- DIGITAL SIGNATURE ACT 1997
- ARRANGEMENT OF SECTIONS
- PART I PRELIMINARY
- PART II THE COMMISSION AND THE LICENSING OF CERTIFICATION AUTHORITIES
- PART III REQUIREMENTS OF LICENSED CERTIFICATION AUTHORITIES
- PART IV DUTIES OF LICENSED CERTIFICATION AUTHORITIES AND SUBSCRIBERS
- CHAPTER 1 GENERAL REQUIREMENTS FOR LICENSED CERTIFICATION AUTHORITIES
- CHAPTER 2 WARRANTIES AND OBLIGATIONS OF LICENSED CERTIFICATION AUTHORITIES
- CHAPTER 3 REPRESENTATIONS AND DUTIES UPON ACCEPTANCE OF CERTIFICATE
- CHAPTER 4 CONTROL OF PRIVATE KEY
- CHAPTER 5 SUSPENSION OF CERTIFICATE
- CHAPTER 6 REVOCATION OF CERTIFICATE
- CHAPTER 8 RECOMMENDED RELIANCE LIMITS AND LIABILITY
- PART V EFFECT OF DIGITAL SIGNATURE
- PART VI REPOSITORIES AND DATE/TIME STAMP SERVICES
- PART VII GENERAL
- DIGITAL SIGNATURE ACT 1997
- PART I PRELIMINARY
- PART II THE COMMISSION AND THE LICENSING OFCERTIFICATION AUTHORITIES
- Appointment of Commission
- Certification authorities to be licensed
- Qualifications of certification authorities
- Functions of licensed certification authorities
- Application for licence
- Grant or refusal of licence
- Revocation of licence
- Appeal
- Surrender of licence
- Effect of revocation, surrender or expiry of licence
- Effect of lack of licence
- Return of licence
- Restricted licence
- Restriction on use of expression “certification authority”
- Renewal of licence
- Lost licence
- Recognition of other licences
- Performance audit
- Exemption from performance audit
- PART III REQUIREMENTS OF LICENSED CERTIFICATION AUTHORITIES
- PART IV DUTIES OF LICENSED CERTIFICATION AUTHORITIESAND SUBSCRIBERS
- CHAPTER 1 General requirements for licensed certification authorities
- Use of trustworthy systems
- Disclosures on inquiry
- Prerequisites to issuance of certificate to subscriber
- Publication of issued and accepted certificate
- Adoption of more rigorous requirements permitted
- Suspension or revocation of certificate for faulty issuance
- Suspension or revocation of certificate by order
- CHAPTER 2 Warranties and obligations of licensed certification authorities
- CHAPTER 3 Representations and duties upon acceptance of certificate
- CHAPTER 4 Control of private key
- CHAPTER 5 Suspension of certificate
- Suspension of certificate by issuing licensed certification authority
- Suspension of certificate by Commission or court
- Notice of suspension
- Termination of suspension initiated by request
- Alternate contractual procedures
- Prohibition against false or unauthorized request for suspension of certificate
- Effect of suspension of certificate
- CHAPTER 6 Revocation of certificate
- CHAPTER 7 Expiration of certificate
- CHAPTER 8 Recommended reliance limits and liability
- PART V EFFECT OF DIGITAL SIGNATURE
- PART VI REPOSITORIES AND DATE/TIME STAMP SERVICES
- PART VII GENERAL
- Prohibition against dangerous activities
- Obligation of secrecy
- False information
- Offences by body corporate
- Authorized officer
- Enforcement by police officers
- Power to investigate
- Search by warrant
- Search and seizure without warrant
- Access to computerized data
- List of things seized
- Obstruction of authorized officer
- Additional powers
- General penalty
- Recovery of procedural costs
- No costs or damages arising from seizure to be recoverable
- Institution and conduct of prosecution
- Jurisdiction to try offences
- Protection of Commission and officers
- Power to exempt
- Limitation on disclaiming or limiting application of Act
- Regulations
- Savings and transitional
- LIST OF AMENDMENTS
- LIST OF SECTIONS AMENDED
LAWS OF MALAYSIA
REPRINT
Act 562
DIGITAL SIGNATURE ACT 1997
Incorporating all amendments up to 1 January 2006
PUBLISHED BY
THE COMMISSIONER OF LAW REVISION, MALAYSIA
UNDER THE AUTHORITY OF THE REVISION OF LAWS ACT 1968
IN COLLABORATION WITH
PERCETAKAN NASIONAL MALAYSIA BHD
2006
DIGITAL SIGNATURE ACT 1997
Date of Royal Assent … ... ... ... ... 18 June 1997 Date of publication in the Gazette ... ... ... 30 June 1997
PREVIOUS REPRINT First Reprint ... ... ... ... ... 2002
LAWS OF MALAYSIA
Act 562
DIGITAL SIGNATURE ACT 1997
ARRANGEMENT OF SECTIONS
PART I
PRELIMINARY
Section - Short title and commencement
- Interpretation
PART II
THE COMMISSION AND THE LICENSING OF CERTIFICATION AUTHORITIES - Appointment of Commission
- Certification authorities to be licensed
- Qualifications of certification authorities
- Functions of licensed certification authorities
- Application for licence
- Grant or refusal of licence
- Revocation of licence
- Appeal
- Surrender of licence
- Effect of revocation, surrender or expiry of licence
- Effect of lack of licence
- Return of licence
- Restricted licence
- Restriction on use of expression “certification authority”
Section - Renewal of licence
- Lost licence
- Recognition of other licences
- Performance audit
- Exemption from performance audit
PART III
REQUIREMENTS OF LICENSED CERTIFICATION
AUTHORITIES
- Activities of licensed certification authorities
- Requirement to display licence
- Requirement to submit information and particulars relating to business operations
- Notification of change of information
- Requirements as to advertisement
PART IV
DUTIES OF LICENSED CERTIFICATION AUTHORITIES
AND SUBSCRIBERS
CHAPTER 1
GENERAL REQUIREMENTS FOR LICENSED
CERTIFICATION AUTHORITIES
- Use of trustworthy systems
- Disclosures on inquiry
- Prerequisites to issuance of certificate to subscriber
- Publication of issued and accepted certificate
- Adoption of more rigorous requirements permitted
- Suspension or revocation of certificate for faulty issuance
- Suspension or revocation of certificate by order
CHAPTER 2
WARRANTIES AND OBLIGATIONS OF LICENSED
CERTIFICATION AUTHORITIES
Section - Warranties to subscriber
- Continuing obligations to subscriber
- Representations upon issuance
- Representations upon publication
CHAPTER 3
REPRESENTATIONS AND DUTIES UPON ACCEPTANCE
OF CERTIFICATE
- Implied representations by subscriber
- Representations by agent of subscriber
- Disclaimer or indemnity limited
- Indemnification of licensed certification authority by subscriber
- Certification of accuracy of information given
CHAPTER 4
CONTROL OF PRIVATE KEY - Duty of subscriber to keep private key secure
- Property in private key
- Licensed certification authority to be fiduciary if holding subscriber’s private key
CHAPTER 5
SUSPENSION OF CERTIFICATE - Suspension of certificate by issuing licensed certification authority
- Suspension of certificate by Commission or court
- Notice of suspension
Section - Termination of suspension initiated by request
- Alternate contractual procedures
- Prohibition against false or unauthorized request for suspension of certificate
- Effect of suspension of certificate
CHAPTER 6
REVOCATION OF CERTIFICATE - Revocation on request
- Revocation on subscriber’s death or dissolution
- Revocation of unreliable certificates
- Notice of revocation
- Effect of revocation request on subscriber
- Effect of notification on licensed certification authority
CHAPTER 7
EXPIRATION OF CERTIFICATE
59. Expiration of certificate
CHAPTER 8
RECOMMENDED RELIANCE LIMITS AND LIABILITY - Recommended reliance limit
- Liability limits for licensed certification authorities
PART V
EFFECT OF DIGITAL SIGNATURE - Satisfaction of signature requirements
- Unreliable digital signatures
- Digitally signed message deemed to be written document
- Digitally signed message deemed to be original document
- Authentication of digital signatures
- Presumptions in adjudicating disputes
PART VI
REPOSITORIES AND DATE/TIME STAMP SERVICES
Section - Recognition of repositories
- Liability of repositories
- Recognition of date/time stamp services
PART VII
GENERAL - Prohibition against dangerous activities
- Obligation of secrecy
- False information
- Offences by body corporate
- Authorized officer
75A. Enforcement by police officers
- Power to investigate
- Search by warrant
- Search and seizure without warrant
- Access to computerized data
- List of things seized
- Obstruction of authorized officer
- Additional powers
- General penalty
- Recovery of procedural costs
- No costs or damages arising from seizure to be recoverable
- Institution and conduct of prosecution
- Jurisdiction to try offences
- Protection of Commission and officers
- Power to exempt
- Limitation on disclaiming or limiting application of Act
- Regulations
- Savings and transitional
LAWS OF MALAYSIA
Act 562
DIGITAL SIGNATURE ACT 1997
An Act to make provision for, and to regulate the use of, digital signatures and to provide for matters connected therewith.
[1 October 1998, P.U. (B) 397/1998]
BE IT ENACTED by the Seri Paduka Baginda Yang di-Pertuan Agong with the advice and consent of the Dewan Negara and Dewan Rakyat in Parliament assembled, and by the authority of the same, as follows:
PART I
PRELIMINARY
Short title and commencement
1. This Act may be cited as the Digital Signature Act 1997 and shall come into force on a date to be appointed by the Minister by notification in the Gazette, and the Minister may appoint different dates for different provisions of this Act.
Interpretation
2. (1) In this Act, unless the context otherwise requires—
“accept a certificate” means— - (a)
- to manifest approval of a certificate, while knowing or having notice of its contents; or
- (b)
- to apply to a licensed certification authority for a certificate, without revoking the application by delivering notice of the revocation to the licensed certification authority, and obtaining a signed, written receipt from the licensed certification authority, if the licensed certification authority subsequently issues a certificate based on the application;
“asymmetric cryptosystem” means an algorithm or series of algorithms which provide a secure key pair;
“authorized officer” means an officer authorized under section 75;
“certificate” means a computer-based record which— - (a)
- identifies the certification authority issuing it;
- (b)
- names or identifies its subscriber;
- (c)
- contains the subscriber’s public key; and
- (d)
- is digitally signed by the certification authority issuing it;
“certification authority” means a person who issues a certificate;
“certification authority disclosure record” means an on-line and publicly accessible record which concerns a licensed certification authority which is kept by the Commission under subsection 3(5);
“certification practice statement” means a declaration of the practices which a certification authority employs in issuing certificates generally, or employed in issuing a particular certificate;
“certify” means to declare with reference to a certificate, with ample opportunity to reflect, and with a duty to apprise oneself of all material facts;
*“Commission” means the Malaysian Communications and Multimedia Commission established under the Malaysian Communications and Multimedia Commission Act 1998 [Act 589];
“confirm” means to ascertain through diligent inquiry and investigation;
“correspond”, with reference to keys, means to belong to the same key pair;
*NOTE—Upon the commencement of Act A1121, previous references to the Controller of Certification Authorities (“Controller”) or any officer and servant appointed by the Controller, shall be construed as references to the Commission or its authorized officer—see section 19 of Act A1121.
“digital signature” means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine— - (a)
- whether the transformation was created using the private key that corresponds to the signer’s public key; and
- (b)
- whether the message has been altered since the transformation was made;
“forge a digital signature” means— - (a)
- to create a digital signature without the authorization of the rightful holder of the private key; or
- (b)
- to create a digital signature verifiable by a certificate listing as subscriber a person who either does not exist or does not hold the private key corresponding to the public key listed in the certificate;
“hold a private key” means to be able to utilize a private key;
“incorporate by reference” means to make one message a part of another message by identifying the message to be incorporated and expressing the intention that it be incorporated;
“issue a certificate” means the act of a certification authority in creating a certificate and notifying the subscriber listed in the certificate of the contents of the certificate;
“key pair” means a private key and its corresponding public key in an asymmetric cryptosystem, where the public key can verify a digital signature that the private key creates;
“licensed certification authority” means a certification authority to whom a licence has been issued by the Commission and whose licence is in effect;
“message” means a digital representation of information;
“notify” means to communicate a fact to another person in a manner reasonably likely under the circumstances to impart knowledge of the information to the other person;
“person” means a natural person or a body of persons, corporate or unincorporate, capable of signing a document, either legally or as a matter of fact;
“prescribed” means prescribed by or under this Act or any regulations made under this Act;
“private key” means the key of a key pair used to create a digital signature;
“public key” means the key of a key pair used to verify a digital signature;
“publish” means to record or file in a repository;
“qualified certification authority” means a certification authority that satisfies the requirements under section 5;
“recipient” means a person who receives or has a digital signature and is in a position to rely on it;
“recognized date/time stamp service” means a date/time stamp service recognized by the Commission under section 70;
“recognized repository” means a repository recognized by the Commission under section 68;
“recommended reliance limit” means the monetary amount recommended for reliance on a certificate under section 60;
“repository” means a system for storing and retrieving certificates and other information relevant to digital signatures;
“revoke a certificate” means to make a certificate ineffective permanently from a specified time forward;
“rightfully hold a private key” means to be able to utilize a private key— - (a)
- which the holder or the holder’s agents have not disclosed to any person in contravention of this Act; and
- (b)
- which the holder has not obtained through theft, deceit, eavesdropping or other unlawful means;
“subscriber” means a person who— - (a)
- is the subject listed in a certificate;
- (b)
- accepts the certificate; and
- (c)
- holds a private key which corresponds to a public key listed in that certificate;
“suspend a certificate” means to make a certificate ineffective temporarily for a specified time forward;
“this Act” includes any regulations made under this Act;
Act 562
Incorporating all amendments up to 1 January 2006
PUBLISHED BY 2006
Date of Royal Assent … ... ... ... ... 18 June 1997 Date of publication in the Gazette ... ... ... 30 June 1997
PREVIOUS REPRINT First Reprint ... ... ... ... ... 2002
LAWS OF MALAYSIA
Act 562
DIGITAL SIGNATURE ACT 1997
ARRANGEMENT OF SECTIONS
PART I
PRELIMINARY
Section PART II
THE COMMISSION AND THE LICENSING OF CERTIFICATION AUTHORITIES Section PART III
REQUIREMENTS OF LICENSED CERTIFICATION PART IV DUTIES OF LICENSED CERTIFICATION AUTHORITIES CHAPTER 1
GENERAL REQUIREMENTS FOR LICENSED CHAPTER 2
WARRANTIES AND OBLIGATIONS OF LICENSED Section CHAPTER 3
REPRESENTATIONS AND DUTIES UPON ACCEPTANCE CHAPTER 4
CONTROL OF PRIVATE KEY CHAPTER 5
SUSPENSION OF CERTIFICATE Section CHAPTER 6
REVOCATION OF CERTIFICATE CHAPTER 7
EXPIRATION OF CERTIFICATE
59. Expiration of certificate
CHAPTER 8
RECOMMENDED RELIANCE LIMITS AND LIABILITY PART V
EFFECT OF DIGITAL SIGNATURE PART VI
REPOSITORIES AND DATE/TIME STAMP SERVICES
Section PART VII
GENERAL LAWS OF MALAYSIA
Act 562
DIGITAL SIGNATURE ACT 1997
An Act to make provision for, and to regulate the use of, digital signatures and to provide for matters connected therewith.
[1 October 1998, P.U. (B) 397/1998]
BE IT ENACTED by the Seri Paduka Baginda Yang di-Pertuan Agong with the advice and consent of the Dewan Negara and Dewan Rakyat in Parliament assembled, and by the authority of the same, as follows:
PART I
PRELIMINARY
1. This Act may be cited as the Digital Signature Act 1997 and shall come into force on a date to be appointed by the Minister by notification in the Gazette, and the Minister may appoint different dates for different provisions of this Act.
2. (1) In this Act, unless the context otherwise requires—
“accept a certificate” means— “asymmetric cryptosystem” means an algorithm or series of algorithms which provide a secure key pair;
“authorized officer” means an officer authorized under section 75;
“certificate” means a computer-based record which— “certification authority” means a person who issues a certificate;
“certification authority disclosure record” means an on-line and publicly accessible record which concerns a licensed certification authority which is kept by the Commission under subsection 3(5);
“certification practice statement” means a declaration of the practices which a certification authority employs in issuing certificates generally, or employed in issuing a particular certificate;
“certify” means to declare with reference to a certificate, with ample opportunity to reflect, and with a duty to apprise oneself of all material facts;
*“Commission” means the Malaysian Communications and Multimedia Commission established under the Malaysian Communications and Multimedia Commission Act 1998 [Act 589];
“confirm” means to ascertain through diligent inquiry and investigation;
“correspond”, with reference to keys, means to belong to the same key pair;
*NOTE—Upon the commencement of Act A1121, previous references to the Controller of Certification Authorities (“Controller”) or any officer and servant appointed by the Controller, shall be construed as references to the Commission or its authorized officer—see section 19 of Act A1121.
“digital signature” means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine— “forge a digital signature” means— “hold a private key” means to be able to utilize a private key;
“incorporate by reference” means to make one message a part of another message by identifying the message to be incorporated and expressing the intention that it be incorporated;
“issue a certificate” means the act of a certification authority in creating a certificate and notifying the subscriber listed in the certificate of the contents of the certificate;
“key pair” means a private key and its corresponding public key in an asymmetric cryptosystem, where the public key can verify a digital signature that the private key creates;
“licensed certification authority” means a certification authority to whom a licence has been issued by the Commission and whose licence is in effect;
“message” means a digital representation of information;
“notify” means to communicate a fact to another person in a manner reasonably likely under the circumstances to impart knowledge of the information to the other person;
“person” means a natural person or a body of persons, corporate or unincorporate, capable of signing a document, either legally or as a matter of fact;
“prescribed” means prescribed by or under this Act or any regulations made under this Act;
“private key” means the key of a key pair used to create a digital signature;
“public key” means the key of a key pair used to verify a digital signature;
“publish” means to record or file in a repository;
“qualified certification authority” means a certification authority that satisfies the requirements under section 5;
“recipient” means a person who receives or has a digital signature and is in a position to rely on it;
“recognized date/time stamp service” means a date/time stamp service recognized by the Commission under section 70;
“recognized repository” means a repository recognized by the Commission under section 68;
“recommended reliance limit” means the monetary amount recommended for reliance on a certificate under section 60;
“repository” means a system for storing and retrieving certificates and other information relevant to digital signatures;
“revoke a certificate” means to make a certificate ineffective permanently from a specified time forward;
“rightfully hold a private key” means to be able to utilize a private key— “subscriber” means a person who— “suspend a certificate” means to make a certificate ineffective temporarily for a specified time forward;
“this Act” includes any regulations made under this Act;
DIGITAL SIGNATURE ACT 1997
THE COMMISSIONER OF LAW REVISION, MALAYSIA
UNDER THE AUTHORITY OF THE REVISION OF LAWS ACT 1968
IN COLLABORATION WITH
PERCETAKAN NASIONAL MALAYSIA BHD
DIGITAL SIGNATURE ACT 1997
AUTHORITIES
AND SUBSCRIBERS
CERTIFICATION AUTHORITIES
CERTIFICATION AUTHORITIES
OF CERTIFICATE
75A. Enforcement by police officers
Short title and commencement
Interpretation