Hyperdictionary of Electronic Commerce Law
© 1999 Michael I. Shamos. All rights reserved
This hyperdictionary is intended as a ready reference for attorneys practicing in the area of electronic commerce law. Every effort is made to keep it up-to-date. Theauthor is an attorney and Co-Director of the Electronic Commerce degree program at Carnegie Mellon University. For explanations of abbreviations used in the glossary, see abbreviations. . For information about proper legal use of this glossary, see the legal notice below. You may direct comments, corrections and feedback to email@example.com.
Abbreviations- The following abbreviations are used liberally in this dictionary:
acceptable technology- A technology that meets certain statutory and regulatory requirements and therefore may be used to perform acts having enforceable legal effect. See, e.g., CDSR 22003.
acceptance- With respect to a certificate, "(a) to manifest approval of a certificate, while knowing or having notice of its contents; or (b) to apply to a licensed certification authority for a certificate, without canceling or revoking the application, if the certification authority subsequently issues a certificate based on the application." Utah Code 46-3-103(1).
access contract - A "a contract to obtain by electronic means access to, or information from, an information processing system of another person, or the equivalent of such access." UCITA 102(a)(1).
access material - "Any information or material, such as a document, address, or access code, that is necessary to obtain authorized access to information or control or possession of a copy." UCITA 102(a)(2).
Accredited Standards Commitee - Abbreviated ASC.
acknowledge - .
acquirer - .
addressee - "[A] person who is intended by the originator to receive [a] data message, but does not include a person acting as an intermediary with respect to that data message." UNML Art. 2(d).
admissibility - .
adult access code- A "
adult personal identification number- A "
aggrieved party - A "party entitled to a remedy for breach of contract." UCITA 102(a)(3).
agreement - The "bargain of the parties in fact as found in their language or by implication from other circumstances, including course of performance, course of dealing, and usage of trade as provided in this [UCITA]." UCITA 102(a)(4).
algorithm identifier - .
Ancillary service- A person offering or performing a service, other than issuance of certificates, in support of digital signatures and other related areas of electronic commerce, or (2) the service performed by such person. DSG 1.2. Among ancillary services are archival, commercial key escrow, confirmation, directory, financial assurance, key pair generation, message corroboration, private key trust, technical due diligence, and time stamping.
Approved List of Certificate Authorities- A list of certification authorities approved by the appropriate governmental entity to issue certificates for digital signature transactions. See, e.g., CDSR 22003.
archival listing- Entries in a public register listing certificates that are no longer valid.
archival service- The ancillary service of keeping "records for a certification authority, repository, or another person involved in electronic commerce." DSG 1.2.3.
ASC - See Accredited Standards Commitee.
(i) one key signs a given message;
(ii) one key verifies a given message; and,
(iii) the keys have the property that, knowing one key, it is computationally infeasible to discover the other key." CDSR 22003.a.1.C.
attribute authority - .
attribute certificate - .
attribution procedure - A "procedure to verify that an electronic authentication, display, message, record, or performance is that of a particular person or to detect changes or errors in information. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment." UCITA 102(a)(5).
authenticate - To "sign; or with the intent to sign a record, otherwise to execute or adopt an electronic symbol, sound, message, or process referring to, attached to, included in, or logically associated or linked with, that record." UCITA 102(a)(6).
authentication- A "process used to ascertain the identity of a person or the integrity of specific information. For a message, authentication involves ascertaining its source and that it has not been modified or replaced in transit." DSG 1.4.
authority key identifier - .
authorizing certificate- A "
automated transaction - A "transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction." UETA 2(2). A "transaction in which a contract is formed in whole or part by electronic actions of one or both parties which are not previously reviewed by an individual in the ordinary course." UCITA 102(a)(7).
best evidence rule - .
bit tax- Any "tax on electronic commerce expressly imposed on or measured by the volume of digital information transmitted electronically, or the volume of digital information per unit of time transmitted electronically, but does not include taxes imposed on the provision of telecommunications services." ITFA 1104(1).
brand certification authority -.
by means of the World Wide Web- "[B]y placement of material in a computer server-based file archive so that it is publicly accessible, over the Internet, using hypertext transfer protocol, file transfer protocol, or other similar protocols." ITFA 1101(e)(3)(A).
cancellation - The "the ending of a contract by a party because of breach of contract by another party." UCITA 102(a)(8).
certificate- Generally, a digital mechanism for proving the genuineness of a document or signature. Under the CDSR, "a computer-based record which:
(i) identifies the certification authority issuing it;
(ii) names or identifies its subscriber;
(iii) contains the subscriber's public key; and
(iv) is digitally signed by the certification authority issuing or amending it, and
(v) conforms to widely-used industry standards, including, but not limited to ISO x.509 and PGP certificate standards." CDSR 23000.a.1.D. See also revoke.
certificate chain- A "
certificate serial number -.
certificate suspension -.
certificate update -.
certification authority- A "person or entity that issues a certificate, or in the case of certain certification processes, certifies amendments to an existing certificate." CDSR 22003.a.1.E. See also operative personnel, practice statement. A certification authority may be required to file a bond, maintain an office in a particular state, pay a fee, submit reports of audits and maintain a website for public keys. See, e.g. Fl. Rule 1-10.001.
Certification authority certificate- A "certificate which lists a certification authority as subscriber and contains a public key corresponding to a private key used to digitally sign another certificate." DSG 1.7.
certification authority disclosure record- An on-line, publicly accessible record concerning a licensed certification authority, kept by a governmental entity. See, e.g. Utah Code 46-3-103(5).
certification practice statement- A "declaration of the practices that a certification authority employs in issuing certificates generally, including procedures for reporting compromised keys, support services, and error resolution procedures." Fl. Rule 1-10.001. See also practice statement. Certification Authority of material facts concerning a certificate. Utah Code 46-3-103(7).
chain of custody -.
CISG - See Convention on Contracts for the Sale of Goods.
Class 1 certificate- A "
Class 2 certificate- A "
Class 3 certificate- A "
Class 4 certificate- A "
closed community -.
commercial key escrow service- The ancillary service of holding "the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber?s private key for the benefit of subscriber, an employer, or other party, upon provisions set forth in the agreement." DSG 1.2.3.
Communications Decency Act of 1996 -.
computer - An "electronic device that accepts information in digital or similar form and manipulates it for a result based on a sequence of instructions." UCITA 102(a)(9).
Computer Fraud and Abuse Act -.
computer information - "[I]nformation in electronic form which is obtained from or through the use of a computer or which is in a form capable of being processed by a computer. The term includes a copy of the information and any documentation or packaging associated with the copy." UCITA 102(a)(10).
computer information transaction- An "agreement or the performance of it to create, modify, transfer, or license computer information or informational rights in computer information. The term includes a support contract under Section 612. The term does not include a transaction merely because the parties agreement provides that their communications about the transaction will be in the form of computer information." UCITA 102(a)(11).
confirm - "To ascertain through appropriate inquiry and investigation." DSG 1.9.
confirmation service- The ancillary service of "aiding a certification authority in performing its duty to confirm certain information." DSG 1.2.3.
consequential damages -.
- "[S]o written, displayed, or presented that a reasonable person against which it is
to operate ought to have noticed it. A term in an electronic
record intended to evoke a response by an electronic agent is conspicuous if it is
presented in a form that would enable a reasonably configured electronic agent to take it
into account or react to it without review of the record by an individual. Conspicuous
terms include the following:
consumer - An "individual who is a licensee of information or informational rights that the individual at the time of contracting intended to be used primarily for personal, family, or household purposes. The term does not include an individual who is a licensee primarily for professional or commercial purposes, including agriculture, business management, and investment management other than management of the individuals personal or family investments." UCITA 102(a)(15).
content provider -.
contractual use term - An "enforceable term that defines or limits the use, disclosure of, or access to licensed information or informational rights, including a term that defines the scope of a license." UCITA 102(a)(19).
Convention on Contracts for the Sale of Goods - A United Nations convention. Abbreviated CISG.
copy - The "medium on which information is fixed on a temporary or permanent basis and from which it can be perceived, reproduced, used, or communicated, either directly or with the aid of a machine or device." UCITA 102(a)(20).
correspond- "[W]ith reference to keys, means to belong to the same key pair." Utah Code 46-3-103(9).
cryptosystem- A " notaire, and is focused primarily on practice in international, computer-based transactions." DSG 1.6.3.
data message - "[I]nformation generated, sent, received or stored by electronic, optical or similar means including, but not limited to, electronic data interchange (EDI), electronic mail, telegram, telex, or telecopy." UNML Art. 2(a).
decryption- A "
delegation certificate -.
digital signature- An "electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature." Cal. Govt Code §16.5(d). A "transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine whether: (a) the transformation was created using the private key that corresponds to the signer's public key; and (b) the message has been altered since the transformation was made." Utah Code 46-3-103(10). The following California provisions are typical: "The use of a digital signature shall have the same force and effect as the use of a manual signature if and only if it embodies all of the following attributes: (1) It is unique to the person using it. (2) It is capable of verification. (3) It is under the sole control of the person using it. (4) It is linked to data in such a manner that if the data are changed, the digital signature is invalidated. (5) It conforms to regulations adopted by the Secretary of State." Cal. Govt Code §16.5(a).
In general, electronic commerce
statutes provide that digital signatures are acceptable in place of handwritten signatures
if the digital signature is properly certified. The Utah statute is typical: "(1)
Where a rule of law requires a signature, or provides for certain consequences in the
absence of a signature, that rule is satisfied by a digital signature if:
digitally signed communication- A "message that has been processed by a computer in such a manner that ties the message to the individual that signed the message." CDSR 20000.a.1. ancillary service of locating and furnishing "certificates and other information about persons, such as distinguished names, on-line addresses and identifying or descriptive information." DSG 1.2.3.
discriminatory tax- Within the context of the ITFA, a tax on electronic commerce or Internet access not imposed and enforced before October 1, 1998 that attempts to exact a tax on transactions merely because they are being conducted electronically or via the Internet. ITFA 1104(2). document - UCC Art 7.
DSS - = Digital Signature Standard.
ECMA - See European Computer Manufacturers Association.
EFF - See Electronic Frontier Foundation.
EFTA - See Electronic Funds Transfer Act.electronic - "Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities." UETA 2(5).
electronic agent - A "computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual." UETA 2(6). "A contract may be formed by the interaction of electronic agents of the parties, even if no individual was aware of or reviewed the electronic agents' actions or the resulting terms and agreements." UETA 14(1).
electronic commerce - Any "transaction conducted over the Internet or through Internet access, comprising the sale, lease, license, offer, or delivery of property, goods, services, or information, whether or not for consideration, and includes the provision of Internet access." ITFA 1104(3).
Electronic Communications Privacy Act - .
- Within Section 214 of the UCITA, "an error in an electronic
message created by a consumer using an information processing
system if a reasonable method to detect and correct or avoid the error was not
214. "In an automated transaction, a consumer is not bound by an electronic
message that the consumer did not intend and which was caused by an electronic error, if
Electronic Frontier Foundation - Abbreviated EFF.
Electronic Funds Transfer Act - Abbreviated EFTA.
electronic message - A "record or display that is stored, generated, or transmitted by electronic means for the purpose of communication to another person or electronic agent." UCITA 102(a)(28). "Receipt of an electronic message is effective when received even if no individual is aware of its receipt." UCITA 215.IEWSA 103(9). See also transferable record.
electronic self-help - The "use of electronic means to exercise a licensors rights under Section 815(b)." UCITA 816.
electronic signature- Any "letters, characters, numbers, or other symbols in digital form attached to or logically associated with an electronic record including a digital signature, executed or adopted by a party with present intention to authenticate the electronic record." IEWSA 103(10). The UETA definition is slightly different: "an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." UETA 2(8). The notion of an electronic signature is thus more expansive than that of a digital signature and includes such items "as digitized images of paper-based signatures, typed notations such as "s/James Jones", and perhaps addressing information such as the "From" headers in electronic mail." DSG 1.11.
enable use - Within Section 602 of UCITA, "to grant a contractual right or permission with respect to information or informational rights and to complete the acts, if any, required under the agreement to make the information available to the licensee." UCITA 602.
encryption- "When a certificate expires, the subscriber and certification authority cease to certify the information in the certificate as provided in this chapter and the certification authority is discharged of its duties based on issuance of that certificate.". Utah Code 46-3-308.
end user - Within Section 613 of the UCITA, a "licensee that acquires a copy of the information from a dealer by delivery on a tangible medium for the licensees own use and not for sale, license, transmission to third persons, or public display or performance for a fee." UCITA 613.
European Computer Manufacturers Association - Abbreviated ECMA.
European Model EDI Agreement - .
xxpiration- A "
Federal Reserve System - .
financial accommodation contract - An "agreement under which a person extends a financial accommodation to a licensee and which does not create a security interest governed by [Article 9 of the Uniform Commercial Code]. The agreement may be in any form, including a license or lease." UCITA 102(a)(29).
financial assurance service- The ancillary service of aiding a certification authority in fulfilling its financial responsibilities, such as "a surety issuing a bond, a bank issuing a standby letter of credit, or a liability insurance carrier." DSG 1.2.3.
transaction - An "agreement that provides for, or a transaction that is,
or entails access to, use, transfer, clearance, settlement, or processing of:
financier - A "person that provides a financial accommodation to a licensee under a financial accommodation contract and either (i) becomes a licensee for the purpose of transferring or sublicensing the license to the party to which the financial accommodation is provided or (ii) obtains a contractual right under the financial accommodation contract to preclude the licensees use of the information or informational rights under a license in the event of breach of the financial accommodation contract. The term does not include a person that selects, creates, or supplies the information that is the subject of the license, owns the informational rights in the information, or provides support for, modifications to, or maintenance of the information." UCITA 102(a)(31).
forge- With respect to a digital signature, "(a) to create a digital signature without the authorization of the rightful holder of the private key; or
(b) to create a digital signature verifiable by a certificate listing as subscriber a person who either:
(i) does not exist; or
(ii) does not hold the private key corresponding to the public key listed in the certificate." Utah Code 46-3-103(12).
"[T]he recipient of a digital signature assumes the risk that a digital signature is forged, if reliance on the digital signature is not reasonable under the circumstances." Utah Code 46-3-402.
generally imposed and actually enforced- With respect to a tax, that "the tax was authorized by statute and either--
goods - "[A]ll things that are movable at the time relevant to the computer information transaction. The term includes the unborn young of animals, growing crops, and other identified things to be severed from realty which are covered by [Section 2-107 of the Uniform Commercial Code]. The term does not include computer information, money, the subject matter of foreign exchange transactions, documents, letters of credit, letter-of-credit rights, instruments, investment property, accounts, chattel paper, deposit accounts, or general intangibles." UCITA 102(a)(33).
handwriting measurements - The "metrics of the shapes, speeds and/or other distinguishing features of a signature as the person writes it by hand with a pen or stylus on a flat surface." CDSR 23000.b.1.A.
hash function- An "algorithm mapping or translating one sequence of bits into another, generally smaller, set (the hash result) such that --
(a) a record yields the same hash result every time the algorithm is executed using the same record as input,
(b) it is computationally infeasible that a record can be derived or reconstituted from the hash result produced by the algorithm, and
(c) it is computationally infeasible that two records can be found that produce the same hash result using the algorithm." IEWSA 103(11). [Ed. note: this is more properly called a secure hash code.] IEWSA 103(12).
hold a key- A person "holds" a key if he or she is able to use it. DSG 1.14.
ICC - See International Chamber of Commerce.
identifying certificate- A "
- Incidental damages resulting from breach of contract:
incorporate by reference- With reference to digital signatures, "[t]o make one message a part of another message by (1) identifying the message to be incorporated, (2) providing information which enables the receiving party to access and obtain the incorporated message in its entirety, and expressing the intention that it be part of the incorporating message." DSG 1.15.
informational content - "[I]nformation that is intended to be communicated to or perceived by an individual in the ordinary use of the information, or the equivalent of that information." UCITA 102(a)(37).
informational rights - "[A]ll rights in information created under laws governing patents, copyrights, mask works, trade secrets, trademarks, publicity rights, or any other law that gives a person, independently of contract, a right to control or preclude another persons use of or access to the information on the basis of the rights holders interest in the information." UCITA 102(a)(38).
interchange agreement -.
interconnection agreement -.
intermediary - "[A] person who, on behalf of another person, sends, receives or stores [a] data message or provides other serves with respect to that data message." UNML Art. 2(e).
International Chamber of Commerce - Abbreviated ICC.
Internet- "[C]ollectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio." ITFA 1104(4).
Internet access- A "service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to users. Such term does not include telecommunications services." ITFA 1104(5).
Internet access provider- A "person engaged in the business of providing a computer and communications facility through which a customer may obtain access to the Internet, but does not include a common carrier to the extent that it provides only telecommunications services." ITFA 1101(f)(2)(A).
Internet access service- A "service that enables users to access content, information, electronic mail, or other services offered over the Internet and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." ITFA 1101(e)(3)(D). Cf. Internet access services.
Internet access services- The "provision of computer and communications services through which a customer using a computer and a modem or other communications device may obtain access to the Internet, but does not include telecommunications services provided by a common carrier." ITFA 1101(f)(2)(B). Cf. Internet access service.
Internet information location tool- A "a service that refers or links users to an online location on the World Wide Web. Such term includes directories, indices, references, pointers, and hypertext links." ITFA 1101(e)(3)(E).
Internet Tax Freedom Act- A Federal act which, for a period of three years from October 1, 1998, prohibits (1) taxes on Internet access, unless such tax was generally imposed and actually enforced prior to October 1, 1998; and (2) multiple or discriminatory taxes on electronic commerce. Abbreviated ITFA. There is an exception to the Moratorium "in the case of any person or entity who knowingly and with knowledge of the character of the material, in interstate or foreign commerce by means of the World Wide Web, makes any communication for commercial purposes that is available to any minor and that includes any material that is harmful to minors unless such person or entity has restricted access by minors to material that is harmful to minors." ITFA 1101(e)(1). View text of Act.
ISO- A " certification authority in creating a certificate and notifying the subscriber listed in the certificate of the contents of the certificate." DSG 1.16.
ITFA- See Internet Tax Freedom Act.
ITU- International Telecommunication Union.
key- A " private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates." CDSR 23000.a.1.F. ancillary service of creating key pairs to be used by others. DSG 1.2.3.
- A "contract that authorizes access to, or use, distribution, performance,
modification, or reproduction of, information or informational rights, but expressly limits the access or uses
authorized or expressly grants fewer than all rights in the information, whether or not
the transferee has title to a licensed copy. The term includes an access contract, a lease
of a computer program, and a consignment of a copy. The term does not include a
reservation or creation of a security interest to the extent the interest is governed by
[Article 9 of the Uniform Commercial Code]." UCITA 102(a)(40).
licensee - A "person entitled by agreement to acquire or exercise rights in, or to have access to or use of, computer information under an agreement to which this [Act] applies. A licensor is not a licensee with respect to rights reserved to it under the agreement." UCITA 102(a)(41).
licensor - A "person obligated by agreement to transfer or create rights in, or to give access to or use of, computer information or informational rights in it under an agreement to which this [Act] applies. Between the provider of access and a provider of the informational content to be accessed, the provider of content is the licensor. In an exchange of information or informational rights, each party is a licensor with respect to the information, informational rights, or access it gives." UCITA 102(a)(42).
mailbox rule -.
transaction - A "transaction that is:
material that is harmul to minors- Any "communication, picture, image, graphic image file, article, recording, writing, or other matter of any kind that is obscene or that--
(i) the average person, applying contemporary community standards, would find, taking the material as a whole and with respect to minors, is designed to appeal to, or is designed to pander to, the prurient interest;
(ii) depicts, describes, or represents, in a manner patently offensive with respect to minors, an actual or simulated sexual act or sexual contact, an actual or simulated normal or perverted sexual act, or a lewd exhibition of the genitals or post-pubescent female breast; and
(iii) taken as a whole, lacks serious literary, artistic, political, or scientific value for minors." ITFA 1101(e)(3)(F).
message- A "digital representation of information intended to serve as a written communication." CDSR 20000.a.2 adds the qualification that the communication be with a "public entity". ancillary service of preparing a hash result to fix the content of a message, and then associating a time stamp with the message and/or the hash result. Message corroboration provides assurance of message integrity and the time the message was created, but provides no authentication of the signers identity by others. DSG 1.2.3.
message digest- A record abstraction. NMR 7.13.
message integrity- The "assurance of unaltered transmission and receipt of a message from the sender to the intended recipient." DSG 1.19.
minor- Within the meaning of the ITFA, "any person under 17 years of age." ITFA 1101(e)(3)(G).
Model EDI Trading Partner Agreement -.
Model Electronic Payments Agreement -.
Moratorium- The Internet tax moratorium provided in the Internet Tax Freedom Act and running for three years from October 1, 1998. It is the sense of Congress that no new Federal taxes similar to the taxes described in section 1101(a) should be enacted with respect to the Internet and Internet access during the moratorium " ITFA 1202.
multiple tax- Any "tax that is imposed by one State or political subdivision thereof on the same or essentially the same electronic commerce that is also subject to another tax imposed by another State or political subdivision thereof (whether or not at the same rate or on the same basis), without a credit (for example, a resale exemption certificate) for taxes paid in other jurisdictions. ITFA 1104(6)(A).
National Conference of Commissioners on Uniform State Laws -.
non-exclusive license - A "license that does not preclude the licensor from transferring to other licensees the same information, informational rights, or contractual rights within the same scope. The term includes a consignment of a copy." UCITA 102(a)(47).
non-repudiation- "Strong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents." DSG 1.20. note - UCC Art. 3..
notify - "To communicate or make available information to another person as required under the circumstances." DSG 1.21.
open community -.
operational period- The period of time during which a certificate may be relied upon. "The operational period of a certificate begins on the date and time it is issued by a certification authority (or on a later date and time certain if stated in the certificate), and ends on the date and time it expires or is earlier revoked or suspended." DSG 1.22.
operative personnel- "[O]ne or more natural persons acting as a certification authority or its agent, or in the employment of or under contract with a certification authority, and who have: (a) managerial or policy-making responsibilities for the certification authority; or (b) duties directly involving the issuance of certificates, creation of private keys, or administration of a certification authority's computing facilities." Utah Code 46-3-103(20).
original- See unique original.
originator- The person who signs a document electronically.
person- "A human being or an organization (or a device under the control thereof which is capable of signing a message or verifying a digital signature)." DSG 1.23. An "individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, governmental agency, public corporation, or any other legal or commercial entity." UETA 2(12). It would seem particularly important in a computer-oriented world to define carefully what "person" means.
personal jurisdiction -.
PKI- = Public Key Infrastructure.
practice statement- "[D]ocumentation of the practices, procedures and controls employed by a Certification Authority." CDSR 23000.a.1.G.
presumptions- Electronic commerce statutes generally provide that digitally signed documents are entitled to certain evidentiary presumption when they have been prepared in accordance with statute. For example, in Utah it is presumed, inter alia, that "if a digital signature is verified by the public key listed in a valid certificate issued by a licensed certification authority: (a) that the digital signature is the digital signature of the subscriber listed in that certificate; (b) that the digital signature was affixed by the signer with the intention of signing the message; and (c) the recipient of that digital signature has no knowledge or notice that the signer: (i) breached a duty as a subscriber; or (ii) does not rightfully hold the private key used to affix the digital signature." Utah Code 46-3-406(3).
private key- A key used in a public-key cryptosystem to encrypt a message. The "key of a key pair used to create a digital signature". CDSR 23000.a.1.H. "A private key is the personal property of the subscriber who rightfully holds it." Utah Code 46-3-305(2). ancillary service of holding "the private key of a subscriber pursuant to an express trust, letters testamentary, or similar legal arrangement which is voluntarily created by the subscriber." DSG 1.2.3.
proof of identification- The "the document or documents presented to a Certification Authority to establish the identity of a subscriber." CDSR 23000.a.1.I.
public key- - A key used in a public-key cryptosystem to decrypt a message. The "key of a key pair used to verify a digital signature". CDSR 23000.a.1.J.
publish- With respect to a public key, "to record or file in a repository." Utah Code 46-3-103(24).
content - "[I]informational content prepared
for or made available to recipients generally, or to a class of recipients, in
substantially the same form. The term does not include informational content that is:
qualified right to payment- An "award of damages against a licensed certification authority by a court having jurisdiction over the certification authority in a civil action for violation of [statute]." Utah Code 46-3-103(26).
recipient- A "a person who receives or has a digital signature and is in a position to rely on it." Utah Code 46-3-103(26).
record - "[I]nformation that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form." UETA 2(13).NMR 7.13. Also known as a "message digest."
recognized repository- A repository recognized by the appropriate governmental authority for storing certificates. See, e.g., Utah Code 46-3-103(27).
recommended reliance limit- A "limitation on the monetary amount recommended for reliance on a certificate" by a Certification Authority, which has the effect of limiting the Certification Authoritys liability. Utah Code 46-3-103(28).
Regulation E -.
release - An "agreement by a party not to object to, or exercise any rights or pursue any remedies to limit, the use of information or informational rights which agreement does not require an affirmative act by the party to enable or support the other partys use of the information or informational rights. The term includes a waiver of informational rights." UCITA 102(a)(55).
relying party- A "person who has received a certificate and a digital signature verifiable with reference to a public key listed in the certificate, and is in a position to rely on them.." IEWSA 103(20).
Report of Policies and Procedures Placed in Operation- A " certificates and other information relevant to digital signatures." Utah Code 46-3-103(29). See also recognized repository.
repudiate- To deny the origin of an electronic document or the fact that an electronic document has been received.
return - With respect to a record containing contractual
terms that were rejected, the term "refers only to the computer information and
revoke a certificate- To "make a certificate ineffective permanently from a specified time forward. Revocation is effected by notation or inclusion in a set of revoked certificates, and does not imply that a revoked certificate is destroyed or made illegible. Utah Code 46-3-103(30).
rightfully hold a private key- "To be able to utilize a private key:
(a) which the holder or the holder's agents have not disclosed to any person in violation of [statute]; and
(b) which the holder has not obtained through theft, deceit, eavesdropping, or other unlawful means." Utah Code 46-3-103(31).
root certificate- A "
SAS 70 Type One audit- A "
SAS 70 Type Two audit- A "
With respect to terms of a license, the term "means:
screening software- As used in the ITFA, "software that is designed to permit a person to limit access to material on the Internet that is harmful to minors." ITFA 1101(f)(2)(C).
seasonable - With respect to an act, means "taken within the time agreed or, if no time is agreed, within a reasonable time." UCITA 102(a)(58).
secure hash code- A "mathematical algorithm that, when applied to an electronic version of a document, creates a condensed version of the document from which it is computationally infeasible to identify or recreate the document which corresponds to the condensed version of the document without extrinsic knowledge of that correspondence." NMR 7.18.
Secure Electromic Transaction- Abbreviated SET.
Secure Sockets Layer- Abbreviated SSL.
security procedure- A "procedure for the purpose of (1) verifying that an electronic record is that of a specific person, or (2) detecting error or alteration in the communication or storage of the electronic record since a specific point in time. A security procedure may require the use of algorithms or codes, identifying words or numbers, encryption, answerback or acknowledgment procedures, or similar security devices." IEWSA 103(25). A "procedure employed for the purpose of verifying that an electronic signature, record, or performance is that of a specific person or for detecting changes or errors in the information in an electronic record. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment procedures." UETA 2(14).
self-authenticating document -.
send - "[W]ith any costs provided for and properly addressed or directed as reasonable under the circumstances or as otherwise agreed, to deposit a record in the mail or with a commercially reasonable carrier, to deliver a record for transmission to or re-creation in another location or information processing system, or to take the steps necessary to initiate transmission to or re-creation of a record in another location or information processing system. In addition, with respect to an electronic message, the message must be in a form capable of being processed by or perceived from a system of the type the recipient uses or otherwise has designated or held out as a place for the receipt of communications of the kind sent. Receipt within the time in which it would have arrived if properly sent, has the effect of a proper sending." UCITA 102(a)(59).
SET- See Secure Electronic Transaction.
signature- Signature "includes any symbol, methodology, or authentication procedure executed or adopted by a person with a present intention to authenticate a record, including electronic or digital methods." IEWSA 103(26).
signature block- "[T]he portion of a document, encoded by the private key, which contains the identity of the originator and the date and time of the records creation, submittal or approval." NMR 7.20.
signature digest- The "resulting bit-string produced when a signature is tied to a document using Signature Dynamics." CDSR 23000.b.1.B. message through the use of cryptographic techniques." CDSR 23000.b.1D. See also handwriting measurements.
signed- "Signed or signature means a symbol, including a digital signature, encrypted identifier, or analogous symbol, or an act that encrypts a record in whole or in part, adopted by a party with present intent to authenticate a record or term." U.C.C. §2B-102(32) (May 3, 1996 Draft). CDSR 22000.a.5.
SSL- = Secure Sockets Layer.
standard form - A "record or a group of related records containing terms prepared for repeated use in transactions and so used in a transaction in which there was no negotiated change of terms by individuals except to set the price, quantity, method of payment, selection among standard options, or time or method of delivery." UCITA 102(a)(60).
state- A "State of the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, or any territory or insular possession subject to the jurisdiction of the United States. The term includes an Indian tribe or band, or Alaskan native village, which is recognized by federal law or formally acknowledged by a State." UETA 2(15).
subscriber - A "a person who: (i) is the subject listed in a certificate; (ii) accepts the certificate; and (iii) holds a private key which corresponds to a public key listed in that certificate." CDSR 23000.a.1.K.
substitute transaction - A "transaction by the licensor which would not have been possible except for the licensees breach and which transaction is for the same information or informational rights with the same contractual use terms as the transaction to which the licensees breach applies." UCITA 808.certification authority and the subscriber agree otherwise, the licensed certification authority which issued a certificate which is not a transactional certificate shall suspend the certificate for a period not exceeding 48 hours: (i) upon request by a person identifying himself as the subscriber named in the certificate, or as a person in a position likely to know of a compromise of the security of a subscriber's private key, such as an agent, business associate, employee, or member of the immediate family of the subscriber; or (ii) by order of [governmental authority]. ." Utah Code 46-3-306.
technical due diligence service- The ancillary service of one who "reviews the technical compliance (with these Guidelines or the rules of any other applicable public key infrastructure) of a number of messages, time-stamps, digital signatures and certificates related to a particular transaction or series of transactions, and documents the results of such review to relying parties in electronic form suitable for deposit on-line in a repository and/or offline in an archival service." DSG 1.2.3.
Test of Operating Effectiveness- A " message, digital signature, or certificate a digitally signed notation indicating at least the date and time the notation was appended or attached, and the identity of the person appending or attaching the notation; or (b) the notation thus appended or attached." Utah Code 46-3-103(36). ancillary service of "time-stamping the digital signatures, messages, or records of others." DSG 1.2.3.
transaction - An "an action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs." UETA 2(16).
transactional certificate- A "valid certificate incorporating by reference one or more digital signatures." Utah Code 46-3-103(37).
"(A) with respect to a contractual interest, includes an assignment of the contract,
but does not include an agreement merely to perform a contractual obligation or to
exercise contractual rights through a delegate or sublicensee; and
TPA - See Trading Partner Agreement.
Trading Partner Agreement - Abbreviated TPA.
trusted entity - An " independent, unbiased third party that contributes to, or provides, important security assurances that enhance the admissibility, enforceability and reliability of information in electronic form. In a public/private key system, a trusted entity registers a digitally signed data structure that binds an entity's name (or identity) with its public key. NMR 7.21.
system - A system consisting of "computer hardware and software
UCP - See Uniform Customs and Practice for Documentary Credits.
UETA - See Uniform Electronic Transactions Act.text.
United Nations Model Law on Electronic Commerce - An initiative of the U.N. Commission on International Trade Law, promulgated in 1996 and notable in that it makes no reference to the Internet. In general, it provides that information is not to be denied legal effect merely because it is in electronic form and may be signed electronically. It also deals with sending and receipt of messages and contacts for carriage of goods. It does not address jurisdictional or conflicts of laws issues.message is as effective, valid, and enforceable as the original of the message, unless it is evident that the signer designated an instance of the digitally signed message to be a unique original, in which case only that instance constitutes the valid, effective, and enforceable message." Utah Code 46-3-404.
valid certificate- A "certificate which:
(i) a licensed certification authority has issued;
(ii) the subscriber listed in it has accepted;
(iii) has not been revoked or suspended; and
(iv) has not expired." Utah Code 46-3-103(39)(a).
vandal- = hostile applet.
verification- "In relation to a given digital signature, message, and public key, to determine accurately that: (a) the digital signature was created by the private key corresponding to the public key; and (b) the message has not been altered since its digital signature was created." Utah Code 46-3-103(40).
warranties- By issuing a certificate, a certification authority gives certain warranties to its subscriber by operation of law and makes a certification to all those who rely on the certificate. For example, in Utah, "By issuing a certificate, a licensed certification authority warrants to the subscriber named in the certificate that:
(i) the certificate contains no information known to the certification authority to be false;
(ii) the certificate satisfies all material requirements of [the statute]; and
(iii) the certification authority has not exceeded any limits of its license in issuing the certificate.
(b) The certification authority may not disclaim or limit the warranties of this subsection." Utah Code 46-3-303.
written- Electronic commerce statutes generally provide that where the law calls for a "writing" the requirement will be satisfied by an electronic document under certain conditions, e.g., "A message is as valid, enforceable, and effective as if it had been written on paper, if it:(a) bears in its entirety a digital signature; and (b) that digital signature is verified by the public key listed in a certificate which: (i) was issued by a licensed certification authority; and (ii) was valid at the time the digital signature was created." Utah Code 46-3-403
X.208- The ITU recommendation "Specification of Abstract Syntax Notation One (ASN.1)."
X.500- The ITU recommendation "Information technology - Open Systems Interconnection - The directory: Overview of concepts, models, and services."
X.509- The ITU recommendation "Information technology - Open Systems Interconnection - The directory: Authentication framework," which lays out standards for the public key infrastructure.
LEGAL NOTICE. This hyperdictionary has been posted to the World Wide Web for viewing and browsing only and is subject to change without notice. It may not be copied in any medium, mirrored or made resident on any computer system (except as incident to viewing) without the express advance permission of the author. Application for copyright registration has been made and the author's copyright remedies will be pursued vigorously. See, e.g., 17 U.S.C. 505. It is appropriate to refer to this document though a hyperlink instead of copying it.
Go to Top