Decree No. 496 / 2004 Coll.
Ordinance on electronic mailrooms
Valid
Order
Effective from 01.01.2005
Text versions:
01.01.2005
22.09.2004
496
DECLARATION
of 29 July 2004
on electronic mailrooms
The Ministry of Informatics provides, pursuant to § 20 (4) of Act No. 227 / 2000 Coll., on Electronic Signature and on the amendment of certain other laws (Act on Electronic Signature), as amended by Act No. 226 / 2002 Coll., Act No. 517 / 2002 Coll. and Act No. 440 / 2004 Coll., ("the Act '):
Subject matter
This decree sets out the procedures of public authorities for receiving and sending data messages through the electronic data storage centre and the structure of the data of the qualified certificate on the basis of which the signatory can be clearly identified when receiving data messages through the electronic data storage centre.
Receiving and delivering a data message
(1) Save as otherwise provided for in this Decree, the adopted data report is considered to have been delivered to the public authority, provided that it is available to the e-mail service operated under the special legislature1).
(2) Where the received data message identifies the occurrence of a malfunctioning format or computer program that is capable of causing damage to the information system or to information processed by a public authority (hereinafter referred to as "malicious code '), the data message may be stored only outside the e-mail office, provided that the security of the public authority's information system and the security of the information processed is not compromised. Such a data message is not available by electronic mail.
(3) The data message delivered is stored in the repository of the data messages delivered in the form in which it was received. Where the data message is accompanied by a qualified certificate and a guaranteed electronic signature based on that certificate issued by an accredited certification service provider ("recognised electronic signature ') or a qualified system certificate and an electronic mark based on that certificate issued by an accredited certification service provider (" recognised electronic mark'), they shall be deposited with the report.
(4) The data message delivered will be in the electronic mail room
(a) register and be transmitted in accordance with specific legislation2) concerning the registration and further handling of documents received, the time of receipt of the data message being recorded with accuracy per second; and
(b) identify the electronic post office, which shall have the character of the post stamp.
(5) The delivery of the data message shall be confirmed to the sender without delay by sending the data message in accordance with the provisions of Section 3, provided that the public authority is able to identify the electronic address of the sender from the received data message. The delivery confirmation message shall include:
(a) the recognised electronic signature of the authorised staff member of the public authority or the recognised electronic mark of the public authority;
(b) the date and time, indicating the hour, minute and second of arrival of the data message; and
(c) the characteristics of the data message delivered to enable it to be identified.
(6) For the data message received, the e-mail office shall ascertain whether:
(a) the data report corresponds to the technical parameters published by the public authority under the special legislature1);
(b) a recognised electronic signature or a recognised electronic mark is attached, or if a qualified time stamp is attached, provided that the specific legislation provides for an obligation to attach it to the data message;
(c) the guaranteed electronic signature is valid and its qualified certificate has not been invalidated (Section 5 (2) of the Act) or the electronic mark is valid and its qualified system certificate has not been invalidated (Section 5a (3) of the Act), or if a qualified time stamp is valid if the specific legislation provides for an obligation to add it to the data report;
(d) a qualified certificate or a qualified system certificate as referred to in (b) is attached or an accredited certification service provider which has issued and maintained the certificate is indicated; and
(e) the qualified certificate shall contain the information on the basis of which the person signing the data report can be clearly identified.
(7) Where an electronic mail office finds that a qualified certificate or a qualified system certificate as referred to in paragraph 6 (a) above. (c) were invalid at the time of receipt of the data message and if it can be considered that the guaranteed electronic signature or the electronic mark was created during the period of validity of this certificate, the public authority in order to establish the validity of the electronic mark or the guaranteed electronic signature
(a) verify that a valid qualified time stamp is attached to the signed or marked data messages and that the stamp was created before the date of invalidation of the data message certificate and that it is valid; or
(b) inform the signatory, unless accompanied by a valid qualified time stamp, that he is unable to carry out all the operations necessary to verify that the guaranteed electronic signature or the electronic mark is valid and that their qualified certificate or qualified system certificate has not been invalidated before the creation of the guaranteed electronic signature or electronic mark.
(8) The acts required to verify that the guaranteed electronic signature is valid and its qualified certificate has not been invalidated or that the electronic mark is valid and its qualified system certificate has not been invalidated or that the qualified time stamp is valid under paragraph 6 (c) are listed in the Annex to this decree.
(9) The results of the findings of the facts referred to in paragraphs 6 and 7 shall be recorded on arrival in the electronic mail office identifier of the data evidencing them.
Sending a data message
(1) The sent data message is stored in the electronic data box in the repository of the processed data messages in the form in which it was sent. Where the data report is accompanied by a recognised electronic signature of the authorised staff member of the public authority and his or her qualified certificate or recognised electronic mark of the public authority and its qualified system certificate, they shall be deposited together with the data report.
(2) Before dispatch from a public authority, the data report shall be subject to a check of the occurrence of the harmful code.
(3) The sent data message shall be recorded in the electronic mail room in accordance with the internal rules of the public authority governing the records of the documents to be published, and the time of sending the data message shall be recorded with accuracy per second.
Indication on which the person can be clearly identified
The figure on the basis of which the person can be clearly identified shall be given in the structure of the 10-digit number in the decimal system in the range 1 100 100 to 4 294 967 295 and shall be administered by the central administration. Its value is not interchangeable with the birth number and must not be a personal figure according to the special legislation (3).
Efficacy
This Decree shall take effect on 1 January 2005.
Minister:
Miller
Annex to Decree No 496 / 2004 Coll.
The actions required to verify that the guaranteed electronic signature and the electronic mark are valid and their qualified certificate or qualified system certificate have not been invalidated, and to verify the validity of the qualified time stamp
1. Verification of guaranteed electronic signature and electronic tag
The verification of the guaranteed electronic signature of the signatory or the electronic tag identifying the data message persons shall be carried out in accordance with the standards of asymmetrical cryptographic algorithms and cryptographic hash functions corresponding to the schemes used to create the guaranteed electronic signature. The parameter of the asymmetric cryptographic algorithm shall be the data for verifying electronic signatures corresponding to the data for creating electronic signatures for which a qualified certificate has been issued, or data for verifying electronic tags corresponding to the data for creating electronic signs for which a qualified system certificate has been issued. The cryptographic asymmetric algorithms and cryptographic hash function standards are given in Tables 1 and 2 of this Annex. The verification shall, as a general rule, be carried out using an application without the intervention of the verifier.
2. Validation of the certificate
(a) Verification of the validity interval
Verification that at the time of delivery of the data message the qualified certificate of the signatory or the qualified system certificate of the designating persons was within the period of validity. The verification shall, as a general rule, be carried out using an application without the intervention of the verifier.
(b) Verification of the electronic certificate mark
A verification of the electronic tag that the qualified provider has identified as a qualified certificate of the signing person or a qualified system certificate of the designating person, as well as the electronic mark of the data message referred to in point 1, shall be verified. The verification shall, as a general rule, be carried out using an application without the intervention of the verifier.
(c) Verification that the certificate has not been invalidated
Verification that a qualified certificate of signing persons or a qualified system certificate of designating persons is not in the list of invalidated certificates with a period of invalidation prior to the time of delivery of the data message. For this purpose, the relevant list of invalidated certificates shall be a list, the validity of which shall begin immediately after the time of receipt of the data message. The verification shall be carried out by the validator and shall not normally be carried out by the application.
(d) Verification of the electronic label of the list of invalidated certificates
The verification of the electronic label by the qualified provider of the list of invalidated certificates shall be carried out mutatis mutandis as the electronic data message mark referred to in point 1 is verified.
(e) Certification trip
The electronic mark of the qualified certificate signing the person or qualified system certificate identifying the person shall be based on the qualified system certificate of the provider. It may also be marked with an electronic sign of the provider based on another qualified system certificate of the provider. This relationship between certificates is referred to as the certification path. In order to verify the validity of a certificate identifying or signing persons, it is necessary to verify the validity of all certificates in the certification path referred to in points (a) to (d) of this point. The certification path is indicated in each certificate issued.
3. Verification of the qualified time stamp
The verification of the electronic mark of the qualified time stamp shall be carried out in a similar manner to that of the electronic mark of the data message referred to in point 1.
Verification of the validity of a qualified system certificate on which the electronic mark of the qualified time stamp is based, mutatis mutandis, as the validity of the certificate referred to in point 2 is verified.
Table 1
| Index asymetrického algoritmu | Zkratka kryptografíckého asymetrického algoritmu | Normativní odkazy |
|---|---|---|
| 1.01 | rsa | [1] |
| 1.02 | dsa | [2] |
| 1.03 | ecdsa-Fp | [2,3] |
| 1.04 | ecdsa-F2m | [2,3] |
| 1.05 | ecgdsa-Fp | [4] |
| 1.06 | ecgdsa-F2m | [4] |
Standard documents:
[1] ISO / IEC 14888-3: Information technology - Security techniques - Digital signatures with appendix - Part 3: Certified-based mechanisms.
[2] NIST: FIPS Publication 186-2: Digital Signature Standard (DSS).
[3] Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-1998.
[4] ISO / IEC FCD 15946-2: Information technology - Security techniques - Cryptographic techniques based on elliptic curves - Part 2: Digital signatures.
Table 2
| Index hashovací funkce | Zkratka kryptografické hashovací funkce | Normativní odkazy |
|---|---|---|
| 2.01 | sha1 | [5,6] |
| 2.02 | ripemd160 | [5] |
Standard documents:
[5] ISO / IEC 10118-3: Information technology - Security techniques - Hash functions - Part 3: Dedicated hash functions.
[6] NIST: FIPS Publication 180-1: Secure Hash Standard (SHS-1).
1) Decree of the Government No. 495 / 2004 Coll., implementing Act No. 227 / 2000 Coll., on Electronic Signature and amending certain other acts (Electronic Signature Act), as amended.
2) For example, Act No. 97 / 1974 Coll., on archiving, as amended by Act No. 343 / 1992 Coll., Act No. 27 / 2000 Coll., Act No. 120 / 2001 Coll., Act No. 107 / 2002 Coll. and Act No. 320 / 2002 Coll.
3) § 4 (a) of Act No. 101 / 2000 Coll., on the protection of personal data and on the amendment of certain laws.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 496 / 2004 Coll., on Electronic Posts |
|---|---|
| Regulation Type | Order |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 22.09.2004 |
|---|---|
| Effective from | 01.01.2005 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0