Unless the context clearly
requires otherwise, the definitions in this section apply
throughout this chapter:
(1) "Accept a certificate" means to manifest approval of a
certificate, while knowing or having notice of its contents. Such approval may be manifested by the use of the certificate.
(2) "Accept a digital signature" means to verify a digital
signature or take an action in reliance on a digital signature.
(3) "Asymmetric cryptosystem" means an algorithm or series
of algorithms that provide a secure key pair.
(4) "Certificate" means a computer-based record that:
(a) Identifies the certification authority issuing it;
(b) Names or identifies its subscriber;
(c) Contains the subscriber's public key; and
(d) Is digitally signed by the certification authority
issuing it.
(5) "Certification authority" means a person who issues a
certificate.
(6) "Certification authority disclosure record" means an
online, publicly accessible record that concerns a licensed
certification authority and is kept by the secretary.
(7) "Certification practice statement" means a declaration
of the practices that a certification authority employs in
issuing certificates.
(8) "Certify" means to declare with reference to a
certificate, with ample opportunity to reflect, and with a duty
to apprise oneself of all material facts.
(9) "Confirm" means to ascertain through appropriate inquiry
and investigation.
(10) "Correspond," with reference to keys, means to belong
to the same key pair.
(11) "Digital signature" means an electronic signature that
is a transformation of a message using an asymmetric cryptosystem
such that a person having the initial message and the signer's
public key can accurately determine:
(a) Whether the transformation was created using the private
key that corresponds to the signer's public key; and
(b) Whether the initial message has been altered since the
transformation was made.
(12) "Electronic" means electrical, digital, magnetic,
optical, electromagnetic, or any other form of technology that
entails capabilities similar to these technologies.
(13) "Electronic record" means a record generated,
communicated, received, or stored by electronic means for use in
an information system or for transmission from one information
system to another.
(14) "Electronic signature" means a signature in electronic
form attached to or logically associated with an electronic
record, including but not limited to a digital signature.
(15) "Financial institution" means a national or
state-chartered commercial bank or trust company, savings bank,
savings association, or credit union authorized to do business in
the state of Washington and the deposits of which are federally
insured.
(16) "Forge a digital signature" means either:
(a) To create a digital signature without the authorization
of the rightful holder of the private key; or
(b) To create a digital signature verifiable by a
certificate listing as subscriber a person who either:
(i) Does not exist; or
(ii) Does not hold the private key corresponding to the
public key listed in the certificate.
(17) "Hold a private key" means to be authorized to utilize
a private key.
(18) "Incorporate by reference" means to make one message a
part of another message by identifying the message to be
incorporated and expressing the intention that it be
incorporated.
(19) "Issue a certificate" means the acts of a certification
authority in creating a certificate and notifying the subscriber
listed in the certificate of the contents of the certificate.
(20) "Key pair" means a private key and its corresponding
public key in an asymmetric cryptosystem, keys which have the
property that the public key can verify a digital signature that
the private key creates.
(21) "Licensed certification authority" means a
certification authority to whom a license has been issued by the
secretary and whose license is in effect.
(22) "Message" means a digital representation of
information.
(23) "Notify" means to communicate a fact to another person
in a manner reasonably likely under the circumstances to impart
knowledge of the information to the other person.
(24) "Official public business" means any legally authorized
transaction or communication among state agencies, tribes, and
local governments, or between a state agency, tribe, or local
government and a private person or entity.
(25) "Operative personnel" means one or more natural persons
acting as a certification authority or its agent, or in the
employment of, or under contract with, a certification authority,
and who have:
(a) Duties directly involving the issuance of certificates,
or creation of private keys;
(b) Responsibility for the secure operation of the
trustworthy system used by the certification authority or any
recognized repository;
(c) Direct responsibility, beyond general supervisory
authority, for establishing or adopting policies regarding the
operation and security of the certification authority; or
(d) Such other responsibilities or duties as the secretary
may establish by rule.
(26) "Person" means a human being or an organization capable
of signing a document, either legally or as a matter of fact.
(27) "Private key" means the key of a key pair used to
create a digital signature.
(28) "Public key" means the key of a key pair used to verify
a digital signature.
(29) "Publish" means to make information publicly available.
(30) "Qualified right to payment" means an award of damages
against a licensed certification authority by a court having
jurisdiction over the certification authority in a civil action
for violation of this chapter.
(31) "Recipient" means a person who has received a
certificate and a digital signature verifiable with reference to
a public key listed in the certificate and is in a position to
rely on it.
(32) "Recognized repository" means a repository recognized
by the secretary under RCW 19.34.400.
(33) "Recommended reliance limit" means the monetary amount
recommended for reliance on a certificate under RCW 19.34.280(1).
(34) "Repository" means a system for storing and retrieving
certificates and other information relevant to digital
signatures.
(35) "Revoke a certificate" means to make a certificate
ineffective permanently from a specified time forward. Revocation is effected by notation or inclusion in a set of
revoked certificates, and does not imply that a revoked
certificate is destroyed or made illegible.
(36) "Rightfully hold a private key" means the authority to
utilize a private key:
(a) That the holder or the holder's agents have not
disclosed to a person in violation of RCW 19.34.240(1); and
(b) That the holder has not obtained through theft, deceit,
eavesdropping, or other unlawful means.
(37) "Secretary" means the secretary of state.
(38) "Subscriber" means a person who:
(a) Is the subject listed in a certificate;
(b) Applies for or accepts the certificate; and
(c) Holds a private key that corresponds to a public key
listed in that certificate.
(39) "Suitable guaranty" means either a surety bond executed
by a surety authorized by the insurance commissioner to do
business in this state, or an irrevocable letter of credit issued
by a financial institution authorized to do business in this
state, which, in either event, satisfies all of the following
requirements:
(a) It is issued payable to the secretary for the benefit of
persons holding qualified rights of payment against the licensed
certification authority named as the principal of the bond or
customer of the letter of credit;
(b) It is in an amount specified by rule by the secretary
under RCW 19.34.030;
(c) It states that it is issued for filing under this
chapter;
(d) It specifies a term of effectiveness extending at least
as long as the term of the license to be issued to the
certification authority; and
(e) It is in a form prescribed or approved by rule by the
secretary.
A suitable guaranty may also provide that the total annual
liability on the guaranty to all persons making claims based on
it may not exceed the face amount of the guaranty.
(40) "Suspend a certificate" means to make a certificate
ineffective temporarily for a specified time forward.
(41) "Time stamp" means either:
(a) To append or attach a digitally signed notation
indicating at least the date, time, and identity of the person
appending or attaching the notation to a message, digital
signature, or certificate; or
(b) The notation thus appended or attached.
(42) "Transactional certificate" means a valid certificate
incorporating by reference one or more digital signatures.
(43) "Trustworthy system" means computer hardware and
software that:
(a) Are reasonably secure from intrusion and misuse; and
(b) Conform with the requirements established by the
secretary by rule.
(44) "Valid certificate" means a certificate that:
(a) A licensed certification authority has issued;
(b) The subscriber listed in it has accepted;
(c) Has not been revoked or suspended; and
(d) Has not expired.
However, a transactional certificate is a valid certificate
only in relation to the digital signature incorporated in it by
reference.
(45) "Verify a digital signature" means, in relation to a
given digital signature, message, and public key, to determine
accurately that:
(a) The digital signature was created by the private key
corresponding to the public key; and
(b) The message has not been altered since its digital
signature was created.
[2000 c 171 § 50; 1999 c 287 § 2; 1997 c 27 § 30; 1996 c 250 § 103.]
NOTES:
Effective date -- 1999 c 287: See note following RCW 19.34.010.
Effective date -- Severability -- 1997 c 27: See notes following RCW 19.34.030.