When is the digital signature creation secure in Vietnam? Where is a digital signature created from?

When is the digital signature creation secure in Vietnam? Where is a digital signature created from?

When is the digital signature creation secure in Vietnam?

Based on Article 9 of Decree 130/2018/ND-CP, a digital signature is considered a secure electronic signature when three conditions are met:

Condition 1. The digital signature is created during the validity period of the digital certificate and can be verified using the public key recorded on the certificate.

Condition 2. The digital signature is created using a private key corresponding to the public key recorded on the certificate issued by one of the following organizations:

- National digital signature certification service provider;

- Specialized digital signature certification service provider for the Government of Vietnam;

- Public digital signature certification service provider;

- Specialized digital signature certification service provider of agencies, organizations, which are certified to ensure safety conditions for specialized digital signatures as regulated in Article 40 of this Decree.

Condition 3. The private key is under the sole control of the signer at the time of signing.

A digital signature is considered a secure electronic signature when it meets all three conditions, including the condition that it is created during the validity period of the digital certificate and can be verified using the public key recorded on that certificate.

Therefore, it is understood that the time to create a digital signature to ensure security is during the validity period of the certificate.

When is the digital signature creation secure? Where is a digital signature created from?

When is the digital signature creation secure in Vietnam? Where is a digital signature created from? (Image from the Internet)

Where is a digital signature created from in Vietnam?

Based on Clause 6, Article 3 of Decree 130/2018/ND-CP, it is regulated as follows:

Terminology Explanation

In this Decree, the following terms are understood as follows:

1. "Key" is a series of binary numbers (0 and 1) used in cryptographic systems.

2. "Asymmetric cryptographic system" is a cryptographic system capable of generating a pair of keys, including a private key and a public key.

3. "Private key" is a key in the key pair of an asymmetric cryptographic system, used to create a digital signature.

4. "Public key" is a key in the key pair of an asymmetric cryptographic system, used to verify the digital signature created by the corresponding private key in the key pair.

5. "Digital signing" is the process of entering a private key into a software program to automatically create and attach a digital signature to a data message.

6. "Digital signature" is a type of electronic signature created by transforming a data message using an asymmetric cryptographic system, whereby the person possessing the original data message and the signer's public key can accurately determine:

a) The above transformation was generated using the correct private key corresponding to the public key in the same key pair;

b) The integrity of the data message contents since the transformation was made.

...

Thus, according to the above regulation, a digital signature is created from the transformation of a data message using an asymmetric cryptographic system.

How to handle e-invoices containing digital signatures in case of issues of the tax authority’s authentication code issuing in Vietnam?

Based on Article 20 of Decree 123/2020/ND-CP, it is regulated as follows:

Handling incidents with authenticated e-invoices

1. In the case where the seller of goods or services uses an electronic invoice with a tax authority code but encounters an incident that makes it impossible to use the electronic invoice with the tax authority code, they should contact the tax authority or the service provider for support in handling the incident. During incident handling, if the seller of goods or services requires the use of an electronic invoice with a tax authority code, they should go to the tax authority to use such an invoice.

2. In the case where the tax authority's code system encounters an incident, the General Department of Taxation implements technical solutions to switch to a backup system and is responsible for notifying the incident on the electronic portal of the General Department of Taxation. The General Department of Taxation selects a number of electronic invoice service providers with sufficient conditions to authorize the issuance of electronic invoice codes when the tax authority's system faces issues.

If the tax authority's system incident has not been resolved, the tax authority provides a solution to sell printed invoices by the tax authority to certain organizations and individuals to use. After the tax authority's code system is resolved, the tax authority announces for organizations and individuals to continue using authenticated e-invoices. No later than 2 working days from the deadline stated in the tax authority's notice, organizations and individuals must submit a report on the usage situation of paper invoices purchased from the tax authority using Form BC26/HDG Appendix IA issued with this Decree.

3. In the case of infrastructure technical errors by the electronic invoice service provider, the service provider must notify the seller, coordinate with the General Department of Taxation for prompt support. The electronic invoice service provider must resolve the incident quickly and support the seller in creating electronic invoices to send to the tax authority for coding in the shortest possible time.

4. If the electronic portal of the General Department of Taxation encounters technical errors and cannot receive data on electronic invoices without codes, the General Department of Taxation is responsible for notifying on the portal. During this time, organizations, businesses, and electronic invoice service providers temporarily do not transfer invoice data without codes to the tax authority.

Within 2 working days from the date the General Department of Taxation announces that the portal is back to normal function, organizations and businesses providing electronic invoice services should transfer invoice data to the tax authority. The transfer of electronic invoice data after the announcement of technical errors on the portal is not considered a delayed data transmission.

Thus, according to the above regulation, in case of sending electronic invoices containing digital signatures but the tax authority's code system malfunctions, the General Department of Taxation will address this by selecting a number of electronic invoice service providers to authorize the issuance of electronic invoice codes.

Related Posts
LawNet
Is a digital signature different from a signature in Vietnam? Where is a digital signature created from?
LawNet
When is the digital signature creation secure in Vietnam? Where is a digital signature created from?
LawNet
What is a digital signature in Vietnam? When is a digital signature considered a secured electronic signature in Vietnam?
LawNet
What are regulations on the digital signature of the seller and buyer on e-invoices in Vietnam?
LawNet
Is the e-invoice issued separately without a digital signature valid in Vietnam?
Lượt xem: 27

Đăng ký tài khoản Lawnet

Đơn vị chủ quản: Công ty THƯ VIỆN PHÁP LUẬT.
Chịu trách nhiệm chính: Ông Bùi Tường Vũ - Số điện thoại liên hệ: 028 3935 2079
P.702A , Centre Point, 106 Nguyễn Văn Trỗi, P.8, Q. Phú Nhuận, TP. HCM;