The following outlines the various technologies employed to successfully connect with the IRD Digital Transformation system. Tandem NZ is well versed on what is required and how to implement a successful connection between any system and the IRD system.
PayDay Reporting Implementation
This document is intended to provide the technical details required to consume the IR gateway services such as Identity and Access/Authentication and Authorisation services, Employment services, and Return services offered by Inland Revenue Department(IRD).
Inland Revenue offers a set of external facing web services that facilitate secure and efficient business interactions between itself and its customers/service providers. IRD gateway services will allows its customers to submit and retrieve payroll obligation data electronically through this gateway.
Inland Revenue implemented the following suite of gateway services,
Identity and Access Services
Inland Revenue established a new set of Identity and Access Services that will provide its customers with authentication and authorization mechanisms for accessing IR’s new Gateway services.
End-User Authentication Mechanism
The OAuth 2.0, industry-standard protocol, the process is used to authenticate end-users using their IR user ID and password and grant 3rd party software consent to access their information.
Inland Revenue imposes its customers/service providers to implement and use OAuth 2.0 mechanism in the client application the end-user will be using.
End-User Authorisation Mechanism
IRD generates its own Authorization Token once the end-user is authenticated successfully to identify the service requested IR customers and determines whether the privileges should be granted to the requested customer to access a specific resource in IR system.
Secure Communication
The connection between the Inland Revenue and its customers is always secured strongly. The protocol set used for a secure layer is SSL/TLS, this will create an encrypted link between IR and its customers so that any interaction that takes place between these two parties will always be encrypted and secured.
The protocol used by IR to establish secured layer connection is TLS 2.0.
Following are the Mechanisms, Technologies, Protocols, and Standards used in SSL/TLS Communication,
Encryption Mechanism
RSA, 256-bit encryption is a data/file encryption technique that uses a 256-bit key to encrypt and decrypt data or files, is an algorithm used in IR SSL/TLS communication to encrypt and decrypt messages.
It is an Asymmetric Cryptographic Algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography because one of them(public key) can be given to everyone/IR customers. The other key(private key) must be kept private with IR.
SSH Keys
IRD consumes the benefits facilitated by SSH keys. SSH, Secure Shell, is a cryptographic network protocol for operating network services securely over an unsecured network.
This mechanism is used in SFTP(Secure FTP) file transfers to identify the organisations sending/receiving files.
SSH keys need to be exchanged to authenticate both parties(IR and its customers).
Public Key Infrastructure(PKI)
IR Public Key Infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling IR users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
PKI facilitates the secure electronic transfer of information for a range of network activities between IR and its customers.
Digital Certificate: X.509
IR uses X.509 digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the specific user, computer or service identity contained within the certificate.
An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued the certificate.
Consumer Services :
Inland Revenue has a set of services including ES(Employment Activities services) and EI(Return Filing services) that allows customers to submit and retrieve payroll obligation data electronically through the IR provided gateway services.
Technologies Used in Implementation of PayDay Reporting Application:
The Frameworks and Technologies that are used in the payday reporting application implementation as follows,
The latest version of Microsoft .NET Framework Platform
ASP .NET MVC Framework with MVVM Pattern Enabled
C# .NET, Microsoft highly recommended .NET Supported Language
SQL Server, Database
Bootstrap, CSS3, JQuery
UMBRACO, Content Management Services(CMS)
Mandrill, Email Services
Talk to Tandem NZ about your integration with IRD systems or any Government system.