Home / Electronic Tax

Information security in electronic tax - 6


used to contain secret keys.

An identification device verification system - Used to read and verify the information of identification devices.

Policies - It records when and how the system is used, including monitoring and management by the competent authority. It allows tracking of user transactions and actions.

Scalability - The deployment solution must allow the application to be upgraded, used flexibly and for multiple purposes. It may be possible in the future to grow and consolidate everything into a single identifier device, the system must be flexible enough to do this.

Maybe you are interested!

Not only does the system provide convenience, it also needs to be a truly trustworthy component between the user (in this case, the taxpayer) and the authority (in this case, the tax authority). Privacy issues also need to be addressed.

A key part of the system is the user identification device. It is a device that can store information, can update information, and can do this in an extremely secure way. Why not use personal characteristics such as fingerprints (or other biological characteristics)? The difficulty is that there needs to be a central repository of all valid fingerprint templates, which increases the risk of forgery or theft because all the information is stored in the same place. Furthermore, the technology to authenticate fingerprints for millions of public users is not widely deployed, and is not suitable for practice. The solution would be a USB or smart card that combines user data with other authentication information, the corresponding identification information templates are also stored in this device. For procedures and transactions that really need authentication, it will be used. For simple procedures, this information will be ignored.

Information security in electronic tax - 6

In order for the identification device to be used, the readers must be placed in every location where the device is needed. For USB devices, this is quite easy because most computers today have USB ports, other devices such as smart cards are also quite commonly used today. For Vietnam today


Nowadays, for quick deployment, using USB as the identifier device makes sense.


3.2.2. Service system

An advanced tax service must be accessible to taxpayers 24 hours a day, 7 days a week. These services must be accurate and highly secure. A real challenge in moving from traditional to electronic tax procedures is the ability to deploy the proposed solutions with a friendly, easy-to-use interface for a very large number of users of all ages and backgrounds. These services also need to pay attention to personal issues such as protecting privacy and sensitive data.

In general, most services should focus on basic functions such as tax filing, data entry support, and conversion to popular electronic formats.

The implementation of e-tax, and by extension e-government, has been successfully implemented in many countries, and the PKI system has also proven its feasibility and can serve a large number of users with high reliability and security. Therefore, the implementation of e-tax in Vietnam is only a matter of time.


3.3. Deployment

This section presents the solutions and technologies used for practical implementation around the PKI platform.


3.3.1. VPN

Most PKI applications today support the use of VPNs. VPNs provide a cost-effective, secure way for users to control and communicate with secure devices. Using PKI in VPNs increases the efficiency and usefulness of VPNs. The main concern with using VPNs is how user actions are managed. Some VPN solutions that can be used are IPSec VPNs and SSL VPNs.

IPSec (Internet Protocol Security) is a network security protocol and is often associated with VPN. IPSec allows secure encrypted data transmission at the Network Layer according to the OSI model through


public networks such as the Internet. Network layer VPNs address the challenges of using the Internet as a transport medium for sensitive, multi-protocol traffic.

The term SSL VPN is used to refer to a new and rapidly growing VPN product line based on the SSL protocol. It should also be clarified that the SSL protocol itself is not new, but linking SSL with VPN is a new model. Using SSL VPN, the connection between remote users and corporate network resources is through an HTTPS connection at the application layer instead of creating a "tunnel" at the network layer like the IPSec solution. SSL VPN provides Web-based applications, email applications (POP3/IMAP/SMTP). Clients only need to use an SSL-enabled browser to make a VPN connection without installing separate software for VPN. Most SSL VPN solutions do not provide applications that use dynamic TCP ports such as FTP or VoIP.

Currently, VPN market share is increasing very quickly, especially SSL VPN, with big names such as: NetScreen (acquired by Juniper in 2004), F5, Aventail, Nokia.


3.3.2. Signing documents

One of the most widely used tax applications in PKI is document signing.

Signing a document can be viewed in two ways:

Sign independent documents and send them via traditional methods such as email.

As part of a sequence of actions, including the step of signing a document.

Document signing also requires a clear definition of whether the intended use is internal or external. Internal processes can be managed using self-signed certificates. External processes mostly require a public CA certificate, which means that each user needs a certificate before they can use the applications. In general, document signing has two main purposes:


Simplify and increase efficiency of the process

Increase the legal binding of signed documents

In case the documents need to be signed and completed without an Internet connection, signing the documents independently is a good solution. This solution can use third-party software such as: Adobe, Silanis,... These applications allow signing on popular document formats such as pdf, Microsoft Word, AutoCAD,...

To develop your own digital signature applications quickly, you can use some software development libraries from some vendors such as InfoMosaic, Xetex, etc. InfoMosaic provides an XML-based digital signature solution, their product is called SecureXML, it provides a range of solutions from the user side to the provider side. Based on their software library, we can build a separate, suitable software. Xetex provides a range of products related to PKI. One of their featured products is providing an ActiveX control for document signing.


3.3.3. Email Security

Secure email solutions can be divided into two categories: client-based and browser-based. Client-based email solutions can provide more features, while browser-based solutions have the advantage of being lightweight, cheap, and easy to deploy. Which solution to use depends on the specific goals of each organization.

Use the client program

There are several popular email software that are fully integrated with digital certificates. The software allows users to send unencrypted, encrypted, signed, or both signed and encrypted emails. The most popular software today is:

Microsoft Outlook Express

Mozilla Thunderbird

Using web services


Most web-based email services do not come with authentication services. However, we can integrate email signing and encryption plugins into our browsers to use with web-based email services. Some plugins for Firefox browser include:

Gmail S/MIME

WiseStamp Email Signature


3.3.4. Wireless network security

Building a wireless PKI can seem like an impossible task. When working with wireless environments, PKI can be difficult to deploy for a number of reasons. The most notable of these are the limitations of the processor power and internal memory of mobile devices. However, there are several approaches that have been developed to overcome these limitations. Two of the main solutions that enable deployment on mobile devices are:

Wireless Transport Layer Security (WTLS) certification - this approach has changed the X.509 certification to allow the use of mobile devices with smaller processors and internal memory.

Wireless Public Key Infrastructure (WPKI) - The authentication problem of mobile devices is now solved through WPKI. WPKI includes the same components as standard PKI such as CA, RA, end entity; furthermore WPKI can also use traditional PKI gateway by switching back and forth between mobile WAP and Internet CA.

Certicom

Certicom offers a wide range of solutions in the wireless space, ranging from WLAN solutions to PKI for mobile devices. Certicom also provides its own PKI CA server and WPKI portal for issuing digital certificates for devices such as PDAs and mobile phones. Additionally, Certicom also offers a VPN tunnel for mobile devices called movianVPN.

Openware

One of the pioneers in the wireless field, Openware has many products


The product is compatible with a wide range of authentication services. The most notable product is the microbrowser (a mobile browser) that supports WTLS certification.


3.3.5. Single Sign-On

Single Sign-On (SSO) is perhaps the most talked about solution in the security industry. Essentially, single sign-on allows users to authenticate themselves once and then use that authentication to access a variety of resources. There are many ways to implement solutions around SSO today. Without SSO, users would have to authenticate themselves to multiple, disparate systems. Multiple, repeated authentication can be a pain and a security risk because many people use easily guessable passwords across multiple systems. There are two main solutions to SSO, both of which are quite expensive:

Integrated solutions

Provides integration with a particular operating system's login, so that the operating system's security capabilities can be leveraged in conjunction with additional authentication, and credentials provided by a third party. For example, logging into operating systems such as Windows, GNU/Linux allows users to use this authentication to access other services.

Hybrid solution

Based on the fact that there is a combination of many technologies in practice, including identifiers. It allows SSO to be achieved by imitating user inputs such as accounts and passwords. The solution will store credentials (passwords, PINs, certificates) in the software “wallet” or identifier and users can use these credentials to identify and use resources. This solution is less expensive than the integrated solution, and it is also easy to extend and develop.


3.3.6. Web server

Of course a web server can easily be used for trust-based applications. Most commercial websites today use some form of security, but almost all rely on the use of Secure Socket Layer (SSL) certificates. SSL certificates were one of the earliest applications


of PKI technology. SSL certificates allow for the creation of a secure connection between a web browser and an organization's web server. One of the reasons SSL certificates have evolved as a core application for delegation is to allow companies to authenticate and obtain SSL certificates from a third party - a PKI provider. This is convenient for users because the providers' certificates are already available in most browsers today.

There are two types of web servers, software or hardware based systems:

Web server software

Web servers can be deployed as software on existing hardware. Adding security is fairly simple as most web server software today has tools to add SSL certificates. The two web server software that dominate the market today are:

Apache with mod_ssl

Microsoft IIS

Hardware based web server

With the ability to build suitable for data centers, simplifying configuration, this type of web server is used by many large corporations. Some web servers such as:

Sun Cobalt

Net Integrator

UVNetworks WebBox


3.3.7. Smart card

Smart cards are computer chips embedded in hardware cards. Applications of smart cards range from simple data storage (such as certificates) to complex transactions such as financial transactions. This section will focus on the use of smart cards in relation to transaction authentication issues. In this context, we will use smart cards simply as a storage medium for key data such as the secret key for electronic certificates. It can serve


for two purposes:

Increased security because the smart card (and secret key) can be physically revoked and is unique to each computer.

Increases the portability of secret keys, allowing users to use them in multiple locations.

There are many types of smart cards, each with its own functions and applications, so depending on the purpose, use the appropriate card type. When using smart card solutions, pay attention to the following key points:

Price - Cheap cards are mostly used for data storage, more functional cards are more expensive and come with additional software.

Storage capacity - Depending on the card type, low-tech cards can hold two or three digital certificates, high-tech cards can hold more than 128K of data.

Security - Some readers have a PIN keypad embedded in them, which prevents programs from stealing the PIN when the user unlocks the smart card to access information. Low-tech cards have virtually no security features.


3.3.8. Data warehouse protection

With the growth of storage networks and other forms of electronic storage, data needs to be stored securely and protected. This applies not only to servers in the infrastructure but also to the users’ computers. If a laptop is stolen, the damage will be greatly reduced if the hard drive is fully encrypted. Likewise, for organizations, storage networks need to be more secure, especially when backing up data. There are two main areas where PKI delegation solutions can be applied to storage networks:

Security in structure - Authenticate the identity of switches before allowing it into the storage network.

Security from the administrator - Secure data protection from the dashboard

Comment


Agree Privacy Policy *