CyberLawNet.com - Powered by Yip Tse & Tang, Solicitors & Notaries 葉謝鄧律師行

« March 2002 | Main | January 2003 »

Two more private companies become recognized CA: HiTRUST and JETCO

The Director of Information Technology Services (the Director), Mr Alan Wong Chi-kong, today (April 29) granted recognition to HiTRUST.COM (HK) Incorporated Limited (HiTRUST) and Joint Electronic Teller Services Limited (JETCO) as recognized certification authorities under the Electronic Transactions Ordinance (Cap. 553).

To foster the development of electronic commerce in Hong Kong, the Government has taken the initiative under the "Digital 21" Information Technology Strategy to provide a secure environment for the conduct of electronic transactions by members of the public.

As part of this initiative, the Government has established the voluntary recognition scheme for certification authorities under the Electronic Transactions Ordinance.

A certification authority issues digital certificates to subscribers, allowing them to conduct electronic transactions with other parties in a secure manner.

"The Government encourages the private sector to provide services as certification authorities. To keep regulatory control to the minimum, there is no mandatory licensing requirement for certification authorities to operate in Hong Kong. Instead, certification authorities may apply to the Director for recognition under the voluntary recognition scheme," said a spokesman for the Information Technology Services Department (ITSD).

Being a recognized certification authority will enhance public confidence in using the service of the certification authority, because the Director will only grant recognition to a certification authority which has reached a trustworthy standard acceptable to the Government.

With recognition granted by the Director to HiTRUST and JETCO, there are now four recognized certification authorities operating in Hong Kong.

The other two recognized certification authorities are Digi-Sign Certification Services Limited that was granted recognition by the Director in July 2001, and the Postmaster General who is a recognized certification authority as provided under the Electronic Transactions Ordinance. The Postmaster General started operation of the Hongkong Post Certification Authority in January 2000.

"It is encouraging to see that there are now multiple recognized certification authorities operating in Hong Kong, providing the public with more choices. It demonstrates business interests and opportunities in the local market in respect of the provision of certification authority services that will facilitate and drive the public to conduct more electronic transactions in a secure manner," the spokesman added.

Under the voluntary recognition scheme, the Director may also grant recognition on application to digital certificates issued by a recognized certification authority. The Director has granted recognition to two types of digital certificate that HiTRUST will issue to individuals and organisations, and to one type of digital certificate that JETCO will issue to individuals.

More details of the voluntary recognition scheme are available on the web site of ITSD (http://www.itsd.gov.hk/itsd/caro/ecaro.htm).

Under the Electronic Transactions Ordinance, the Director needs to maintain a disclosure record for each recognized certification authority. The disclosure records for HiTRUST and JETCO are also available on the ITSD web site.

End/Monday, April 29, 2002


HiTRUST.COM (HK) AWARDED Recognized Certification Authority by HKSAR government

pic_cabThe Hong Kong Information Technology Services Department ('ITSD') has granted recognition to HiTRUST.COM (HK) Incorporated Limited ('HiTRUST') as a Recognized Certification Authority ('RCA') under the Electronic Transactions Ordinance (Cap. 553) ('ETO').

Various types of digital certificate services are currently being offered by HiTRUST, ranging from server certificate for SSL secure web site, individual certificates for secure messaging, to device certificate deploying on mobile phone or cable modem.

According to the regulation set in the ETO, only the digital signatures generated by using RCA's digital certificate are regarded as statutory signatures and subsequently under the protection of the ETO.

Being a RCA, according to the voluntary recognition scheme for certification authorities under the ETO, it is regarded to be qualified in protecting consumers' interests and in general enhance public confidence in electronic transactions.

Aspects concerned are Certificate Practice Statement, certificate generation and issuance procedures, liability and insurance coverage, disaster restoring plan, information security, facilities security, personnel security and corporate financial viability, etc.

Under the ETO, ITSD needs to maintain a disclosure record for each recognized certification authority. The disclosure records for HiTRUST can be found on the ITSD web site at https://secure1.info.gov.hk/itsd/english/caro/esub43.htm.