Cyberlaws India, Qualified Electronic Signature Act 2000 Sweden, digital signatures, cyberspace law , Cyberlaws Consulting Centre India

Home

About Us

Cyber Knowledge Centre

Cyber Legal Consultancy

Cyber Forensics

TEAM EXPERTISE

CHAIRPERSON'S PROFILE

CONSULTING SERVICES

CLIENT LIST

CYBER SEMINARS

MEDIA INTERVIEWS

PRESENTATIONS

ARTICLES

Cyber Dictionary

Countrywise Legislations

International Organizations

Internet Law Cases

Cyber Law Presentations

Cyber Law Articles

Cyber Tutorials

Conferences

Shooting the messenger eh? Hindustan Times, 24 June 2011
Hindustan Times

Tweets spell trouble in divorce cases, 11 March 2011
Deccan Chronicle

Cyber Warfare Borderless, and Lethal, 17 Jan 2011
Dataquest

The Dark side of Social Networking,ibn live, Jan 12, 2011
IBN LIve

more press highlights...

Qualified Electronic Signature Act 2000

Qualified Electronic Signatures Act (SFS 2000:832)

The following is hereby enacted1

Introductory provision

1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions regarding secure signature creation devices, qualified certificates for electronic signatures, and the issuance of these certificates.

The Act applies to certificate providers that are established in Sweden, and issue qualified certificates to the public.

Definitions

2 For the purposes of this Act the following definitions apply: Electronic signature: data in electronic form attached to or logically associated with other electronic data, and used to verify that the content originates from the alleged issuer, and has not been altered.

Advanced electronic signature: an electronic signature that

a) is uniquely linked to a signatory,

b) is capable of identifying the signatory,

c) is created using means that are under the signatory’s sole control, and

d) is linked to other electronic data in such a way that any alteration to the said data can be detected.

Qualified electronic signature: an advanced electronic signature based on a qualified certificate and created by a secure signature creation device.

Signatory: a natural person who is authorised to control a signature creation device.

Signature creation data: unique data, such as codes or secret cryptographic keys, used to create an electronic signature.

Signature creation device: software or hardware used to implement the signature creation data.

Secure signature creation device: a signature creation device that meets the requirements set forth in $ 3.

Signature verification data: data, such as codes or open cryptographic keys, used to verify an electronic signature.

Certificate: an attestation in electronic form that links signature verification data to a signatory and confirms the said signatory’s identity.

Qualified certificate: a certificate that complies with the requirements set forth in $ 6 or 7.

Certificate provider: the legal or natural person who issues certificates or who guarantees that the certificate of others complies with certain requirements.

Secure signature creation devices

3 A signature creation device declared to be secure must ensure that the signature is satisfactorily protected against forgery. The device shall further ensure that the signature creation data

can practically occur only once,
cannot be derived by reasonable means, and
can be satisfactorily protected by the legitimate signatory against use or access by others.

A secure signature creation device may not alter the data to be signed electronically, or prevent the data from being presented to the signatory prior to the signature process.

4 The requirements relating to secure signature creation devices set forth in $ 3, shall be deemed to be satisfied by hardware or software devices that comply with the standards for electronic signature products, the reference numbers of which have been established by the Commission of the European Communities and published in the Official Journal of the European Communities.

5 A device declared a secure signature creation device may be released onto the market or used to create a qualified electronic signature only if it meets the requirements set forth in $ 3. The determination of whether these requirements have been fulfilled shall be made by a body designated for that purpose, pursuant to the Technical Conformity Assessment Act (1992:1119).

A determination by a body designated for the same purpose by another State belonging to the European Economic Area shall be deemed the equivalent of a determination pursuant to the first clause of this section.

Qualified certificates

6. In order to be called a qualified certificate, a certificate shall be issued for a specific period of validity by a certificate provider that meets the requirements set forth in 9-12, and any regulations issued under 13, and shall contain:

an indication that the certificate has been issued as a qualified certificate,
the name and address of the certificate provider, and information regarding the state in which it is established,
the name of the signatory, or a pseudonym which shall be identified as such,
special information regarding the signatory if that information is relevant to the purpose for which the certificate is intended,
signature verification data that corresponds to the signature creation data under the control of the signatory at the time of issue,
information regarding the period of validity of the certificate,
the identity code of the certificate,
the advanced electronic signature of the certificate provider, or an electronic signature with an equivalent level of security, and
an indication of any limitations on the use of the certificate, or of any limits on the value of transactions for which the certificate can be used (transaction limit).

More detailed provisions regarding requirements pursuant to the first clause of this section may be issued by the Government or by supervisory body acting pursuant to Government authority.

Click Here to Download Complete Document in pdf.

Disclaimer

Sitemap