Advanced Search

Circular 12/2011/tt-Nhnn: Regulation On Management, Use Digital Signatures, Digital Certificates And Digital Signature Authentication Services Of The State Bank

Original Language Title: Thông tư 12/2011/TT-NHNN: Quy định về quản lý, sử dụng chữ ký số, chứng thư số và dịch vụ chứng thực chữ ký số của Ngân hàng Nhà nước

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
 

Pursuant to the law the State Bank of Vietnam the number 46/2010/QH12 on 16/6/2010;

Pursuant to the law on credit institutions the number 47/2010/QH12 on 16/6/2010;

Pursuant to the law of information technology no. 67/2006/QH11 on 29/6/2006;

Electronic transactions pursuant to the law No. 51/2005/QH11 on 29/11/2005;

Pursuant to Decree No. 96/2008/ND-CP dated 26/8/2008 of the Government functions, tasks, powers and structure of the State Bank of Vietnam;

Pursuant to Decree No. 26/2007/ND-CP on February 25, 2007 detailing the Government's enforcement of the law on electronic transactions of digital signature and digital signature authentication services;

Implementation of resolution No. 60/NQ-CP on administrative simplification in the management function of the State Bank of Vietnam, the State Bank of Vietnam (hereinafter the Bank) regulations regarding the management and use of digital signatures, digital certificates and digital signature authentication service of the Bank are as follows : chapter I GENERAL PROVISIONS article 1. Scope this circular regulates the management and use of digital signatures, digital certificates and digital signature authentication services in the electronic trading of the State Bank.

Article 2. Application object 1. Organizations and individuals in the State Bank, the credit organization; foreign bank branch; The State Treasury.

2. other organizations choose to use the services of digital signature certificate the State Bank in electronic trading activities by the State Bank of the organization.

Article 3. Explanation of terms In this circular, the terms below are interpreted as follows: 1. "certificate number" is a form of electronic mail by providing the services of digital signature certificate the State Bank.

2. "digital signature authentication service" is a type of service organization provides services of digital signature certificate the State Bank. Digital signature authentication services include: a) create the folder lock consists of a public key and secret key for subscription;

b) level, renewal, suspension, restoration and withdrawal of the Subscriber's certificate;

c) maintains an online database of certificate number;

d) other services according to the provisions of the Decree on digital signatures.

3. "Subscriber" means the individual, organization specified in article 2 of this circular; hosted service providers of digital signature certificate the State Bank issued certificate number; accept the certificate number and hold the secret key corresponding to the public key on the certificate number issued.

4. "subscription management organization" is the unit in the State Bank; credit institutions, the State Treasury or other organizations recommended levels of organization number for the deed, their organizational and personal responsibility under the provisions of the law on the management of the Organization, that individual.

5. "the electronic transactions of State Bank" is the business, activities are conducted by electronic methods of State Bank.

6. "digital signature Decree" is Decree No. 26/2007/ND-CP on February 15, 2007, detailing the Government's enforcement of the law on electronic transactions of digital signature and digital signature authentication service.

Article 4. The organization provides services of digital signature certificate the State Bank 1. The organization provides services of digital signature certificate the State Bank (referred to as hosted service providing digital signature) by the Department of information technology management, and is the only organization of State Bank provides the digital signature authentication service.

Address: No. 64 Nguyen Chi Thanh, Dong da, Hanoi telephone: (03) 3835 4775/(04) 3773 1386 Fax: (03) 3835 8135/3834 5180 clue Rooms: room for security in information technology and management, electronic signatures (CA).

2. The organization provides services of digital signature State Bank in the types of organisations providing services specialized digital signature authentication.

Article 5. Certificate No. 1. Deed of content: a) name of organization signature of service provider;

b) the name of the Subscriber;

c) Subscriber Management Organization Name;

d number of the digital certificate);

DD) time limit effect of certificate number;

e) the public key of a Subscriber;

g) digital signature service provider organization's digital signature;

h) limitations on the purpose, the range of use of certificate number;

I) limitations on the liability of the organization provide services digital signature;

k) other information management purposes, due to the use, safety, security, service provider organization digital signature regulations.

2. effect of time certificate number: a) not more than 10 years for the certificate number of the organization provide services digital signature;

b) not more than 5 years for the Subscriber's digital certificate.

Article 6. The rights and obligations of the parties 1. Rights and obligations of the service provider organization digital signatures: a service provider organization) digital signatures have the following rights:-allocate, renew, pause, recovery, restore the certificate and key pair for Subscriber changes when required;

-Keep copies in secret key of Subscriber encryption key pairs and secret key can be used only when the permission of the Governor of the State Bank or person to be Governor of the State Bank authorizations;

b) organization that provides digital signature service have the following obligations:-management, operation of the system of technical equipment to provide services of digital signature certificate the State Bank;

-Have to ensure to maintain operation to provide services of digital signature certificate the State Bank, constantly;

-Store the full, correct and updated information of the Subscriber server for managing certificate number for the duration of the effect of the deed;

-Key distribution and mail to subscribers;

-Announced list of certificate number was granted, pause or revoked;

-Ensures safe, secret secret key of Subscriber in the case agree to receive authorization to keep a copy of the secret key of the subscription;

-Store the digital certificate information of the Subscriber within at least 5 years from when the digital certificate is revoked;

-Organized destruction of certificate numbers and the associated data storage has expired according to the provisions of article 19 of this circular if not specified otherwise by the competent State agencies;

-Guide and facilitate organizational management of subscribers, subscribers to perform properly the provisions of this circular.

c) organization that provides digital signature services are not obliged to check each specific electronic trading of the subscription.

2. Rights and obligations of subscriber management organization: a) governing Subscriber has the following rights:-provided the information guide on the procedures to allocate, manage and use the certificate number;

-The organization is required to provide the digital signature service, renew, pause, resume, recover the deed number or change the key pair for the subscription management by themselves.

b) governing Subscriber has the following obligations:-responsible for the accuracy of the information on the application level, renewal, suspension, revocation, recovery digital certificate and change of Subscriber key pair management by themselves;

-Have a responsibility to send a record of the deed or sent directly to the organization that provides the digital signature service;

-Guide, test and create the conditions for the subscription his organizational management, using the secret key and certificate in accordance with the provisions of this circular;

-Timely notification in writing to the service provider organization digital signature pause, or revoke the Subscriber's digital certificate in the case of subscription: sabbatical, retired or transferred to other organizations; Subscribers to switch to new jobs and do not use the digital certificate was issued and the case stemmed from the needs of the Organization to manage subscribers.

3. Subscriber's rights and obligations: a) subscribers have the right to:-provide information about the procedures to allocate, manage and use the certificate number;

-Through the governing his subscribers to request, renew, pause, resume, recover the deed number or change the key pair;

-In case of need, the Subscriber can directly send text proposed organizing the digital signature service provides pause his deed and be responsible before the law about that proposal.

b) subscribers have the following obligations:-use the correct number of deed registered purpose;

-The preservation and use of the secret key, the data in the device kept secret key under "Privacy" mode;

-Timely notification to the service provider organization digital signatures and the governing of his subscription in the event of the detection or suspected of deed, the secret key is no longer safe;

-Complies with the other regulations about taking off play, manage, and use digital certificates.

Chapter II SUBSCRIBER and SUBSCRIPTION MANAGEMENT ORGANIZATIONS article 7. Level 1 certificate. Personally, the organization recommended level of certificate must satisfy the following conditions: a) of the object as defined in article 2 of this circular;

b) approved the regulations for subscribers of this circular.

2. Record the deed of grant proposals include: grant proposal writing certificate of Charter management organizations of sending organizations provide services digital signature (form number 7 in the appendix to this circular), attached to the deed of grant proposals Paper (according to the model No. 1 in Appendix to this circular) of the individuals in organizations, governing subscription.

3. create the key pair case, Subscriber must create key pair within the time period specified on the notice of approval issued certificate number. Case no subscription conditions create the folder lock in period specified, subscriber management organization must send in writing the organization providing the services proposed to extend digital signature creation time locked to subscribers.

4. Subscriber must use the secret key stored equipment according to engineering standards by the organization providing the services specified digital signature.

Article 8. Renewal of certificate number 1. Deed of renewal proposal must ensure a longer shelf life is at least 30 days.

2. Charter management organization issuing of subscription renewal proposal (form number 2 in the appendix to this circular) to organize the digital signature service providers.

3. Each certificate of renewal was not more than 3 times, each time not to exceed 5 years.

Article 9. Pause the deed number 1. Deed of subscriber number paused in the following cases:


a) at the request in writing from the Subscriber (according to the model No. 3 in the appendix to this circular) in the following cases: the secret key was leaked or leaked facilities; the device kept secret key be lost, piracy or other safety cases;

b) at the request in writing from the competent State agencies;

c) at the request in writing from the subscription management organization;

d) have enough bases to determine the Subscriber violates the provisions of this circular;

DD) organization provides the digital signature service discovered any errors, problems can affect subscriber's rights or safety, security of the system provides the digital signature authentication service.

2. pause time maximum certificate is 6 months.

Article 10. Revoked certificate number 1. Number of the subscriber certificate is revoked in the following cases: a) the expiration of certificate use;

b) at the request in writing from the competent State agencies;

c) at the request in writing from the subscription management organization;

d) governing subscriber, Subscriber dissolution or bankruptcy under provisions of the law;

DD) have enough bases to determine the Subscriber violates the rules of management, using the secret key and the secret key stored equipment in this circular;

2. digital certificate revoked after the expiry of the archives be destroyed under the provisions of article 19 of this circular if not indicated by competent State bodies.

Article 11. Change the folder lock 1. Subscribers have asked to change the key pair must ensure the shelf left of deed of at least 30 days.

2. subscription management organization has recommended paper change of Subscriber key pairs (according to the model No. 6 in Appendix to this circular) sent the organization provides digital signature service.

Article 12. Check the signatures of 1. Before accepting the signer's digital signature, the receiver must check the following information: a) the validity, scope of use, limitation of liability the signer's digital certificate and the signature of the organization providing the service's digital signature;

b) digital signatures are created by the secret key corresponding to the public key on the certificate of the signer.

2. The recipient shall bear all the losses that occur in the following cases: a) do not comply with the provisions in paragraph 1 of this article;

b) already knows or is informed about the no longer trusted certificate number and the signer's secret key.

Chapter III the ORGANISATION PROVIDING the SERVICE SIGNATURE of article 13. Granted, renewal of certificate of organization that provides digital signature services is responsible for: 1. Providing for the Organization, the individual level of the certificate the following information: a) the scope, limit the use of the digital certificate, the security requirements and other information capable of affecting the interests of the Organization personal level, certificate number;

b) required for subscribers in generating, storing and using the secret key;

c) other content by service provider organizations signed regulations to ensure security, safety for the system to provide digital signature service.

2. within 10 working days from receipt of application request or renew a valid certificate, the organisation providing the service of responsible digital signature checking, deed of grant or renew the certificate number for the Subscriber if qualified or rejected in writing which stated the reason for rejection if not qualified to grant or renew certificate number.

3. Publish the list of new grant deed to subscribers during the period specified in article 18 of this circular.

Article 14. Pause, revoke the certificate of organization that provides digital signature services is responsible for: 1. Ensuring information channels that receive requests to pause, to revoke the digital certificate operate 24 hours a day and 7 days a week.

2. Store the information related to the activity pause or deed of revocation in time for at least 5 years from the time the deed of revocation or paused.

3. When there is enough bases to pause, to revoke the digital certificate, the Organization provided services digital signature must immediately proceed to pause or deed of revocation, and inform subscribers and announced the list of suspension, revocation as stipulated in article 18 of this circular.

Article 15. Restore the certificate number 1. The organization provides the digital signature service have a responsibility to consider restoring the certificate number for the Subscriber in the following cases: a) at the request in writing from the competent State agencies;

b) proposed restoring the certificate number of the Subscriber or subscriber management (form No. 4 in the appendix to this circular) in case the Subscriber or subscriber management had proposed the previous number deed pause;

c) deed of pause time at the suggestion of suspension has expired;

d) deed of paused as specified in point d and point DD clause 1 article 9 of this circular and the breach, errors, incidents that have been overcome.

2. within 10 working days from the date of the application, the organization provides digital signature services is responsible for restoring the certificate number for the Subscriber if qualified or rejected in writing if not eligible to recover the deed.

Article 16. Create and deliver key 1. A pair of key subscription can be created by: a) Charter itself;

b) organization that provides digital signature service as requested by the Subscriber or subscriber management organization.

2. create the key pair case, Subscriber must proceed in accordance with the provisions of the Organization's key creation provides the digital signature service.

3. in case of the organization provide services digital signature key pair created for hire, the secret key must be transferred to the Subscriber by using the method of safety and security.

Article 17. Change the lock folder subscription service providing organizations the signature of responsible for the following: 1. Make sure the receiving channel change request lock folder works 24 hours a day and 7 days a week.

2. within 10 working days from the date of the application a valid key proposed changes, the Organization provided services digital signature checking, change the key pair for the Subscriber if eligible and key distribution as defined in article 16 of this circular or denial in writing if ineligible.

3. Store the information related to the key pair change activity in time for at least 5 years, since the time of the change.

Article 18. Update and publish information 1. The organization provides the digital signature service is responsible for maintaining 24 hours a day and 7 days a week on his website the following information: a) the circular of signature and authentication digital certificate;

b) deed number list in effect, paused, is revoked by the Subscriber;

c) other necessary information.

2. time updated database of certificate held the signature of service provider: a) within 8 working hours since the time of the completion of procedures for new certificate;

b) immediately after the completion of the work, deed of revocation or change the key pair.

Article 19. Certificate of destruction 1. The principle of destruction: a) To ensure the destruction of most of the information on paper and on the retention device;

b) destruction of Council include representatives of subscription management organization and representatives of the Department related to the management and use of certificates. The Council conducted the destruction certificates of related data, and set the minutes with the primary content: type of document has been destroyed; the method of destruction; the conclusion and the signature of the members of the Board.

2. The method of destruction: a) remove paper documents by cutting chips are no longer capable of restoring the status quo or completely burning material;

b) Delete no longer capable of restoring the entire deed information and related data on the device.

3. content destruction: a) the deed number data, key pair;

b) other data related to the provision, manage, use the certificate number.

Chapter IV the TERMS OF IMPLEMENTATION of article 20. Breaking and processing the violation, complaints and dispute resolution Work identifying and handling of violations, complaints and resolve disputes on digital signature and digital signature authentication services of the organization providing the service, Subscriber digital signature and subscriber management organizations perform according to the provisions of the Decree on digital signatures and other regulations of France the relevant law.

Article 21. Effective enforcement of this circular are effective since June 30, 2011 and replaces decision No 2008/QĐ-NHNN dated Jan. 21, 2008 by Governor of the State Bank issued a regulation to allocate, manage, use digital signatures, digital certificates and digital signature authentication services of the State Bank.

Article 22. Responsibility 1. The Department of information technology is responsible for: a) guidelines, monitoring and checking the Executive this circular of the units belonging to State Bank, credit institutions, branches of foreign banks and other institutions have used the services of digital signature certificate the State Bank.

b) research, integrated deployment of digital signatures on the operation, the electronic banking services of the Bank.

2. Inspection Agency, responsible for bank supervision in collaboration with the Department of information technology to check the observance of this circular of the credit institutions, branches of foreign banks.

3. the internal audit Service is responsible for implementing internal inspection activities and internal audit executive this circular for the units of the State Bank.

4. The Heads of the units of the State Bank, Director of the State Bank of India branch of the province, central cities, Chairman of the Board, General Director (Manager) of the credit institutions, branches of foreign banks, the State Treasury and the heads of the other organizations have used the services of digital signature certificate the State Bank is responsible for the development organization and check the Executive at its units in accordance with the provisions of this circular.