myGovID is now known as myID. It has a new name and look - but you can continue to use it the same way. Find out more.

myID Terms of use - Machine

These Terms of Use relate to the use of the myID system.  The Australian Taxation Office (ATO) provides the myID system as a secure digital environment for machine to machine transactions and communications as part of the myID environment.

A Glossary of terms used in these Terms of Use is included on this page.

Background

The ATO has established the myID system and associated myID Machine Certificates to facilitate internet based electronic transactions between Organisations and participating agencies.  The ATO is the Certification Authority (CA) for the myID system. The myID Machine Certificate forms part of the digital authentication credential referred to as a Machine Credential which permits machine-to-machine interactions.

Where an Organisation wishes to use (and appoints a Machine Credential Administrator (MCA) responsible on its behalf for) the myID Machine Certificate issued under the Certificate Policy (CP) – Machine, then;

  • The Organisation means the entity identified by its Australian Business Number (ABN) in the application for that myID Machine Certificate and as the Organisation in that Certificate.
  • The MCA means the individual nominated in the application as the MCA for that myID Machine Certificate and associated with that Certificate as its Certificate Holder.

Conditions Associated with the myID Machine certificate

The CP, the Certificate Practice Statement (CPS) and the myID Terms of use – Machine may change over time.  The current documents at a given time are published at;

By accepting, and by using the myID Machine Certificate, the MCA and the Organisation agree in each case to be bound by the CP, the CPS and the myID Terms of use – Machine current at that time.

Use of the myID Machine Certificate

The MCA and the Organisation are jointly and severally responsible for the storage and use of the myID Machine Certificate including all transactions and communications carried out under or using it.

The Organisation and the MCA must ensure that the myID Machine Certificate is not used for any unlawful or improper purpose.

The Organisation represents and warrants that the MCA has full authority to manage the use of the myID Machine Certificate on the Organisation’s behalf.

The Organisation and the MCA permit the myID CA to (and to authorise others to) publish information relating to the myID Machine Certificate, the Organisation and the MCA for the purposes of myID System and as indicated in the CP – Machine and CPS.

All intellectual property rights in the myID Machine Certificate are owned by (the myID CA as custodian for) the Commonwealth of Australia. The MCA and the Organisation may only reproduce, publish and transmit the myID Machine Certificate (in unaltered form) for the purposes of its use in accordance with the CPS, the CP – Machine and these Terms of use – Machine.

Responsibilities in relation to the myID Machine Certificate

The MCA and the Organisation must not:

  • disclose the password for the myID Machine Certificate to any other person
  • store the myID Machine Certificate in a keystore to which any person may have unauthorised access
  • otherwise allow, grant, permit or enable any person to use the myID Machine Certificate other than under their authority.

The MCA and the Organisation must promptly advise the myID CA if:

  • the MCA is no longer authorised to manage the use of the myID Machine Certificate on the Organisation’s behalf
  • it becomes aware of any unauthorised use of the myID Machine Certificate
  • the security of the myID Machine Certificate or its password has been compromised.

Cancellation of the myID Machine Certificate

The circumstances under which the myID CA may revoke the myID Machine Certificate are described in the CP – Machine and the CPS.

The myID Machine Certificate must not be used for any purpose after it has been cancelled.

Warranty and Indemnity

Except as set out in these Terms of use – Machine, the CP – Machine or the CPS, the myID CA gives no implied or express warranties in relation to the myID Machine Certificate or its use. All statutory warranties are to the fullest extent permitted by law expressly excluded.

The Organisation indemnifies the myID CA against any loss arising from:

  • any failure by it (or the MCA) to ensure the safety and integrity of the myID Machine Certificate and its password
  • any use of the myID Machine Certificate otherwise than in accordance with these Terms of use – Machine
  • any wilful, negligent or unlawful act or omission by it (or the MCA) in relation to the use of the myID Machine Certificate.

The Organisation’s liability under this indemnity is reduced to the extent that any wilful, negligent or unlawful act or omission by the myID CA has contributed to its loss.

A reference in this clause to the myID CA includes a reference to the myID CA, the myID Root Certification Authority, myID Registration Authority, the Registrar, the Commonwealth, and their respective officers, employees and agents.

General

The CP – Machine and the CPS sets out how disputes between the persons referred to in these Terms of use – Machine are to be resolved.

Words that are defined in the CP – Machine or CPS have the meaning set out in the CP – Machine or CPS unless they are otherwise defined in these Terms of use – Machine.

These Terms of use – Machine are governed by, and are to be construed in accordance with, the laws for the time being in force in the Australian Capital Territory.

Glossary

Glossary of terms
Term Definition
ABN See Australian Business Number.
Australian Business Number An Australian Business Number issued in accordance with the A New Tax System (Australian Business Number) Act 1999.
Certificate

An electronic document, signed by the Certification Authority which:

  • identifies a Subscriber by way of a Distinguished Name
  • binds the Subscriber to a Key Pair by specifying the Public Key of that Key Pair
  • contains the information required by the Certificate Profile.
Certificate Holder The individual who manages the use of a Digital Certificate on behalf of the Organisation identified in that certificate. The Certificate Holder is the MCA.
Certificate Policy (CP) A named set of rules applying to, and providing policy and operational guidance on the deployment and use of a Certificate issued by a Certification Authority (CA).
Certification Authority (CA) An entity that issues and digitally signs Certificates using the entities Private Key.
Certification Practice Statement (CPS) 

A statement of the practices that a Certification Authority (CA) employs in managing the digital Certificates it issues (this includes the practices that a Registration Authority employs in conducting registration activities on behalf of that Certification Authority).

These statements will describe the PKI certification framework, mechanisms supporting the application, insurance, acceptance, usage, suspension/revocation and expiration of digital Certificates signed by the CA, and the CA’s legal obligations, limitations and miscellaneous provisions.
Certificate Store Storage location for certificates on a computer or device.
Credential Refers to the Machine Certificate.
Machine Certificate A Machine Certificate that identifies a Machine in its Subject Distinguished Name field.
Machine Credential Administrator (MCA) The individual responsible for managing the use of a given myID Machine Certificate on behalf of the Organisation Entity identified in that certificate. To be a MCA the individual must be the Certificate Holder of a myID User Certificate. The MCA is also the Certificater Holder.
myID Machine Certificate The name given at the time the certificate was issued by the Certificate Authority.
Organisation  A legal entity that has, or is entitled to have, an ABN.
Private Key The Private Key in asymmetric Key Pair that must be kept secret to ensure confidentiality, integrity, authenticity and non-repudiation, as the case may be.
Public Key Infrastructure (PKI)  The combination of hardware, software, people, policies and procedures needed to create, manage, store and distribute Keys and digital Certificates based on public Key cryptography.
Subject Distinguished Name A field in a digital Certificate that uniquely identifies the individual (or, in the case of a Machine Certificate, the Machine) associated with the Private Key for that certificate.