TEMPORARY REGULATIONS ON MANAGEMENT AND USE OF DIGITAL CERTIFICATES AND DIGITAL SIGNATURE AUTHENTICATION SERVICES AMONG TAX AUTHORITIES

Article 1. “Temporary regulations on management and use of digital certificates and digital signature authentication services among tax authorities” are promulgated together with this Decision.

Article 2. This Decision comes into force from the day on which it is signed. Director of Information Technology Department, heads of departments and units affiliated to General Department of Taxation, Directors of Departments of Taxation of provinces are responsible for the implementation of this Decision./. 

 

 

This document deals with the use of digital certificates, digital signature authentication services, responsibility of entities during the process of registration, management, and use of digital certificates for authentication of information, securities companies in electronic transactions among tax authorities and electronic transactions with other agencies and organizations.

This document applies to electronic transactions among tax authorities and electronic transactions between tax authorities and other agencies, organizations, and individuals (hereinafter referred to as entities).

This document applies to individuals and units of tax authorities that use digital signature authentication services.

1. Digital certificate means a form of electronic certificate provided by a certification authority (CA), including specialized digital certificates and public digital certificates.

2. Special digital certificate means a form of electronic certificate provided by a CA to agencies in the political system.

3. Public digital certificate means a form of electronic certificate provided by a CA to other entities.

4. Subscriber means an individual or unit of a tax authority that is issued with the digital certificate and secret key written on the digital certificate.

5. Digital signature means a form of electronic signature created by transforming a message using an asymmetrical encryption system. Thus the person who has the initial message and public key of the signer can accurately determine:

- The change is made by the exact secret key that matches the public key of the same couple of keys;

- The integrity of the message is ensured when such change is made.

6. Token means the physical device that contains the digital certificate and secret key of the subscriber.

7. Digital signing means the integration of the secret key into a software program to automatically create and append the digital signature on the document.

8. Information portal means the sole network access point which connects, integrate information channels, services, and applications that can be used by users.

- General Department of Taxation, units affiliated to General Department of Taxation, Departments of Taxation, and Sub-departments of taxation may use digital certificates for organizations.

- People holding position of deputy manager and higher of the departments/units affiliated to General Department of Taxation, Departments of Taxation, deputy team leader and higher of Sub-departments of taxation, and other cases at the request of General Department of Taxation may use digital certificates for individuals.

- Digital signatures of electronic documents:

+ The electronic document must have the signature of the individual or organization responsible for signing the electronic document as prescribed.

+ The electronic document bearing an individual’s digital signature has the same value as a paper document bearing that person’s hand signature; The electronic document bearing a competent person’s digital signature as prescribed by regulations of law on management and use of seals has the same value as the paper document bearing his/her hand signature and seal.

+ An electronic document that is digitalized from a paper document and bears the digital signature of the agency/organization that issues it has the same value as a paper document bearing the signature and seal before digitalization.

+ The signing of a document in place of another person as prescribed by law depends on the position of the signer written on the digital certificate.

- Other cases of using seals on digitalized documents:

+ In case an overlapping seal is required on every page: the digital signature guarantees the integrity of the electronic document. A document bearing a legitimate digital signature does not require another mechanism for ensuring the integrity such as the overlapping seal.

+ In case a seal is required on every attached document: If the attached documents and the main document are in the same file and the main document has a legitimate digital signature, there is no need for a mechanism to ensure that the attached documents are an integral part of the main document. If the attached documents and the main document are not in the same file, the attached file must bear the digital signature of the agency/organization that issues the document.

- Signing via an information portal.

+ Electronic documents that are automatically sent shall bear digital signatures of competent agencies/organizations.

+ If an electronic document that is sent to an agency/organization in the political system requires the special digital signature of General Department of Taxation, the individual or organization that sends the document must use the special digital signature of an individual or organization.

+ If an electronic document that is sent to an agency/organization outside the political system requires the public digital signature of General Department of Taxation, the individual or organization that sends the document must use their own digital signature.

Special digital signatures are sued for electronic transactions among tax authorities or between tax authorities and agencies in the political system. Public digital signatures are used for electronic transactions between tax authorities entities outside the political system. To be specific:

- The following electronic documents shall bear digital signatures

+ Meeting invitation, meeting minutes, notification, report, official dispatch, report, instructional documents (other than documents that have not been published or documents considered state secret);

+ Documents published on the electronic information portal of tax authorities;

+ Other documents related to the tax administration process.

- Sending and receiving emails that require digital signatures.

- Access information, exchange information with units other than tax authorities using the functions of IT applications that require digital signatures.

- Providing classified information online at the request of competent authorities.

- The secret key must be store on the token which must not be given to another person.

- Keep the token in a safe and secret place. In case the digital certificate of the agency/organization is stored on a token, it must be given to the document management division and kept in a locked cabinet in the agency/organization.

- The digital certificate of the agency/organization used for automatic signing must be stored on a hardware security module of General Department of Taxation.

- The token shall be used and protected in “top secret” mode according to regulations on state secrets.

- The password to the digital certificate shall be changed and protected according to regulations of tax authorities.

- Manage registration, transfer, use, protection of digital certificates in accordance with this document.

+ General Department of Taxation shall provide special digital certificates for tax authorities.

+ Departments of Taxation shall provide, manage, use, withdraw public digital certificates of organizations and individuals at Departments of Taxation and Sub-departments of taxation where necessary.

- Take responsibility for the accuracy of information about subscribers.

- The document management division of each agency/organization shall manage, protect and use its digital certificate.

- Protect and use the secret key storage device in “top secret” mode according to regulations on state secrets.

- The IT department of each Department of Taxation shall receive, examine requests, manage the provision, withdrawal, and delivery of digital certificates at the Department of Taxation and Sub-departments of taxation; inspect and supervise the subscribers using digital certificates according to Article 11 of this document; protect, store, transport digital certificates in a way that ensure safety and confidentiality; provide support and instructions on issues related to digital certificates at the Department of Taxation and Sub-department of taxation; promptly report and deal with violations.

- Retain and manage relevant documents.

- Manage registration, transfer, use, protection of digital certificates in accordance with this document.

+ General Department of Taxation shall distribute special digital certificates among tax authorities.

+ Departments and units affiliated to General Department of Taxation shall provide, manage, use, withdraw public digital certificates where necessary.

- Take responsibility for the accuracy of information about subscribers.

- The document management division of each agency/organization shall manage, protect and use its digital certificate.

- Protect and use the secret key storage device in “top secret” mode according to regulations on state secrets.

- Retain and manage relevant documents.

- The office shall submit reports on quantities of special digital certificates to be provided and withdrawn of departments and units affiliated to General Department of Taxation to Information Technology Department.

- Units affiliated to General Department of Taxation shall submit reports on quantities of special digital certificates to be provided and withdrawn to Information Technology Department.

- Deliver, provide, withdraw special digital certificates of tax authorities; protect, store, transport digital certificates in a way that ensure safety and confidentiality; provide support and instructions on issues related to digital certificates at the Department of Taxation and Sub-department of taxation; promptly report and deal with violations.

- Provide, manage, use, withdraw public digital certificates of organizations and individuals at Information Technology Department on demand.

- Inspect and supervise the adherence to this document of individuals and units of tax authorities.

- Manage and maintain a database about subscribers and digital certificates under their management.

- Protect and use the secret key storage device in “top secret” mode according to regulations on state secrets.

- Manage, protect, and ensure the operation of hardware security module of General Department of Taxation.

- Retain and manage relevant documents.

- Instruct Departments of Taxation, departments and units affiliated to General Department of Taxation to use digital certificates.

- Register, receive, deliver special digital certificates with Government Cipher Board.

- Provide sufficient and accurate information about issuance of digital certificates.

- Do not reveal information about digital certificates including registration information and the secret key.

- Do not give the secret key storage device to another person.

- Keep the secret key storage device in a safe and secret place. Protect and use the secret key storage device in “top secret” mode according to regulations on state secrets.

- Change and protect the password of the digital certificate right after receiving it.

- Notify the head of the unit in case the secret key is revealed or suspected to be revealed, the secret key storage device is lost or copied, or other cases of insecurity, the subscriber's position is changed or the subscriber retires, the digital certificate expires, the subscriber receives a request for withdrawal of the digital certificate from a security agency.

- Promptly report violations to the head of the unit.

- Digital signatures shall be appended on digital certificates of the agency/organization by the document management division on the authority of the head.

- The subscriber that loses or damages the digital certificates shall pay damages.

Article 12. Heads of departments/units affiliated to General Department of Taxation, Departments of Taxation, and Sub-departments of taxation shall appoint their personnel to implement this document.

Article 13. Difficulties that arise during the course of implementation of this document should be reported to General Department of Taxation (via Information Technology Department or the Office) for consideration./.