(1) In this Act, unless the context otherwise requires —
"accept a certificate " means —
(a) to manifest approval of a certificate, while knowing or having notice of its contents; or
(b) to apply to a licensed certification authority for a certificate, without revoking the application by delivering notice of the revocation to the licensed certification authority, and obtaining a signed, written receipt from the licensed certification authority, if the licensed certification authority subsequently issue a certificate based on the application;
"asymmetric cryptosystem " means an algorithm or series of algorithms which provide a secure key pair;
"authorised officer " means an officer authorised under section 75;
"certificate " means a computer-based record which —
(a) identifies the certification authority issuing it;
(b) names or identifies its subscriber;
(c) contains the subscriber 's public key; and
(d) is digitally signed by the certification authority issuing it;
"certification authority " means a person who issues a certificate;
"certification authority disclosure record " means an on-line and publicly accessible record which concerns a licensed certification authority which is kept by the Commission under subsection 3 (5);
"certification practice statement " means a declaration of the practices which a certification authority employs in issuing certificates generally, or employed in issuing a particular certificate;
"certify " means to declare with reference to a certificate, with ample opportunity to reflect, and with a duty to apprise oneself of all material facts;
"Commission " means the Malaysian Communications and Multimedia Commission established under the Malaysian Communications and Multimedia Commission Act 1998 [Act 589 ];
"confirm " means to ascertain through diligent inquiry and investigation; "correspond ", with reference to keys, means to belong to the same key pair;
"digital signature " means a transformation of a message using an asymmetric cryptosystem such that a person having the initial
message and the signer 's public key can accurately determine —
(a) whether the transformation was created using the private key that corresponds to the signer 's public key; and
(b) whether the message has been altered since the transformation was made;
"forge a digital signature " means —
(a) to create a digital signature without the authorisation of the rightful holder of the private key; or
(b) to create a digital signature verifiable by a certificate listing as subscriber a person who either does not exist or does not hold the private key corresponding to the public key listed in the certificate;
"hold a private key " means to be able to utilise a private key;
"incorporate by reference " means to make one message a part of another message by identifying the message to be incorporated and expressing the intention that it be incorporated;
"issue a certificate " means the act of a certification authority in creating a certificate and notifying the subscriber listed in the
certificate of the contents of the certificate;
"key pair " means a private key and its corresponding public key in an asymmetric cryptosystem, where the public key can verify
a digital signature that the private key creates;
"licensed certification authority " means a certification authority to whom a licence has been issued by the Commission and whose licence is in effect;
"message " means a digital representation of information;
"notify " means to communicate a fact to another person in a manner reasonably likely under the circumstances to impart
knowledge of the information to the other person;
"person " means a natural person or a body of persons, corporate or unincorporate, capable of signing a document, either legally or as a matter of fact;
"prescribed " means prescribed by or under this Act or any regulations made under this Act;
"private key " means the key of a key pair used to create a digital signature;
"public key " means the key of a key pair used to verify a digital signature;
"publish " means to record or file in a repository;
"qualified certification authority " means a certification authority that satisfies the requirements under section 5;
"recipient " means a person who receives or has a digital signature and is in a position to rely on it;
"recognised date/time stamp service " means a date//time stamp service recognised by the Commission under section 70;
"recognised repository " means a repository recognised by the Commission under section 68;
"recommended reliance limit " means the monetary amount recommended for reliance on a certificate under section 60;
"repository " means a system for storing and retrieving certificates and other information relevant to digital signatures;
"revoke a certificate " means to make a certificate ineffective permanently from a specified time forward;
"rightfully hold a private key " means to be able to utilise a private key —
(a) which the holder or the holder 's agents have not disclosed to any person in contravention of this Act; and
(b) which the holder has not obtained through theft, deceit , eavesdropping or other unlawful means;
"subscriber " means a person who —
(a) is the subject listed in a certificate;
(b) accepts the certificate; and
(c) holds a private key which corresponds to a public key listed in that certificate;
"suspend a certificate " means to make a certificate ineffective temporarily for a specified time forward;
"this Act " includes any regulations made under this Act;
"time-stamp " means —
(a) to append or attach to a message, digital signature or certificate a digitally signed notation indicating at least the date, time and identity of the person appending or attaching the notation; or
(b) the notation so appended or attached;
"transactional certificate " means a certificate, incorporating by reference one or more digital signatures, issued and valid for a
specific transaction;
"trustworthy system " means computer hardware and software which —
(a) are reasonably secure from intrusion and misuse;
(b) provide a reasonable level of availability, reliability and correct operation; and
(c)are reasonably suited to performing their intended functions;
"valid certificate " means a certificate which —
(a) a licensed certification authority has issued;
(b) has been accepted by the subscriber listed in it;
(c) has not been revoked or suspended; and
(d) has not expired:
Provided that a transactional certificate is a valid certificate only in relation to the digital signature incorporated in it by reference;
"verify a digital signature " means, in relation to a given digital signature, message and public key, to determine accurately that —
(a) the digital signature was created by the private key corresponding to the public key;and
(b) the message has not been altered since its digital signature was created;
"writing " or "written " includes any handwriting, typewriting, printing, electronic storage or transmission, or any other method
of recording information or fixing information in a form capable of being preserved.
(2) For the purposes of this Act, a certificate shall be revoked by making a notation to that effect on the certificate or by including
the certificate in a set of revoked certificates.
(3) The revocation of a certificate does not mean that it is destroyed or made illegible.