Encryption has been used as a means of secure communication for centuries. In recent years it has played a major part in conducting warfare and now in the 21st century it has an added importance in the field of e-commerce. The borderless nature of the internet is a double-edged sword. On the one hand for the first time in history it allows users to transact with the 'whole world' while on the other it could be a haven for potential fraudsters looking to dupe the inattentive user. The PKI system has been developed to allow such transactions to go ahead by giving contracting parties some form of security as to the identity of the other.
The Utah Digital Signature Act was the first piece of legislation enacted in this area. The act deals with the legal effect of digital signatures and also deals with the licensing and duties of certification authorities.
The Electronic Transactions Ordinance 2000 is Hong Kong's equivalent.
Like most digital signature legislation, the Electronic Transactions Ordinance adopts an 'asymmetric cryptosystem' as opposed to 'symmetric cryptosystem'. In the latter a single key is used to encrypt and decrypt a message. Not surprisingly such a system is more limited and cannot be used en masse. However, asymmetric cryptosystem involves a 'key pair'. A private key is used by one person to encrypt a message and a public key is used by another to decrypt it. Such a system can be more widely used and is therefore ideal for online transactions.
One additional feature about the ETO is that it establishes an 'open PKI' just like the Utah legislation upon which it is based. Under this system an applicant obtains a key pair from a certification authority (CA). The CA will issue a certificate to confirm the identity...