record but does not include an intermediary;
        "asymmetric cryptosystem" (非對稱密碼系統) means a system
        capable of generating a secure key pair, consisting of a private key
        for generating a digital  signature and a public key to verify the
        digital signature; "certificate" (證書) means a record which-

   (a)  is issued by a certification authority for the purpose of supporting a
        digital signature which purports to confirm the identity or other
        significant characteristics of the person who holds a particular key 
        pair;

   (b)  identifies the certification authority issuing it;

   (c)  names or identifies the person to whom it is issued;

   (d)  contains the public key of the person to whom it is issued; and

   (e)  is signed by a responsible officer of the certification  authority
        issuing it; "certification authority" (核證機關) means a person
        who issues a certificate to a person (who may be another
        certification authority); "certification authority disclosure record"
        (核證機關披露紀錄), in relation to a
        recognized certification authority, means the record maintained under
        section 31 for that certification authority; "certification practice
        statement" (核證作業準則) means a statement issued by a
        certification authority to specify the practices and standards that
        the certification authority employs in issuing certificates; "code of
        practice" (業務守則) means the code of practice issued under
        section  33 ; "correspond" (對應), in relation to private or
        public keys, means to belong to the same key pair; "digital signature"
        (數碼簽署), in relation to an electronic record, means an
        electronic signature of the signer generated by the transformation of
        the electronic record using an asymmetric cryptosystem and a
        hash function such that a person having the initial untransformed
        electronic record and the signer's public key can determine-

   (a)  whether the transformation was generated using the private key that
        corresponds to the signer's public key; and

   (b)  whether the initial electronic record has been altered since the
        transformation was generated; "Director" (署長) means the Director
        of Information Technology Services; "electronic record" (電子紀錄)
        means a record generated in digital form by an information system,
        which can be-

   (a)  transmitted within an information system or from one
        information system to another; and

   (b)  stored in an information system or other medium; "electronic
        signature" (電子簽署) means any letters, characters, numbers or
        other symbols in digital form attached to or logically associated with
        an electronic record, and executed or adopted for the purpose of
        authenticating or approving the electronic record; "hash function"
        (雜湊函數) means an algorithm mapping or transforming one sequence
        of bits into another, generally smaller, set as the hash result, such
        that-

   (a)  a record yields the same hash result every time the algorithm is
        executed using the same record as input;

   (b)  it is computationally not feasible for a record to be derived or
        reconstituted from the hash result produced by the algorithm; and

   (c)  it is computationally not feasible that 2 records can be found to
        produce the same hash result using the algorithm; "information"
        (資訊) includes data, text, images, sound codes, computer
        programmes, software and databases; "information system"
        (資訊系統) means a system which-

   (a)  processes information;

   (b)  records information;

   (c)  can be used to cause information to be recorded, stored or otherwise
        processed in other information systems (wherever situated); and

   (d)  can be used to retrieve information, whether the information is
        recorded or stored in the system itself or in other
        information systems

(wherever situated); "intermediary" (中介人), in relation to a particular
electronic record, means a person who on behalf of a person, sends, receives
or stores that electronic record or provides other incidental services with
respect to that electronic record; "issue" (發出), in relation to a
certificate, means the act of a certification authority of creating a
certificate and notifying its contents to the person named or identified in
that certificate as the person to whom it is issued; "key pair"
(配對密碼匙), in an asymmetric cryptosystem, means a private key and its
mathematically related public key, where the public key can verify a 
digital signature that the private key generates; "originator" (發訊者), in
relation to an electronic record, means a person, by whom, or on whose behalf,
the electronic record is sent or generated but does not include an
intermediary; "Postmaster General" (郵政署署長) means the
Postmaster General within the meaning of the Post Office Ordinance ( Cap 98);
"private key" (私人密碼匙) means the key of a key pair used to generate a
digital signature; "public key" (公開密碼匙) means the key of a key pair
used to verify a digital  signature; "recognized certificate" (認可證書)
means-

   (a)  a certificate recognized under section 22;

   (b)  a certificate of a type, class or description of certificate
        recognized under section 22; or

   (c)  a certificate designated as a recognized certificate issued by the
        certification authority referred to in section 34; "recognized
        certification authority" (認可核證機關) means a certification 
        authority recognized under section 21 or the certification authority
        referred to in section 34; "record" (紀錄) means information that is
        inscribed on, stored in or otherwise fixed on a tangible medium or
        that is stored in an electronic or other medium and is retrievable in
        a perceivable form; "reliance limit" (倚據限額) means the monetary
        limit specified for reliance on a recognized certificate; "repository"
        (儲存庫) means an information system for storing and retrieving
        certificates and other information relevant to certificates;
        "responsible officer" (負責人員), in relation to a
        certification authority, means a person occupying a position of
        responsibility in relation to the activities of the
        certification authority relevant to this Ordinance; "rule of law"
        (法律規則) means-

   (a)  an Ordinance;

   (b)  a rule of common law or a rule of equity; or

   (c)  customary law; "Secretary" (局長) means the Secretary for
        Information Technology and Broadcasting; "sign" and "signature"
        (簽、簽署) include any symbol executed or adopted, or any
        methodology or procedure employed or adopted, by a person with the
        intention of authenticating or approving a record; "subscriber"
        (登記人) means a person (who may be a certification authority) who-

   (a)  is named or identified in a certificate as the person to whom the
        certificate is issued;

   (b)  has accepted that certificate; and

   (c)  holds a private key which corresponds to a public key listed in that
        certificate; "trustworthy system" (穩當系統) means computer
        hardware, software and procedures that-

   (a)  are reasonably secure from intrusion and misuse;

   (b)  are at a reasonable level in respect of availability, reliability and
        ensuring a correct mode of operations for a reasonable period of time;

   (c)  are reasonably suitable for performing their intended function; and

   (d)  adhere to generally accepted security principles; "verify a digital
        signature" (核實數碼簽署), in relation to a given digital 
        signature, electronic record and public key, means to determine that-

   (a)  the digital signature was generated using the private key
        corresponding to the public key listed in a certificate; and

   (b)  the electronic record has not been altered since its digital 
        signature was generated, and any reference to a digital signature
        being verifiable is to be construed accordingly.

(2) For the purposes of this Ordinance, a digital signature is taken to be
supported by a certificate if the digital signature is verifiable with
reference to the public key listed in a certificate the subscriber of which is
the signer. "accept a certificate" (接受證書) "addressee" (收訊者)
"asymmetric cryptosystem" (非對稱密碼系統) "certificate" (證書)
"certification authority" (核證機關) "certification authority disclosure
record" (核證機關披露紀錄) "certification practice statement"
(核證作業準則) "code of practice" (業務守則) "correspond" (對應)
"digital signature" (數碼簽署) "Director" (署長) "electronic record"
(電子紀錄) "electronic signature" (電子簽署) "hash function"
(雜湊函數) "information" (資訊) "information system" (資訊系統)
"intermediary" (中介人) "issue" (發出) "key pair" (配對密碼匙)
"originator" (發訊者) "Postmaster General" (郵政署署長) "private key"
(私人密碼匙) "public key" (公開密碼匙) "recognized certificate"
(認可證書) "recognized certification authority" (認可核證機關)
"record" (紀錄) "reliance limit" (倚據限額) "repository" (儲存庫)
"responsible officer" (負責人員) "rule of law" (法律規則) "Secretary"
(局長) "sign" and "signature" (簽、簽署) "subscriber" (登記人)
"trustworthy system" (穩當系統) "verify a digital signature"
(核實數碼簽署)