@eLaw.com.hk 葉謝鄧律師行

"Cybersquatter" refers to a person who registers a trademark as a domain name hoping to later profit by reselling the domain name to the trademark owner. An aggressive cybersquatter may even send messages to the trade mark owner soliciting a sale. Passive cybersquatter may just leave the domain name unused or direct it to a one-page homepage indicating that the domain name is "for sale".

In the USA, a trade mark owner believing that someone has taken a domain in bad faith, he can either sue under the provisions of the Anticybersquatting Consumer Protection Act (ACPA), or he can follow the arbitration procedures set out by the Internet Corporation of Assigned Names and Numbers (ICANN). The ACPA in the USA defines cybersquatting as registering, trafficking in, or using a domain name with the intent to profit in bad faith from the goodwill of a trademark belonging to someone else. Hong Kong does not have an equivalent legislation. Trade mark owners may however resort to the general laws of trade mark infringement and sue the cybersquatter in Court.

The ICANN arbitration procedure is often regarded by intellectual property lawyers to be faster and less expensive, and the procedure does not necessarily require a solicitor to be engaged.

Past statistics show that Courts and arbitrators generally side with trademark owners in these disputes and order the cybersquatter to "transfer" the trademarked domain names to tthe trademark owners. Respondents defending in good faith may rely on the Applicant's "bad faith" or "reverse hijacking" to resist the Applicant's attempt to "bully" the Respondent.

HiTRUST.COM (HK)

HiTRUST was incorporated in Hong Kong in August 2000. It is a joint venture of HiTRUST Incorporated and the New World Group.

Being a Recognized Certificate Authority certified by Hong Kong government as well as a VeriSign International Affiliate, HiTRUST.COM (HK) is specialized in the provision of managed digital certificate services to help enterprises sharpen its competence in the trust e-commerce world.

HiTRUST Incorporated

Founded in March 1998, HiTRUST's core business is the provision of solutions for secure eCommerce. In April 2000, HiTRUST.COM Incorporated was officially established with capital of about US$100 million. The major shareholders include Acer Group, HSBC, New World Group, AIG and VeriSign. The continuous growth of HiTRUST has been achieved through an unrivalled commitment to, and focus on, commercially successful, secure eCommerce.

Targeting the Greater China region, HiTRUST has been successfully providing leading-edge, trusted total solutions and customized, high added-value services including Commerce Content, eBusiness Operation, ePayment & eBilling, Financial Services Software, Application Server and eCommerce Security to the region's corporations, telecommunication companies, financial institutions and service providers.

HiTRUST's success depends on its product offerings and reputation for value and trust in the secure eCommerce industry. Early on, HiTRUST identified the opportunities developing in the region and has expanded its business operation into Taiwan, Hong Kong, Shanghai and Beijing, by opening its branch offices and strategic investment in eCommerce related businesses. In the future, HiTRUST will continuously offer industry-leading technologies and services to customers in the Greater China region and its brand will remain at the head of the region's secure eCommerce industry.

Since February 2001, HKEx has offered secure Internet trading services with the application of a digital certificate.

By using a digital certificate issued by a recognised certification authority such as the Postmaster General of HKSAR Government, Digi-Sign, investors are able to place order through the Online Trading Service securely and directly to their brokers' trading systems over the Internet.

In addition, Digi-Sign accepts non-HK citizen to apply for ID-Cert using a valid travel document and this can enable cross-border investors to conduct trusted and secure transactions on the Net.

Digi-Sign Certification Services Limited (Digi-Sign) is a recognised Certification Authority under the Electronic Transactions Ordinance. The ID-Certs issued by Digi-Sign can be used to authenticate a wide range of trade transactions online. ID-Cert holders can use their digital certificates with Hong Kong Jockey Club's eWin service for betting on the Internet.

The Hong Kong Jockey Club's eWin service is an efficient and secure way of betting on football matches, horse races and buying Mark Six. Through its website, you can access the latest odds and results, study the extensive racing information database. To make your online betting securely, simply use your ID-Cert with the eWin service.

Personal ID-Cert can be applied online at the secure web server of Digi-Sign.

More information on eWin service can be found on the Hong Kong Jockey Club's website http://www.hongkongjockeyclub.com

The conditions on using a digital certificate will deal with the liability of the certificate owner and the CA. The following is taken from the Certificate Practice Statement (CPS) of CA of the University of Science and Technology and are quoted here as an example:

Liability of Certificate Owner

Without limiting other certificate owner obligations stated in the CPS, certificate owners are liable for any mis-representation they make in certificates to third parties that, reasonably rely on the representations contained therein.

Liability of HKUST CA

HKUST CA :

· Does not warrant the accuracy, authenticity, completeness or fitness of any unverified information contained in certificates or otherwise compiled, published, or disseminated by or on behalf of HKUST CA.

· Shall not incur liability for representations of information contained in a certificate, provided the certificate content substantially complies with the CPS.

· Does not warrant "non-repudiation" of any certificate or message (because non-repudiation is determined exclusively by law and the applicable dispute resolution mechanism).

Certificate Internal Database is a database to keep track of the pending certificate request, issued or revoked certificate, private Certificate Revocation List (CRL), etc. Only RA and CA have the rights to update this database. A web user interface will be provided for users to query the status of their certificate requests and any issued or revoked certificate. Various fields in certificate, such as serial no, expiry date, subject name, etc will be indexed. This will allow faster queries based on these standard attributes.

A high performance directory server, based on the IETF LDAP standard, is used as a public repository of Certificate Revocation List (CRL), user and CA certificates. Its design is based on the RFC 2587 schema. A standard LDAP interface will be provided to native client for retrieving certificate for applications like S/MIME or SSL client authentication.

PKI covers the use of public key cryptography for authentication and access control of a user, guaranteeing the integrity and non-repudiation of documents signed by the user, and confidentiality of data.
PKI employs a pair of keys for each user: a private key which is known only to the user himself, and a public key which is published by some authority, in the form of a digital certificate (certificate for short).

In signing a document or an e-mail, a user signs using his own private key so that others can use the signer's public key to verify the authenticity and non-repudiation of documents or e-mail. Since only the user has his own private key to sign, non-repudiation is established.

Before sending an encrypted e-mail to a receiver, the sender installs the receiver's certificate in the sender's e-mail program which supports the use of PKI technologies. The program can, on the sender's instruction, encrypt an e-mail using the receiver's public key. The receiver, on receiving the encrypted mail, can use his private key to decrypt the mail. Since only the receiver has his own private key, the encrypted mail will only be readable by him. Others, even if they can get hold of a copy of the encrypted mail over the network, would not be able to read the encrypted mail as they do not have the receiver's private key to decrypt the mail. The use of PKI saves the trouble of maintaining and distributing the same encryption/decryption key between the sender and the receiver.

The e-mail program Netscape Messenger v4.7x supports the signing and encryption of e-mail using 1024-bit RSA keys and certificates.

By using strong public key cryptographic algorithms, such as 1024-bit RSA keys which the HKU CA and Hongkong Post are employing, it is practically impossible for anyone to crack the private key from the public key within the life-time of a private key.

HKU Certification Authority (HKUCA), run by the HKU Computer Centre, set up public key infrastructure (PKI) to issue HKU digital certificates (HKU-Cert) from 22nd September 2000 to current HKU staff and students (HKU members).

Personal: the HKU-Cert of a HKU member serves as his digital identity for him to authenticate himself and sign electronically in using HKU Electronic Services Delivery (HKUESD) of digital signature applications.

Server: from 1st February 2002, HKUCA also issues HKU-Cert (Server) to administrators of computer servers approved by HKUCA. The server named in a HKU-Cert (Server) can use the certificate in applications employing Secure Socket Layer (SSL) encryption.

According to the University, HKUCA is not seeking Recognized CA status, as defined in the Electronic Transactions Ordinance, from the Director of Information Technology Services Department of the HK SAR Government. Therefore, HKUCA is not subject to the governing rules and regulations set out in the Electronic Transactions Ordinance.

An application for the registration of a design shall not be refused, and the registration of a design shall not be invalidated, by reason only of:
(a) the disclosure of the design by the owner to any other person in such circumstances as would make it contrary to good faith for that other person to use or publish the design;

(b) the disclosure of the design in breach of good faith by any person other than the owner of the design;

(c) in the case of a new or original textile design intended for registration, the acceptance of a first and confidential order for goods bearing the design; or

(d) the communication of the design by the owner to a government department or to any person authorized by a government department to consider the merits of the design, or of anything done in consequence of such a communication.

An application for the registration of a design shall not be refused, and the registration of a design shall not be invalidated, by reason only:

(a) that a representation of the design, or any article to which the design has been applied, has been displayed, with the consent of the owner of the design, at an official international exhibition;

(b) that after any such display as is mentioned in paragraph (a), and during the period of the exhibition, a representation of the design, or any article to which the design has been applied, has been displayed by any person without the consent of the owner; or

(c) that a representation of the design has been published in consequence of any such display as is mentioned in paragraph (a), if the application for registration of the design is made not later than 6
months after the opening of the exhibition.

Here, "official international exhibition" (正式國際展覽) means an official, or officially recognized, international exhibition falling within the terms of the Convention on International Exhibitions signed at Paris on 22 November 1928, and any protocols to that Convention, as revised or amended from time to time.

Computer programs and protected layout-designs (topographies) are not registrable.

Provision may be made by rules for excluding from registration under this Ordinance designs for such articles of a primarily literary or artistic character as the rules may specify.