Index
FAQ
Can IC cards be used in substitute of the ID card?
No basis of law yet, the IC card cannot be used in substitute of the ID card.
What is the source of law for application of the Citizen Digital Certificate IC card?
The Interior Ministry Certification Authority Certification Practice Statement and the Main Points for Citizen Digital Certificate Issuance and Management Operation.
What is the source of law for Certification Practice Statement?
The Certification Practice Statement is being formulated according to the Law of Electronic Signature. The latest version 1.2 of the Certification Practice Statement of the Ministry of Interior Certification Authority was published on 20 November, 2006. The latest version of the Certification Practice Statement can be retrieved from Repository on the Certification Authority website (http://moica.nat.gov.tw/) The latest version of the Certification Practice Statement was formulated in accordance with the Certificate Policy. The Certification Authority operates with class 3 assurance of the Certificate Policy. Its object identifier (OID) is id-tw-gpki-certpolicy-class3Assurance. Its object identifier value is (id-tw-gpki-certpolicy3) (refer to Certificate Policy).
What are the financial responsibilities of the Interior Ministry Certification Authority?
Operation of the Certification Authority shall be maintained by budgets of the Interior Ministry. No insurance is bought to ensure its operation. The Auditing Office of the Interior Ministry shall audit its finance and accounting. Other related financial responsibilities shall be in accordance with applicable laws and regulations.
Who owns the intellectual property?
The Key Pairs and the Key Share are the intellectual property of the Certification Authority. The Certificate subscriber's token is the IC card. The Certification Authority Relying Card Center activates the IC card and the IC card automatically generates the Key Pair. And the intellectual property of this Key Pair belongs to the subscriber. The intellectual property of the Certification Authority issued Certificates and Certificate Revocation List (CRL) belong to the Certification Authority. The Certification Authority will take all reasonable measures to ensure the correctness of the subscriber name. However, it does not guarantee that the intellectual property of the name belongs to the subscriber. When name clash disputes occur, the certificate subscriber should take legal procedures to protect its legal rights and notify the Certification Authority accordingly. The intellectual property of all documents written by the Certification Authority in the certification process belongs to the Ministry of the Interior. The intellectual property of the Certification Practice Statement belongs to the Ministry of the Interior. The Certification Practice Statement can be freely downloaded from the Repository. However, it must be duly duplicated and distributed in accordance with the Copyrights law and expressly indicated that its copyright belongs to the Ministry of the Interior. Additionally, in duplicating and distributing this Certification Practice Statement, no fees must be collected and no requests must be denied. The Interior Ministry takes no legal responsibility for any consequences from the improper use and distribution.
Where can I download the Law of Electronic Signature?
You can go to the Interior Ministry Certification Authority website http://moica.nat.gov.tw (documents download/applicable laws and regulations data)
What is the purpose of legislation of the Electronic Signature Law?
Purpose of legislation: To govern the use of electronic documents and electronic signatures, set up electronic certification system, improve security in electronic telecommunications and transactions, and promote e-Government and e-Commerce.
Can electronic signature replace traditional signature and use of seal?
The meaning and functions of traditional signature or use of seal are as follows:
- Evidence: After signing a document, the signer has left its evidence of differentiating its identity and pinpointing its responsibility.
- Endorsement: Having its signature on a document is tantamount to endorsing the contents of the document under current laws and conventions.
- Ceremony: Through the act of signature, the signer seriously ponders its legal responsibility after the signature in order to avoid different contract acts.
What are those government certification organizations?
The Government Public Key Infrastructure has a stratum structure with the Government Root Certification Authority (under jurisdiction of the Research, Development and Evaluation Commission of the Executive Yuan) undertaking to issue certificates to the certificate organizations. Its subordinate organizations are:
- Interior Ministry Certification Authority (under jurisdiction of the Interior Ministry) undertakes to issue Citizen Digital Certificates;
- The Electronic Industrial and Commercial Certification Authority (under jurisdiction of the Ministry of Economic Affairs) undertakes to issue company certificates.
- The Government Certification Authority (under jurisdiction of the Research, Development and Evaluation Commission of the Executive Yuan) undertakes to issue organization certificates, server application software certificates, and certificates for social institutions and finance institutions, as well as for non-institutional organizations and test certificates.
- The Test Certification Authority (under jurisdiction of the Research, Development and Evaluation Commission of the Executive Yuan) undertakes to issue organization certificates, server application software certificates, and certificates for social institutions and finance institutions, as well as for non-institutional organizations and test certificates.
What are the responsibilities of the competent department of the Interior Ministry Certification Authority?
The competent department of the Interior Ministry Certification Authority undertakes to formulate and revise the Certification Practice Statement. It is responsible to issue and manage certificates, publish the Certificate Revocation List (CRL) and maintain its operation.
What are the constituents of certification?
The concerned constituents are as follows:
- Interior Ministry Certification Authority.
- Registration Authority.
- Registration Counter.
- Card Center.
- Repository.
- End Entity.
What are the responsibilities of the Interior Ministry Certification Authority?
The Certification Authority is the Level 1 subordinate certification organization in the Government Public Key Infrastructure. It is responsible for issuing and managing Citizen Digital Certificates in line with class 3 certification policy.
What are the obligations of the Interior Ministry Certification Authority?
- According to Level 3 stipulations of the certification policy of the Government Public Key Infrastructure, the Interior Ministry Certification Authority operates in line with the Certification Practice Statement.
- Issue and publish certificates.
- Revoke, suspend and recovery of certificates.
- Issue and publish Certificate Revocation List (CRL).
- Enforce personnel identification of the Certification Authority and the identification procedures.
- Securely generate Certification Authority's private key.
- Support Registration Authority in certificate registration.
What is the published information of the Interior Ministry Certification Authority?
The Certification Authority publishes all its information on its website: http://moica.nat.govt.tw.
- Certificate Policy.
- Certification Practice Statement.
- Certificate Revocation List.
- Certification Authority's own certificate (All certificates are valid till expiry date of the public key and the corresponding private key.)
- Issued certificate.
- Privacy protection policy.
- Latest audit results.
- Update news.
What are the responsibilities of the Registration Authority?
The Certification Authority will set up a Registration Authority to collect and verify subscriber's identity and relevant certificate registration work. The Registration Authority comprises of several RA Counters. The RA Counters are set up in various county and city household registration offices. Staffed with RA officers, the Registration Counters are responsible for certificate application, suspension application, recovery application and revocation application.
What are the Registration Authority obligations?
- Securely pass subscribers' application material and the public key to the Certification Authority.
- Notify subscribers and Relying parties of the Certification Authority and Registration Authority's obligations.
- Notify subscribers and Relying parties on observance of the Certification Practice Statement of the Interior Ministry Certification Authority in accepting and using certificates issued by the Certification Authority.
- Enforcing RAO identification and authentication procedures.
- Securely generate Registration Authority's private key.
- Protect Registration Authority's private key.
What are the Registration Counter obligations?
- Enforce identification of the identity of Citizen Digital Certificate of the public at the counter and the authentication procedures, and manage the counter certificate processes.
- Responsible for IC card personalization service and provide certification operations.
What are the Card Center obligations?
Certification Authority subscribers' token is the IC card. The Certification Authority will entrust the Relying Card Center to issue and manage IC card. Card making and management operations of the IC card comprise of internally generating the key pair, and randomly generating the PIN code of the IC card, as well as the IC card delivery management.
What are the duty and functions of the Card Center?
- Activate the IC card to securely generate the subscriber's key pair internally.
- Use the initial code to set IC card's initial PIN code.
- Unify initial card printing.
- Provide IC card opening materials management.
- Provide IC card locking management.
- Provide IC card delivery management.
What are Repository obligations?
The Repository is responsible for publishing the certificates issued by the Certification Authority, the Certificate Revocation List and other related information. Aside from setting up and maintaining the Repository, the Certification Authority will also transfer all certificates and certificate revocation lists to the Directory Service. The Repository offers 24-hour service at the internet site: http://moica.nat.gov.tw/
Who are the End Entities?
- Certificate subscriber: Certificate subscribers of the Interior Ministry Certification Authority refer to individuals of the Certificate Subject Name issued by the Certification Authority. The Certification Authority is responsible for issuing Citizen Digital Certificates to citizens with residence in the R.O.C. who are at or above the age of 18.
- Relying Party: The Relying Party refers to the individual who believes in the linkage of the Certificate Subject Name and the Public Key. Prior to using the certificate issued by the Certification Authority, the Relying Party uses the certificate of the Certification Authority to verify the validity of its certificate.
- Inspect the integrity of electronic documents.
- Inspect the identity of the issuer of electronic documents.
- Establish a secure communication tunnel with the Certificate Subject.
What are the requirements of the Certification Authority for terminating its service?
The Certification Authority shall notify the competent ministry for digital signature (Ministry of Economic Affairs) 30 days in advance before terminating its service. It shall also publish the terminated services in the Repository.
What are the functions and usage of the Public Key and Private Key?
- The private key is for signature, encryption and non-repudiation.
- Pairing of the public key and the private key is for signature identification, decryption and non-repudiation.
What is a PIN code?
The PIN code is for identifying a person's identity. It is a password used in the certificate IC card. Usually, an ATM card has this setting for personal use (using six to eight characters including letters and special symbols).
What is a subscriber code?
The subscriber code is used for certification on the internet, for instance, application for certificate IC card suspension and recovery, as well as PIN code locking and decoding. The subscriber must therefore firmly memorize the subscriber code.
What is email address? Where can it be applied? How much does it cost?
Email is used on the internet for email transmission. Like your home address you must have an address mailer to know where to send your mail. Subscribers can apply for a free account while applying for ChungHwa Telecom's Hinet account. For details, please check with ChungHwa Telecom's customer service at 0800-080-412.
What are the contents of the certificate?
A certificate is digital information specifying:
- The issuing organization.
- Subscriber's name and identity.
- Comprising subscriber's public key.
- Specifying certificate's valid date and time.
- Digitally signed by a Certification Authority.
What is a Certification Authority?
An authority trusted by one or more users to issue and manage X.509 Public Key Certificates and CARLs or CRLs.
What is Registration Authority (RA)?
It is responsible for verifying subscriber's identity and other attributes. It does not issue nor manage certificates. The responsibility of the Registration Authority is to be defined by the Certificate Policy or Protocol. (See Article 7, Section 2, Chapter 1 of the Certification Practice Statement). The Registration Authority is responsible for identifying and authenticating the certificate subject but it does not issue certificate.
What is Registration Authority Counter (RAC)?
The Registration Authority Counters are registration counters set up at the various county and city household registration offices. They are staffed with RA officers.
What are RA Officers?
The RA Officers are registration authenticators responsible for applications of certificate registration, temporary suspension of use, recovery of use and revocation.
What is a Repository?
It is a database where certificates and revocation status information such as CRLs are stored. The official designation of a database as a repository is intended to signal that the operation of the facility is reliable and trustworthy. (See Article 8, Section 2, Chapter 1 of the Certification Practice Statement).
What is Certificate Policy?
A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management (See Article 3, Section 2, Chapter 1 of Certification Practice Statement). A Certification Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise, recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.
What is Certification Practice Statement (CPS)?
A statement of the practices (See Article 7, Clause 2 of Law of Electronic Signature) that a CA employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this CP, or requirements specified in a contract for services).
What is a Certificate Revocation List (CRL)?
A list maintained by a Certification Authority of the certificates which it has issued that are revoked prior to their stated expiration date (See Article 9, Section 2, Chapter 1 of Certification Practice Statement).
What is OCSP?
OCSP (Online Certificate Status Protocol) is an online service for checking the validity of the certificate. The OCSP enables applications to determine the (revocation) state of an identified certificate, as well as its expiry date. You can check how to use this method in the Repository of the Citizen Digital Certificate website: http://moica.nat.gov.tw/
What is the difference between CA and RA?
CA (Certification Authority) is responsible for issuing, revoking and managing certificates, as well as for publishing the certificate materials and the Certificate Revocation List (CRL) on the Directory server for the public to download. RA (Registration Authority) is responsible for application, revocation and authentication of certificates through database verification and through counter or written information auditing to authenticate applicant's identity prior to certificate issuance.
What is OID (Object Identifier)?
A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI they are used to uniquely identify each of the four policies and cryptographic algorithms supported.
What is PKCS7 (The Public Key Cryptography Standards)?
It is a basic language profiling digital signature and digital envelope. Applying this standard to S/MIME to provide secure information RFC2630Cryptographic Message Syntax to support attributes certificate and key exchange algorithms.
What is PKCS11 (The Public Key Cryptography Standards)?
PKCS11 refers to the Cryptographic Token Interface Standard. This standard specifies an API, called Cryptoki, to devices (usually smart card) that hold cryptographic information and perform cryptographic functions. Like Netscape's internet browser is being used to support communication between the IC card and SSL/mime.
What is PKCS12 (The Public Key Cryptography Standards)?
Profiles Portable Document Format (PDF) and is being used to send user's private key, certificate and other secrets.