ANNEXURE A
DIGITAL SIGNATURE
1. | For the purposes of communicating using the— |
(a) | * X.400 protocol as described in paragraph 2, |
the registered user and the Commissioner agree that the methodology and procedure herein described shall be accepted by them as the electronic signature provided for in section 101A(10) of the Act.
(*Delete whichever is not applicable and sign in full)
2. | A digital signature for communicating using the X.400 protocol, shall be created and verified in accordance with the following procedure: |
(a) | The digital signature shall be contained in the message of the originator within the following parameters when the message is received on the SARS EDI Gateway: |
(i) | Originator Information: Comprised of a unique identification code selected by the registered user upon initial registration to a maximum of 35 characters |
(ii) | Address Information: SARS |
(iii) | Application Type: As specified by SARS in the user manual |
(iv) | Registered User Code: As allocated or agreed to by SARS |
(v) | Registered User Password: Comprised of a password assigned by SARS |
(vi) | Document Type and Version: A reference to the UN/EDIFACT document and version number |
(vii) | Live or Test Indicator |
(viii) | Communications parameters: Originator's communications address details as supplied on initial registration. |
(b) | Upon receipt of the message on the SARS EDI Gateway the validity of the digital signature will be verified automatically against the digital signature specified and stored within the EDI Gateway. |
(c) | Upon registration as a registered user the Commissioner will allocate a digital signature to the registered user which will be stored in the EDI Gateway and comprise the following: |
(i) | Communications profile; and |
(ii) | registered user profile containing the registered user's password. |
(d) | Notification of the password and password qualifier by the Commissioner will be in the manner as specified by the Commissioner; |
(e) | The digital signature shall be authenticated for purposes of the Act by validating - |
(i) | the communications profile; and |
(ii) | the registered user profile, stored within the EDI Gateway. |
(f) | Upon receipt of a message at the SARS EDI Gateway─ |
(i) | the digital signature is automatically validated or invalidated; and |
(ii) | an electronic acknowledgement of receipt of the message is generated and automatically sent to the originator. |
3. | A digital signature, for communicating using the Internet, shall be created and verified in accordance with the following procedure: |
(a) | SARS uses PKI (Public Key Infrastructure) for authenticating and securing business data communicated over the Internet. The digital signature attached to messages must be created in accordance with the specification as contained within the user manual using the digital certificate obtained from the Commissioner. |
(b) | The digital signature shall be contained in the message of the originator within the following parameters when the message is received on the SARS EDI Gateway: |
(i) | Originator Information: Comprised of a unique identification code selected by the registered user upon initial registration to a maximum of 35 characters |
(ii) | Address Information: SARS |
(iii) | Application Type: As specified by SARS in the user manual |
(iv) | Registered User Code: As indicated or agreed to by SARS |
(v) | Registered User Password: Comprised of a password assigned by SARS |
(vi) | Document Type and Version: A reference to the UN/EDIFACT document and version number |
(vii) | Live or Test Indicator |
(viii) | Communications parameters: Originator's communications address details as supplied on initial registration. |
(c) | Upon receipt of the message on the SARS EDI Gateway the validity of the digital signature will be verified automatically against the digital signature specified and stored within the EDI Gateway. |
(d) | Upon registration as a registered user the Commissioner will allocate a digital signature and issue a digital certificate to the registered user which will be stored in the EDI Gateway and comprise the following: |
(i) | communications profile; and |
(ii) | registered user profile containing the registered user's password. |
(e) | Notification of the digital certificate, password and password qualifier by the Commissioner will be in the manner as specified by SARS in the user manual. |
(f) | The digital signature shall be authenticated for purposes of the Act by validating - |
(i) | the communications profile; and |
(ii) | the registered user profile, |
stored within the EDI Gateway.
(g) | Upon receipt of a message at the SARS EDI Gateway— |
(i) | the digital signature is automatically validated or invalidated; and |
(ii) | an electronic acknowledgement of receipt of the message is generated and automatically sent to the originator. |
4. | The completion of this process, when the data and information contained in the electronic record constituting the message is accepted within the computer system of the Commissioner, shall for purposes of the Act be deemed to be the affixing of a digital signature to the message received. |