- Powered by Yip Tse & Tang, Solicitors & Notaries 葉謝鄧律師行

Electronic Time Stamping

Hongkong Post is partnering with The Chinese University of Hong Kong on providing e-timestamping service for the Internet and e-commerce community. Electronic Time-Stamping (e-TS) is a secure online notary mechanism, which certifies that a set of data has existed and has not been altered since a specific point in time. It serves as a trusted third party witnessing the existence and particulars of electronic data.

Regardless of the format and the content, any electronic data can be timestamped. e-TS can be applied to online business transactions, e-mails, secure messaging, intellectual property protection and other time-sensitive services.

A FREE trial to create your own timestamping is available online now. You can visit in Hongkong Post website or click to have a free trial and get more details.

Foreign legislations on digital signatures

Examples of foreign legislation concerning the effect and validity of digital signatures includes:

United States:

  • Uniform Electronic Transactions Act (UETA)
  • Electronic Signatures in Global and National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq.
  • England and Wales

  • Electronic Communications Act 2000

  • Decided cases

    Despite the fact that Hong Kong has introduced the Electronic Transactions Ordinance in 2001, there has been no decided case relating to the validity and use of digital signatures.

    There are limited number of court decisions in foreign countries talking about the effect and validity of digital signatures or their related legislation:

  • re Piranha, Inc., 2003 WL 21468504 (N.D. Tex) (UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).

  • Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir., 2002) (E-SIGN does not apply retroactively to contracts formed before it took effect in 2000. Nevertheless, the statute of frauds was satisfied by the text of E-mails plus an (apparently) written notation.)

  • Sea-Land Service, Inc. v. Lozen International, 285 F.3d 808 (9th Cir., 2002) (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)

  • Use of Digital Certificates on Internet Trading

    Since February 2001, HKEx has offered secure Internet trading services with the application of a digital certificate.

    By using a digital certificate issued by a recognised certification authority such as the Postmaster General of HKSAR Government, Digi-Sign, investors are able to place order through the Online Trading Service securely and directly to their brokers' trading systems over the Internet.

    In addition, Digi-Sign accepts non-HK citizen to apply for ID-Cert using a valid travel document and this can enable cross-border investors to conduct trusted and secure transactions on the Net.

    Hong Kong Jockey Club's Online Betting Service (eWin)

    Digi-Sign Certification Services Limited (Digi-Sign) is a recognised Certification Authority under the Electronic Transactions Ordinance. The ID-Certs issued by Digi-Sign can be used to authenticate a wide range of trade transactions online. ID-Cert holders can use their digital certificates with Hong Kong Jockey Club's eWin service for betting on the Internet.

    The Hong Kong Jockey Club's eWin service is an efficient and secure way of betting on football matches, horse races and buying Mark Six. Through its website, you can access the latest odds and results, study the extensive racing information database. To make your online betting securely, simply use your ID-Cert with the eWin service.

    Personal ID-Cert can be applied online at the secure web server of Digi-Sign.

    More information on eWin service can be found on the Hong Kong Jockey Club's website

    Concept of Public Key Infrastructure (PKI)

    PKI covers the use of public key cryptography for authentication and access control of a user, guaranteeing the integrity and non-repudiation of documents signed by the user, and confidentiality of data.
    PKI employs a pair of keys for each user: a private key which is known only to the user himself, and a public key which is published by some authority, in the form of a digital certificate (certificate for short).

    In signing a document or an e-mail, a user signs using his own private key so that others can use the signer's public key to verify the authenticity and non-repudiation of documents or e-mail. Since only the user has his own private key to sign, non-repudiation is established.

    Before sending an encrypted e-mail to a receiver, the sender installs the receiver's certificate in the sender's e-mail program which supports the use of PKI technologies. The program can, on the sender's instruction, encrypt an e-mail using the receiver's public key. The receiver, on receiving the encrypted mail, can use his private key to decrypt the mail. Since only the receiver has his own private key, the encrypted mail will only be readable by him. Others, even if they can get hold of a copy of the encrypted mail over the network, would not be able to read the encrypted mail as they do not have the receiver's private key to decrypt the mail. The use of PKI saves the trouble of maintaining and distributing the same encryption/decryption key between the sender and the receiver.

    The e-mail program Netscape Messenger v4.7x supports the signing and encryption of e-mail using 1024-bit RSA keys and certificates.

    By using strong public key cryptographic algorithms, such as 1024-bit RSA keys which the HKU CA and Hongkong Post are employing, it is practically impossible for anyone to crack the private key from the public key within the life-time of a private key.

    Digital Signatures are Signatures

    This is under section 6 of the Ordinance.

    If a rule of law requires the signature of a person or provides for certain consequences if a document is not signed by a person, a digital signature of the person satisfies the requirement but only if the digital signature is supported by a recognized certificate and is generated within the validity of that certificate.

    Digi-Sign Certification Services Now Available in Macau

    Digi-Sign Certification Services Limited (Digi-Sign) announced today that TEDMEV (Transferencia Electronica de Dados - MACAU EDI VAN S.A.) and CTM (Companhia de Telecomunicacoes de Macau, S.A.R.L.) have been appointed to market Digi-Sign's Super SSL (Secure Socket Layer) and VPN (Virtual Private Network) certificates in Macau.

    The cooperation provides a more convenient and efficient means for traders, government departments and major organisations in Macau to apply for digital certificates without the need to do it online or purchase from overseas organisations.

    Digi-Sign's Super SSL Server Certificates:

    They are issued to organisations which are the registered owners of the domain names or are otherwise authorised to use the domain names. The Super SSL Server Certificate is chained to the CyberTrust Root Certification Authority in USA. CyberTrust Root CA is embedded in most of the browsers including Netscape and Internet Explorer.

    Digi-Sign's VPN Certificate:

    It acts as a user or device passport to authorise the use of the VPN. VPN technology implements secure Internet protocol (IP) tunnels between their corporate sites as well as to business partners and remote users. The complete integration of Digi-Sign's certificates into proven VPN technology is suitable for corporations who require secure communications between their headquarters and branches, or between customers and suppliers.

    Patrick Chung, Digi-Sign CEO and Tradelink Deputy CEO, said, "We welcome the opportunity of working closely with TEDMEV and CTM to promote secure online transactions in Macau. With the use of Digi-Sign's Super SSL Server Certificate and VPN Certificate, we can expect to see Macau a more secure and trusted marketplace for the conduct of electronic transactions."