Integrated Cargo System (ICS) Manuals - Generic

• Introduction - Home
• The ICS Environment
• Elec Communicator Reg'n
  • > Consider Pre-requisites
  • > Obtain Digital Certificates
  • > Download and install cert's
  • > Export Digital Cert & configure the CSI
  • > Self Registation
  • > Further Assistance
  • >Glossary of Terms
• Registration of Clients
• Certificate Maintenance
• Client Overview
• Messaging
• Reference Exports
• Reference Imp. Cargo Clearance
• Reference Imp Cargo Reporting

OBTAINING DIGITAL CERTIFICATE(S)

If you intend to communicate electronically with Customs, through the ICS, you will need to purchase one or more digital certificates from a Customs approved certification authority (CA).
VeriSign Australia Pty Ltd (known as VeriSign), is currently the only Certification Authority (CA) approved by Customs.

Tip: before purchasing digital certificate(s), ensure that you have decided on a communication option, reviewed your business processes, discussed communication needs with your EDI software developer (if applicable), and determined the number and type of digital certificates required.


What is a Digital Certificate?

A digital certificate provides security for electronic transactions. It can be regarded as the electronic signature of either an individual and/or organisation. A digital certificate exists as a software file and is housed within web-browsers. A digital certificate creates a unique identifier that can be checked by the receiver of information, to provide evidence of the sender's identity and confirm that the document (if signed) has not been altered or interfered with.

Digital certificates provide:

* authentication - knowing who the message is from
* integrity - knowing it has not been tampered with
* non-repudiation - knowing that the sender cannot deny having sent it
* confidentiality - knowing that no unauthorised reading of the message has occurred.

A digital certificate typically contains the following information:

* a public key
* the expiry date of the public key
* an individual and/or organisation name
* an e-mail address
* name of the certification authority
* serial number of the certificate

Hard Tokens

Hard tokens are physical objects designed for teh safekeeping and use of private key data. There are broadly three classes of hard tokens:

* smart cards
* USB tokens, and
* hardware security modules (HSMs)

Hard tokens perform cryptographic operations. The private keys held on hard tokens cannot be copied from the token, which makes it all but impossible for a hacker to obtain copies of the private keys.

How is the system secured?

The ICS operates in an open communication environment. As such, it is necessary to put in place security arrangements to protect the integrity of this environment. Security of the ICS is provided by Public Key Infrastructure (PKI). For comprehensive information on PKI, read the Public Key Infrastructure (PKI) fact sheet, located at http://www.customs.gov.au/site/page.cfm?u=5606.

What Type of Digital Certificate Do I Need?

There are five types of certificates available from VeriSign for communicating with Customs. The type you require will depend on the whether you are an organisation or an individual, and the set up of your organisation:

Type 1 - grade 2 individual certificates
For users who are operating as an individual, who do not have an ABN or work for an ABN organisation, where the digital certificate identifies and authenticates them personally.

Type 2 - grade 2 non-individual certificates
For organisations without an Australian Business Number (ABN), where the digital certificate identifies the organisation and the individual.

Type ABN-DSC grade 2 certificates
For organisations with an ABN (including sole traders and government agencies). The initial certificate will be issued to an authorised officer in the organisation. The authorised officer can then organise for additional certificates to be issued for other individuals within the organisation. These certificates will then be issued by VeriSign

Type 3 (Device) certificates
The Type 3 (Device) certificate will not authenticate people. This is a device or server-based certificate for organisations whose communications are signed by a server. This will be of direct relevance to organisations that use EDI to communicate with Customs.
Customs anticipates that most clients who communicate via EDI will use Type 3 (Device) certificates. As these clients will also be ABN holders, they will require a nominated employee within the organisation to be an authorised officer and hold a Type ABN-DSC grade 2 certificate.

Type 3 Host (Device) certificates
A Type 3 Host (Device) certificate is for use where your organisation wants a device certificate to be hosted by another organisation, called a host bureau. You will need a Type 3 Host (Device) certificate if you require a host bureau to:
* communicate import declarations to Customs on your behalf
* host your digital certificate and private keys.
To obtain a Type 3 Host certificate you must first obtain an ABN-DSC Authorised Officer certificate. You must also have registered your ABN DSC details with Customs.

For more information about Type 3 Host (Device) certificates, go to the 'Services Providers' page on the Cargo Support website, then select 'Bureaus' Go to: http://www.customs.gov.au/site/page.cfm?u=5608

Customs anticipates that most clients who communicate via EDI will use type 3 (device) certificates. As these clients will also be ABN holders they will require a nominated employee within the organisation to be an authorised officer and hold a type ABN-DSC certificate.

For organisations that plan to lodge import declarations in the ICS, the authorised officer must be the importer or a licensed broker. That person can then seek additional certificates for others in the organisation required to communicate with Customs via the Customs Interactive facility.


HOW MANY DIGITAL CERTIFICATES DO I NEED?

The number of certificates required will be determined by how your business is structured, the communication option you have chosen, and how many peole need to access the ICS. To determine the type and minimum number of digital certificate(s) you require, go to the 'digital certificate ready reckoner', located at http://itools.customs.gov.au/digital.php

Further Assistance;
* information about digital certificate management and types is available from www.verisign.com.au (then follow the links to Support, then Support Site)
* your software provider or Information Technology (IT) administration area
* support from Verisign is available from www.verisign.com.au or phone (03) 9674 5500
* information on Verisign guidelines and policies is available from www.verisign com.au (then follow the links to Support or Policy Documents)
* information about purchasing a digital certificate is available from www.verisign.com.au (then follow the links to Gatekeeper Digital Certificates for the Australian Customs Service, then Pricing)
The appendices to this manual contain a version of the Verisign documentation relating to accessing digital certificates. This has been provided for your convenience, however questions relation to this documentation must be directed to Verisign by the means listed above.

IMPORTANT NOTE

Before applying for a digital certificate, you will need to have a current email address. Clients that purchase digital certificates will need to provide two email addresses. These addresses may be the same, but they serve different purposes.

. Email Address 1 - the address that will be embedded in your digital certificate and cannot be changed. It is important to note that the ICS will only send messages to email addresses aligned to a digital certificate.
. Email Address 2 - the delivery or notification address (ie: address to which receipts or notices from Verisign may be sent).

If you change your email address it will not be possible to encrypt your messages with your existing certificate.
You will not be able to receive ICS response messages from Customs, until you purchase a new certificate to match the new email address, and add it to your Customs record.



How Do I Obtain The Digital Certificate(s) That I Need?

Step 1. Access the VeriSign website at www.verisign.com.au

The VeriSign homepage displays.



Step 2. Hover your mouse over the 'Gatekeeper' section in the centre pane. A small fly-out will display. Click on 'Australian Customs Service.'

The Gatekeeper: Customs Digital Certificates screen displays.



Step 3. In the Enrolment section, select your required type of digital certificate and complete the screens displayed. If you do not have an ABN, you may require an individual or Non-Individual certificate, which are also available for selection at this point.

Note: no changes should be made to the configuration of the machine used for the certificate download between applying for the certificate and downloading it. This includes "features" like MS auto-update that can alter registry entries making it impossible to successfully download the certificates.

Note: It is strongly recommended that you use Internet Explorer to obtain Customs Digital Certificates. Other browsers may be used, but Customs will not provide support for them.

For Individual, Non-individual or ABN-DSC digital certificates

Evidence of Identity (EOI) checks are necessary for individual, non-individual or ABN-DSC (authorised officer) digital certificate applications only. If you are applying for a Type 3 (Device) or Type 3 Host (Device) certificate , you must have previously obtained an ABN-DC (Authorised Officer) and therefore completed an EOI check.

To complete your EOI check you will need to compile documentation for a 100-point check. This documentation will need to be presented (in person) together with the relevant VeriSign forms (completed) at an Authorised Australia Post Office. Your EOI documentation will be checked and payment for the digital certificate(s) will also be required at this time.

Note: Remember to allow 6 working days for your certificate to be processed, from the time your application is accepted by the Australia Post outlet.

For Type 3 Device and Type 3 Host Digital Certificates

Before applying (enrolling) for a device certificate you must first appoint an Authorising Officer (AO) and then obtain an ABN-DSC certificate.
You will need to provide two email addresses when enrolling. One must be the address of the device (eg, server) and the other a delivery address (i.e., can be received by a person).

Note: you will need to have a current email address prior to applying for a digital certificate. This must be the email address to which you want response messages from Customs to be sent. This address will be embedded in your digital certificate and cannot be changed.

Further Aassistance
* general information about the use of digital certificates and registration is available from www.verisign.com.au
* a list of Evidence of Identity (EOI) documents is available from www.verisign.com.au (then follow the links to Gatekeeper Digital Certificates for the Australian Customs Service, then ID Requirements)
* a list of Australia Post authorised outlets is available from www.auspost.com.au (Click on Business Solutions, then e-commerce, then Keypost. Scroll down the page to KeyPost Authorised Outlets)
* support from VeriSign is available from www.verisign.com.au or phone (03) 9674 5500 (during office hours).

Progress Check
Before moving to the next stage of the registration process, you or your organisation must have:
? decided on a communication option to Customs (either EDI or Customs Interactive)
? acquired the appropriate computer equipment and capability
? acquired email address(es) suitable for this purpose
? purchased the required digital certificate(s) from an approved certification authority (i.e., currently VeriSign).

CUSTOMS PUBLIC KEYS (EDI USERS ONLY)

As part of the security of the Integrated Cargo System (ICS), it is essential that you have the most recent version of the Customs public encryption (confidentiality) and public signing (authentication) keys on every computer/server that will directly electronically communicate with Customs.

The keys are an essential part of your EDI software. Customs recommends that you check with your software developer to confirm that your software includes these keys.

To download the most recent Customs public keys, go to http://www.customs.gov.au/webdata/resources/files/CustomsKeys.zip.

OBTAIN AND INSTALL THE COMMON-USE SIGNING INTERFACE (CSI)

Before you can transact with the Integrated Cargo System (ICS), through the Customs Interactive facility, you must install the Common-use Signing Interface (CSI) software.

The CSI is an application for use by clients who wish to sign and encrypt transactions with a government agency using digital certificates. Simply, the CSI software links your digital certificate(s) to Customs Connect Facility (CCF) and allows clients to access the ICS quickly and efficiently.

HOW CAN I GET A COPY OF THE CSI?

Now that you have purchased your digital certificates, you must complete the following (it is recommended that you complete these steps while you are waiting for your emails from VeriSign.)

You can obtain a copy of the CSI installer by:
* Downloading it
* Requesting a CSI installer CD, which will be posted to you

Download

Before you attempt to download this file, be aware that it is large. If downloading files of this size is not a viable option for you, please refer to the postal option below.
The full download (CSI, installation guides and tutorial) includes the complete self-contained version of the CSI installer, and installation guides. This is a self-extracting zip file approximately 86MB. To download the full CSI, installation guides and tutorial, go to http://itools.customs.gov.au/DownloadEXE.htm

Post

Customs can post you a CSI installation CD, which has:

* Installers for all of the essential software process for clients who do not have a broadband connection
* A step by step guide to getting connected to the Customs Interactive
* PDF versions of guides for you to print and read
* Explanatory tutorials.
* Troubleshooting guides



To obtain a free copy of the CSI installer CD, send an email to
icsbus@customs.gov.au, with the following details:

* contact name
* company name
* ABN (if applicable)
* mailing address
* telephone number
* the number of copies of the CD you require.

Once you receive your CSI CD, you will need to install the following (if your computer does not already have it).

1. QuickTime
2. The Sun Java Runtime Environment (known as the Sun JRE)
3. CSI

You will need to install these applications in the order that appears above.

For full instructions on installing these applications, refer to the PDF guides on the CSI Installer CD, or the Cargo Support Website.

Note: Before installing these applications, save all open documents and close all other applications.

Ensure that administrator privileges apply to the computer where you are installing CSI.