Tandem NZ, a digital solutions company from Christchurch have successfully integrated Inland Revenue’s platform with that of other accounting and payroll agencies online.
They employed various technologies to successfully connect with IRD’s Digital Transformation system. The entire project took about 6 months to implement and released to the general public.
Inland Revenue offers a set of external facing web services that facilitate secure and efficient business interactions between itself and its customers/service providers. IRD gateway services allow its customers to submit and retrieve payroll obligation data electronically through this gateway.
In order to get it to work, Inland Revenue implemented the following suite of gateway services:
Inland Revenue established a new set of Identity and Access Services that provides its customers with authentication and authorization mechanisms for accessing IR’s new Gateway services.
End-user Authentication Mechanism
The OAuth 2.0, industry-standard protocol, the process is used to authenticate end-users using their IR user ID and password and grant 3rd party software consent to access their information.
Inland Revenue imposes its customers/service providers to implement and use OAuth 2.0 mechanism in the client application the end-user will be using.
End-user Authorisation Mechanism
IRD generates its own Authorization Token once the end-user is authenticated successfully to identify the service requested by IR customers and determines whether the privileges should be granted to the requested customer to access a specific resource in IR system.
The connection between the Inland Revenue and its customers is secured strongly. The protocol set used for a secure layer is SSL/TLS, this creates an encrypted link between IR and its customers so any interaction that takes place between these two parties will always be secured.
The protocol used by IR to establish a secured layer connection is TLS 2.0.
Following were the mechanisms, technologies, protocols, and standards used in SSL/TLS Communication:
RSA, 256-bit encryption is a data/file encryption technique that uses a 256-bit key to encrypt and decrypt data or files, is an algorithm used in IR SSL/TLS communication to encrypt and decrypt messages. It is an Asymmetric Cryptographic Algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography because one of them (public key) can be given to every IR customers. The other key (private key) is kept private with IR.
IRD consumes the benefits facilitated by SSH keys. SSH, Secure Shell, is a cryptographic network protocol for operating network services securely over an unsecured network.
This mechanism is used in SFTP(Secure FTP) file transfers to identify the organisations sending/receiving files.
SSH keys need to be exchanged to authenticate both parties(IR and its customers).
Public Key Infrastructure (PKI)
IR Public Key Infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling IR users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
PKI facilitates the secure electronic transfer of information for a range of network activities between IR and its customers.
Digital Certificate: X.509
IR uses X.509 digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the specific user, computer or service identity contained within the certificate.
An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued the certificate.
Inland Revenue has a set of services including ES (Employment Activities Services) and EI (Return Filing Services) that allows customers to submit and retrieve their payroll data electronically through the IR provided gateway services.
The Frameworks and Technologies that are used in the payday reporting application implementation as follows:
Additional to integrating IRD to all online platforms in order to streamline the process, Tandem NZ has also successfully integrated other systems including banking express, chatbots, automated emails, vehicle check, SaaS accounting systems, and more.