Administrative Rules of the State of Montana

For the purposes of this subchapter, and unless the context expressly indicates otherwise:

(1) "Asymmetric cryptosystem" means a computer algorithm or series of algorithms which utilize two different keys with the following characteristics:

(a) one key signs a given message;

(b) one key verifies a given message; and

(2) "Certificate" means an electronic record that:

(a) identifies the certification authority issuing it;

(b) identifies its subscriber;

(d) specifies its operational period; and

(e) is digitally signed by the certification authority issuing it.

(3) "Certification authority" means a person or entity that issues a certificate, or in the case of certain certification processes, certifies amendments to an existing certificate.

(4) "Department" means the Montana Department of Transportation.

(5) "Digital signature" means a type of electronic signature that encrypts a record by using a cryptosystem in a manner that a person who has the unencrypted record, the encrypted record, and the signer's key can accurately determine:

(a) whether the encryption of the record to an electronic record was created using the private key that corresponds to the signer's public key; and

(b) whether the record has been altered since the record was encrypted into an electronic record.

(6) "Digitally signed communication" is a message that has been processed by a computer in such a manner that legally ties the message to the individual that signed the message.

(7) "Identification" means the document or documents presented to a certification authority to establish the identity of a subscriber.

(8) "Key" means a password or table used to decipher encrypted electronic data.

(9) "Key pair" means a private key and its corresponding public key in a cryptosystem, as part of which the public key verifies the signature made by the private key.

(10) "Message" means a digital representation of information intended to serve as a written communication with the department.

(11) "Person" means a human being or any organization capable of signing a document, either legally or as a matter of fact.

(12) "Practice statement" means documentation of the practices, procedures and controls employed by a certification authority.

(13) "Private key" is a key of a key pair used to create a digital signature.

(14) "Public key" is the key of a key pair used to verify a digital signature.

(15) "Record" includes any paper, correspondence, form, book, photograph, microfilm, map, drawing, or other document, including a copy of any of them, that has been made or received by a state agency in connection with the transaction of the official business of that entity and all other documents required by law to be filed with or kept by that agency.

(16) "Proof of identification" means the document or documents presented to a certification authority to establish the identity of a subscriber.

(17) "Signer" means the person who signs a digitally acceptable technology to uniquely link the message with the person sending it.

(18) "State agency" means a department, board, commission, authority, or other governmental entity of the executive branch of state government, including the Montana university system.

(19) "Subscriber" means a person holding a private key that corresponds to a public key listed or identified in a certificate and who is the person to whom digitally signed records verified by reference to the certificate are to be attributed.

(20) "Technology" means the computer infrastructure hardware and/or software-based method or process used to create digital signatures.

(21) "Verify a digital signature" means to use the public key listed in a valid certificate, by means of a security procedure, to evaluate a digitally signed electronic record so that the evaluation concluded that:

(a) the digital signature was created using the private key corresponding to the public key listed in the certificate; and

(b) the electronic record has not been altered since its digital signature was created.