What is the subject of a digital certificate? Who is the subject of the digital certificate? These are common questions encountered by users of digital certificates.

Based on the concept of a digital certificate, it can be affirmed that the subject of a digital certificate includes state agencies, organizations, and individuals who own and use it to confirm their identity as the ones who signed the digital signature using the corresponding private key.

In simpler terms, the subject of a digital certificate includes state agencies, organizations, and individuals that own and use it. In business entities, a digital certificate plays the role of an 'ID card' for each enterprise, with the subject of the digital certificate being the company name.

Note that the entities providing digital certificates are only units that create digital certificates to provide to users and are not the subjects of the digital certificate

What is a digital certificate?

Before delving into the subject of a digital certificate, it's essential to understand the concept of a digital certificate. Current regulations on digital certificates are clearly defined by the government in Decree No. 130/2018/ND-CP issued on September 27th, 2018.

According to Clause 7, Article 3 of Decree No. 130/2018/NĐ-CP, the concept of a digital certificate is explained as follows: "Digital Certificate" is a form of electronic certificate granted by a certification authority to provide identity for the public key of an entity to certify that such entity is the signer of digital signature by using corresponding private key.

Additionally, at Clause 7 of this Decree, basic concepts related to digital certificates are clearly explained:

  • The term "Valid digital certificate" is understood as a digital certificate which is unexpired; not be suspended or revoked.
  • The term "Public digital certificate" is explained as a digital certificate granted by a public certification authority.
  • The term "Foreign digital certificate" is defined as a digital certificate granted by a foreign certification authority

This helps users have a clearer understanding of digital certificates and avoids confusion when using them.

What is a digital signature?

Digital signatures, digital signature authentication services in particular and digital Identity in general play an important role and are the deciding factor in realizing the digital transformation of government and business services. Widely implementing digital signatures provides trust and reliability for individuals, businesses, and organizations conducting transactions in the electronic environment. Digital signatures simplify processes for service providers and eliminate barriers to adoption.

Digital signatures also empower individuals and businesses to engage in international trade, international payments and innovate cross-border services. This facilitates cross-border payments, enhances data protection in international commercial transactions, and creates an environment for entrepreneurs to propose innovative business ideas to promote the expansion of the digital economy.

Digital signatures are based on RSA technology - public-key cryptography. Each user has a key pair consisting of a private key and a public key.

- Private Key: This key, part of the key pair, is used to create digital signatures and belongs to the asymmetric cryptography system.

The private key is stored in a secure key storage device, cannot be extracted or copied, and only the owner of the key pair knows it.

- Public Key: This key, also part of the key pair, is used to verify digital signatures. It is created by the corresponding private key in the key pair and belongs to the asymmetric cryptography system. The public key is widely published on the user's digital certificate for convenient lookup of digital signature information. It is challenging to trace back to the private key.

MINISTRY OF INFORMATION AND COMMUNICATIONS

No. 6 /2015/TT-BTTTT

 

SOCIALIST REPUBLIC OF VIET NAM

Independence – Freedom – Happiness

Ha Noi, March 23rd, 2015

 

Circular

Defininga list of mandatory standards applicable to digital signature

and digital signature authentication service

______________

 

Pursuant to the Law on Electronic Transaction dated November 29th, 2005;

Pursuant to Decree No. 26/2007/NĐ-CP dated February 15th, 2007 by the Government detailing the implementation of the Law on Electronic Transaction regarding digital signature and digital signature authentication service, Decree No. 106/2011/NĐ-CP dated November 23rd, 2011 and Decree No.170/2013/NĐ-CP dated November 13th, 2013;

Pursuant to Decree No. 132/2013/ND-CP dated October 16th, 2013 by the Government defining functions, tasks, entitlements and organizational structure of the Ministry of Information and Communications;

In consideration of the proposal of General Director of Department of Science and Technology,

The Minister of Information and Communications hereby promulgates the Circular defining a list of mandatory standards applicable to digital signature and digital signature authentication service.

Article 1. Scope of regulation

This Circular defines a list of mandatory standards applicable to digital signature and digital signature authentication service (Appendix enclosed).

Article 2. Subject of application

This Circular is applicable to:

1. Organizations providing the national digital signature authentication service;

2. Organizations providing the public digital signature authentication service;

3. Organizations providing the specialized digital signature authentication service granted a certificate of qualification for digital signature safety by the Ministry of Information and Communications;

4. Organizations providing the foreign digital signature authentication service granted a certificate of recognition by the Ministry of Information and Communications;

Article 3.Organization of implementation

1. According to every period, the Ministry of Information and Communications considers, revises, supplements the List of mandatory standards applicable to digital signature and digital signature authenticationservice defined at Article 1 of this Circular in line with the development of technology and the State managing policies.

2. Department of Science and Technology is responsible for presiding periodical check and updating the List of mandatory standards applicable to digital signature and digital signature authentication service defined at Article 1 of this Circular.

3. The National Electronic Authentication Centre is responsible for instructing the application of standards under the List of mandatory standards applicable to digital signature and digital signature authentication service defined at Article 1 of this Circular.

Article 4.Provision of implementation

1. This Circular comes into effect on September 15th, 2015.

2. Decision No.59/2008/QĐ-BTTTT on December 31st, 2008 of the Minister of Information and Communications promulgating the List of mandatory standards applicable to digital signature and digital signature authentication service expires as from the date of this effectiveness, except that the regulation on “Security Hash” at item 2.3 of the List of mandatory standards applicable to digital signature and digital signature authentication service enclosed to Decision No.59/2008/QĐ-BTTTT continues its effectiveness until March 31st, 2016.

3. In case of any difference between the regulation of this Circular and the regulation of Circular No.22/2013/TT-BTTTT on December 23rd, 2013 that promulgates a list of technical standards on information technology in the State agencies in the same standard relating to using digital signature and digital signature authentication service  provided by organizations providing digital signature authentication servicein the State agencies, the regulation of this Circular will prevail.

4. Chief of Office, Director General of Department of Science and Technology,Director of National Electronic Authentication Centre,  heads of agencies, units affiliated to the Ministry,organizations and individuals related are responsible for the implementation of this Circular.

5. In the performance, if having further queries, agencies, organizations, and individuals are advised to reflect to the Ministry of Information and Communications timely for review, settlement./.

As of March 31th, 2019, the State Securities Commission has provided 133 online public services, application of digital signatures for authentication, including 13 services at level 4 of public services.

Currently, the State Securities Commission employs digital signatures in various systems such as: The securities trading transaction monitoring system; internal reporting and statistical management software; database system for company management, fund management, and investment funds; Securities foreign company management database system, foreign investor management database system; information disclosure system. All reporting collection software systems require users, who are organizations/businesses, to use digital signatures for submitting reports and disclosing information.

The application of digital signatures in online public services ensures the authenticity of profiles submitted by organizations to the system, record storage task , Scientific data is efficient and quick in retrieval task

Following the outlined roadmap, in 2019, the State Treasury system consistently adjusted and expanded the resources of the Online Public Services system deploying integration and providing online public services on the national public services portal. Concurrently, research was conducted to build and upgrade the online public services system and related application programs to support the implementation of the expenditure control process at the provincial level of the State Treasury.

As of December 31th, 2019, the total number of active digital certificates in the State Treasury at all levels was 5.946, including 76 certificates issued to units and 5.870 certificates issued to Officers, civil servants and Officials.

The application of digital signatures in the public services of the State Treasury, in addition to the advantages of time and cost savings, also minimizes the risk of signature and unit seal forgery; it ensures quick and secure payment information; transparency in records, documents, control content and the status of expenditure control through statistical reports on online public services, thereby increasing the accountability of officers and civil servants in the execution of their duties. One of the effective outcomes of the application of online public services is the support for management and the establishment of a database on applicable subjects.

According to the statistical data of the State Treasury, in 2019, the total number of budget-using units utilizing online public services reached 55.709 units, with a successful completion of 3.674.105 records in 2019.

According to the provisions in clause 3 of article 8 and article 43 of the Government Decree No. 130/2018/NĐ-CP issued on September 27th, 2018 detailing the implementation of the Law on E-transactions regarding digital signatures and digital signature authentication services, the conditions for the legal validity of using foreign digital certificates in Vietnam include:

1. The digital certificate is still valid for use.

2. It is issued a license by the Ministry of Information and Communications for use in Vietnam or accepted in international transactions. In cases of using foreign digital certificates for servers and software, no license is required.

1. Recognition of Organizations Providing Overseas Digital Signature Authentication Services in Vietnam

On 27th September, 2018, the Government issued Decree No. 130/2018/NĐ-CP detailing the implementation of the Law on E-Transactions concerning digital signatures and digital signature authentication services, effective from 15th November, 2018, not specify the recognition of organizations providing overseas digital signature authentication services in Vietnam.

As of 31th December, 2019, no organization providing overseas digital signature authentication services has been officially recognized in Vietnam.

2.    Acceptance of Foreign Digital Certificates in Vietnam

Decree No. 130/2018/NĐ-CP, effective from 15th November, 2018, provides specific regulations on the conditions of use, subjects, scope of activities, and license validity, as well as the procedures for licensing, examination of applications, and issuance of licenses.

  • Conditions for the use and issuance of licenses for foreign digital certificates accepted in Vietnam, and the documentation for obtaining a license for using foreign digital certificates accepted in Vietnam, are stipulated in Articles 43 and 46 of Decree No. 130/2018/NĐ-CP.
  • Subjects and obligations of organizations and individuals using foreign digital certificates are defined in Articles 44 and 50 of Decree No. 130/2018/NĐ-CP.
  • The scope of activities and the validity period of the license for using foreign digital certificates in Vietnam are regulated in Article 44 of Decree No. 130/2018/NĐ-CP.
  • Documentation, examination of applications, issuance of licenses, and amendments or reissuance of the content of licenses for using foreign digital certificates in Vietnam are specified in Articles 47, 48 and 49 of Decree No. 130/2018/NĐ-CP.

Except for specific cases related to the foreign factor of Intel Vietnam Company in 2012, as of 31th December, 2019, the Ministry of Information and Communications has not issued any licenses for using foreign digital certificates in Vietnam.

According to the provisions at point b, clause 1, Article 42 of the Government Decree No. 130/2018/NĐ-CP issued on September 27th, 2018 detailing the implementation of the Law on E-transactions regarding digital signatures and digital signature authentication services, the certificate confirming eligibility to ensure safety conditions for specialized digital signatures has a validity period corresponding to the certificate of business registration of the organization providing the specialized digital signature authentication service but not exceeding 5 years.

According to Article 40 of Decree No. 130/2018/NĐ-CP issued on September 27th, 2018 by the Government, which details the implementation of the Law on E-transactions regarding digital signatures and digital signature authentication services, the conditions for issuing certificates ensuring the safety of specialized digital signatures include:

1. Possession of a registered operating certificate for the organization providing specialized digital signature authentication services. 

2. Meet the personnel and technical requirements stipulated in clause 3 and 4, Article 13 of Decree No. 130/2018/NĐ-CP.