myGovID Terms of use - Machine

These Terms of Use relate to the use of the myGovID system.  The Australian Taxation Office (ATO) provides the myGovID system as a secure digital environment for machine to machine transactions and communications as part of the myGovID environment.

A Glossary of terms used in these Terms of Use is included on this page.

Background

The ATO has established the myGovID system and associated myGovID Machine Certificates to facilitate internet based electronic transactions between Organisations and participating agencies.  The ATO is the Certification Authority (CA) for the myGovID system. The myGovID Machine Certificate forms part of the digital authentication credential referred to as a Machine Credential which permits machine-to-machine interactions.

Where an Organisation wishes to use (and appoints a Machine Credential Administrator (MCA) responsible on its behalf for) the myGovID Machine Certificate issued under the Certificate Policy (CP) – Machine, then;

  • The Organisation means the entity identified by its Australian Business Number (ABN) in the application for that myGovID Machine Certificate and as the Organisation in that Certificate.
  • The MCA means the individual nominated in the application as the MCA for that myGovID Machine Certificate and associated with that Certificate as its Certificate Holder.

Conditions Associated with the myGovID Machine certificate

The CP, the Certificate Practice Statement (CPS) and the myGovID Terms of use – Machine may change over time.  The current documents at a given time are published at;

By accepting, and by using the myGovID Machine Certificate, the MCA and the Organisation agree in each case to be bound by the CP, the CPS and the myGovID Terms of use – Machine current at that time.

Use of the myGovID Machine Certificate

The MCA and the Organisation are jointly and severally responsible for the storage and use of the myGovID Machine Certificate including all transactions and communications carried out under or using it.

The Organisation and the MCA must ensure that the myGovID Machine Certificate is not used for any unlawful or improper purpose.

The Organisation represents and warrants that the MCA has full authority to manage the use of the myGovID Machine Certificate on the Organisation’s behalf.

The Organisation and the MCA permit the myGovID CA to (and to authorise others to) publish information relating to the myGovID Machine Certificate, the Organisation and the MCA for the purposes of myGovID System and as indicated in the CP – Machine and CPS.

All intellectual property rights in the myGovID Machine Certificate are owned by (the myGovID CA as custodian for) the Commonwealth of Australia. The MCA and the Organisation may only reproduce, publish and transmit the myGovID Machine Certificate (in unaltered form) for the purposes of its use in accordance with the CPS, the CP – Machine and these Terms of use – Machine.

Responsibilities in relation to the myGovID Machine Certificate

The MCA and the Organisation must not:

  • disclose the password for the myGovID Machine Certificate to any other person
  • store the myGovID Machine Certificate in a keystore to which any person may have unauthorised access
  • otherwise allow, grant, permit or enable any person to use the myGovID Machine Certificate other than under their authority.

The MCA and the Organisation must promptly advise the myGovID CA if:

  • the MCA is no longer authorised to manage the use of the myGovID Machine Certificate on the Organisation’s behalf
  • it becomes aware of any unauthorised use of the myGovID Machine Certificate
  • the security of the myGovID Machine Certificate or its password has been compromised.

Cancellation of the myGovID Machine Certificate

The circumstances under which the myGovID CA may revoke the myGovID Machine Certificate are described in the CP – Machine and the CPS.

The myGovID Machine Certificate must not be used for any purpose after it has been cancelled.

Warranty and Indemnity

Except as set out in these Terms of use – Machine, the CP – Machine or the CPS, the myGovID CA gives no implied or express warranties in relation to the myGovID Machine Certificate or its use. All statutory warranties are to the fullest extent permitted by law expressly excluded.

The Organisation indemnifies the myGovID CA against any loss arising from:

  • any failure by it (or the MCA) to ensure the safety and integrity of the myGovID Machine Certificate and its password
  • any use of the myGovID Machine Certificate otherwise than in accordance with these Terms of use – Machine
  • any wilful, negligent or unlawful act or omission by it (or the MCA) in relation to the use of the myGovID Machine Certificate.

The Organisation’s liability under this indemnity is reduced to the extent that any wilful, negligent or unlawful act or omission by the myGovID CA has contributed to its loss.

A reference in this clause to the myGovID CA includes a reference to the myGovID CA, the myGovID Root Certification Authority, myGovID Registration Authority, the Registrar, the Commonwealth, and their respective officers, employees and agents.

General

The CP – Machine and the CPS sets out how disputes between the persons referred to in these Terms of use – Machine are to be resolved.

Words that are defined in the CP – Machine or CPS have the meaning set out in the CP – Machine or CPS unless they are otherwise defined in these Terms of use – Machine.

These Terms of use – Machine are governed by, and are to be construed in accordance with, the laws for the time being in force in the Australian Capital Territory.

Glossary

Glossary of terms
Term Definition
ABN See Australian Business Number.
Australian Business Number An Australian Business Number issued in accordance with the A New Tax System (Australian Business Number) Act 1999.
Certificate An electronic document, signed by the Certification Authority which:
  • identifies a Subscriber by way of a Distinguished Name
  • binds the Subscriber to a Key Pair by specifying the Public Key of that Key Pair
  • contains the information required by the Certificate Profile.
Certificate Holder The individual who manages the use of a Digital Certificate on behalf of the Organisation identified in that certificate. The Certificate Holder is the MCA.
Certificate Policy (CP) A named set of rules applying to, and providing policy and operational guidance on the deployment and use of a Certificate issued by a Certification Authority (CA).
Certification Authority (CA) An entity that issues and digitally signs Certificates using the entities Private Key.
Certification Practice Statement (CPS) 

A statement of the practices that a Certification Authority (CA) employs in managing the digital Certificates it issues (this includes the practices that a Registration Authority employs in conducting registration activities on behalf of that Certification Authority).

These statements will describe the PKI certification framework, mechanisms supporting the application, insurance, acceptance, usage, suspension/revocation and expiration of digital Certificates signed by the CA, and the CA’s legal obligations, limitations and miscellaneous provisions.

Certificate Store Storage location for certificates on a computer or device.
Credential Refers to the Machine Certificate.
Machine Certificate A Machine Certificate that identifies a Machine in its Subject Distinguished Name field.
Machine Credential Administrator (MCA) The individual responsible for managing the use of a given myGovID Machine Certificate on behalf of the Organisation Entity identified in that certificate. To be a MCA the individual must be the Certificate Holder of a myGovID User Certificate. The MCA is also the Certificater Holder.
Organisation  A legal entity that has, or is entitled to have, an ABN.
Private Key The Private Key in asymmetric Key Pair that must be kept secret to ensure confidentiality, integrity, authenticity and non-repudiation, as the case may be.
Public Key Infrastructure (PKI)  The combination of hardware, software, people, policies and procedures needed to create, manage, store and distribute Keys and digital Certificates based on public Key cryptography.
Subject Distinguished Name A field in a digital Certificate that uniquely identifies the individual (or, in the case of a Machine Certificate, the Machine) associated with the Private Key for that certificate.