Integrated Registration Information System (IRIS) Online Services Security Statement

Internet security is not solely a technology issue, and common sense as well as normal practice in safeguarding personal and transaction data are of equal importance. Hackers need a "door" to get into an Internet system. Often, access through this "door" could be exposed to hackers due to simple carelessness in the physical distribution of sensitive documents and the handling of sensitive data (such as passwords or personal identification numbers). Hence, users must handle such sensitive documents and data with extreme care.

While the Internet is not an inherently secure environment for communication, Internet communication can be made safer by the application of appropriate technology as we have done. We take security matters very seriously and treat all personally identifiable information obtained from users of our website confidential. In addition to the firewalls and other sophisticated equipment implemented, we also adopt the following measures to protect our IRIS Online Services system, and the information and data contained in it from accidental or malicious disruption or destruction.

  • Support of Digital Certificates

    • To protect information transferred over the Internet and to uniquely identify our service subscribers, the IRIS Online Services support the Public Key Infrastructure (PKI) implemented by trusted certification authorities. The PKI enables the authentication of both server and user identities via the issuance of digital certificates and the use of public key cryptography and digital signature.

    We also employ 256-bit encryption to encode all communications of sensitive data. Encryption enables users to continuously send encoded information back and forth across the Internet with a high degree of security. Users would notice from the URL that the Hyper-Text Transport Protocol Secure (HTTPS) would be used instead of HTTP to access the secured site of IRIS Online Services, and a padlock icon would appear at the bottom of the browser once a secured web session is established. By double-clicking on this padlock icon, users may view the details of the digital certificate for the IRIS web server and verify the server identity by examining the certification path and certificate status.

  • Implementation of Secured Online Payment

    • Online payments supported by the IRIS Online Services are protected through the Transport Layer Security (TLS) mechanism. Payment details are encrypted under this secure protocol and transmitted to the relevant banks via a secured payment gateway for payment approval and settlement.

    Our IRIS Online Services website also supports various credit card payment authentication services to authenticate cardholder's identity.

  • Restricted Access to Private Personal Information

    • In terms of system access control, appropriate security measures are taken such that access to any private personal information submitted through the IRIS Online Services is restricted to only those authorized members of staff who have legitimate needs to have such access. Also, the use of such personal information is in accordance with the provisions in the Personal Data (Privacy) Ordinance.

    IRIS ONLINE SERVICES SUBSCRIBERS ARE RESPONSIBLE FOR KEEPING THEIR ACCOUNT LOGIN PASSWORDS OR DIGITAL CERT. PASSWORDS CONFIDENTIAL. WE ENCOURAGE SUBSCRIBERS TO CHANGE PASSWORDS PERIODICALLY. IF A SUBSCRIBER SUSPECTS THAT HIS/HER ACCOUNT LOGIN PASSWORD HAS BEEN MALICIOUSLY TAMPERED WITH, PLEASE CONTACT THE LAND REGISTRY IMMEDIATELY. IF ANY BREACH IN THE SECURITY OF DIGITAL CERT. IS SUSPECTED INSTEAD, PLEASE CONTACT THE HONG KONG POST CERTIFICATION AUTHORITY / DIGI-SIGN CERTIFICATION AUTHORITY DIRECTLY. IN THE CASE WHERE A SUBSCRIBER ALLOWS AN UNAUTHORISED INDIVIDUAL TO GAIN ACCESS TO EITHER THE ACCOUNT LOGIN PASSWORD OR THE DIGITAL CERT. TOGETHER WITH ITS PASSWORD, THE LAND REGISTRY WILL NOT BE HELD RESPONSIBLE FOR ANY CONSEQUENCES RESULTING FROM THIS ACTION.

  • IT SECURITY GLOSSARY

    • Authentication - A process or method to identify and to prove the identity of a user/party who attempts to send message or access data. Message authentication refers to a process used to prove the integrity of specific information

    Certification Authority (CA) - A trusted authority or party that digitally signs certificates in order to validate the identity of a person or party.

    Digital Certificate - A certificate in electronic format such that data stored in the certificate can be used to verify the identity of the owner of the certificate. The certificate usually contains information such as user's public key, name and email address.

    Digital Signature - A block of data which is generated using some secret/private key, and only the corresponding public key can be used to verify that this block of data was really created by that private key. Digital signature is usually used to verify whether a message really comes from the claimed originator, and simultaneously guarantees the integrity of the message.

    Encryption - A process to encode the contents of message so as to hide it from outsiders. That is, it is a process of scrambling and transforming data from an easily readable and understandable format (plaintext) into an unintelligible format that seems to be useless and not readily understandable (ciphertext).

    Firewall - A firewall is a system or combination of systems that helps to prevent outsiders from obtaining unauthorized access to internal information resources. The firewall enforces the access control policy, i.e. permit or deny, between two networks. It provides a single point where access control and audit can be imposed.

    Hacker - A person who illegally gains access to your computer system.

    Hypertext Transfer Protocol (HTTP) - Hypertext Transfer Protocol (HTTP) is an application-layer protocol which allows the transfer of text, graphics, sound or movies over the World Wide Web via a hypertext interface of a web browser

    Protocol - A set of rules for governing the transmission and receipt of data.

    Public Key Cryptography - A technique that uses a pair of keys for encryption and decryption. One key is used by the sender to encrypt the message, namely the public key. The other key, the private key is used to decrypt the message received from the sender.

    Public Key Infrastructure (PKI) - A Public Key Infrastructure (PKI) consists of protocols, services and standards supporting the public key cryptography applications. It often includes services and protocols for managing the public keys through the use of Certification Authority.

    Transport Layer Security (TLS) - Transport Layer Security (TLS) is a security protocol that enables encrypted, authenticated communications across the Internet. It is a security layer between the application and transport layers, which protects the application-layer protocols such as HTTP and is transparent to application developers and users. It provides privacy, authentication and message integrity.