e-Alert Service for Authorized Institutions (“e-Alert Service for AIs”) Security Statement

Internet security is not solely a technology issue, and common sense as well as normal practice in safeguarding personal and transaction data are of equal importance. Hackers need a "door" to get into an Internet system. Often, access through this "door" could be exposed to hackers due to simple carelessness in the physical distribution of sensitive documents and the handling of sensitive data (such as passwords or personal identification numbers). Hence, users must handle such sensitive documents and data with extreme care.

While the Internet is not an inherently secure environment for communication, Internet communication can be made safer by the application of appropriate technology as we have done. We take security matters very seriously and treat all personally identifiable information obtained from users of our website confidential. In addition to the firewalls and other sophisticated equipment implemented, we also adopt the following measures to protect our e-Alert Service for AIs system, and the information and data contained in it from accidental or malicious disruption or destruction.

• Support of Digital Certificates
  
  To protect information transferred over the Internet and to uniquely identify our service subscribers, the e-Alert Service for AIs support the Public Key Infrastructure (PKI) implemented by trusted certification authorities. The PKI enables the authentication of both server and user identities via the issuance of digital certificates and the use of public key cryptography and digital signature.
  
  We also employ 256-bit encryption to encode all communications of sensitive data. Encryption enables users to continuously send encoded information back and forth across the Internet with a high degree of security. Users would notice from the URL that the Hyper-Text Transport Protocol Secure (HTTPS) would be used instead of HTTP to access the secured site of e-Alert Service for AIs, and a padlock icon would appear at the bottom of the browser once a secured web session is established. By double-clicking on this padlock icon, users may view the details of the digital certificate for the e-Alert Service for AIs web server and verify the server identity by examining the certification path and certificate status.
  
• Restricted Access to Private Personal Information
  
  In terms of system access control, appropriate security measures are taken such that access to any private personal information submitted through the e-Alert Service for AIs is restricted to only those authorized members of staff who have legitimate needs to have such access. Also, the use of such personal information is in accordance with the provisions in the Personal Data (Privacy) Ordinance.
  
  SUBSCRIBERS OF E-ALERT SERVICE FOR AUTHORIZED INSTITUTIONS ARE RESPONSIBLE FOR KEEPING THEIR ACCOUNT DIGITAL CERTIFICATE PASSWORDS CONFIDENTIAL. SUBSCRIBERS ARE ENCOURAGED TO CHANGE PASSWORDS PERIODICALLY. IF ANY BREACH IN THE SECURITY OF DIGITAL CERTICATE IS SUSPECTED, PLEASE CONTACT THE HONG KONG POST CERTIFICATION AUTHORITY DIRECTLY. IN THE CASE WHERE A SUBSCRIBER ALLOWS AN UNAUTHORISED INDIVIDUAL TO GAIN ACCESS TO THE DIGITAL CERTIFICATE TOGETHER WITH ITS PASSWORD, THE LAND REGISTRY WILL NOT BE HELD RESPONSIBLE FOR ANY CONSEQUENCES RESULTING FROM THIS ACTION.
  
  

IT SECURITY GLOSSARY

Authentication - A process or method to identify and to prove the identity of a user/party who attempts to send message or access data. Message authentication refers to a process used to prove the integrity of specific information.

Certification Authority (CA) - A trusted authority or party that digitally signs certificates in order to validate the identity of a person or party.

Digital Certificate - A certificate in electronic format such that data stored in the certificate can be used to verify the identity of the owner of the certificate. The certificate usually contains information such as user’s public key, name and email address.

Digital Signature - A block of data which is generated using some secret/private key, and only the corresponding public key can be used to verify that this block of data was really created by that private key. Digital signature is usually used to verify whether a message really comes from the claimed originator, and simultaneously guarantees the integrity of the message.

Encryption - A process to encode the contents of message so as to hide it from outsiders. That is, it is a process of scrambling and transforming data from an easily readable and understandable format (plaintext) into an unintelligible format that seems to be useless and not readily understandable (ciphertext).

Firewall - A firewall is a system or combination of systems that helps to prevent outsiders from obtaining unauthorized access to internal information resources. The firewall enforces the access control policy, i.e. permit or deny, between two networks. It provides a single point where access control and audit can be imposed.

Hacker - A person who illegally gains access to your computer system.

Hypertext Transfer Protocol (HTTP) - Hypertext Transfer Protocol (HTTP) is an application-layer protocol which allows the transfer of text, graphics, sound or movies over the World Wide Web via a hypertext interface of a web browser.

Public Key Cryptography - A technique that uses a pair of keys for encryption and decryption. One key is used by the sender to encrypt the message, namely the public key. The other key, the private key is used to decrypt the message received from the sender.

Public Key Infrastructure (PKI) - A Public Key Infrastructure (PKI) consists of protocols, services and standards supporting the public key cryptography applications. It often includes services and protocols for managing the public keys through the use of Certification Authority.