Advanced Search

Circular 9/2011/tt-Bct: Regulations On The Management And Use Of Digital Signatures, Digital Certificates And Digital Signature Authentication Service Of The Ministry Of Industry And Trade

Original Language Title: Thông tư 09/2011/TT-BCT: Quy định về việc quản lý, sử dụng chữ ký số, chứng thư số và dịch vụ chứng thực chữ ký số của Bộ Công Thương

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
 

Pursuant to Decree No. 189/2007/ND-CP on December 27, 2007 of the Government functions, tasks, powers and organizational structure of the Ministry of industry and trade;

Pursuant resolution 59/NQ-CP on the simplification of administrative procedures in the function of management;

Pursuant to Decree No. 26/2007/ND-CP dated 15 February 2007 from the Government detailing the implementation of the law on electronic digital signature and digital signature authentication services;

Pursuant to Decree No. 64/2007/ND-CP dated 10 April 2007 of the Government regulations on the application of information technology in the activities of State bodies;

Minister of industry and trade regulations on the management and use of digital signatures, digital certificates and digital signature authentication service of the Ministry of industry and trade as follows: chapter I GENERAL PROVISIONS article 1. Scope this circular regulates the management and use of digital signatures, digital certificates and digital signature authentication services in the electronic transactions industry.

Article 2. Application object 1. Organizations and individuals in the industry, the Department of industry and trade of the province, the central cities.

2. organizations and individuals the choice of using the services of digital signature in electronic trading activities by the Ministry of industry and trade organizations.

Article 3. Explanation of terms In this circular, the terms below are interpreted as follows: 1. "certificate number" is a form of electronic mail by providing the services of digital signature.

2. "digital signature" is a form of electronic signature was created by the transform a message data using asymmetric encryption system, under which people who get initial data message and the signer's public key can accurately determine: a) The above mentioned transformation was created using the correct secret key corresponding to the public key in the same key pair;

b) the integrity of the data message content since making the above change.

3. "digital signature authentication service" is a type of service organization provides services of digital signature management. Digital signature authentication services include: a) create the folder lock consists of a public key and secret key for subscription;

b) level, renewal, suspension, restoration and withdrawal of the Subscriber's certificate;

c) maintains an online database of certificate number;

d) other related services according to the provisions of Decree No. 26/2007/ND-CP dated 15 February 2007 from the Government detailing the implementation of the law on electronic digital signature and digital signature authentication service (referred to as the digital signature of the Decree).

4. "digital signature" is putting the secret key into a software program to automatically create and add digital signature to message data.

5. "Who signed the" Charter is the secret key used to digitally sign on a data message.

6. "recipient" is the Organization, individuals receive data messages are signed by the person signing the certificate, use the number of the person who signed it to check the digital signature in the message data received and proceed with the operation, the related transactions.

7. "Subscriber" means the individual, organization specified in article 2 of this circular; hosted service providing digital signature of grant deed number; accept the certificate number and hold the secret key corresponding to the public key on the certificate number issued.

8. "subscription management organization" is the unit of the Ministry of industry and trade, or other organizations recommended levels of organization number for the deed, their organizational and personal responsibility under the provisions of the law on the management of the Organization, that individual.

9. "the electronic transactions of the industry" is the business, activities are conducted by the method of the electronic industry.

Article 4. The organization provides services of digital signature industry organization that provides digital signature service of industry, by the Department of Commerce and information technology management, and is the only organization of the industry provides digital signature authentication service.

Article 5. Certificate No. 1. Contents of certificate: certificate of organization provide services of digital signature management must include the following: a) name of organization signature of service provider;

b) Subscriber's name;

c) Subscriber Management Organization Name;

d number of the digital certificate);

DD) time limit effect of certificate number;

e) Subscriber's public key;

g) digital signature service provider organization's digital signature;

h) limitations on the purpose, the range of use of certificate number;

I) limitations on the liability of the organization provide services digital signature;

k) other information for the purpose of management, use, safety, security, service provider organization digital signature regulations.

2. effect of time certificate numbers: do not exceed 5 (five) years for certificates of subscriber numbers.

Chapter II functions and DUTIES of the SERVICE PROVIDER ORGANIZATION DIGITAL SIGNATURES, rights and OBLIGATIONS of the OBJECT USING the DIGITAL SIGNATURE SERVICES article 6. The functions and tasks of the organization provide services signed a 1. Manage the grant, renewal, suspension, revocation, restore the certificate and key pair for Subscriber changes when required. Formation and development of security services and information security; the digital signature service providers.

2. Management and operation of the system of technical equipment supplied digital signature authentication service of the Ministry of industry and trade, research, upgrade, make sure to maintain operation to provide services of digital signature certificate industry, continuously. Testing and proposed the application of new technology to ensure the security, safety of the information service of electronic transactions.

3. Store the full, correct and updated information of the subscriber certificate management service for the duration of the deed of the effect. In case the certificate is revoked, they must store the information deed of subscriber number within a period of at least 5 years from when the digital certificate is revoked.

4. organizations providing services have digital signature authentication functions the circulation of digital signature on documents, electronic documents and electronic transactions.

5. Guide the governing subscriber, Subscriber to comply to the provisions of this circular.

Article 7. The rights and obligations of subscriber management organization 1. Provided the information guide on the procedures to allocate, manage and use digital certificates.

2. The organization is required to provide the digital signature service, renew, pause, resume, recover the deed number or change the key pair for the subscription management by themselves.

3. Be responsible for the accuracy of the information on paper grant proposals, renew, pause, resume, recover the deed numbers and change of Subscriber key pairs by themselves.

4. Instructions, check the subscription to its organizational management, using the secret key and certificate in accordance with the provisions of this circular.

5. timely notice in writing to the service provider organization digital signature pause, or revoke the Subscriber's digital certificate in the circumstances specified in article 15 of this circular.

Article 8. The Subscriber's rights and obligations 1. Provided the information guide on the procedures to allocate, manage and use digital certificates.

2. Through the governing his subscribers to request, renew, pause, resume, recover the deed number or change the key pair.

3. Subscribers can directly send text proposed organizing the digital signature service provides pause his deed and be responsible before the law about that proposal.

4. Use the correct number of deed registered purpose.

5. The preservation and use of the secret key, the data in the device kept secret key under the mode of "Suite".

6. timely notice to the service provider organization digital signatures and the governing of his subscription in the event of the detection or suspected of deed, the secret key is no longer safe.

7. Compliance with the provisions of the law on management and use of the digital certificate.

Article 9. The recipient's obligations 1. Before accepting the signer's digital signature, the receiver must check the following information: a) the validity, scope of use, limitation of liability the signer's digital certificate and the signature of the organization providing the service's digital signature;

b) digital signatures are created by the secret key corresponding to the public key on the certificate of the signer.

2. The recipient shall bear all the losses that occur in the following cases: a) do not comply with the provisions in paragraph 1 of this article;

b) already knows or is informed about the no longer trusted certificate number and the signer's secret key.

Chapter III SERVICE to ATTEST the SIGNATURE of article 10. Register to use the digital signature authentication services 1. The Organization, individuals involved in using digital signature authentication service of the Ministry of industry and trade to register one of the following procedures: a) deed of Grant (as defined in article 12 of this circular);

b) renew certificate number (specified in article 13 of this circular);

c) change the lock folder (specified in article 14 of this circular);

d) pause, revoke the certificate number (specified in article 15 of this circular);

DD) restore the certificate number (specified in article 16 of this circular).

2. organizations and individuals may choose to register via the Internet at the address http://www.vsign.vn or register at the headquarters of the Ministry of industry and Trade – Department of Commerce and information technology, 25 NGO Quyen, hoan Kiem, Hanoi.

Article 11. The registration process to use the digital signature authentication service via the Internet 1. The Organization, individuals must declare the information into the software by industry to provide and send electronic data about the industry. Resumes submitted through the Internet involves: a) the electronic version requires registration to use the digital signature authentication services of the organization or individual;

b) A scan from the original establishment of subscriber management organization for the record deed of grant proposals (not applicable to the unit under the Ministry of industry and trade).

2. The officials receiving records and conducting the review the information reported through the Internet and announce the test results through the Internet on for organizations and individuals. Can test results in one of two situations: a) agreed through the Internet in case the information reported through the Internet proper and valid;

b) proposed organization, additional amendments to the personal information.


3. For requests, additional information, organizations, personal expedite modification, additional information according to the requirements of this report and transmit data over the Internet on the organization level to check back until the information consistent with the requirements of the organization.

4. After receipt of the notice of acceptance of grant organisations about the reported profile information through the Internet was sufficient, valid, the unit is responsible for providing authenticated digital signature service will provide services as required. Results will be returned by post or directly at the headquarters of the Ministry of industry and trade.

Article 12. Level 1 certificate. Conditions of grant proposal deed number: organizations, individual deed of grant proposals must satisfy the following conditions: a) General conditions:-In object as defined in article 2 of this circular;

-Approved in compliance with the regulations for subscribers of this circular.

b) additional conditions for the object specified in item 2 article 2:-is established under the law of Vietnam;

-Ability to prepare technical equipment, organize and maintain appropriate activities with electronic trading system of the Ministry of industry and trade;

-Legal representative knows the laws on digital signatures and digital signature authentication service.

2. Record the deed of grant proposals: the Organization, the individual deed of grant proposals can declare online through Internet or filed at the headquarters of the Ministry of industry and trade (directly or by post). In the case of organizations, individuals choose the filing through the Internet shall comply with the provisions of article 11 of this circular.

In the case of organizations, individual choice of filing directly at the headquarters of industry, records suggest include: a) deed of grant proposals Paper (Appendix 1) of the Organization, individuals, confirmation of subscription management organization;

b) valid copy decided to establish the Organization's subscription management for the record deed of grant proposals (not applicable to the unit under the Ministry of industry and trade).

3. Within a period of not more than 5 (five) working days from the date of receiving the recommended records issued a valid certificate, the organization provides digital signature service is responsible for checking the level of the certificate, the Subscriber if qualified or rejected in writing which stated the reason for rejection if no deed of grant eligibility.

Article 13. Renewal of certificate number 1. The digital certificate renewal procedure: a) deed of renewal is suggested to ensure longer term use for at least 30 days;

b) Organization, the individual deed of renewal can declare online through Internet or filed at the Ministry of industry and trade (directly or by post) the paper recommended the extension of the Subscriber's certificate, confirmation of subscription management organization (annex 2);

c) Each certificate of renewal was not more than 3 (three) times, grace period for each time not more than 1 (one) year.

2. The time limit for processing the records renewal deed no.: within a period of not more than 5 (five) working days from the date of receiving the records suggest a valid certificate renewal, the organization that provides the service of responsible digital signature check, renew certificate number for the Subscriber if qualified or rejected in writing which stated the reason for rejection if no eligible for renewal of certificate number.

Article 14. Change the folder lock 1. Conditions change the key pair: a) Has requested to change the Subscriber's key pair and must ensure the shelf left of affidavits of at least 30 (thirty) days;

b) organizations, individuals who want to change the key pair can declare online through Internet or filed at the Ministry of industry and trade (directly or by post) the paper recommended changing the folder lock (Appendix 6) of subscription, confirmation of subscription management organization.

2. Change the key pair be conducted as follows: a) ensure receiving channel change request young couples active lock 24 (twenty-four) hours of the day and 7 (seven) days of the week;

b) within a period of not more than 5 (five) working days from the date of receiving the record valid key proposed changes, the Organization provided services digital signature checking, change the key pair to subscribers;

c) store information related to the key pair change activity in time for at least 5 years, since the time of the change.

Article 15. Pause, deed of revocation 1. Deed of subscriber number paused in the following cases: a) the Organization, individuals want to pause the deed of may declare online through Internet or filed at the Ministry of industry and trade (directly or by post) written request from Subscriber, confirmation of subscription management organization (annex No. 3) in the case of : the secret key was leaked or leaked facilities; equipment for storing the secret key is lost, be reproduced or lose the other safety cases;

b) at the request in writing from the competent State agencies;

c) at the request in writing from the subscription management organization;

d) organization that provides digital signature service have enough bases to determine the Subscriber violates the provisions of this circular;

DD) organization provides the digital signature service discovered any errors, problems can affect subscriber's rights or safety, security of the system provides the digital signature authentication service.

2. Subscriber's digital certificate is revoked in the following cases: a) the expiration of certificate use;

b) at the request in writing from the competent State agencies;

c) Organization, individuals want to revoke the digital certificate may declare online through Internet or filed at the Ministry of industry and trade (directly or by post) written request from Subscriber, confirmation of subscription management organization (Appendix 5);

d) at the request in writing of the subscription management organization;

DD) Organization to manage subscriber, Subscriber is dissolved or bankrupt in accordance with law;

e) have enough bases to determine the Subscriber violates the rules of management, using the secret key and the secret key stored equipment in this circular;

g) pause time maximum deed is 6 (six) months.

3. Organize the digital signature service providers must ensure the following requirements: a) ensure information channels that receive requests to pause, to revoke the deed no. 24 (twenty-four) hours of the day and 7 (seven) days of the week;

b) store information concerning active pause or deed of revocation in time at least 5 (five) years from the time the deed of paused or revoked;

c) When receiving records request to pause or revoke the certificate of organization, individual or when there is enough bases to pause, to revoke the digital certificate, the organization provides services to conduct digital signature pause, or deed of revocation within a period of not more than 5 (five) working days.

Article 16. Restore the certificate number 1. Certificate of restoration in the following cases: a) at the request in writing from the competent State agencies;

b) organizations, individuals want to recover the deed of may declare online through Internet or filed at the Ministry of industry and trade (directly or by post) written request from Subscriber, have attached the confirmation of Charter management organizations (Appendix 4), in the case of subscribers , Charter management organizations proposed that pauses the deed number before;

c) deed of pause time at the suggestion of suspension has expired;

d) deed of paused as stipulated in article 15 paragraph 1 DD points to this circular and the flaws, that problem has been overcome.

2. Within a period of not more than 5 (five) working days from the date of receiving the recommended profile restore a valid certificate, the organisation providing the service of responsible digital signature check, restore the certificate number for the Subscriber.

Chapter IV article 17 ENFORCEMENT TERMS. Handle violation, dispute resolution and complaint handling of violations, complaints and dispute resolution related to the implementation of this circular is made according to the provisions of the decree signed and the provisions of relevant laws.

Article 18. Responsibility 1. Commercial Bureau of electronic and information technology is responsible for: a) guidelines, monitoring and checking the Executive this circular of the Ministry of industry and trade units and other organizations have used the digital signature authentication service of the Ministry of industry and trade;

b) ensures the stable operation, safety, continuity of the digital signature systems, research and development of the advanced digital signature technology, consistent with the operation of the industry.

2. The inspection industry is responsible for coordinating with the Department of e-commerce and information technology to check the implementation of this circular.

3. The Heads of the units of the Ministry of industry and trade and the heads of the other organizations that use authenticated digital signature service of the Ministry of industry and trade is responsible for the Organization to deploy and test the implementation in its units in accordance with the provisions of this circular.

Article 19. This circular is effective from January 15, 2011 and replaces decision No 40/2008/QD-BCT on October 31, 2008 about issuing circulars management, use digital signatures, digital certificates and digital signature authentication service of the Ministry of industry and trade.

Article 20. Chief of the Department, Director of e-commerce and information technology, the heads of subdivisions, industry and other organizations and individuals concerned is responsible for the implementation of this circular.