Hyperdictionary of Electronic Commerce Law

1999 Michael I. Shamos. All rights reserved

This hyperdictionary is intended as a ready reference for attorneys practicing in the area of electronic commerce law. Every effort is made to keep it up-to-date. The author is an attorney and Co-Director of the Electronic Commerce degree program at Carnegie Mellon University. For explanations of abbreviations used in the glossary, see abbreviations. . For information about proper legal use of this glossary, see the legal notice below. You may direct comments, corrections and feedback to shamos+@cs.cmu.edu.

Abbreviations - The following abbreviations are used liberally in this dictionary:

CDSR

California Digital Signature Regulations

Cf.

compare

DSG

American Bar Association Digital Signature Guidelines

et seq.

and following

F.R.C.P.

Federal Rules of Civil Procedure

IC

intellectual property

IEWSA

Illinois Electronic Writing and Signature Act

ITFA

Internet Tax Freedom Act. P.L. 105-277, effective October 1, 1998.

NMR

New Mexico Rules, Part 51 - Electronic Authentication

P.L.

Public Law (uncodified Act of Congress)

U.C.C

Uniform Commercial Code

UCITA    Uniform Computer Information Transactions Act
UETA    Uniform Electronic Transactions Act
UNML

United Nations Model Law on Electronic Commerce

US

references to United States Supreme Court cases

U.S.C.

United States Code, the codified Federal statutes

abuse - .

acceptable certification authority - A certification authority that meets certain statutory or regulatory requirements and therefore whose certificates have legal effect. See, e.g., CDSR 22003.a.1.A.

acceptable technology - A technology that meets certain statutory and regulatory requirements and therefore may be used to perform acts having enforceable legal effect. See, e.g., CDSR 22003.

acceptance - With respect to a certificate, "(a) to manifest approval of a certificate, while knowing or having notice of its contents; or (b) to apply to a licensed certification authority for a certificate, without canceling or revoking the application, if the certification authority subsequently issues a certificate based on the application." Utah Code 46-3-103(1).

access contract - A "a contract to obtain by electronic means access to, or information from, an information processing system of another person, or the equivalent of such access."   UCITA 102(a)(1).

access material - "Any information or material, such as a document, address, or access code, that is necessary to obtain authorized access to information or control or possession of a copy."  UCITA 102(a)(2).

Accredited Standards Commitee - Abbreviated ASC.

acknowledge - .

acquirer - .

addressee - "[A] person who is intended by the originator to receive … [a] data message, but does not include a person acting as an intermediary with respect to that data message." UNML Art. 2(d).

admissibility - .

adult access code - A "

adult personal identification number - A "

aggrieved party - A "party entitled to a remedy for breach of contract.UCITA 102(a)(3).

agreement - The "bargain of the parties in fact as found in their language or by implication from other circumstances, including course of performance, course of dealing, and usage of trade as provided in this [UCITA].UCITA 102(a)(4).

algorithm identifier - .

Ancillary service - A person offering or performing a service, other than issuance of certificates, in support of digital signatures and other related areas of electronic commerce, or (2) the service performed by such person. DSG 1.2. Among ancillary services are archival, commercial key escrow, confirmation, directory, financial assurance, key pair generation, message corroboration, private key trust, technical due diligence, and time stamping.

Approved List of Certificate Authorities - A list of certification authorities approved by the appropriate governmental entity to issue certificates for digital signature transactions. See, e.g., CDSR 22003.

archival listing - Entries in a public register listing certificates that are no longer valid.

archival service - The ancillary service of keeping "records for a certification authority, repository, or another person involved in electronic commerce." DSG 1.2.3.

ASC - See Accredited Standards Commitee.

asymmetric cryptosystem - The generic term for a cryptosystem that performs encryption and decryption (or signature and verification) using two keys in such a way that knowledge of one key does not provide information about the other. A "computer algorithm or series of algorithms which utilize two different keys with the following characteristics:
(i) one key signs a given message;
(ii) one key verifies a given message; and,
(iii) the keys have the property that, knowing one key, it is computationally infeasible to discover the other key." CDSR 22003.a.1.C.

attribute authority - .

attribute certificate - .

attribution procedure - A "procedure to verify that an electronic authentication, display, message, record, or performance is that of a particular person or to detect changes or errors in information. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment."  UCITA 102(a)(5).

authenticate - To "sign; or with the intent to sign a record, otherwise to execute or adopt an electronic symbol, sound, message, or process referring to, attached to, included in, or logically associated or linked with, that record."  UCITA 102(a)(6).

authentication - A "process used to ascertain the identity of a person or the integrity of specific information. For a message, authentication involves ascertaining its source and that it has not been modified or replaced in transit."  DSG 1.4.

authority key identifier - .

authorizing certificate - A "

automated transaction - A "transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction."  UETA 2(2).  A "transaction in which a contract is formed in whole or part by electronic actions of one or both parties which are not previously reviewed by an individual in the ordinary course."  UCITA 102(a)(7).

automatic restraint -  A "program, code, device, or similar electronic or physical limitation the intended purpose of which is to restrict use of information."   UCITA 605.

best evidence rule - .

bit tax - Any "tax on electronic commerce expressly imposed on or measured by the volume of digital information transmitted electronically, or the volume of digital information per unit of time transmitted electronically, but does not include taxes imposed on the provision of telecommunications services." ITFA 1104(1).

brand certification authority -.

by means of the World Wide Web - "[B]y placement of material in a computer server-based file archive so that it is publicly accessible, over the Internet, using hypertext transfer protocol, file transfer protocol, or other similar protocols." ITFA 1101(e)(3)(A).

cancellation - The "the ending of a contract by a party because of breach of contract by another party."  UCITA 102(a)(8).

cardholder -.

certificate- Generally, a digital mechanism for proving the genuineness of a document or signature. Under the CDSR, "a computer-based record which:
(i) identifies the certification authority issuing it;
(ii) names or identifies its subscriber;
(iii) contains the subscriber's public key; and
(iv) is digitally signed by the certification authority issuing or amending it, and
(v) conforms to widely-used industry standards, including, but not limited to ISO x.509 and PGP certificate standards." CDSR 23000.a.1.D. See also revoke.

certificate chain - A "

certificate class -.

certificate serial number -.

certificate suspension -.

certificate update -.

certification authority - A "person or entity that issues a certificate, or in the case of certain certification processes, certifies amendments to an existing certificate." CDSR 22003.a.1.E. See also operative personnel, practice statement. A certification authority may be required to file a bond, maintain an office in a particular state, pay a fee, submit reports of audits and maintain a website for public keys. See, e.g. Fl. Rule 1-10.001.

Certification authority certificate - A "certificate which lists a certification authority as subscriber and contains a public key corresponding to a private key used to digitally sign another certificate." DSG 1.7.

certification authority disclosure record - An on-line, publicly accessible record concerning a licensed certification authority, kept by a governmental entity. See, e.g. Utah Code 46-3-103(5).

certification practice statement - A "declaration of the practices that a certification authority employs in issuing certificates generally, including procedures for reporting compromised keys, support services, and error resolution procedures." Fl. Rule 1-10.001. See also practice statement.

certification - A declaration by a Certification Authority of material facts concerning a certificate. Utah Code 46-3-103(7).

chain of custody -.

CheckFree -.

CISG - See Convention on Contracts for the Sale of Goods.

claimant -.

Class 1 certificate - A "

Class 2 certificate - A "

Class 3 certificate - A "

Class 4 certificate - A "

closed community -.

commercial key escrow service - The ancillary service of holding "the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber?s private key for the benefit of subscriber, an employer, or other party, upon provisions set forth in the agreement." DSG 1.2.3.

Communications Decency Act of 1996 -.

computer - An "electronic device that accepts information in digital or similar form and manipulates it for a result based on a sequence of instructions."   UCITA 102(a)(9).

Computer Fraud and Abuse Act -.

computer information - "[I]nformation in electronic form which is obtained from or through the use of a computer or which is in a form capable of being processed by a computer. The term includes a copy of the information and any documentation or packaging associated with the copy."  UCITA 102(a)(10).

computer information transaction - An "agreement or the performance of it to create, modify, transfer, or license computer information or informational rights in computer information. The term includes a support contract under Section 612. The term does not include a transaction merely because the parties’ agreement provides that their communications about the transaction will be in the form of computer information."   UCITA 102(a)(11).

confirm - "To ascertain through appropriate inquiry and investigation." DSG 1.9.

confirmation service - The ancillary service of "aiding a certification authority in performing its duty to confirm certain information." DSG 1.2.3.

consequential damages -.

conspicuous - "[S]o written, displayed, or presented that a reasonable person against which it is to operate ought to have noticed it.  A term in an electronic record intended to evoke a response by an electronic agent is conspicuous if it is presented in a form that would enable a reasonably configured electronic agent to take it into account or react to it without review of the record by an individual. Conspicuous terms include the following:
(A) with respect to a person:
   (i) a heading in capitals in a size equal to or greater than, or in contrasting type, font, or color to, the surrounding text;
   (ii) language in the body of a record or display in larger or other contrasting type, font, or color or set off from the surrounding text by symbols or other marks that draw attention to the language; and
   (iii) a term prominently referenced in an electronic record or display which is readily accessible or reviewable from the record or display; and
(B) with respect to a person or an electronic agent, a term or reference to a term that is so placed in a record or display that the person or electronic agent cannot proceed without taking action with respect to the particular term or reference." UCITA 102(a)(14).

consumer - An "individual who is a licensee of information or informational rights that the individual at the time of contracting intended to be used primarily for personal, family, or household purposes. The term does not include an individual who is a licensee primarily for professional or commercial purposes, including agriculture, business management, and investment management other than management of the individual’s personal or family investments.UCITA 102(a)(15).

consumer contract - A "contract between a merchant licensor and a consumer."   UCITA 102(a)(16).

content provider -.

contractual use term - An "enforceable term that defines or limits the use, disclosure of, or access to licensed information or informational rights, including a term that defines the scope of a license."  UCITA 102(a)(19).

Convention on Contracts for the Sale of Goods - A United Nations convention. Abbreviated CISG.

copy - The "medium on which information is fixed on a temporary or permanent basis and from which it can be perceived, reproduced, used, or communicated, either directly or with the aid of a machine or device.UCITA 102(a)(20).

correspond - "[W]ith reference to keys, means to belong to the same key pair." Utah Code 46-3-103(9).

cryptosystem - A "

Cybernotary - An attorney "admitted to practice in the United States and qualified to act as a CyberNotary pursuant to specialization rules currently under development in the CyberNotary Committee, Section of Science and Technology of the American Bar Association. A CyberNotary’s function mirrors that of a notaire, and is focused primarily on practice in international, computer-based transactions." DSG 1.6.3.

data message - "[I]nformation generated, sent, received or stored by electronic, optical or similar means including, but not limited to, electronic data interchange (EDI), electronic mail, telegram, telex, or telecopy." UNML Art. 2(a).

dealer - Within Section 613 of the UCITA, a "merchant licensee that receives information directly or indirectly from a licensor for sale or license to end users."  UCITA 613.

decryption - A "

defamation -.

delegation certificate -.

digital signature - An "electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature." Cal. Gov’t Code 16.5(d). A "transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine whether: (a) the transformation was created using the private key that corresponds to the signer's public key; and (b) the message has been altered since the transformation was made." Utah Code 46-3-103(10). The following California provisions are typical: "The use of a digital signature shall have the same force and effect as the use of a manual signature if and only if it embodies all of the following attributes: (1) It is unique to the person using it. (2) It is capable of verification. (3) It is under the sole control of the person using it. (4) It is linked to data in such a manner that if the data are changed, the digital signature is invalidated. (5) It conforms to regulations adopted by the Secretary of State." Cal. Gov’t Code 16.5(a).

In general, electronic commerce statutes provide that digital signatures are acceptable in place of handwritten signatures if the digital signature is properly certified. The Utah statute is typical: "(1) Where a rule of law requires a signature, or provides for certain consequences in the absence of a signature, that rule is satisfied by a digital signature if:
(a) that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
(b) that digital signature was affixed by the signer with the intention of signing the message; and
(c) the recipient has no knowledge or notice that the signer either:
(i) breached a duty as a subscriber; or
(ii) does not rightfully hold the private key used to affix the digital signature. .". Utah Code 46-3-401.

Digital Signature Standard - The U.S. government cryptographic standard for authenticating electronic documents, promulgated by the National Institute of Standards and Technology (NIST) in 1994. Abbreviated DSS.

digital wallet -

digitally signed communication - A "message that has been processed by a computer in such a manner that ties the message to the individual that signed the message." CDSR 20000.a.1.

Directory service - The ancillary service of locating and furnishing "certificates and other information about persons, such as distinguished names, on-line addresses and identifying or descriptive information." DSG 1.2.3.

discriminatory tax - Within the context of the ITFA, a tax on electronic commerce or Internet access not imposed and enforced before October 1, 1998 that attempts to exact a tax on transactions merely because they are being conducted electronically or via the Internet. ITFA 1104(2).

document - UCC Art 7.

DSS - = Digital Signature Standard.

ECMA - See European Computer Manufacturers Association.

EFF - See Electronic Frontier Foundation.

EFTA - See Electronic Funds Transfer Act.

electronic - "Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities."  UETA 2(5).

electronic agent - A "computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual."  UETA 2(6).   "A contract may be formed by the interaction of electronic agents of the parties, even if no individual was aware of or reviewed the electronic agents' actions or the resulting terms and agreements.UETA 14(1).

electronic commerce - Any "transaction conducted over the Internet or through Internet access, comprising the sale, lease, license, offer, or delivery of property, goods, services, or information, whether or not for consideration, and includes the provision of Internet access." ITFA 1104(3).

Electronic Communications Privacy Act - .

electronic error - Within Section 214 of the UCITA, "an error in an electronic message created by a consumer using an information processing system if a reasonable method to detect and correct or avoid the error was not provided."  UCITA 214.  "In an automated transaction, a consumer is not bound by an electronic message that the consumer did not intend and which was caused by an electronic error, if the consumer:
(1) promptly on learning of the error:
   (A) notifies the other party of the error; and
   (B) causes delivery to the other party or, pursuant to reasonable instructions received from the other party, delivers to another person or destroys all copies of the information; and(2) has not used, or received any benefit or value from, the information or caused the information or benefit to be made available to a third party."  UCITA 214(b).

Electronic Frontier Foundation - Abbreviated EFF.

Electronic Funds Transfer Act - Abbreviated EFTA.

electronic message - A "record or display that is stored, generated, or transmitted by electronic means for the purpose of communication to another person or electronic agent.UCITA 102(a)(28).   "Receipt of an electronic message is effective when received even if no individual is aware of its receipt."  UCITA 215.

electronic record - A "record generated, communicated, received, or stored by electronic, magnetic, optical, or other analogous means for storage in an information system or for transmission from one information system to another. The term includes electronic data interchange, electronic mail, facsimile, telex, and like communication."  IEWSA 103(9).   See also transferable record.

electronic self-help - The "use of electronic means to exercise a licensor’s rights under Section 815(b)."  UCITA 816.

electronic signature - Any "letters, characters, numbers, or other symbols in digital form attached to or logically associated with an electronic record including a digital signature, executed or adopted by a party with present intention to authenticate the electronic record." IEWSA 103(10). The UETA definition is slightly different: "an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record."  UETA 2(8).  The notion of an electronic signature is thus more expansive than that of a digital signature and includes such items "as digitized images of paper-based signatures, typed notations such as "s/James Jones", and perhaps addressing information such as the "From" headers in electronic mail." DSG 1.11.

enable use -  Within Section 602 of UCITA, "to grant a contractual right or permission with respect to information or informational rights and to complete the acts, if any, required under the agreement to make the information available to the licensee."  UCITA 602.

encryption - "When a certificate expires, the subscriber and certification authority cease to certify the information in the certificate as provided in this chapter and the certification authority is discharged of its duties based on issuance of that certificate.". Utah Code 46-3-308.

end user - Within Section 613 of the UCITA, a "licensee that acquires a copy of the information from a dealer by delivery on a tangible medium for the licensee’s own use and not for sale, license, transmission to third persons, or public display or performance for a fee.UCITA 613.

ETERMS - .

European Computer Manufacturers Association - Abbreviated ECMA.

European Model EDI Agreement - .

xxpiration - A "

Federal Reserve System - .

financial accommodation contract - An "agreement under which a person extends a financial accommodation to a licensee and which does not create a security interest governed by [Article 9 of the Uniform Commercial Code]. The agreement may be in any form, including a license or lease.UCITA 102(a)(29).

financial assurance service - The ancillary service of aiding a certification authority in fulfilling its financial responsibilities, such as "a surety issuing a bond, a bank issuing a standby letter of credit, or a liability insurance carrier." DSG 1.2.3.

financial services transaction - An "agreement that provides for, or a transaction that is, or entails access to, use, transfer, clearance, settlement, or processing of:
(A) a deposit, loan, funds, or monetary value represented in electronic form and stored or capable of storage by electronic means and retrievable and transferable by electronic means, or other right to payment to or from a person;
(B) an instrument or other item;
(C) a payment order, credit card transaction, debit card transaction, funds transfer, automated clearing house transfer, or similar wholesale or retail transfer of funds;
(D) a letter of credit, document of title, financial asset, investment property, or similar asset held in a fiduciary or agency capacity; or
(E) related identifying, verifying, access-enabling, authorizing, or monitoring information.UCITA 102(a)(30).

financier - A "person that provides a financial accommodation to a licensee under a financial accommodation contract and either (i) becomes a licensee for the purpose of transferring or sublicensing the license to the party to which the financial accommodation is provided or (ii) obtains a contractual right under the financial accommodation contract to preclude the licensee’s use of the information or informational rights under a license in the event of breach of the financial accommodation contract. The term does not include a person that selects, creates, or supplies the information that is the subject of the license, owns the informational rights in the information, or provides support for, modifications to, or maintenance of the information."   UCITA 102(a)(31).

forge - With respect to a digital signature, "(a) to create a digital signature without the authorization of the rightful holder of the private key; or
(b) to create a digital signature verifiable by a certificate listing as subscriber a person who either:
(i) does not exist; or
(ii) does not hold the private key corresponding to the public key listed in the certificate." Utah Code 46-3-103(12).

"[T]he recipient of a digital signature assumes the risk that a digital signature is forged, if reliance on the digital signature is not reasonable under the circumstances." Utah Code 46-3-402.

generally imposed and actually enforced - With respect to a tax, that "the tax was authorized by statute and either--

(1) a provider of Internet access services had a reasonable opportunity to know by virtue of a rule or other public proclamation made by the appropriate administrative agency of the State or political subdivision thereof, that such agency has interpreted and applied such tax to Internet access services; or

(2) a State or political subdivision thereof generally collected such tax on charges for Internet access." ITFA 1101(d).

goods - "[A]ll things that are movable at the time relevant to the computer information transaction. The term includes the unborn young of animals, growing crops, and other identified things to be severed from realty which are covered by [Section 2-107 of the Uniform Commercial Code]. The term does not include computer information, money, the subject matter of foreign exchange transactions, documents, letters of credit, letter-of-credit rights, instruments, investment property, accounts, chattel paper, deposit accounts, or general intangibles."  UCITA 102(a)(33).

handwriting measurements - The "metrics of the shapes, speeds and/or other distinguishing features of a signature as the person writes it by hand with a pen or stylus on a flat surface." CDSR 23000.b.1.A.

hash function - An "algorithm mapping or translating one sequence of bits into another, generally smaller, set (the hash result) such that --
(a) a record yields the same hash result every time the algorithm is executed using the same record as input,
(b) it is computationally infeasible that a record can be derived or reconstituted from the hash result produced by the algorithm, and
(c) it is computationally infeasible that two records can be found that produce the same hash result using the algorithm." IEWSA 103(11). [Ed. note: this is more properly called a secure hash code.]

hash result - The "output produced by a hash function upon processing a record." IEWSA 103(12).

hold a key - A person "holds" a key if he or she is able to use it. DSG 1.14.

hostile applet - An unwanted applet or ActiveX control activated by a web page that performs undesirable functions on the user’s computer. Also known as a "vandal."

ICC - See International Chamber of Commerce.

identifying certificate - A "

incidental damages - Incidental damages resulting from breach of contract:
"(A) means compensation for any commercially reasonable charges, expenses, or commissions reasonably incurred by an aggrieved party with respect to:
   (i) inspection, receipt, transmission, transportation, care, or custody of identified copies or information that is the subject of the breach;
   (ii) stopping delivery, shipment, or transmission;
   (iii) effecting cover or retransfer of copies or information after the breach;
   (iv) other efforts after the breach to minimize or avoid loss resulting from the breach; and
   (v) matters otherwise incident to the breach; and
(B) does not include consequential damages or direct damages."  UCITA 102(a)(34).

incorporate by reference - With reference to digital signatures, "[t]o make one message a part of another message by (1) identifying the message to be incorporated, (2) providing information which enables the receiving party to access and obtain the incorporated message in its entirety, and expressing the intention that it be part of the incorporating message." DSG 1.15.

information - "[D]ata, text, images, sounds, mask works, or computer programs, including collections and compilations of them."  UCITA 102(a)(35).

information processing system - An "electronic system for creating, generating, sending, receiving, storing, displaying, or processing information."  UETA 2(11).

informational content - "[I]nformation that is intended to be communicated to or perceived by an individual in the ordinary use of the information, or the equivalent of that information."  UCITA 102(a)(37).

informational rights - "[A]ll rights in information created under laws governing patents, copyrights, mask works, trade secrets, trademarks, publicity rights, or any other law that gives a person, independently of contract, a right to control or preclude another person’s use of or access to the information on the basis of the rights holder’s interest in the information."  UCITA 102(a)(38).

interchange agreement -.

interconnection agreement -.

intermediary - "[A] person who, on behalf of another person, sends, receives or stores … [a] data message or provides other serves with respect to that data message." UNML Art. 2(e).

International Chamber of Commerce - Abbreviated ICC.

Internet - "[C]ollectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio." ITFA 1104(4).

Internet access - A "service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to users. Such term does not include telecommunications services." ITFA 1104(5).

Internet access provider - A "person engaged in the business of providing a computer and communications facility through which a customer may obtain access to the Internet, but does not include a common carrier to the extent that it provides only telecommunications services." ITFA 1101(f)(2)(A).

Internet access service - A "service that enables users to access content, information, electronic mail, or other services offered over the Internet and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services." ITFA 1101(e)(3)(D). Cf. Internet access services.

Internet access services - The "provision of computer and communications services through which a customer using a computer and a modem or other communications device may obtain access to the Internet, but does not include telecommunications services provided by a common carrier." ITFA 1101(f)(2)(B). Cf. Internet access service.

Internet information location tool - A "a service that refers or links users to an online location on the World Wide Web. Such term includes directories, indices, references, pointers, and hypertext links." ITFA 1101(e)(3)(E).

Internet Tax Freedom Act - A Federal act which, for a period of three years from October 1, 1998, prohibits (1) taxes on Internet access, unless such tax was generally imposed and actually enforced prior to October 1, 1998; and (2) multiple or discriminatory taxes on electronic commerce. Abbreviated ITFA. There is an exception to the Moratorium "in the case of any person or entity who knowingly and with knowledge of the character of the material, in interstate or foreign commerce by means of the World Wide Web, makes any communication for commercial purposes that is available to any minor and that includes any material that is harmful to minors unless such person or entity has restricted access by minors to material that is harmful to minors." ITFA 1101(e)(1). View text of Act.

ISO - A "

ISO x.509 - A "

issue a certificate - The "acts of a certification authority in creating a certificate and notifying the subscriber listed in the certificate of the contents of the certificate." DSG 1.16.

ITFA - See Internet Tax Freedom Act.

ITU - International Telecommunication Union.

key - A "

key pair - A "private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates." CDSR 23000.a.1.F.

key pair generation service - The ancillary service of creating key pairs to be used by others. DSG 1.2.3.

license - A "contract that authorizes access to, or use, distribution, performance, modification, or reproduction of, information or informational rights, but expressly limits the access or uses authorized or expressly grants fewer than all rights in the information, whether or not the transferee has title to a licensed copy. The term includes an access contract, a lease of a computer program, and a consignment of a copy. The term does not include a reservation or creation of a security interest to the extent the interest is governed by [Article 9 of the Uniform Commercial Code]."  UCITA 102(a)(40).
Under Section 307 of the UCITA, "(a) A license grants: (1) the contractual rights that are expressly described; and (2) a contractual right to use any informational rights within the licensor’s control at the time of contracting which are necessary in the ordinary course to exercise the expressly described rights."  UCITA 307.

licensee - A "person entitled by agreement to acquire or exercise rights in, or to have access to or use of, computer information under an agreement to which this [Act] applies.  A licensor is not a licensee with respect to rights reserved to it under the agreement."  UCITA 102(a)(41).

licensor - A "person obligated by agreement to transfer or create rights in, or to give access to or use of, computer information or informational rights in it under an agreement to which this [Act] applies. Between the provider of access and a provider of the informational content to be accessed, the provider of content is the licensor. In an exchange of information or informational rights, each party is a licensor with respect to the information, informational rights, or access it gives."   UCITA 102(a)(42).

mailbox rule -.

mass-market license - A "standard form used in a mass-market transaction."   UCITA 102(a)(43).

mass-market transaction - A "transaction that is:
(A) a consumer contract; or
(B) any other transaction with an end-user licensee if:
   (i) the transaction is for information or informational rights directed to the general public as a whole, including consumers, under substantially the same terms for the same information;
   (ii) the licensee acquires the information or informational rights in a retail transaction under terms and in a quantity consistent with an ordinary transaction in a retail market; and
   (iii) the transaction is not:
       (I) a contract for redistribution or for public performance or public display of a copyrighted work;
       (II) a transaction in which the information is customized or otherwise specially prepared by the licensor for the licensee, other than minor customization using a capability of the information intended for that purpose;
       (III) a site license; or
       (IV) an access contract."  UCITA 102(a)(44).

material that is harmul to minors - Any "communication, picture, image, graphic image file, article, recording, writing, or other matter of any kind that is obscene or that--
(i) the average person, applying contemporary community standards, would find, taking the material as a whole and with respect to minors, is designed to appeal to, or is designed to pander to, the prurient interest;
(ii) depicts, describes, or represents, in a manner patently offensive with respect to minors, an actual or simulated sexual act or sexual contact, an actual or simulated normal or perverted sexual act, or a lewd exhibition of the genitals or post-pubescent female breast; and
(iii) taken as a whole, lacks serious literary, artistic, political, or scientific value for minors." ITFA 1101(e)(3)(F).

merchant - A "person:
(A) that deals in information or informational rights of the kind involved in the transaction;
(B) that by the person’s occupation holds itself out as having knowledge or skill peculiar to the relevant aspect of the business practices or information involved in the transaction; or
(C) to which the knowledge or skill peculiar to the practices or information involved in the transaction may be attributed by the person’s employment of an agent or broker or other intermediary that by its occupation holds itself out as having the knowledge or skill."  UCITA 102(a)(45).

message - A "digital representation of information intended to serve as a written communication." CDSR 20000.a.2 adds the qualification that the communication be with a "public entity".

message corroboration service - The ancillary service of preparing a hash result to fix the content of a message, and then associating a time stamp with the message and/or the hash result. Message corroboration provides assurance of message integrity and the time the message was created, but provides no authentication of the signer’s identity by others. DSG 1.2.3.

message digest - A record abstraction. NMR 7.13.

message integrity - The "assurance of unaltered transmission and receipt of a message from the sender to the intended recipient." DSG 1.19.

minor - Within the meaning of the ITFA, "any person under 17 years of age." ITFA 1101(e)(3)(G).

Model EDI Trading Partner Agreement -.

Model Electronic Payments Agreement -.

Moratorium - The Internet tax moratorium provided in the Internet Tax Freedom Act and running for three years from October 1, 1998. It is the sense of Congress that no new Federal taxes similar to the taxes described in section 1101(a) should be enacted with respect to the Internet and Internet access during the moratorium …" ITFA 1202.

multiple tax - Any "tax that is imposed by one State or political subdivision thereof on the same or essentially the same electronic commerce that is also subject to another tax imposed by another State or political subdivision thereof (whether or not at the same rate or on the same basis), without a credit (for example, a resale exemption certificate) for taxes paid in other jurisdictions. ITFA 1104(6)(A).

National Conference of Commissioners on Uniform State Laws -.

non-exclusive license - A "license that does not preclude the licensor from transferring to other licensees the same information, informational rights, or contractual rights within the same scope. The term includes a consignment of a copy."   UCITA 102(a)(47).

non-repudiation - "Strong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents." DSG 1.20.

Notaire - A "

note - UCC Art. 3..

notify - "To communicate or make available information to another person as required under the circumstances." DSG 1.21.

open community -.

operational period - The period of time during which a certificate may be relied upon. "The operational period of a certificate begins on the date and time it is issued by a certification authority (or on a later date and time certain if stated in the certificate), and ends on the date and time it expires or is earlier revoked or suspended." DSG 1.22.

operative personnel - "[O]ne or more natural persons acting as a certification authority or its agent, or in the employment of or under contract with a certification authority, and who have: (a) managerial or policy-making responsibilities for the certification authority; or (b) duties directly involving the issuance of certificates, creation of private keys, or administration of a certification authority's computing facilities." Utah Code 46-3-103(20).

original - See unique original.

originator - "[A] person by whom, or on whose behalf, … [a] data message purports to have been sent or generated prior to storage, if any, but does not include a person acting as an intermediary with respect to that data message." UNML Art. 2(c).

originator - The person who signs a document electronically.

perfect tender rule -.

person - "A human being or an organization (or a device under the control thereof which is capable of signing a message or verifying a digital signature)." DSG 1.23.  An "individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, governmental agency, public corporation, or any other legal or commercial entity."  UETA 2(12).  It would seem particularly important in a computer-oriented world to define carefully what "person" means.

personal jurisdiction -.

PKI - = Public Key Infrastructure.

practice statement - "[D]ocumentation of the practices, procedures and controls employed by a Certification Authority." CDSR 23000.a.1.G.

presumptions - Electronic commerce statutes generally provide that digitally signed documents are entitled to certain evidentiary presumption when they have been prepared in accordance with statute. For example, in Utah it is presumed, inter alia, that "if a digital signature is verified by the public key listed in a valid certificate issued by a licensed certification authority: (a) that the digital signature is the digital signature of the subscriber listed in that certificate; (b) that the digital signature was affixed by the signer with the intention of signing the message; and (c) the recipient of that digital signature has no knowledge or notice that the signer: (i) breached a duty as a subscriber; or (ii) does not rightfully hold the private key used to affix the digital signature." Utah Code 46-3-406(3).

principal -.

private key - A key used in a public-key cryptosystem to encrypt a message. The "key of a key pair used to create a digital signature". CDSR 23000.a.1.H. "A private key is the personal property of the subscriber who rightfully holds it." Utah Code 46-3-305(2).

private key trust service - The ancillary service of holding "the private key of a subscriber pursuant to an express trust, letters testamentary, or similar legal arrangement which is voluntarily created by the subscriber." DSG 1.2.3.

proof of identification - The "the document or documents presented to a Certification Authority to establish the identity of a subscriber." CDSR 23000.a.1.I.

public key - - A key used in a public-key cryptosystem to decrypt a message. The "key of a key pair used to verify a digital signature". CDSR 23000.a.1.J.

public key cryptosystem - A "

public key infrastructure - Term that applies to the implementation of public-key cryptosystems in real applications, comprising such practical topics as key management and distribution, certification authorities and associated stadards. Abbreviated PKI.

publish - With respect to a public key, "to record or file in a repository." Utah Code 46-3-103(24).

published informational content - "[I]informational content prepared for or made available to recipients generally, or to a class of recipients, in substantially the same form. The term does not include informational content that is:
(A) customized for a particular recipient by one or more individuals acting as or on behalf of the licensor, using judgment or expertise; or
(B) provided in a special relationship of reliance between the provider and the recipient."  UCITA 102(a)(51).

publisher - Within Section 613 of the UCITA, a "licensor, other than a dealer, that offers a license to an end user with respect to information distributed by a dealer to the end user.UCITA 613.

qualified right to payment - An "award of damages against a licensed certification authority by a court having jurisdiction over the certification authority in a civil action for violation of [statute]." Utah Code 46-3-103(26).

receipt -
"(A) with respect to a copy, taking delivery; or
(B) with respect to a notice:
     (i) coming to a person's attention; or
     (ii) being delivered to and available at a location or system designated by agreement for that purpose or, in the absence of an agreed location or system:
         (I) being delivered at the person’s residence, or the person’s place of business through which the contract was made, or at any other place held out by the person as a place for receipt of communications of the kind; or
         (II) in the case of an electronic notice, coming into existence in an information processing system or at an address in that system in a form capable of being processed by or perceived from a system of that type by a recipient, if the recipient uses, or otherwise has designated or holds out, that place or system for receipt of notices of the kind to be given and the sender does not know that the notice cannot be accessed from that place."  UCITA 102(a)(52).

recipient - A "a person who receives or has a digital signature and is in a position to rely on it." Utah Code 46-3-103(26).

record - "[I]nformation that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form."  UETA 2(13).

record abstraction - A "condensed representation of a document, which condensation is prepared by use of a secure hash code." NMR 7.13. Also known as a "message digest."

recognized repository - A repository recognized by the appropriate governmental authority for storing certificates. See, e.g., Utah Code 46-3-103(27).

recommended reliance limit - A "limitation on the monetary amount recommended for reliance on a certificate" by a Certification Authority, which has the effect of limiting the Certification Authority’s liability. Utah Code 46-3-103(28).

Regulation E -.

release - An "agreement by a party not to object to, or exercise any rights or pursue any remedies to limit, the use of information or informational rights which agreement does not require an affirmative act by the party to enable or support the other party’s use of the information or informational rights. The term includes a waiver of informational rights."  UCITA 102(a)(55).

relying party - A "person who has received a certificate and a digital signature verifiable with reference to a public key listed in the certificate, and is in a position to rely on them.." IEWSA 103(20).

Report of Policies and Procedures Placed in Operation - A "

repository - A "system for storing and retrieving certificates and other information relevant to digital signatures." Utah Code 46-3-103(29). See also recognized repository.

repudiate - To deny the origin of an electronic document or the fact that an electronic document has been received.

return - With respect to a record containing contractual terms that were rejected, the term "refers only to the computer information and means:
(A) in the case of a licensee that rejects a record regarding a single information product transferred for a single contract fee, a right to reimbursement of the contract fee paid from the person to which it was paid or from another person that offers to reimburse that fee, on:
   (i) submission of proof of purchase; and
   (ii) proper redelivery of the computer information and all copies within a reasonable time after initial delivery of the information to the licensee;
(B) in the case of a licensee that rejects a record regarding an information product provided as part of multiple information products integrated into and transferred as a bundled whole but retaining their separate identity:
   (i) a right to reimbursement of any portion of the aggregate contract fee identified by the licensor in the initial transaction as charged to the licensee for all bundled information products which was actually paid, on:
      (I) rejection of the record before or during the initial use of the bundled product;
      (II) proper redelivery of all computer information products in the bundled whole and all copies of them within a reasonable time after initial delivery of the information to the licensee; and
      (III) submission of proof of purchase; or
   (ii) a right to reimbursement of any separate contract fee identified by the licensor in the initial transaction as charged to the licensee for the separate information product to which the rejected record applies, on:
      (I) submission of proof of purchase; and
      (II) proper redelivery of that computer information product and all copies within a reasonable time after initial delivery of the information to the licensee; or
(C) in the case of a licensor that rejects a record proposed by the licensee, a right to proper redelivery of the computer information and all copies from the licensee, to stop delivery or access to the information by the licensee, and to reimbursement from the licensee of amounts paid by the licensor with respect to the rejected record, on reimbursement to the licensee of contract fees that it paid with respect to the rejected record, subject to recoupment and setoff."  UCITA 102(a)(56).

revoke a certificate - To "make a certificate ineffective permanently from a specified time forward. Revocation is effected by notation or inclusion in a set of revoked certificates, and does not imply that a revoked certificate is destroyed or made illegible. Utah Code 46-3-103(30).

rightfully hold a private key - "To be able to utilize a private key:
(a) which the holder or the holder's agents have not disclosed to any person in violation of [statute]; and
(b) which the holder has not obtained through theft, deceit, eavesdropping, or other unlawful means." Utah Code 46-3-103(31).

root certificate - A "

SAS 70 Type One audit - A "

SAS 70 Type Two audit - A "

scope - With respect to terms of a license, the term "means:
(A) the licensed copies, information, or informational rights involved;
(B) the use or access authorized, prohibited, or controlled;
(C) the geographic area, market, or location; or
(D) the duration of the license."  UCITA 102(a)(57).

screening software - As used in the ITFA, "software that is designed to permit a person to limit access to material on the Internet that is harmful to minors." ITFA 1101(f)(2)(C).

seasonable - With respect to an act, means "taken within the time agreed or, if no time is agreed, within a reasonable time."  UCITA 102(a)(58).

secure hash code - A "mathematical algorithm that, when applied to an electronic version of a document, creates a condensed version of the document from which it is computationally infeasible to identify or recreate the document which corresponds to the condensed version of the document without extrinsic knowledge of that correspondence." NMR 7.18.

Secure Electromic Transaction - Abbreviated SET.

Secure Sockets Layer - Abbreviated SSL.

security procedure - A "procedure for the purpose of (1) verifying that an electronic record is that of a specific person, or (2) detecting error or alteration in the communication or storage of the electronic record since a specific point in time. A security procedure may require the use of algorithms or codes, identifying words or numbers, encryption, answerback or acknowledgment procedures, or similar security devices." IEWSA 103(25).   A "procedure employed for the purpose of verifying that an electronic signature, record, or performance is that of a specific person or for detecting changes or errors in the information in an electronic record. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment procedures."  UETA 2(14).

self-authenticating document -.

send - "[W]ith any costs provided for and properly addressed or directed as reasonable under the circumstances or as otherwise agreed, to deposit a record in the mail or with a commercially reasonable carrier, to deliver a record for transmission to or re-creation in another location or information processing system, or to take the steps necessary to initiate transmission to or re-creation of a record in another location or information processing system. In addition, with respect to an electronic message, the message must be in a form capable of being processed by or perceived from a system of the type the recipient uses or otherwise has designated or held out as a place for the receipt of communications of the kind sent. Receipt within the time in which it would have arrived if properly sent, has the effect of a proper sending."  UCITA 102(a)(59).

SET - See Secure Electronic Transaction.

signature - Signature "includes any symbol, methodology, or authentication procedure executed or adopted by a person with a present intention to authenticate a record, including electronic or digital methods." IEWSA 103(26).

signature block - "[T]he portion of a document, encoded by the private key, which contains the identity of the originator and the date and time of the record’s creation, submittal or approval." NMR 7.20.

signature digest - The "resulting bit-string produced when a signature is tied to a document using Signature Dynamics." CDSR 23000.b.1.B.

signature dynamics - A method of "measuring the way a person writes his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic techniques." CDSR 23000.b.1D. See also handwriting measurements.

signed - "’Signed’ or ‘signature’ means a symbol, including a digital signature, encrypted identifier, or analogous symbol, or an act that encrypts a record in whole or in part, adopted by a party with present intent to authenticate a record or term." U.C.C. 2B-102(32) (May 3, 1996 Draft).

signer - The "person who signs a digitally signed communication with the use of an acceptable technology to uniquely link the message with the person sending it." CDSR 22000.a.5.

SSL - = Secure Sockets Layer.

standard form - A "record or a group of related records containing terms prepared for repeated use in transactions and so used in a transaction in which there was no negotiated change of terms by individuals except to set the price, quantity, method of payment, selection among standard options, or time or method of delivery."  UCITA 102(a)(60).

state - A "State of the United States, the District of Columbia, Puerto Rico, the United States Virgin Islands, or any territory or insular possession subject to the jurisdiction of the United States. The term includes an Indian tribe or band, or Alaskan native village, which is recognized by federal law or formally acknowledged by a State."   UETA 2(15).

subscriber - A "a person who: (i) is the subject listed in a certificate; (ii) accepts the certificate; and (iii) holds a private key which corresponds to a public key listed in that certificate." CDSR 23000.a.1.K.

substitute transaction - A "transaction by the licensor which would not have been possible except for the licensee’s breach and which transaction is for the same information or informational rights with the same contractual use terms as the transaction to which the licensee’s breach applies."  UCITA 808.

suspension - "Unless the certification authority and the subscriber agree otherwise, the licensed certification authority which issued a certificate which is not a transactional certificate shall suspend the certificate for a period not exceeding 48 hours: (i) upon request by a person identifying himself as the subscriber named in the certificate, or as a person in a position likely to know of a compromise of the security of a subscriber's private key, such as an agent, business associate, employee, or member of the immediate family of the subscriber; or (ii) by order of [governmental authority]. ." Utah Code 46-3-306.

technical due diligence service - The ancillary service of one who "reviews the technical compliance (with these Guidelines or the rules of any other applicable public key infrastructure) of a number of messages, time-stamps, digital signatures and certificates related to a particular transaction or series of transactions, and documents the results of such review to relying parties in electronic form suitable for deposit on-line in a repository and/or offline in an archival service." DSG 1.2.3.

Test of Operating Effectiveness - A "

time stamp - "’Time-stamp’ means either: (a) to append or attach to a message, digital signature, or certificate a digitally signed notation indicating at least the date and time the notation was appended or attached, and the identity of the person appending or attaching the notation; or (b) the notation thus appended or attached." Utah Code 46-3-103(36).

time-stamping service - The ancillary service of "time-stamping the digital signatures, messages, or records of others." DSG 1.2.3.

transaction - An "an action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs."  UETA 2(16).

transactional certificate - A "valid certificate incorporating by reference one or more digital signatures."  Utah Code 46-3-103(37).

transfer - "(A) with respect to a contractual interest, includes an assignment of the contract, but does not include an agreement merely to perform a contractual obligation or to exercise contractual rights through a delegate or sublicensee; and
(B) with respect to computer information, includes a sale, license, or lease of a copy of the computer information and a license or assignment of informational rights in computer information."  UCITA 102(a)(60).

transferable record - An "electronic record that (1) would be a note under [Article 3 of the Uniform Commercial Code] or a document under [Article 7 of the Uniform Commercial Code] if the electronic record were in writing; and (2) the issuer of the electronic record has expressly agreed is a transferable record."  UETA 16(a).

TPA - See Trading Partner Agreement.

Trading Partner Agreement - Abbreviated TPA.

trusted entity - An " independent, unbiased third party that contributes to, or provides, important security assurances that enhance the admissibility, enforceability and reliability of information in electronic form. In a public/private key system, a trusted entity registers a digitally signed data structure that binds an entity's name (or identity) with its public key. NMR 7.21.

trustworthy system - A system consisting of "computer hardware and software which:
(a) are reasonably secure from intrusion and misuse;
(b) provide a reasonable level of availability, reliability, and correct operation; and
(c) are reasonably suited to performing their intended functions." Utah Code 46-3-103(38).

UCP - See Uniform Customs and Practice for Documentary Credits.

UETA - See Uniform Electronic Transactions Act.

UIACP - See Uniform International Authentication and Certification Practices.

UNCID - See Uniform Rules of Conduct for Interchange of Trade Data by

Uniform Electronic Transactions Acts - A "  View text.

Uniform International Authentication and Certification Practices - Abbreviated UIACP.

Uniform Rules of Conduct for Interchange of Trade Data by Telecommunications - Abbreviated UNCID.

United Nations Model Law on Electronic Commerce - An initiative of the U.N. Commission on International Trade Law, promulgated in 1996 and notable in that it makes no reference to the Internet. In general, it provides that information is not to be denied legal effect merely because it is in electronic form and may be signed electronically. It also deals with sending and receipt of messages and contacts for carriage of goods. It does not address jurisdictional or conflicts of laws issues.

unique original - "A copy of a digitally signed message is as effective, valid, and enforceable as the original of the message, unless it is evident that the signer designated an instance of the digitally signed message to be a unique original, in which case only that instance constitutes the valid, effective, and enforceable message." Utah Code 46-3-404.

valid certificate - A "certificate which:
(i) a licensed certification authority has issued;
(ii) the subscriber listed in it has accepted;
(iii) has not been revoked or suspended; and
(iv) has not expired." Utah Code 46-3-103(39)(a).

vandal - = hostile applet.

verification - "In relation to a given digital signature, message, and public key, to determine accurately that: (a) the digital signature was created by the private key corresponding to the public key; and (b) the message has not been altered since its digital signature was created." Utah Code 46-3-103(40).

warranties - By issuing a certificate, a certification authority gives certain warranties to its subscriber by operation of law and makes a certification to all those who rely on the certificate. For example, in Utah, "By issuing a certificate, a licensed certification authority warrants to the subscriber named in the certificate that:
(i) the certificate contains no information known to the certification authority to be false;
(ii) the certificate satisfies all material requirements of [the statute]; and
(iii) the certification authority has not exceeded any limits of its license in issuing the certificate.
(b) The certification authority may not disclaim or limit the warranties of this subsection." Utah Code 46-3-303.

written - Electronic commerce statutes generally provide that where the law calls for a "writing" the requirement will be satisfied by an electronic document under certain conditions, e.g., "A message is as valid, enforceable, and effective as if it had been written on paper, if it:(a) bears in its entirety a digital signature; and (b) that digital signature is verified by the public key listed in a certificate which: (i) was issued by a licensed certification authority; and (ii) was valid at the time the digital signature was created." Utah Code 46-3-403

X.208 - The ITU recommendation "Specification of Abstract Syntax Notation One (ASN.1)."

X.209 - The ITU recommendation "Specification of basic encoding rules for Abstract Syntax Notation One (ASN.1)."

X.500 - The ITU recommendation "Information technology - Open Systems Interconnection - The directory: Overview of concepts, models, and services."

X.509 - The ITU recommendation "Information technology - Open Systems Interconnection - The directory: Authentication framework," which lays out standards for the public key infrastructure.

LEGAL NOTICE. This hyperdictionary has been posted to the World Wide Web for viewing and browsing only and is subject to change without notice. It may not be copied in any medium, mirrored or made resident on any computer system (except as incident to viewing) without the express advance permission of the author. Application for copyright registration has been made and the author's copyright remedies will be pursued vigorously. See, e.g., 17 U.S.C. 505. It is appropriate to refer to this document though a hyperlink instead of copying it.

Go to Top