Digital certificates play a crucial role in the e-invoicing process, ensuring electronic invoices’ authenticity, integrity, and non-repudiation.
Here’s an overview of digital certificates and their functions in the context of e-invoicing:
1. What is a digital certificate?
A digital certificate is an electronic document that binds an entity’s (individual or organization) identity to a public key.
It is issued by a trusted third party known as a Certificate Authority (CA), which verifies the identity of the certificate holder before issuing the certificate.
2. Functions of digital certificates in e-Invoicing:
a. Authentication:
Digital certificates provide a secure means of authenticating the identity of the invoice issuer.
When an e-invoice is digitally signed using the issuer’s private key, the recipient can verify the signature using the issuer’s public key contained in the digital certificate, confirming the authenticity of the e-invoice.
b. Integrity:
Digital signatures created using the issuer’s private key ensure that the e-Invoice has not been tampered with or altered during transmission.
Any modification to the e-Invoice content would invalidate the digital signature, ensuring the integrity of the document.
c. Non-repudiation:
By digitally signing an e-Invoice, the issuer cannot deny having issued the document, as the digital signature serves as evidence of their involvement in the transaction.
This non-repudiation feature provides legal validity and accountability for e-Invoices.
3. Implementation in e-Invoicing:
a. Supplier’s digital certificate:
Suppliers are required to obtain a digital certificate from a recognised Certificate Authority.
This certificate contains the supplier’s public key, which is used to verify the digital signatures on the e-Invoices they issue.
b. Digital signature process:
When issuing an e-Invoice, the supplier applies a digital signature using their private key.
The recipient (buyer or tax authority) can verify the signature using the supplier’s public key obtained from the digital certificate, confirming the authenticity and integrity of the e-Invoice.
c. Certificate management:
Digital certificates have an expiration date, and suppliers must renew their certificates periodically to maintain the validity of their e-Invoices.
Proper certificate management procedures are essential to ensure seamless e-Invoicing operations.
By incorporating digital certificates and digital signatures into the e-Invoicing process, the Malaysian government aims to enhance the security, authenticity, and legal validity of electronic invoices.
This not only facilitates efficient tax administration but also promotes trust and confidence in the e-Invoicing system among businesses and stakeholders.
Digital certificates can be acquired from the list of licensed Certification Authorities and recognized entities provided by the Malaysian Communications and Multimedia Commission (MCMC) at https://www.mcmc.gov.my/en/sectors/digital-signature/list-of-licensees regarding the list of Certification Authorities and Recognition under the Digital Signature Act 1997.
数字证书在电子发票流程中起着至关重要的作用,可确保电子发票的真实性、完整性和不可抵赖性。
以下是数字证书及其在电子发票中的功能概述:
1. 什么是数字证书?
数字证书是将实体(个人或组织)身份与公共密钥绑定的电子文档。
它由被称为证书颁发机构(CA)的可信第三方颁发,CA 在颁发证书前会核实证书持有者的身份。
2. 数字证书在电子发票中的功能:
a. 认证:
数字证书提供了验证发票开具人身份的安全手段。
当电子发票使用开票人的私人密钥进行数字签名时,收件人可使用数字证书中的开票人公共密钥验证签名,从而确认电子发票的真实性。
b. 完整性:
使用签发人私人钥匙创建的数字签名可确保电子发票在传输过程中未被篡改或更改。
对电子发票内容的任何修改都会使数字签名失效,从而确保文件的完整性。
c. 不可抵赖性:
通过对电子发票进行数字签名,签发人不能否认签发了该文件,因为数字签名是其参与交易的证据。
这种不可抵赖性为电子发票提供了法律效力和责任。
3. 电子发票的实施:
a. 供应商数字证书:
供应商必须从公认的证书颁发机构获得数字证书。该证书包含供应商的公开密钥,用于验证其开具的电子发票上的数字签名。
b. 数字签名程序:
在开具电子发票时,供应商使用其私人密钥进行数字签名。
收件人(买方或税务机关)可使用从数字证书中获得的供应商公共密钥验证签名,从而确认电子发票的真实性和完整性。
c. 证书管理:
数字证书有有效期,供应商必须定期更新证书,以保持电子发票的有效性。适当的证书管理程序对确保无缝电子发票操作至关重要。
通过将数字证书和数字签名纳入电子发票流程,马来西亚政府旨在提高电子发票的安全性、真实性和法律效力。
这不仅有利于高效的税务管理,还能增强企业和利益相关者对电子发票系统的信任和信心。
数字证书可从马来西亚通讯与多媒体委员会(MCMC)提供的许可认证机构和认可实体名单中获取,网址为 https://www.mcmc.gov.my/en/sectors/digital-signature/list-of-licensees,该名单涉及 1997 年数字签名法案规定的认证机构和认可。