The AEAT 24-hour PIN system has been developed based on the “Disposition 18763 of the BOE no. 287 of 2011 - BOE-A-2011-18763“. Specifically in point one, section 3.c developed in Annex III of the provision. We make an excerpt from these sections:
“First.
Approval of identification and authentication systems other than the advanced electronic signature to interact electronically with the Tax Agency.
1.Citizens can use to interact electronically with the Tax Agency through the channels that are available at any time. electronic identification and authentication systems other than the advanced electronic signature of those mentioned in article 13.2.c) of Law 11/2007, of 22 June, on electronic access of citizens to Public Services, and development regulations, such such as the use of agreed keys in a previous registration as a user, input of information known to both parties or other non-cryptographic systems, in the terms established in this Resolution. In particular, citizens may use the systems mentioned in this Resolution to provide, consult, confirm or modify information, draft proposals submitted or made available by the Tax Agency, in the terms and conditions that, where appropriate, may be established in the regulations specifically applicable to the specific procedure or procedure.
2.Pursuant to the principle of proportionality set out in Article 4 of Law 11/2007, the identification and authentication systems described in this Resolution will offer guarantees and security measures appropriate to the nature and circumstances of the procedures and actions for which it is authorized. the use of those.
3. The use by citizens of the following electronic identification and authentication systems other than the advanced electronic signature is approved, the description and specific guarantees of operation of which are contained in Annexes I, II and III
of this Resolution:
a) Signature system with key or reference number.
b) Signature system with information known to both parties.
c) Signature system with access code in a previous registration as a user.
(···)
ANNEX III
Signature system with access code in a previous registration as a user
I.Description of the system
The system is based on the registration by the citizen in a register of users, for which he will fill out a form provided for that purpose by the Tax Agency. Once registered, the Agency will provide the citizen with a code and an access key. The user will be able to manage said key at any time. Through the code and the access key, the citizen will be able to access electronically, through the channels that are available at any time, the procedures and actions determined for those who have enabled this system, which will not be able to involve access or consultation of personal data beyond those of the procedure and identification of the interesado to which said procedure or action was referred.
The validity of the system may be temporarily limited depending on the deadlines associated with the procedures or actions for which its use has been determined.
The use of the system described by the citizen will imply consent for its use as an electronic signature system.
When the action taken by the citizen involves the submission of electronic documents using any of the signature systems provided for in this Resolution, the Tax Agency will automatically generate an acknowledgment of receipt or presentation receipt, in the terms indicated in the Resolution of 28 of December 2009, of the Presidency of the State Tax Administration Agency, which creates the electronic headquarters and regulates the electronic records of the State Tax Administration Agency.
II. Operating guarantees
In accordance with the principles of security and proportionality, the system described in the previous section adequately guarantees its operation in accordance with the criteria of integrity, confidentiality, authenticity and non-repudiation provided for in Law 11/2007 and development regulations. Confidentiality, authenticity and non-repudiation are they guarantee by means of the exclusive knowledge on the part of the citizen and the Tax Agency of the code and the key of access to said registry, and in his case, of the data provided by the citizen in the form of registration in the registry.
When the action taken by the citizen involves the submission of electronic documents using any of the signature systems contemplated in this Resolution, the integrity of the information submitted will be guaranteed by its immediate incorporation into the information system of the Tax Agency, and in particular, the Catalog of electronic documents, in accordance with the provisions of the Resolution of February 4, 2011, of the Presidency of the Tax Agency, on the use of a secure verification code. The integrity and preservation of the electronic documents stored in the Catalog and its mandatory associated metadata will be guaranteed through technical measures to ensure their unalterability. The acknowledgment of receipt issued by the Tax Agency and signed with its own secure verification code or CSV will be the document with probative value of the submission made. The integrity of the electronic documents authenticated by CSV may be verified through direct and free access to the Tax Agency's electronic office, as long as the destruction of said documents is not agreed in accordance with the applicable regulations or by court decision.
The security of the system is reinforced by the limitation regarding the procedures or actions for which it can be used, not being possible to use outside of said scope, nor allowing the access or consultation of personal data beyond those of the procedure and identification of the interesado to what was referred to said procedure or action. The system will not allow access or the electronic signature through incorrect, invalid or invalid data or access codes that are not valid at the time of use.”
