What is a digital certificate?

Before delving into the subject of a digital certificate, it's essential to understand the concept of a digital certificate. Current regulations on digital certificates are clearly defined by the government in Decree No. 130/2018/ND-CP issued on September 27th, 2018.

According to Clause 7, Article 3 of Decree No. 130/2018/NĐ-CP, the concept of a digital certificate is explained as follows: "Digital Certificate" is a form of electronic certificate granted by a certification authority to provide identity for the public key of an entity to certify that such entity is the signer of digital signature by using corresponding private key.

Additionally, at Clause 7 of this Decree, basic concepts related to digital certificates are clearly explained:

• The term "Valid digital certificate" is understood as a digital certificate which is unexpired; not be suspended or revoked.
• The term "Public digital certificate" is explained as a digital certificate granted by a public certification authority.
• The term "Foreign digital certificate" is defined as a digital certificate granted by a foreign certification authority

This helps users have a clearer understanding of digital certificates and avoids confusion when using them.

What is a digital signature?

Digital signatures, digital signature authentication services in particular and digital Identity in general play an important role and are the deciding factor in realizing the digital transformation of government and business services. Widely implementing digital signatures provides trust and reliability for individuals, businesses, and organizations conducting transactions in the electronic environment. Digital signatures simplify processes for service providers and eliminate barriers to adoption.

Digital signatures also empower individuals and businesses to engage in international trade, international payments and innovate cross-border services. This facilitates cross-border payments, enhances data protection in international commercial transactions, and creates an environment for entrepreneurs to propose innovative business ideas to promote the expansion of the digital economy.

Digital signatures are based on RSA technology - public-key cryptography. Each user has a key pair consisting of a private key and a public key.

- Private Key: This key, part of the key pair, is used to create digital signatures and belongs to the asymmetric cryptography system.

The private key is stored in a secure key storage device, cannot be extracted or copied, and only the owner of the key pair knows it.

- Public Key: This key, also part of the key pair, is used to verify digital signatures. It is created by the corresponding private key in the key pair and belongs to the asymmetric cryptography system. The public key is widely published on the user's digital certificate for convenient lookup of digital signature information. It is challenging to trace back to the private key.

As of March 31^th, 2019, the State Securities Commission has provided 133 online public services, application of digital signatures for authentication, including 13 services at level 4 of public services.

Currently, the State Securities Commission employs digital signatures in various systems such as: The securities trading transaction monitoring system; internal reporting and statistical management software; database system for company management, fund management, and investment funds; Securities foreign company management database system, foreign investor management database system; information disclosure system. All reporting collection software systems require users, who are organizations/businesses, to use digital signatures for submitting reports and disclosing information.

The application of digital signatures in online public services ensures the authenticity of profiles submitted by organizations to the system, record storage task , Scientific data is efficient and quick in retrieval task

Following the outlined roadmap, in 2019, the State Treasury system consistently adjusted and expanded the resources of the Online Public Services system deploying integration and providing online public services on the national public services portal. Concurrently, research was conducted to build and upgrade the online public services system and related application programs to support the implementation of the expenditure control process at the provincial level of the State Treasury.

As of December 31^th, 2019, the total number of active digital certificates in the State Treasury at all levels was 5.946, including 76 certificates issued to units and 5.870 certificates issued to Officers, civil servants and Officials.

The application of digital signatures in the public services of the State Treasury, in addition to the advantages of time and cost savings, also minimizes the risk of signature and unit seal forgery; it ensures quick and secure payment information; transparency in records, documents, control content and the status of expenditure control through statistical reports on online public services, thereby increasing the accountability of officers and civil servants in the execution of their duties. One of the effective outcomes of the application of online public services is the support for management and the establishment of a database on applicable subjects.

According to the statistical data of the State Treasury, in 2019, the total number of budget-using units utilizing online public services reached 55.709 units, with a successful completion of 3.674.105 records in 2019.

According to the provisions in clause 3 of article 8 and article 43 of the Government Decree No. 130/2018/NĐ-CP issued on September 27^th, 2018 detailing the implementation of the Law on E-transactions regarding digital signatures and digital signature authentication services, the conditions for the legal validity of using foreign digital certificates in Vietnam include:

1. The digital certificate is still valid for use.

2. It is issued a license by the Ministry of Information and Communications for use in Vietnam or accepted in international transactions. In cases of using foreign digital certificates for servers and software, no license is required.

1. Recognition of Organizations Providing Overseas Digital Signature Authentication Services in Vietnam

On 27^th September, 2018, the Government issued Decree No. 130/2018/NĐ-CP detailing the implementation of the Law on E-Transactions concerning digital signatures and digital signature authentication services, effective from 15^th November, 2018, not specify the recognition of organizations providing overseas digital signature authentication services in Vietnam.

As of 31^th December, 2019, no organization providing overseas digital signature authentication services has been officially recognized in Vietnam.

2.    Acceptance of Foreign Digital Certificates in Vietnam

Decree No. 130/2018/NĐ-CP, effective from 15^th November, 2018, provides specific regulations on the conditions of use, subjects, scope of activities, and license validity, as well as the procedures for licensing, examination of applications, and issuance of licenses.

• Conditions for the use and issuance of licenses for foreign digital certificates accepted in Vietnam, and the documentation for obtaining a license for using foreign digital certificates accepted in Vietnam, are stipulated in Articles 43 and 46 of Decree No. 130/2018/NĐ-CP.
• Subjects and obligations of organizations and individuals using foreign digital certificates are defined in Articles 44 and 50 of Decree No. 130/2018/NĐ-CP.
• The scope of activities and the validity period of the license for using foreign digital certificates in Vietnam are regulated in Article 44 of Decree No. 130/2018/NĐ-CP.
• Documentation, examination of applications, issuance of licenses, and amendments or reissuance of the content of licenses for using foreign digital certificates in Vietnam are specified in Articles 47, 48 and 49 of Decree No. 130/2018/NĐ-CP.

Except for specific cases related to the foreign factor of Intel Vietnam Company in 2012, as of 31^th December, 2019, the Ministry of Information and Communications has not issued any licenses for using foreign digital certificates in Vietnam.

According to the provisions at point b, clause 1, Article 42 of the Government Decree No. 130/2018/NĐ-CP issued on September 27^th, 2018 detailing the implementation of the Law on E-transactions regarding digital signatures and digital signature authentication services, the certificate confirming eligibility to ensure safety conditions for specialized digital signatures has a validity period corresponding to the certificate of business registration of the organization providing the specialized digital signature authentication service but not exceeding 5 years.

According to Article 40 of Decree No. 130/2018/NĐ-CP issued on September 27^th, 2018 by the Government, which details the implementation of the Law on E-transactions regarding digital signatures and digital signature authentication services, the conditions for issuing certificates ensuring the safety of specialized digital signatures include:

1. Possession of a registered operating certificate for the organization providing specialized digital signature authentication services. 

2. Meet the personnel and technical requirements stipulated in clause 3 and 4, Article 13 of Decree No. 130/2018/NĐ-CP.