(1) In this Act, unless the context otherwise requires-
"accept a certificate" means-
(a) to manifest approval of a certificate, while knowing or having notice of its contents; or
(b) to apply to a licensed certification authority for a certificate, without revoking the application by delivering notice of the revocation to the licensed certification authority, and obtaining a signed, written receipt from the licensed certification authority, if the licensed certification authority subsequently issue a certificate based on the application;
"asymmetric cryptosystem" means an algorithm or series of algorithms which provide a secure key pair;
"authorized officer" means an officer authorized under section 75;
"certificate" means a computer-based record which -
(a) identifies the certification authority issuing it;
(b) names or identifies its subscriber;
(c) contains the subscriber's public key; and
(d) is digitally signed by the certification authority issuing it;
"certification authority" means a person who issues a certificate;
"certification authority disclosure record" means an on-line and publicly accessible record which concerns a licensed certification authority which is kept by the Commission under subsection 3(5);
[Am. Act A1121:s.2]
"certification practice statement" means a declaration of the practices which a certification authority employs in issuing certificates generally, or employed in issuing a particular certificate;
"certify" means to declare with reference to a certificate, with ample opportunity to reflect, and with a duty to apprise oneself of all material facts;
"Commission" means the Malaysian Communications and Multimedia Commission established under the Malaysian Communications and Multimedia Commission Act 1998 [Act 589];
[Ins. Act A1121:s.3]
"confirm" means to ascertain through diligent inquiry and investigation;
"Controller" [Deleted by Act A1121:s.3]
"correspond", with reference to keys, means to belong to the same key pair;
"digital signature" means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine-
(a) whether the transformation was created using the private key that corresponds to the signer's public key; and
(b) whether the message has been altered since the transformation was made;
"forge a digital signature" means-
(a) to create a digital signature without the authorization of the rightful holder of the private key; or
(b) to create a digital signature verifiable by a certificate listing as subscriber a person who either does not exist or does not hold the private key corresponding to the public key listed in the certificate;
"hold a private key" means to be able to utilize a private key;
"incorporate by reference" means to make one message a part of another message by identifying the message to be incorporated and expressing the intention that it be incorporated;
"issue a certificate" means the act of a certification authority in creating a certificate and notifying the subscriber listed in the certificate of the contents of the certificate;
"key pair" means a private key and its corresponding public key in an asymmetric cryptosystem, where the public key can verify a digital signature that the private key creates;
"licensed certification authority" means a certification authority to whom a licence has been issued by the Commission and whose licence is in effect;
[Am.Act A1121:s.2]
"message" means a digital representation of information;
"notify" means to communicate a fact to another person in a manner reasonably likely under the circumstances to impart knowledge of the information to the other person;
"person" means a natural person or a body of persons, corporate or unincorporate, capable of signing a document, either legally or as a matter of fact;
"prescribed" means prescribed by or under this Act or any regulations made under this Act;
"private key" means the key of a key pair used to create a digital signature;
"public key" means the key of a key pair used to verify a digital signature;
"publish" means to record or file in a repository;
"qualified certification authority" means a certification authority that satisfies the requirements under section 5;
"recipient" means a person who receives or has a digital signature and is in a position to rely on it;
"recognized date/time stamp service" means a date/time stamp service recognized by the Commission under section 70;
[Am. Act A1121:s.2]
"recognized repository" means a repository recognized by the Commission under section 68;
[Am. Act A1121:s.2]
"recommended reliance limit" means the monetary amount recommended for reliance on a certificate under section 60;
"repository" means a system for storing and retrieving certificates and other information relevant to digital signatures;
"revoke a certificate" means to make a certificate ineffective permanently from a specified time forward;
"rightfully hold a private key" means to be able to utilize a private key-
(a) which the holder or the holder's agents have not disclosed to any person in contravention of this Act; and
(b) which the holder has not obtained through theft, deceit, eavesdropping or other unlawful means;
"subscriber" means a person who-
(a) is the subject listed in a certificate;
(b) accepts the certificate; and
(c) holds a private key which corresponds to a public key listed in that certificate;
"suspend a certificate" means to make a certificate ineffective temporarily for a specified time forward;
"this Act" includes any regulations made under this Act;
"time-stamp" means-
(a) to append or attach to a message, digital signature or certificate a digitally signed notation indicating at least the date, time and identity of the person appending or attaching the notation; or
(b) the notation so appended or attached;
"transactional certificate" means a certificate, incorporating by reference one or more digital signatures, issued and valid for a specific transaction;
"trustworthy system" means computer hardware and software which-
(a) are reasonably secure from intrusion and misuse;
(b) provide a reasonable level of availability, reliability and correct operation; and
(c) are reasonably suited to performing their intended functions;
"valid certificate" means a certificate which-
(a) a licensed certification authority has issued;
(b) has been accepted by the subscriber listed in it;
(c) has not been revoked or suspended; and
(d) has not expired:
Provided that a transactional certificate is a valid certificate only in relation to the digital signature incorporated in it by reference;
"verify a digital signature" means, in relation to a given digital signature, message and public key, to determine accurately that-
(a) the digital signature was created by the private key corresponding to the public key; and
(b) the message has not been altered since its digital signature was created;
"writing" or "written" includes any handwriting, typewriting, printing, electronic storage or transmission, or any other method of recording information or fixing information in a form capable of being preserved.
(2) For the purposes of this Act, a certificate shall be revoked by making a notation to that effect on the certificate or by including the certificate in a set of revoked certificates.
(3) The revocation of a certificate does not mean that it is destroyed or made illegible.