Steps to be taken by EDI participant in event of cryptographic key being compromised
- If an EDI participant judges that its cryptographic keys have been compromised, the participant must stop using such keys for data interchange with other EDI participants.
- The EDI participant should send a written the application for cancellation of the electronic signature verification key certificate, signed by a company director, and sealed with the company stamp, to the EDI Administrator.
- If the EDI participant has reserve cryptographic keys kept separately to prevent simultaneous compromise, then the participant continues to use these reserve keys. If the EDI participant does not have reserve cryptographic keys, it should create new secure (secret) keys and a request for an electronic signature key certificate (ESVKC). The EDI participant should act in accordance with the Method of connection to new EDI subsystem for EDI (new application system providing EDI for the EDI organiser). Option A.
- Following receipt of the application for cancellation of the electronic signature verification key certificate, the EDI Administrator creates a list of cancelled certificates which should comprise information on the cancelled ESVKC.
- The ESVKC ceases to be valid when the record for that certificate is made in the list of cancelled certificates created by the EDI Administrator.