FOURTH SCHEDULE (Regulation 81) - TECHNICAL COMPONENTS (DIGITAL SIGNATURE REGULATIONS 1998

[Home] [Databases] [WorldLII] [Search] [Feedback]
Malaysia Legislation

P.U.(A) 359/98
DIGITAL SIGNATURE REGULATIONS 1998

FOURTH SCHEDULE (Regulation 81) - TECHNICAL COMPONENTS

Item No.
Matter
Technical components to be used

1. For the generation of key pairs Technical components that make it nearly certain that -

(a) any given key can only occur once;

(b) a private key cannot be derived from the corresponding public key; and

(c) keys cannot be duplicated.

2. During -

(a) the generation and storage of key pairs; and

(b) the verification of digital signatures Technical components that have security features that -

(a) allow the use of the private key only after due identification of the user through a personal identification number or other data used for identification in conjunction with the data storage medium for the private key of the user;

(b) do not disclose the private key during its use;

(c) function in such a manner that the private key cannot be derived from the digital signature; and

(d) make forgery of digital signatures and falsification of signed data reliably noticeable and protect against the unauthorised use of the private key.

3. For collecting identification data Technical components that function in such a manner that -

(a) they do not reveal the identification data; and

(b) they ensure that the identification data is stored only on the data storage medium with the private key.

4. For the representation of data that is to be signed Technical components that have security features that-

(a) show unmistakably and in advance the creation of a digital signature; and

(b) allow a determination of the data to which the digital signature refers.

5. For the checking of signed data Technical components that have security features that allow it to be determined -

(a) whether the signed data are unchanged;

(b) to which data the digital signature refers;and

(c) to which private key owner the digital signature is to be attributed.

6. For verifying certificates Technical components that allow clear and reliable determination of whether verified certificates were present, without having been invalidated, in the Register of Certificates kept and maintained by a licensed certification authority.

7. For -

(a) the certification authority disclosure record; and

(b) any other record maintained in a verifiable or verifiable or accessible manner under the Act or the Regulations Technical components that protect -

(a) the data storage mediums in which the records are stored; and

(b) the repositories in which the records are published,

from unauthorised access and unauthorised modification.

8. For the generation of time- stamps Technical components that function in such a manner that the valid official time, without distortion, is added to the time-stamp when it is generated.

Made 21 September 1998.
[KTTP(S)353/4 Klt. 5; PN(PU²)575/V.]

DATUK LEO MOGGIE,
Minister of Energy, Telecommunications and Posts

Item No.	Matter	Technical components to be used

1.	For the generation of key pairs	Technical components that make it nearly certain that - (a) any given key can only occur once; (b) a private key cannot be derived from the corresponding public key; and (c) keys cannot be duplicated.

2.	During - (a) the generation and storage of key pairs; and (b) the verification of digital signatures	Technical components that have security features that - (a) allow the use of the private key only after due identification of the user through a personal identification number or other data used for identification in conjunction with the data storage medium for the private key of the user; (b) do not disclose the private key during its use; (c) function in such a manner that the private key cannot be derived from the digital signature; and (d) make forgery of digital signatures and falsification of signed data reliably noticeable and protect against the unauthorised use of the private key.

3.	For collecting identification data	Technical components that function in such a manner that - (a) they do not reveal the identification data; and (b) they ensure that the identification data is stored only on the data storage medium with the private key.

4.	For the representation of data that is to be signed	Technical components that have security features that- (a) show unmistakably and in advance the creation of a digital signature; and (b) allow a determination of the data to which the digital signature refers.

5.	For the checking of signed data	Technical components that have security features that allow it to be determined - (a) whether the signed data are unchanged; (b) to which data the digital signature refers;and (c) to which private key owner the digital signature is to be attributed.

6.	For verifying certificates	Technical components that allow clear and reliable determination of whether verified certificates were present, without having been invalidated, in the Register of Certificates kept and maintained by a licensed certification authority.

7.	For - (a) the certification authority disclosure record; and (b) any other record maintained in a verifiable or verifiable or accessible manner under the Act or the Regulations	Technical components that protect - (a) the data storage mediums in which the records are stored; and (b) the repositories in which the records are published, from unauthorised access and unauthorised modification.

8.	For the generation of time- stamps	Technical components that function in such a manner that the valid official time, without distortion, is added to the time-stamp when it is generated.