RCW 19.34.020
Definitions.
Unless the context clearly requires
otherwise, the definitions in this section apply throughout this chapter:
(1) "Accept a certificate" means to
manifest approval of a certificate, while knowing or having notice of its
contents. Such approval may be manifested by the use of the certificate.
(2) "Accept a digital signature" means to verify a digital signature or take an action in reliance on a digital signature.
(3) "Asymmetric cryptosystem" means an
algorithm or series of algorithms that provide a secure key pair.
(4) "Certificate" means a
computer-based record that:
(a) Identifies the certification authority
issuing it;
(b) Names or identifies its subscriber;
(c) Contains the subscriber's public key; and
(d) Is digitally signed by the certification
authority issuing it.
(5) "Certification authority" means a
person who issues a certificate.
(6) "Certification authority disclosure
record" means an on-line, publicly accessible record that concerns a
licensed certification authority and is kept by the secretary.
(7) "Certification practice statement"
means a declaration of the practices that a certification authority employs in
issuing certificates.
(8) "Certify" means to declare with
reference to a certificate, with ample opportunity to reflect, and with a duty
to apprise oneself of all material facts.
(9) "Confirm" means to ascertain
through appropriate inquiry and investigation.
(10) "Correspond," with reference to
keys, means to belong to the same key pair.
(11) "Digital signature" means an electronic signature
that is a transformation of a message using an asymmetric cryptosystem such that
a person having the initial message and the signer's public key can accurately
determine:
(a) Whether the transformation was created using
the private key that corresponds to the signer's public key; and
(b) Whether the initial message has been altered
since the transformation was made.
(12) "Electronic" means electrical, digital,
magnetic, optical, electromagnetic, or any other form of technology that entails
capabilities similar to these technologies.
(13) "Electronic record" means a record
generated, communicated, received, or stored by electronic means for use in an
information system or for transmission from one information system to another.
(14) "Electronic signature"
means a signature in electronic form
attached to or logically associated with an electronic record, including but not
limited to a digital signature.
(15) "Financial institution" means a
national or state-chartered commercial bank or trust company, savings bank,
savings association, or credit union authorized to do business in the state of
Washington and the deposits of which are federally insured.
(16) "Forge a digital signature" means either:
(a) To create a digital signature without the authorization of the
rightful holder of the private key; or
(b) To create a digital signature verifiable by a certificate
listing as subscriber a person who either:
(i) Does not exist; or
(ii) Does not hold the private key corresponding
to the public key listed in the certificate.
(17) "Hold a private key" means to be
authorized to utilize a private key.
(18) "Incorporate by reference" means
to make one message a part of another message by identifying the message to be
incorporated and expressing the intention that it be incorporated.
(19) "Issue a certificate" means the
acts of a certification authority in creating a certificate and notifying the
subscriber listed in the certificate of the contents of the certificate.
(20) "Key pair" means a private key and
its corresponding public key in an asymmetric cryptosystem, keys which have the
property that the public key can verify a digital signature that the private key creates.
(21) "Licensed certification authority"
means a certification authority to whom a license has been issued by the
secretary and whose license is in effect.
(22) "Message" means a digital
representation of information.
(23) "Notify" means to communicate a
fact to another person in a manner reasonably likely under the circumstances to
impart knowledge of the information to the other person.
(24) "Official public business" means
any legally authorized transaction or communication among state agencies,
tribes, and local governments, or between a state agency, tribe, or local
government and a private person or entity.
(25) "Operative personnel" means one or
more natural persons acting as a certification authority or its agent, or in the
employment of, or under contract with, a certification authority, and who have:
(a) Duties directly involving the issuance of
certificates, [or] creation of private keys;
(b) Responsibility for the secure operation of
the trustworthy system used by the certification authority or any recognized
repository;
(c) Direct responsibility, beyond general
supervisory authority, for establishing or adopting policies regarding the
operation and security of the certification authority; or
(d) Such other responsibilities or duties as the
secretary may establish by rule.
(26) "Person" means a human being or an
organization capable of signing a document, either legally or as a matter of
fact.
(27) "Private key" means the key of a
key pair used to create a digital signature.
(28) "Public key" means the key of a
key pair used to verify a digital signature.
(29) "Publish" means to make
information publicly available.
(30) "Qualified right to payment" means
an award of damages against a licensed certification authority by a court having
jurisdiction over the certification authority in a civil action for violation of
this chapter.
(31) "Recipient" means a person who has
received a certificate and a digital signature
verifiable with reference to a public key listed in the certificate and is in a
position to rely on it.
(32) "Recognized repository" means a
repository recognized by the secretary under
RCW
19.34.400.
(33) "Recommended reliance limit" means
the monetary amount recommended for reliance on a certificate under
RCW
19.34.280(1).
(34) "Repository" means a system for
storing and retrieving certificates and other information relevant to digital
signatures.
(35) "Revoke a certificate" means to
make a certificate ineffective permanently from a specified time forward.
Revocation is effected by notation or inclusion in a set of revoked
certificates, and does not imply that a revoked certificate is destroyed or made
illegible.
(36) "Rightfully hold a private key"
means the authority to utilize a private key:
(a) That the holder or the holder's agents have
not disclosed to a person in violation of
RCW
19.34.240(1); and
(b) That the holder has not obtained through
theft, deceit, eavesdropping, or other unlawful means.
(37) "Secretary" means the secretary of
state.
(38) "Subscriber" means a person who:
(a) Is the subject listed in a certificate;
(b) Applies for or accepts the certificate; and
(c) Holds a private key that corresponds to a
public key listed in that certificate.
(39) "Suitable guaranty" means either a
surety bond executed by a surety authorized by the insurance commissioner to do
business in this state, or an irrevocable letter of credit issued by a financial
institution authorized to do business in this state, which, in either event,
satisfies all of the following requirements:
(a) It is issued payable to the secretary for the
benefit of persons holding qualified rights of payment against the licensed
certification authority named as the principal of the bond or customer of the
letter of credit;
(b) It is in an amount specified by rule by the
secretary under
RCW
19.34.030;
(c) It states that it is issued for filing under
this chapter;
(d) It specifies a term of effectiveness
extending at least as long as the term of the license to be issued to the
certification authority; and
(e) It is in a form prescribed or approved by
rule by the secretary.
A suitable guaranty may also provide that the
total annual liability on the guaranty to all persons making claims based on it
may not exceed the face amount of the guaranty.
(40) "Suspend a certificate" means to
make a certificate ineffective temporarily for a specified time forward.
(41) "Time stamp" means either:
(a) To append or attach a digitally signed
notation indicating at least the date, time, and identity of the person
appending or attaching the notation to a message, digital signature, or certificate; or
(b) The notation thus appended or attached.
(42) "Transactional certificate" means
a valid certificate incorporating by reference one or more digital
signatures.
(43) "Trustworthy system" means
computer hardware and software that:
(a) Are reasonably secure from intrusion and
misuse; and
(b) Conform with the requirements established by
the secretary by rule.
(44) "Valid certificate" means a
certificate that:
(a) A licensed certification authority has
issued;
(b) The subscriber listed in it has accepted;
(c) Has not been revoked or suspended; and
(d) Has not expired.
However, a transactional certificate is a valid
certificate only in relation to the digital signature
incorporated in it by reference.
(45) "Verify a digital signature" means, in relation to a
given digital signature,
message, and public key, to determine accurately that:
(a) The igital signature was created by the private key
corresponding to the public key; and
(b) The message has not been altered since its digital signature was created.
[1999 c 287 § 2; 1997 c 27 § 30; 1996 c 250 §
103.]
NOTES:
Effective date -- 1999 c 287: See note
following
RCW
19.34.010.
Effective date -- Severability -- 1997 c 27:
See notes following
RCW
19.34.030.