| THE STATE BANK OF VIETNAM ------------- | SOCIALIST REPUBLIC OF VIETNAM Independence Freedom Happiness --------------------- |
| No. 04/2008/QD-NHNN | Hanoi, February 21, 2008 |
DECISION
ON THE ISSUANCE OF REGULATION ON THE ISSUANCE, MANAGEMENT, USE OF DIGITAL SIGNATURE, DIGITAL DEED AND DIGITAL SIGNATURE CERTIFICATION SERVICE OF THE STATE BANK OF VIETNAM
THE GOVERNOR OF THE STATE BANK
- Pursuant to the Law on the State Bank of Vietnam issued in 1997 and the Law on the amendment, supplement of several articles of the Law on the State Bank of Vietnam in 2003;
- Pursuant to the Law on Credit Institutions issued in 1997 and the Law on the amendment, supplement of several articles of the Law on Credit Institutions issued in 2004;
- Pursuant to the Law on electronic transaction issued in 2005;
- Pursuant to the Decree No.52/2003/ND-CP dated 19/5/2003 of the Government providing for the function, assignment, authority and organizational structure of the State Bank of Vietnam;
- Pursuant to the Decree No. 35/2007/ND-CP dated 08/03/2007 of the Government on electronic transaction in banking activity;
- Pursuant to the Decree No. 26/2007/ND-CP dated 25/02/2007 of the Government providing in details for the implementation of the Law on electronic transaction concerning digital signature and digital signature certification service;
- Upon the proposal of the Director of the Banking Informatics Technology Department,
DECIDES:
Article 1. To issue in conjunction with this Decision the Regulation on issuance, management, use of digital signature, digital deed and digital signature certification service of the State Bank of Vietnam.
Article 2. This Decision shall be effective after 15 days since its publication on Official Gazette.
Article 3. The Director of the Administrative Department, the Director of the Banking Informatics Technology Department, Head of units of the State Bank, General Manager of the State Bank branch in provinces, cities under the Central Governments management; Chairperson of the Board of Directors, General Director (Director) of Credit Institutions, State Treasury and other organizations engaging in electronic transactions shall be responsible for the implementation of this Decision.
| | FOR THE GOVERNOR OF THE STATE BANK DEPUTY GOVERNOR Phung Khac Ke |
REGULATION
ON THE ISSUANCE, MANAGEMENT, USE OF DIGITAL SIGNATURE, DIGITAL DEED AND DIGITAL SIGNATURE CERTIFICATION SERVICE OF THE STATE BANK OF VIETNAM
(Issued in conjunction with the Decision No. 04/2008/QD-NHNN dated 21 February 2008)
(Issued in conjunction with the Decision No. 04/2008/QD-NHNN dated 21 February 2008)
Chapter I
GENERAL PROVISIONS
Article 1. Governing scope
This Regulation shall provide for the issuance, management and use of digital signature, digital deed and digital signature certification service in electronic transactions provided by the State Bank of Vietnam.
Article 2. Subjects of application
This Regulation shall be applied to organizations, individuals of the State Bank, credit institutions, State Treasury and other organizations which choose and use the digital signature certification service of the State Bank in electronic transactions organized by the State Bank.
Article 3. Interpretation
Terms stated in this Regulation shall be construed as follows:
1. Digital deed is a kind of electronic deed issued by the organization which supplies digital signature certification service of the State Bank.
2. Digital signature certification service is one form of service supplied by the organization providing digital signature certification service of the State Bank. The digital signature certification service includes:
a) Creating a pair of keys, including public key and secret key for each subscriber;
b) Issuing, extending, suspending, recovering and revoking digital deed of subscriber;
c) Maintaining online database of digital deeds;
d) Other services in accordance with provisions of the Decree on digital signature.
3. Subscribers are organizations, individuals stipulated in Article 2 of this Regulation; to which the digital signature certification service supplier of the State Bank issues digital deed, accepts digital deed and keeps secret key correlative with the public key written on the issued digital deed.
4. Subscriber managing organization means units of the State Bank; credit institutions, State Treasury or other organizations requesting for the issuance of digital deeds to their organizations, individuals and taking responsibility for the management of those organizations, individuals in accordance with provisions of applicable laws.
5. Electronic transactions of the State Bank are activities, operations performed by electronic mode of the State Bank.
6. Decree on digital signature is the Decree No. 26/2007/ND-CP dated 15/02/2007 of the Government providing for the implementation of the Law on electronic transactions concerning digital signature and digital signature certification service.
Article 4. Digital signature certification service supplier of the State Bank.
1. The digital signature certification service supplier of the State Bank (hereinafter referred to as the digital signature service supplier) managed, run by the Banking Informatics Technology Department and is the unique organization of the State Bank providing digital signature certification service.
2. The digital signature service supplier of the State Bank belongs to the form of organization providing specialized digital signature certification service.
Article 5. Digital deed
1. Contents of a digital deed:
a) Name of digital signature service supplier;
b) Name of subscriber;
c) Name of organization managing the subscriber;
d) Number of digital deed;
e) Effective period of digital deed;
f) Public key of subscriber;
g) Digital signature of the digital signature service supplier;
h) Limits of purpose, scope of using the digital deed;
i) Limits of legal responsibilities of the digital signature service supplier;
k) Other information for the purpose of management, use, safety, security stipulated by the digital signature service supplier.
2. Effective period of the digital deed:
a) Not in excess of 10 years for digital deed of the digital signature service supplier;
b) Not in excess of 5 years for digital deed of subscriber.
Article 6. Rights and obligations of parties
1. Rights and obligations of the digital signature service supplier:
a) The digital signature service supplier shall have the following rights:
- To issue, extend, suspend, revoke, recover digital deeds and change the pair of keys for subscribers upon their request;
- To keep the copy of secret key of the pair of encoded keys of subscribers and to be entitled to use this secret key only when obtaining permission from the Governor of the State Bank or person authorized by the Governor of the State Bank;
b) The digital signature service supplier shall be obliged:
- To manage, operate the technical equipment system used to provide the digital signature certification service of the State Bank;
- To prepare standby solution to ensure the safe and continuous provision of digital signature certification service of the State Bank;
- To keep full, accurate, and updated information of subscribers for serving the management of digital deeds during the effective period of digital deeds;
- To distribute keys and digital deeds to subscribers;
- To disclose the list of issued, suspended or revoked digital deeds;
- To ensure the safety, security of secret keys of subscribers in case of accepting the authorization by subscribers to keep the copy of their secret keys;
- To keep information of subscribers digital deed for at least 05 months since its revocation;
- To destroy digital deeds and related database of which preservation period expires in accordance with provisions of Article 19 of this Regulation unless otherwise provided for by competent State agencies;
- To provide guidance and facilitate the organization managing subscribers, subscribers to correctly implement provisions of this Regulation.
c) The digital signature service supplier shall not be obliged to examine each concrete electronic transaction of subscribers.
2. Rights and obligations of the subscriber managing organization:
a) The subscriber managing organization shall have the following rights:
- To provide guiding information of the sequences, procedures of issuance, management and use of digital deeds;
- To be entitled to request the digital signature service supplier to issue, extend, suspend, recover, revoke digital deeds or change pair of keys for subscribers they are in charge of.
b) The subscriber managing organization shall be obliged:
- To be responsible for the accuracy of information stated on the application for issuance, extension, suspension, recovery, revocation of digital deeds and change of pair of keys of subscribers they are in charge of;
- To provide guidance on, examine and facilitate the use of digital deeds and secret keys by subscribers they are in charge of, in accordance with provisions of this Regulation;
- To timely give a written notice to the digital signature service supplier of the suspension or revocation of digital deeds of subscribers in the following cases: the subscriber is temporally off work, quits job or moves to another organization; subscriber changes to a new job and does not use the issued digital deed and other cases originating from demand of the organization managing subscribers.
3. Rights and obligations of subscriber:
a) The subscriber shall have the following rights:
- To be provided with guiding information of the sequences, procedures of issuance, management and use of digital deed;
- To request the issuance, extension, suspension, recovery, revocation of digital deed or change of pair of keys through the subscriber managing organization;
- In necessary case, subscribers may directly send a written request to the digital signature service supplier to suspend their digital deed and shall be responsible to applicable laws for that request.
b) The subscriber shall be obliged:
- To use digital deed in accordance with the registered purpose;
- To preserve and use secret key, database saved in the archive device of secret keys in accordance with the Confidential regime;
- To timely give a notice to the digital signature service supplier and the subscriber managing organization in case of discovering or suspecting the unsafeness of digital deeds, secret keys;
- To respect other provisions on the issuance, management and use of digital deeds.
Chapter II
SUBSCRIBER AND SUBSCRIBER MANAGING ORGANIZATION
Article 7. Issuance of digital deed
1. Individual who, organization which requests for the issuance of digital deed must satisfy the following conditions:
a) Being one of subjects stipulated in Article 2 of this Regulation;
b) Accepting the provisions for subscribers stipulated in this Regulation.
2. The application file for the issuance of digital deeds includes:
- A written application for the issuance of digital deed sent by the subscriber managing organization to the digital signature service supplier, attached;
- Valid copy of the decision on the establishment of the subscriber managing organization in respect of the application for the first issue of digital deed (not applicable to units of the State Bank);
- An application for the issuance of digital deed (under the Form No.1) of individuals, organizations subject to the management of the subscriber managing organization.
3. In case of creating pair of keys by themselves, the subscriber shall have to create the pair of keys within the period stipulated in the notice of approval of the issuance of digital deed. In the event where the subscriber cannot create the pair of keys in the regulated time, the subscriber managing organization shall be obliged to send a written request for the extension of key creation for subscriber to the digital signature service supplier.
4. Subscriber shall be obliged to use the archive device of secret keys in accordance with technical standard stipulated by the digital signature service supplier.
