Goto Main Content
:::

Chapter Law Content

Chapter 5  Technical Security Controls
Article 29
A certification service provider shall specify the following particulars in respect of key pair generation and installation:
1.Who generates the public, private key pair of subscribers
2.Where the private key is not generated by the subscriber, how is it provided securely to the subscriber
3.How is the certification service provider’s public key provided securely to subscribers or relying parties
4.Key sizes
5.Key parameters generation and the parameter quality checking
6.Keys usage purposes
Article 30
A certification service provider shall specify the following particulars in respect of private key protection:
1.Whether cryptographic module meets certain standards
2.Whether the private key is under n out of m multi-person control
3.Whether the private key is escrowed, backed up, archived, or transferred and stored in a cryptographic module; if applicable, what methods and procedures are
4.Methods of activating, deactivating, and destroying the private key
Article 31
A certification service provider shall specify the operational period of the certificates, whether the public key is archived, and the usage periods for the key pair.
Article 32
A certification service provider shall specify the protection mechanism of activation data.
Article 33
A certification service provider shall specify measures for software system and network security controls.