No basis of law yet, the IC card cannot be used in substitute of the ID card.

The Interior Ministry Certification Authority Certification Practice Statement and the Main Points for Citizen Digital Certificate Issuance and Management Operation.

The Certification Practice Statement is being formulated according to the Law of Electronic Signature. The latest version 1.2 of the Certification Practice Statement of the Ministry of Interior Certification Authority was published on 20 November, 2006. The latest version of the Certification Practice Statement can be retrieved from Repository on the Certification Authority website (http://moica.nat.gov.tw/) The latest version of the Certification Practice Statement was formulated in accordance with the Certificate Policy. The Certification Authority operates with class 3 assurance of the Certificate Policy. Its object identifier (OID) is id-tw-gpki-certpolicy-class3Assurance. Its object identifier value is (id-tw-gpki-certpolicy3) (refer to Certificate Policy).

Operation of the Certification Authority shall be maintained by budgets of the Interior Ministry. No insurance is bought to ensure its operation. The Auditing Office of the Interior Ministry shall audit its finance and accounting. Other related financial responsibilities shall be in accordance with applicable laws and regulations.

The Key Pairs and the Key Share are the intellectual property of the Certification Authority. The Certificate subscriber's token is the IC card. The Certification Authority Relying Card Center activates the IC card and the IC card automatically generates the Key Pair. And the intellectual property of this Key Pair belongs to the subscriber. The intellectual property of the Certification Authority issued Certificates and Certificate Revocation List (CRL) belong to the Certification Authority. The Certification Authority will take all reasonable measures to ensure the correctness of the subscriber name. However, it does not guarantee that the intellectual property of the name belongs to the subscriber. When name clash disputes occur, the certificate subscriber should take legal procedures to protect its legal rights and notify the Certification Authority accordingly. The intellectual property of all documents written by the Certification Authority in the certification process belongs to the Ministry of the Interior. The intellectual property of the Certification Practice Statement belongs to the Ministry of the Interior. The Certification Practice Statement can be freely downloaded from the Repository. However, it must be duly duplicated and distributed in accordance with the Copyrights law and expressly indicated that its copyright belongs to the Ministry of the Interior. Additionally, in duplicating and distributing this Certification Practice Statement, no fees must be collected and no requests must be denied. The Interior Ministry takes no legal responsibility for any consequences from the improper use and distribution.

You can go to the Interior Ministry Certification Authority website http://moica.nat.gov.tw (documents download/applicable laws and regulations data)

Purpose of legislation: To govern the use of electronic documents and electronic signatures, set up electronic certification system, improve security in electronic telecommunications and transactions, and promote e-Government and e-Commerce.

The meaning and functions of traditional signature or use of seal are as follows:

1. Evidence: After signing a document, the signer has left its evidence of differentiating its identity and pinpointing its responsibility.
2. Endorsement: Having its signature on a document is tantamount to endorsing the contents of the document under current laws and conventions.
3. Ceremony: Through the act of signature, the signer seriously ponders its legal responsibility after the signature in order to avoid different contract acts.

Traditional signature and the use of seal can be duly duplicated, presented, stored and transmitted using electronic signature. To widely promote the use of electronic signature in various trades and professions, to minimize the inconvenience of using in tandem hardcopy signature and electronic signature, and to fully bring into play the benefits of digitalization and the internet, it is stipulated that electronic signature can legally replace traditional signature and the use of seal. The convenience of electronic signature cannot be denied but its risk of being faked, in much the same way as traditional signature and the use of seal, cannot be overlooked either. To protect public interest, we have adopted the policy of gradually popularizing the electronic documents by excluding use of it in areas that have a major impact on people's life, property and other important interests. Following technological development and social acceptance, the competent departments will, from time to time, make adjustments to areas unsuitable for using electronic signatures.

The Government Public Key Infrastructure has a stratum structure with the Government Root Certification Authority (under jurisdiction of the Research, Development and Evaluation Commission of the Executive Yuan) undertaking to issue certificates to the certificate organizations. Its subordinate organizations are:

1. Interior Ministry Certification Authority (under jurisdiction of the Interior Ministry) undertakes to issue Citizen Digital Certificates;
2. The Electronic Industrial and Commercial Certification Authority (under jurisdiction of the Ministry of Economic Affairs) undertakes to issue company certificates.
3. The Government Certification Authority (under jurisdiction of the Research, Development and Evaluation Commission of the Executive Yuan) undertakes to issue organization certificates, server application software certificates, and certificates for social institutions and finance institutions, as well as for non-institutional organizations and test certificates.
4. The Test Certification Authority (under jurisdiction of the Research, Development and Evaluation Commission of the Executive Yuan) undertakes to issue organization certificates, server application software certificates, and certificates for social institutions and finance institutions, as well as for non-institutional organizations and test certificates.

The competent department of the Interior Ministry Certification Authority undertakes to formulate and revise the Certification Practice Statement. It is responsible to issue and manage certificates, publish the Certificate Revocation List (CRL) and maintain its operation.

The concerned constituents are as follows:

1. Interior Ministry Certification Authority.
2. Registration Authority.
3. Registration Counter.
4. Card Center.
5. Repository.
6. End Entity.

The Certification Authority is the Level 1 subordinate certification organization in the Government Public Key Infrastructure. It is responsible for issuing and managing Citizen Digital Certificates in line with class 3 certification policy.

1. According to Level 3 stipulations of the certification policy of the Government Public Key Infrastructure, the Interior Ministry Certification Authority operates in line with the Certification Practice Statement.
2. Issue and publish certificates.
3. Revoke, suspend and recovery of certificates.
4. Issue and publish Certificate Revocation List (CRL).
5. Enforce personnel identification of the Certification Authority and the identification procedures.
6. Securely generate Certification Authority's private key.
7. Support Registration Authority in certificate registration.

The Certification Authority publishes all its information on its website: http://moica.nat.govt.tw.

1. Certificate Policy.
2. Certification Practice Statement.
3. Certificate Revocation List.
4. Certification Authority's own certificate (All certificates are valid till expiry date of the public key and the corresponding private key.)
5. Issued certificate.
6. Privacy protection policy.
7. Latest audit results.
8. Update news.

The Certification Authority will set up a Registration Authority to collect and verify subscriber's identity and relevant certificate registration work. The Registration Authority comprises of several RA Counters. The RA Counters are set up in various county and city household registration offices. Staffed with RA officers, the Registration Counters are responsible for certificate application, suspension application, recovery application and revocation application.

1. Securely pass subscribers' application material and the public key to the Certification Authority.
2. Notify subscribers and Relying parties of the Certification Authority and Registration Authority's obligations.
3. Notify subscribers and Relying parties on observance of the Certification Practice Statement of the Interior Ministry Certification Authority in accepting and using certificates issued by the Certification Authority.
4. Enforcing RAO identification and authentication procedures.
5. Securely generate Registration Authority's private key.
6. Protect Registration Authority's private key.

1. Enforce identification of the identity of Citizen Digital Certificate of the public at the counter and the authentication procedures, and manage the counter certificate processes.
2. Responsible for IC card personalization service and provide certification operations.

Certification Authority subscribers' token is the IC card. The Certification Authority will entrust the Relying Card Center to issue and manage IC card. Card making and management operations of the IC card comprise of internally generating the key pair, and randomly generating the PIN code of the IC card, as well as the IC card delivery management.

1. Activate the IC card to securely generate the subscriber's key pair internally.
2. Use the initial code to set IC card's initial PIN code.
3. Unify initial card printing.
4. Provide IC card opening materials management.
5. Provide IC card locking management.
6. Provide IC card delivery management.

The Repository is responsible for publishing the certificates issued by the Certification Authority, the Certificate Revocation List and other related information. Aside from setting up and maintaining the Repository, the Certification Authority will also transfer all certificates and certificate revocation lists to the Directory Service. The Repository offers 24-hour service at the internet site: http://moica.nat.gov.tw/

1. Certificate subscriber: Certificate subscribers of the Interior Ministry Certification Authority refer to individuals of the Certificate Subject Name issued by the Certification Authority. The Certification Authority is responsible for issuing Citizen Digital Certificates to citizens with residence in the R.O.C. who are at or above the age of 18.
2. Relying Party: The Relying Party refers to the individual who believes in the linkage of the Certificate Subject Name and the Public Key. Prior to using the certificate issued by the Certification Authority, the Relying Party uses the certificate of the Certification Authority to verify the validity of its certificate.

Only after verifying the validity of the certificate, can we undergo following operations:

1. Inspect the integrity of electronic documents.
2. Inspect the identity of the issuer of electronic documents.
3. Establish a secure communication tunnel with the Certificate Subject.

The Certification Authority shall notify the competent ministry for digital signature (Ministry of Economic Affairs) 30 days in advance before terminating its service. It shall also publish the terminated services in the Repository.

1. The private key is for signature, encryption and non-repudiation.
2. Pairing of the public key and the private key is for signature identification, decryption and non-repudiation.

The PIN code is for identifying a person's identity. It is a password used in the certificate IC card. Usually, an ATM card has this setting for personal use (using six to eight characters including letters and special symbols).

The subscriber code is used for certification on the internet, for instance, application for certificate IC card suspension and recovery, as well as PIN code locking and decoding. The subscriber must therefore firmly memorize the subscriber code.

Email is used on the internet for email transmission. Like your home address you must have an address mailer to know where to send your mail. Subscribers can apply for a free account while applying for ChungHwa Telecom's Hinet account. For details, please check with ChungHwa Telecom's customer service at 0800-080-412.

A certificate is digital information specifying:

1. The issuing organization.
2. Subscriber's name and identity.
3. Comprising subscriber's public key.
4. Specifying certificate's valid date and time.
5. Digitally signed by a Certification Authority.

The format of the Citizen Digital Certificate is X.509 v.3 and in its Certificate Policy column, its CP object identifier code certificate is being cited.

An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CARLs or CRLs.

It is responsible for verifying subscriber's identity and other attributes. It does not issue nor manage certificates. The responsibility of the Registration Authority is to be defined by the Certificate Policy or Protocol. (See Article 7, Section 2, Chapter 1 of the Certification Practice Statement). The Registration Authority is responsible for identifying and authenticating the certificate subject but it does not issue certificate.

The Registration Authority Counters are registration counters set up at the various county and city household registration offices. They are staffed with RA officers.

The RA Officers are registration authenticators responsible for applications of certificate registration, temporary suspension of use, recovery of use and revocation.

It is a database where certificates and revocation status information such as CRLs are stored. The official designation of a database as a repository is intended to signal that the operation of the facility is reliable and trustworthy. (See Article 8, Section 2, Chapter 1 of the Certification Practice Statement).

A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management (See Article 3, Section 2, Chapter 1 of Certification Practice Statement). A Certification Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise, recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

A statement of the practices (See Article 7, Clause 2 of Law of Electronic Signature) that a CA employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this CP, or requirements specified in a contract for services).

A list maintained by a Certification Authority of the certificates which it has issued that are revoked prior to their stated expiration date (See Article 9, Section 2, Chapter 1 of Certification Practice Statement).

OCSP (Online Certificate Status Protocol) is an online service for checking the validity of the certificate. The OCSP enables applications to determine the (revocation) state of an identified certificate, as well as its expiry date. You can check how to use this method in the Repository of the Citizen Digital Certificate website: http://moica.nat.gov.tw/

CA (Certification Authority) is responsible for issuing, revoking and managing certificates, as well as for publishing the certificate materials and the Certificate Revocation List (CRL) on the Directory server for the public to download. RA (Registration Authority) is responsible for application, revocation and authentication of certificates through database verification and through counter or written information auditing to authenticate applicant's identity prior to certificate issuance.

A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI they are used to uniquely identify each of the four policies and cryptographic algorithms supported.

It is a basic language profiling digital signature and digital envelope. Applying this standard to S/MIME to provide secure information RFC2630Cryptographic Message Syntax to support attributes certificate and key exchange algorithms.

PKCS11 refers to the Cryptographic Token Interface Standard. This standard specifies an API, called Cryptoki, to devices (usually smart card) that hold cryptographic information and perform cryptographic functions. Like Netscape's internet browser is being used to support communication between the IC card and SSL/mime.

Profiles Portable Document Format (PDF) and is being used to send user's private key, certificate and other secrets.