Current through Reg. 49, No. 49; December 6, 2024
Section 1.700 - Digital Certificates(a) Purpose. This section prescribes the requirements that govern the issuance, use, and revocation of digital certificates issued by the department for electronic commerce in eligible department programs. Texas Administrative Code, Title 1, Part 10, Chapter 203, Subchapter B governs to the extent of any conflict between that subchapter and a provision of this section.(b) Definitions. The following words and terms, when used in this section, shall have the following meanings, unless the context clearly indicates otherwise.(1) Business entity--An entity recognized by law through which business is conducted with the department, including a sole proprietorship, partnership, limited liability company, corporation, joint venture, educational institution, governmental agency, or non-profit organization.(2) Certificate holder--An individual to whom a digital certificate is issued.(3) Digital certificate--A certificate, as defined in Title 1, Texas Administrative Code, Chapter 203, Subchapter A, §203.1 (relating to Key Terms and Technologies for Electronic Transactions and Signed Records), issued by the department for purposes of electronic commerce.(4) Digital signature--An electronic identifier assigned in a digital certificate and intended by the person using it to have the same force and effect as the use of a manual signature for signing an electronic document.(5) Division director--The chief administrative officer of a division or office of the department.(c) Program authorization. A division director may authorize the use of digital signatures for a particular program based on whether the applicable industries or organizations are using such technology, the frequency of document submission, and the appropriateness for the program. The solicitation documentation for eligible programs will include the information that digital signatures may be used.(d) Application and issuance of digital certificate.(1) A request for a digital certificate must be in writing and must be signed by the individual authorized by the business entity to request a digital certificate.(2) The department may request information necessary to verify the identity of the individual requestor or the business entity that has authorized the request. To verify identity under this paragraph a person must present:(A) a Texas driver's license or identification certificate with a photograph that is within two years after its expiration date;(B) an unexpired United States passport;(C) a United States citizenship (naturalization) certificate with identifiable photograph;(D) an unexpired United States Bureau of Citizenship and Immigration Services document that was issued for a period of at least one year, that is valid for not less than six months from the date it is presented to the department with a completed application, and that contains verifiable data and an identifiable photograph;(E) an unexpired United States military identification card for active duty, reserve, or retired personnel with an identifiable photograph; or(F) a foreign passport with a valid or expired visa issued by the United States Department of State with an unexpired United States Bureau of Citizenship and Immigration Services Form I-94:(i) that was issued for a period of at least one year, is marked valid for a fixed duration, and is valid for not less than six months from the date it is presented to the department with a completed application; or(ii) that is marked valid for the duration of the person's stay and is accompanied by appropriate documentation.(3) The department may take actions necessary to confirm that the individual who signed the request is authorized to act on behalf of the business entity, including requiring the individual requestor or the person authorizing the request to personally appear at the department office responsible for the issuing of the certificate.(4) The department will issue a digital certificate only to an individual. Information identifying the business entity that authorized the issuance of the certificate may be embedded in the digital certificate.(e) Refusal to issue a digital certificate. The department will not issue a digital certificate if the identity of the individual to whom the certificate is to be issued or the identity of the individual requesting the certificate on behalf of a business entity cannot be established. The department will not issue a digital certificate if the business entity on whose behalf the request is allegedly being made does not authorize its issuance.(f) Responsibilities of certificate holder. A certificate holder must: (1) maintain the security of the digital certificate;(2) use the certificate solely for the purpose for which it was issued; and(3) renew the certificate in a timely manner, if continued use is intended.(g) Responsibilities of business entity. A business entity is responsible for:(1) determining the individual who may request a certificate for the business entity;(2) determining the individual to whom a certificate is to be issued; and(3) requesting within a reasonable time the revocation of its certificate if the security of the certificate has been compromised or if the business entity is changing its certificate holder.(h) Revocation of certificate. The department will revoke a digital certificate: (1) on receipt of a written request for its revocation signed by an individual authorized to act on behalf of the business entity for which it was issued;(2) for suspension or debarment of the individual or business entity; or(3) if the department has reason to believe that continued use of the digital certificate would present a security risk.(i) Use of digital certificate.(1) A digital signature assigned in a digital certificate issued by the department must be used for digitally signing electronic documents filed with the department and only such a signature may be used for that purpose. The use of the digital signature is binding on the individual to whom the certificate was issued and the represented business entity, as if the document were signed manually.(2) The department may use the digital certificate to identify the certificate holder when granting or verifying access to secure computer systems used for electronic commerce.(j) Forms. The department may prescribe forms to request, modify, or revoke a digital certificate.43 Tex. Admin. Code § 1.700
The provisions of this §1.700 adopted to be effective December 11, 2008, 33 TexReg 10052