Decision No. 04/2008/QD-NHNN dated February 21, 2008 of the State Bank on the issuance of Regulation on the issuance, management, use of digital signature, digital deed and digital signature certification service of the State Bank of Vietnam
ATTRIBUTE
Issuing body: | State Bank of Vietnam | Effective date: | Known Please log in to a subscriber account to use this function. Don’t have an account? Register here |
Official number: | 04/2008/QD-NHNN | Signer: | Phung Khac Ke |
Type: | Decision | Expiry date: | Known Please log in to a subscriber account to use this function. Don’t have an account? Register here |
Issuing date: | 21/02/2008 | Effect status: | Known Please log in to a subscriber account to use this function. Don’t have an account? Register here |
Fields: | Finance - Banking |
THE STATE BANK OF VIETNAM | SOCIALIST REPUBLIC OF VIETNAM |
No. 04/2008/QD-NHNN | Hanoi, February 21, 2008 |
DECISION
ON THE ISSUANCE OF REGULATION ON THE ISSUANCE, MANAGEMENT, USE OF DIGITAL SIGNATURE, DIGITAL DEED AND DIGITAL SIGNATURE CERTIFICATION SERVICE OF THE STATE BANK OF VIETNAM
THE GOVERNOR OF THE STATE BANK
- Pursuant to the Law on the State Bank of Vietnam issued in 1997 and the Law on the amendment, supplement of several articles of the Law on the State Bank of Vietnam in 2003;
- Pursuant to the Law on Credit Institutions issued in 1997 and the Law on the amendment, supplement of several articles of the Law on Credit Institutions issued in 2004;
- Pursuant to the Law on electronic transaction issued in 2005;
- Pursuant to the Decree No.52/2003/ND-CP dated 19/5/2003 of the Government providing for the function, assignment, authority and organizational structure of the State Bank of Vietnam;
- Pursuant to the Decree No. 35/2007/ND-CP dated 08/03/2007 of the Government on electronic transaction in banking activity;
- Pursuant to the Decree No. 26/2007/ND-CP dated 25/02/2007 of the Government providing in details for the implementation of the Law on electronic transaction concerning digital signature and digital signature certification service;
- Upon the proposal of the Director of the Banking Informatics Technology Department,
DECIDES:
Article 1. To issue in conjunction with this Decision the Regulation on issuance, management, use of digital signature, digital deed and digital signature certification service of the State Bank of Vietnam.
Article 2. This Decision shall be effective after 15 days since its publication on Official Gazette.
Article 3. The Director of the Administrative Department, the Director of the Banking Informatics Technology Department, Head of units of the State Bank, General Manager of the State Bank branch in provinces, cities under the Central Governments management; Chairperson of the Board of Directors, General Director (Director) of Credit Institutions, State Treasury and other organizations engaging in electronic transactions shall be responsible for the implementation of this Decision.
| FOR THE GOVERNOR OF THE STATE BANK |
REGULATION
ON THE ISSUANCE, MANAGEMENT, USE OF DIGITAL SIGNATURE, DIGITAL DEED AND DIGITAL SIGNATURE CERTIFICATION SERVICE OF THE STATE BANK OF VIETNAM
(Issued in conjunction with the Decision No. 04/2008/QD-NHNN dated 21 February 2008)
Chapter I
GENERAL PROVISIONS
Article 1. Governing scope
This Regulation shall provide for the issuance, management and use of digital signature, digital deed and digital signature certification service in electronic transactions provided by the State Bank of Vietnam.
Article 2. Subjects of application
This Regulation shall be applied to organizations, individuals of the State Bank, credit institutions, State Treasury and other organizations which choose and use the digital signature certification service of the State Bank in electronic transactions organized by the State Bank.
Article 3. Interpretation
Terms stated in this Regulation shall be construed as follows:
1. Digital deed is a kind of electronic deed issued by the organization which supplies digital signature certification service of the State Bank.
2. Digital signature certification service is one form of service supplied by the organization providing digital signature certification service of the State Bank. The digital signature certification service includes:
a) Creating a pair of keys, including public key and secret key for each subscriber;
b) Issuing, extending, suspending, recovering and revoking digital deed of subscriber;
c) Maintaining online database of digital deeds;
d) Other services in accordance with provisions of the Decree on digital signature.
3. Subscribers are organizations, individuals stipulated in Article 2 of this Regulation; to which the digital signature certification service supplier of the State Bank issues digital deed, accepts digital deed and keeps secret key correlative with the public key written on the issued digital deed.
4. Subscriber managing organization means units of the State Bank; credit institutions, State Treasury or other organizations requesting for the issuance of digital deeds to their organizations, individuals and taking responsibility for the management of those organizations, individuals in accordance with provisions of applicable laws.
5. Electronic transactions of the State Bank are activities, operations performed by electronic mode of the State Bank.
6. Decree on digital signature is the Decree No. 26/2007/ND-CP dated 15/02/2007 of the Government providing for the implementation of the Law on electronic transactions concerning digital signature and digital signature certification service.
Article 4. Digital signature certification service supplier of the State Bank.
1. The digital signature certification service supplier of the State Bank (hereinafter referred to as the digital signature service supplier) managed, run by the Banking Informatics Technology Department and is the unique organization of the State Bank providing digital signature certification service.
2. The digital signature service supplier of the State Bank belongs to the form of organization providing specialized digital signature certification service.
Article 5. Digital deed
1. Contents of a digital deed:
a) Name of digital signature service supplier;
b) Name of subscriber;
c) Name of organization managing the subscriber;
d) Number of digital deed;
e) Effective period of digital deed;
f) Public key of subscriber;
g) Digital signature of the digital signature service supplier;
h) Limits of purpose, scope of using the digital deed;
i) Limits of legal responsibilities of the digital signature service supplier;
k) Other information for the purpose of management, use, safety, security stipulated by the digital signature service supplier.
2. Effective period of the digital deed:
a) Not in excess of 10 years for digital deed of the digital signature service supplier;
b) Not in excess of 5 years for digital deed of subscriber.
Article 6. Rights and obligations of parties
1. Rights and obligations of the digital signature service supplier:
a) The digital signature service supplier shall have the following rights:
- To issue, extend, suspend, revoke, recover digital deeds and change the pair of keys for subscribers upon their request;
- To keep the copy of secret key of the pair of encoded keys of subscribers and to be entitled to use this secret key only when obtaining permission from the Governor of the State Bank or person authorized by the Governor of the State Bank;
b) The digital signature service supplier shall be obliged:
- To manage, operate the technical equipment system used to provide the digital signature certification service of the State Bank;
- To prepare standby solution to ensure the safe and continuous provision of digital signature certification service of the State Bank;
- To keep full, accurate, and updated information of subscribers for serving the management of digital deeds during the effective period of digital deeds;
- To distribute keys and digital deeds to subscribers;
- To disclose the list of issued, suspended or revoked digital deeds;
- To ensure the safety, security of secret keys of subscribers in case of accepting the authorization by subscribers to keep the copy of their secret keys;
- To keep information of subscribers digital deed for at least 05 months since its revocation;
- To destroy digital deeds and related database of which preservation period expires in accordance with provisions of Article 19 of this Regulation unless otherwise provided for by competent State agencies;
- To provide guidance and facilitate the organization managing subscribers, subscribers to correctly implement provisions of this Regulation.
c) The digital signature service supplier shall not be obliged to examine each concrete electronic transaction of subscribers.
2. Rights and obligations of the subscriber managing organization:
a) The subscriber managing organization shall have the following rights:
- To provide guiding information of the sequences, procedures of issuance, management and use of digital deeds;
- To be entitled to request the digital signature service supplier to issue, extend, suspend, recover, revoke digital deeds or change pair of keys for subscribers they are in charge of.
b) The subscriber managing organization shall be obliged:
- To be responsible for the accuracy of information stated on the application for issuance, extension, suspension, recovery, revocation of digital deeds and change of pair of keys of subscribers they are in charge of;
- To provide guidance on, examine and facilitate the use of digital deeds and secret keys by subscribers they are in charge of, in accordance with provisions of this Regulation;
- To timely give a written notice to the digital signature service supplier of the suspension or revocation of digital deeds of subscribers in the following cases: the subscriber is temporally off work, quits job or moves to another organization; subscriber changes to a new job and does not use the issued digital deed and other cases originating from demand of the organization managing subscribers.
3. Rights and obligations of subscriber:
a) The subscriber shall have the following rights:
- To be provided with guiding information of the sequences, procedures of issuance, management and use of digital deed;
- To request the issuance, extension, suspension, recovery, revocation of digital deed or change of pair of keys through the subscriber managing organization;
- In necessary case, subscribers may directly send a written request to the digital signature service supplier to suspend their digital deed and shall be responsible to applicable laws for that request.
b) The subscriber shall be obliged:
- To use digital deed in accordance with the registered purpose;
- To preserve and use secret key, database saved in the archive device of secret keys in accordance with the Confidential regime;
- To timely give a notice to the digital signature service supplier and the subscriber managing organization in case of discovering or suspecting the unsafeness of digital deeds, secret keys;
- To respect other provisions on the issuance, management and use of digital deeds.
Chapter II
SUBSCRIBER AND SUBSCRIBER MANAGING ORGANIZATION
Article 7. Issuance of digital deed
1. Individual who, organization which requests for the issuance of digital deed must satisfy the following conditions:
a) Being one of subjects stipulated in Article 2 of this Regulation;
b) Accepting the provisions for subscribers stipulated in this Regulation.
2. The application file for the issuance of digital deeds includes:
- A written application for the issuance of digital deed sent by the subscriber managing organization to the digital signature service supplier, attached;
- Valid copy of the decision on the establishment of the subscriber managing organization in respect of the application for the first issue of digital deed (not applicable to units of the State Bank);
- An application for the issuance of digital deed (under the Form No.1) of individuals, organizations subject to the management of the subscriber managing organization.
3. In case of creating pair of keys by themselves, the subscriber shall have to create the pair of keys within the period stipulated in the notice of approval of the issuance of digital deed. In the event where the subscriber cannot create the pair of keys in the regulated time, the subscriber managing organization shall be obliged to send a written request for the extension of key creation for subscriber to the digital signature service supplier.
4. Subscriber shall be obliged to use the archive device of secret keys in accordance with technical standard stipulated by the digital signature service supplier.
Article 8. Extension of digital deed
1. The digital deed requested for the extension must ensure that its using time is still in effect for at least 30 days.
2. The subscriber managing organization shall send a written application for the extension enclosed with the application of subscriber (under the Form No.2) to the digital signature service supplier.
3. Each digital deed shall be extended for 03 times at the maximum, each time of extension shall not be in excess of 01 year.
Article 9. Suspension of digital deed
1. Digital deed of subscriber shall be suspended in the following cases:
a) Upon the written request from subscriber (under the Form No. 3) in such cases when secret keys are revealed or suspected of being revealed; archive devices of secret keys are lost, copied illegally or other unsafe cases;
b) Upon a written request from competent State agencies;
c) Upon a written request from the subscriber managing organization;
d) Availability of sufficient foundations to define the subscribers violating provisions of this Regulation;
dd. The digital signature service supplier detects any error, mistake that may affect rights and interests of subscribers or security, safe of the system providing digital signature certifying service.
2. The maximum time of suspending digital deed shall be 06 months.
Article 10. Revocation of digital deed
1. Digital deed of subscribers shall be revoked in the following cases:
a) Its using term expires;
b) Upon a written request from competent State agencies;
c) Upon a written request from the subscriber managing organization;
d) The subscriber managing organization, subscribers are dissolved or go bankrupt in accordance with provisions of applicable laws;
e) Availability of sufficient foundations to define the subscribers violating provisions on management, use of secret keys and archive device of secret keys stipulated in this Regulation;
2. The digital deeds to be revoked after the expiry of preserving time shall be destroyed in accordance with provisions of Article 19 of this Regulation unless otherwise provided for by competent State agencies.
Article 11. Change of pair of keys
1. The subscriber requesting for the change of pair of keys shall be obliged to ensure that its using time is still in effect for at least 30 days.
2. The subscriber managing organization shall send an application for the change of pair of keys enclosed with the application of subscriber (under the Form No. 6) to the digital signature service supplier.
Article 12. Examination of digital signature
1. Before accepting digital signature of the signer, the receiver must examine the following information:
a) The effectiveness, scope of use, responsibility limit of digital deed of the signer and digital signature of the digital signature service supplier;
b) The digital signature must be created by secret key correlative with public key written on the digital deed of the signer.
2. The receiver shall be responsible for any damage occurring in the following cases:
a) Do not respect provisions stipulated in paragraph 1 of this Article;
b) Have known or be informed of the unsafeness of digital deed and secret key of the signer.
Chapter III
THE DIGITAL SIGNATURE SERVICE SUPPLIER
Article 13. Issuance, extension of digital deed
The digital signature service supplier shall be responsible for:
1. To provide organizations, individuals requesting for the issuance of digital deeds with the following information:
a) The scope, limit of use of digital deed, requirements of confidentiality and other information that may affect rights and interests of organizations, individuals requesting for the issuance of digital deed;
b) To request subscribers to create, preserve and use secret keys;
c) Other contents stipulated by the digital signature service supplier in order to ensure the security, safety of the digital signature supplying system.
2. Within 10 working days from the receipt of valid application file for the issuance or extension of digital deed, the digital signature service supplier shall be responsible for the examination, issuance of the digital deed or extension of digital deed to subscribers that fully meet conditions or giving a written refusal which states clearly reason thereof if subscribers fail to meet full conditions for the issuance or extension of the digital deed.
3. To disclose the list of newly issued digital deeds to subscribers within the period stipulated in Article 18 of this Regulation.
Article 14. Suspension, revocation of digital deed
The digital signature service supplier shall be responsible:
1. To ensure the continuous operation of 24h/day and 7days/week of the information channel receiving the request for suspension, revocation of digital deed.
2. To preserve information relating to the suspension or revocation of digital deed during 05 years at the minimum from the suspension, or revocation of digital deed.
3. In case of availability of sufficient foundation for the suspension, revocation of the digital deed, the digital signature service supplier must immediately suspend and revoke the digital deed, at the same time inform the subscriber and disclose the list of suspended, revoked digital deeds in accordance with provisions in Article 18 of this Regulation.
Article 15. Recovery of digital deed
The digital signature service supplier is responsible for the recovery of the digital deed for the subscriber in following cases:
1. Upon the written request from the competent State agencies;
2. Upon the written request from the subscriber managing organization enclosed with the application of the subscriber (under the form No.4) if the subscriber, subscriber managing organization has already applied for the suspension of the deed previously;
3. The suspension period of the digital deed according to the application for suspension expires;
4. The digital deed is suspended in accordance with provisions at Point d, Paragraph 1 Article 9 and those errors, breakdowns have been surmounted.
Article 16. Creation and supply of key
1. A pair of keys of a subscriber may be created by:
a. The subscriber himself;
b. The digital signature service supplier upon the written request of the subscriber or the subscriber managing organization.
2. In case of creating the pair of keys by the subscriber himself, he must comply with provisions on key creation of the digital signature service supplier.
3. In the event where the digital signature service supplier creates the pair of keys for the subscriber, the secret key must be transferred to the subscriber in a safe and confidential method.
Article 17. Change of the subscribers pair of keys
The digital signature service supplier shall have following responsibilities:
1. To ensure the continuous operation of 24h/day and 7days/week of the information channel receiving the request for change of the pair of keys.
2. Within 03 working days since the receipt of the valid application file for the change of key, the digital signature service supplier shall check, change the pair of keys for the subscriber, if conditions are satisfied, and distribute keys in accordance with provisions in Article 16 of this Regulation.
3. To keep information relating to the change of the pair of keys within a period of at least 05 years from the changing time.
Article 18. Update and disclosure of information
1. The digital subscriber service supplier shall be responsible for maintaining 24 hours in a day and 7 days in a week the following information on its website:
a. The Regulation on the certification of digital signature and digital deed;
b. The list of digital deeds still in effect, suspended, revoked of the subscriber;
c. Other necessary information.
2. Time of updating the database concerning the digital deeds of the digital subscriber service supplier:
a. Within 08 working hours from the completion of the issuance procedures for the newly issued digital deed;
b. Right after the completion of the suspension, revocation of the digital deed or change of pair of keys.
Article 19. Destruction of digital deed
1. Principles of destruction:
a. All the information on paper and in archive device must be destroyed;
b. The Destruction Committee includes representative of the leaders of the subscriber managing organization and representatives of parts relating to the management, use of the digital deed. The Committee shall destroy the digital deed, related data and draw minutes on the destruction with following major contents: type of the destroyed document; mode of destruction; conclusion and signature of members of the Destruction Committee.
2. Mode of destruction:
a. Document in paper shall be destroyed by severing in small pieces so that it can not be recovered as the primitive status or by absolutely burning;
b. Deleting so that any information about the digital deed and related data can not be recovered in archive devices.
3. Content of destruction:
a. Data of the digital deed, pair of keys;
b. Other data relating to the issuance, management, use of the digital deed.
Chapter VI
IMPLEMENTING PROVISIONS
Article 20. Violation and dealing with violation, complaint and dispute settlement
The determination of violation and dealing with violation, complaints and settlement of disputes relating to digital signature and digital signature certification service of the digital signature service supplier, subscriber and subscriber managing organization shall be implemented in accordance with provisions of the Decree on digital signature and other provisions of related laws.
Article 21. Implementation responsibility
1. The Banking Informatics Technology Department shall be responsible for:
a. Providing guidance on, following up and inspecting the compliance with this Regulation of units of the State Bank, credit institutions and other organizations which use the digital signature certification service supplied by the State Bank.
b. Researching, deploying the integration of digital signature in electronic banking operations, activities of the State Bank.
2. Inspectorate of the State Bank shall be responsible for coordinating with the Banking Informatics Technology Department to inspect the compliance with this Regulation of credit institutions.
3. The General Control Department shall be responsible for performing the internal inspection and internal audit for the compliance with this Regulation of units of the State Bank.
4. Heads of units of the State Bank, General Manager of State Bank branches in provinces, cities under the central Governments management, Chairperson of the Board of Directors, General Director (Director) of credit institutions, State Treasury and heads of other organizations which use the digital signature certification service of the State Bank shall be responsible for the deployment and inspection for the compliance at their units in accordance with provisions of this Regulation.
Form No.1
SOCIALIST REPUBLIC OF VIETNAM
Independence Freedom Happiness
---------o0o---------
APPLICATION FOR THE ISSUANCE OF DIGITAL DEED
To: The Banking Informatics Technology Department
Full name: ................................................................... Gender:............................................
Date of birth:.................................... Place of birth:...................... Nationality:..........................
ID card No/Passport No:................... Date of issue:................. Place of issue:..........................
Permanent resident address:..................................................................................................
Place of work:................................ Phone number:................................ Fax:..........................
Position:...................................................................... Division:............................................
Home phone (*):.......................... Mobile phone (*):......................... Email (*):..........................
Proposed period (05 years at the maximum from the issuing date of the digital deed): year(s).
- I undertake that the information declared above is true, if it is false, I shall take the full responsibility to the law.
- If the issuance of digital deed to me is approved, I undertake to seriously comply with all the provisions of the State Bank and of the State on the management, use of digital signature, digital deed and digital signature certification service.
Name of the subscriber managing organization: | Date |
Note: (*) means optional information
Form No.2
SOCIALIST REPUBLIC OF VIETNAM
Independence Freedom Happiness
---------o0o---------
APPLICATION FOR THE EXTENSION OF THE DIGITAL DEED
To: The Banking Informatics Technology Department
Full name:.................................................................... Gender:............................................
Date of birth:.................................... Place of birth:...................... Nationality:..........................
ID card No/Passport No:................... Date of issue:................. Place of issue:..........................
Permanent resident address:..................................................................................................
Place of work:................................ Phone number:................................ Fax:..........................
Position:................................................. Division:.................................................................
Home phone (*):.......................... Mobile phone (*):......................... Email (*):..........................
Would like to request for the extension of the digital deed number:.............................................
Number of the digital deed:....................... Date of issue (first issue)......... Expiry date:..............
Reason for extension:.............................................................................................................
Extended period: 06 months or 01 year
Name of the subscriber managing organization: Confirmation of the head of unit
| Date Applicant (sign and state full name)
|
Note: (*) means optional information
Form No.3
SOCIALIST REPUBLIC OF VIETNAM
Independence Freedom Happiness
---------o0o---------
APPLICATION FOR THE SUSPENSION OF THE DIGITAL DEED
To: The Banking Informatics Technology Department
Full name:.................................................................... Gender:............................................
Date of birth:.................................... Place of birth:...................... Nationality:..........................
ID card No/Passport No:................... Date of issue:................. Place of issue:..........................
Permanent resident address:..................................................................................................
Place of work:................................ Phone number:................................ Fax:..........................
Position:................................................. Division:.................................................................
Home phone (*):.......................... Mobile phone (*):......................... Email (*):..........................
Would like to request for the extension of the digital deed number:.............................................
Number of the digital deed:....................... Date of issue (first issue)......... Expiry date:..............
Suspended period (06 months at the maximum): From:................................. . To:....................
Reason for suspension:..........................................................................................................
Name of the subscriber managing organization: Confirmation of the head of unit (Confirmation is not required in case where the subscriber personally requests the suspension)
| Date Applicant (sign and state full name) |
Note: (*) means optional information
Form No.4
SOCIALIST REPUBLIC OF VIETNAM
Independence Freedom Happiness
---------o0o---------
APPLICATION FOR THE RECOVERY OF THE DIGITAL DEED
To: The Banking Informatics Technology Department
Full name:.................................................................... Gender:............................................
Date of birth:.................................... Place of birth:...................... Nationality:..........................
ID card No/Passport No:................... Date of issue:................. Place of issue:..........................
Permanent resident address:..................................................................................................
Place of work:................................ Phone number:................................ Fax:..........................
Position:................................................. Division:.................................................................
Home phone (*):.......................... Mobile phone (*):......................... Email (*):..........................
Would like to request for the extension of the digital deed number:.............................................
Number of the digital deed:....................... Date of issue (first issue)......... Expiry date:..............
Suspended period ....................................... From:.......................... . To:................................
Reason for recovery:...............................................................................................................
Name of the subscriber managing organization: Confirmation of the head of unit
| Date Applicant (sign and state full name)
|
Note: (*) means optional information
Form No.5
SOCIALIST REPUBLIC OF VIETNAM
Independence Freedom Happiness
---------o0o---------
APPLICATION FOR THE REVOCATION OF THE DIGITAL DEED
To: The Banking Informatics Technology Department
Full name:.................................................................... Gender:............................................
Date of birth:.................................... Place of birth:...................... Nationality:..........................
ID card No/Passport No:................... Date of issue:................. Place of issue:..........................
Permanent resident address:..................................................................................................
Place of work:................................ Phone number:................................ Fax:..........................
Position:................................................. Division:.................................................................
Home phone (*):.......................... Mobile phone (*):......................... Email (*):..........................
Would like to request for the extension of the digital deed number:.............................................
Number of the digital deed:................. Date of issue (first issue)............... Expiry date:..............
Reason for revocation: ...........................................................................................................
Name of the subscriber managing organization: Confirmation of the head of unit
| Date Applicant (sign and state full name)
|
Note: (*) means optional information
Form No.6
SOCIALIST REPUBLIC OF VIETNAM
Independence Freedom Happiness
---------o0o---------
APPLICATION FOR THE CHANGE OF THE PAIR OF KEYS
To: The Banking Informatics Technology Department
Full name:.................................................................... Gender:............................................
Date of birth:.................................... Place of birth:...................... Nationality:..........................
ID card No/Passport No:................... Date of issue:................. Place of issue:..........................
Permanent resident address:..................................................................................................
Place of work:................................ Phone number:................................ Fax:..........................
Position:................................................. Division:.................................................................
Home phone (*):.......................... Mobile phone (*):......................... Email (*):..........................
Would like to request for the extension of the digital deed number:.............................................
Number of the digital deed:................. Date of issue (first issue)............... Expiry date:..............
Type of key to be changed: Signing key pair Encoded key pair
Reason for change: ...............................................................................................................
Name of the subscriber managing organization: Confirmation of the head of unit
| Date Applicant (sign and state full name)
|
Note: (*) means optional information
VIETNAMESE DOCUMENTS
This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here
This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here
This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here
ENGLISH DOCUMENTS
This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here