Issues

• Foreign Experience

• Certification Authority

• Customer Focus

• Digital Certificate ‘link’ to Revenue Records

Previous slide

Next slide

Back to first slide

View graphic version

Foreign
• Initial customer identification and authentication problems
• Complexity for secure delivery of certificates to the customer overly bureaucratic, manual form filling and personal attendance, too many stages
• ‘Lost passphrases’ - lost on machine, forgotten
• Problems with customer’s browsers (ActiveX, signed applets, customised browser configurations
  CA
• wanted Independent public Certification Authority
  Customer Focus
• Complexity for secure delivery of certificates to the customer example later - bureaucratic, longwinded, 3 many separate stages/ 2 postal contacts - balance against security of id
• Privacy of customer private key and passphrase - lost passphrase support - code audit
• Revenue use of the customer Private Key - Application has use of both the password and the private key within the ROS application, risky, - code audit
• Password/Passphrase policy - minimum size, least 1 lower and upper, number, special char. , probability of discovery
  ‘Link’
• Cert must be linked to Revenue records. Link is created as part of Reg. RAN -> Customer number on Rev Records