(a) Purpose. This section prescribes the requirements
that govern the issuance, use, and revocation of digital certificates
issued by the department for electronic commerce in eligible department
programs. Texas Administrative Code, Title 1, Part 10, Chapter 203,
Subchapter B governs to the extent of any conflict between that subchapter
and a provision of this section.
(b) Definitions. The following words and terms, when
used in this section, shall have the following meanings, unless the
context clearly indicates otherwise.
(1) Business entity--An entity recognized by law through
which business is conducted with the department, including a sole
proprietorship, partnership, limited liability company, corporation,
joint venture, educational institution, governmental agency, or non-profit
organization.
(2) Certificate holder--An individual to whom a digital
certificate is issued.
(3) Digital certificate--A certificate, as defined
in Title 1, Texas Administrative Code, Chapter 203, Subchapter A, §203.1
(relating to Key Terms and Technologies for Electronic Transactions
and Signed Records), issued by the department for purposes of electronic
commerce.
(4) Digital signature--An electronic identifier assigned
in a digital certificate and intended by the person using it to have
the same force and effect as the use of a manual signature for signing
an electronic document.
(5) Division director--The chief administrative officer
of a division or office of the department.
(c) Program authorization. A division director may
authorize the use of digital signatures for a particular program based
on whether the applicable industries or organizations are using such
technology, the frequency of document submission, and the appropriateness
for the program. The solicitation documentation for eligible programs
will include the information that digital signatures may be used.
(d) Application and issuance of digital certificate.
(1) A request for a digital certificate must be in
writing and must be signed by the individual authorized by the business
entity to request a digital certificate.
(2) The department may request information necessary
to verify the identity of the individual requestor or the business
entity that has authorized the request. To verify identity under this
paragraph a person must present:
(A) a Texas driver's license or identification certificate
with a photograph that is within two years after its expiration date;
(B) an unexpired United States passport;
(C) a United States citizenship (naturalization) certificate
with identifiable photograph;
(D) an unexpired United States Bureau of Citizenship
and Immigration Services document that was issued for a period of
at least one year, that is valid for not less than six months from
the date it is presented to the department with a completed application,
and that contains verifiable data and an identifiable photograph;
(E) an unexpired United States military identification
card for active duty, reserve, or retired personnel with an identifiable
photograph; or
(F) a foreign passport with a valid or expired visa
issued by the United States Department of State with an unexpired
United States Bureau of Citizenship and Immigration Services Form
I-94:
(i) that was issued for a period of at least one year,
is marked valid for a fixed duration, and is valid for not less than
six months from the date it is presented to the department with a
completed application; or
(ii) that is marked valid for the duration of the person's
stay and is accompanied by appropriate documentation.
(3) The department may take actions necessary to confirm
that the individual who signed the request is authorized to act on
behalf of the business entity, including requiring the individual
requestor or the person authorizing the request to personally appear
at the department office responsible for the issuing of the certificate.
(4) The department will issue a digital certificate
only to an individual. Information identifying the business entity
that authorized the issuance of the certificate may be embedded in
the digital certificate.
(e) Refusal to issue a digital certificate. The department
will not issue a digital certificate if the identity of the individual
to whom the certificate is to be issued or the identity of the individual
requesting the certificate on behalf of a business entity cannot be
established. The department will not issue a digital certificate if
the business entity on whose behalf the request is allegedly being
made does not authorize its issuance.
(f) Responsibilities of certificate holder. A certificate
holder must:
(1) maintain the security of the digital certificate;
(2) use the certificate solely for the purpose for
which it was issued; and
(3) renew the certificate in a timely manner, if continued
use is intended.
(g) Responsibilities of business entity. A business
entity is responsible for:
(1) determining the individual who may request a certificate
for the business entity;
(2) determining the individual to whom a certificate
is to be issued; and
(3) requesting within a reasonable time the revocation
of its certificate if the security of the certificate has been compromised
or if the business entity is changing its certificate holder.
(h) Revocation of certificate. The department will
revoke a digital certificate:
(1) on receipt of a written request for its revocation
signed by an individual authorized to act on behalf of the business
entity for which it was issued;
(2) for suspension or debarment of the individual or
business entity; or
(3) if the department has reason to believe that continued
use of the digital certificate would present a security risk.
(i) Use of digital certificate.
(1) A digital signature assigned in a digital certificate
issued by the department must be used for digitally signing electronic
documents filed with the department and only such a signature may
be used for that purpose. The use of the digital signature is binding
on the individual to whom the certificate was issued and the represented
business entity, as if the document were signed manually.
(2) The department may use the digital certificate
to identify the certificate holder when granting or verifying access
to secure computer systems used for electronic commerce.
(j) Forms. The department may prescribe forms to request,
modify, or revoke a digital certificate.
|