Electronic Authentication & Digital Certificates

Electronic authentication such as a digital certificate can serve the function of online identity verification. In addition, the public key of digital certificates can be used to encrypt sensitive information in online transactions. Here you can learn more about electronic authentication, what digital certificates do, the digital certificates recognised in Hong Kong and some of the online Government services that accept them.

Electronic Authentication

Electronic authentication is the process of establishing confidence in user identities presented electronically to an information system. You can learn more about the safety, guidance and common practices in the conduct of electronic authentication in the website below.

More on Electronic Authentication

Digital Certificates & Their Uses

A digital certificate is a form of electronic record that serves as an identification of who you are in conducting online transactions. Under the Electronic Transactions Ordinance (Cap. 553) (ETO), electronic or digital signatures have the same legal status as paper-based signatures.

For transactions not involving Government entities, a signature requirement under the law can be met by any form of electronic signature including digital signature so long as it is reliable, appropriate and agreed by the recipient. For transactions involving Government entities, a signature requirement under the law can be satisfied by a digital signature supported by a recognised digital certificate.

Digital certificates can be carried in Hong Kong ID Cards, installed in your PCs and other storage devices where appropriate. Usually, your digital certificate is protected by a password of your own and you will be asked to enter your password before accessing your digital certificates for online transactions.

Digital certificates are issued by certification authorities. Hongkong Post Certification Authority is a recognised certification authority by virtue of the ETO. A commercially-run certification authority can also apply to the Government Chief Information Officer to become a recognised certification authority on a voluntary basis. Recognition will only be granted to those certification authorities and digital certificates that have reached a standard acceptable to the Government.

More on the Electronic Transactions Ordinance (Cap. 553)

Digital Certificates Recognised in Hong Kong

Recognised digital certificates for personal use currently available in Hong Kong are issued by the two recognised certification authorities, namely the Hongkong Post Certification Authority and Digi-Sign Certification Services Limited.

Hongkong Post e-Certs

Hongkong Post Certification Authority is the public recognised certificate authority in Hong Kong. It issues recognised digital certificates under the brand name "e-Cert", for personal and organisational use. The e-Certs can be used in a range of Government e-services, online banking services and other services like exchanging encrypted electronic documents with third parties.

The operation of the e-Cert services of the Hongkong Post Certification Authority has been outsourced through an open tendering exercise to a private contractor. Notwithstanding the contracting out of the service, there will be no change to the Hongkong Post Certification Authority's status as a recognised certification authority under the ETO. The level of e-Cert services provided to the public will not be affected. The fees also remain unchanged.

More on Hongkong Post e-Certs

Digi-Sign ID-Certs

Digi-Sign Certification Services Limited is a commercial recognised certification authority. It issues digital certificates under the brand name of “ID-Cert” for both individuals and organisations. The ID-Certs can be used in a range of services such as Government e-services, online banking, online trading and other services involving exchange of electronic documents.

More on Digi-Sign ID-Certs

Online Services that Require Digital Certificates

There is a list of Government online services which require the use of digital certificates. In the commercial sector, digital certificates are accepted by banks, securities trading houses, e-merchants and many more.

More on Government Online Services Requiring Digital CertificatesMore on Commercial Services Requiring Digital Certificates
Last revision date: November 2015