1 Page de signatures électroniques / Electronic Signatures Page Information Documentaire / Document Information Titre / Title : Auteur / Author : Reference : This document has been digitally signed and timestamped. To verify signatures validity, please refer to procedure and tools available on web site By default, signatures validity is unknown. The? icon is present on each signature. After verification, the? icon disappears if signature is valid. Last product update: july Tous droits réservés Thales Alenia Space All rights reserved
2 Page laissée blanche intentionnellement Blank page intentionally left Tous droits réservés Thales Alenia Space All rights reserved
3 01/07/2006 ISSUE : 02 PAGE : 1 Total Pages : 52 THALES ALENIA SPACE CENTRALIZED SIGNATURE: CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Rédigé par/written by E. GENOTELLE Approbation/Approved TAS PKI Manager Responsabilité-Service-Société Responsibility-Office-Company E. BOURDEAU IS/ES R. ROSSIGNOL IS/IT Security PL. NAUT IS/ES/PS G. MAIONE Quality Entité Emettrice : DSI / SI/P (détentrice de l original) : GED LA TRACE DE VALIDATION EST DONNEE PAR LE WORKFLOW GED
4 ISSUE : 02 PAGE : 2 ENREGISTREMENT DES EVOLUTIONS / CHANGE RECORDS ISSUE DATE : DESCRIPTION DES EVOLUTIONS : CHANGE RECORD REDACTEUR AUTHOR 01 10/12/2004 First issue Genotelle 02 01/07/2006 Taking into account Thales Alenia Space organization Genotelle Certificate hash algorithm is now SHA-1 03 Thales Alenia Space H. DERREY
5 ISSUE : 02 PAGE : 3 TABLE DES MATIERES / TABLE OF CONTENTS 1. OBJET / OBJECT DOMAINE D'APPLICATION / APPLICABILITY TERMINOLOGIE ET DOCUMENTATION / TERMINOLOGY AND DOCUMENTATION DOCUMENTS APPLICABLES / APPLICABLE DOCUMENTS DOCUMENTS DE REFERENCE / REFERENCE DOCUMENTS TERMINOLOGIE / TERMINOLOGY ABREVIATIONS / ABBREVIATIONS CONVENTIONS INTRODUCTION OVERVIEW NEEDS AND CONSTRAINTS OVERVIEW TASCS PRINCIPLES ET ARCHITECTURE OVERVIEW IDENTIFICATION COMMUNITY AND APPLICABILITY Certification authorities Registration authorities End entities Applicability CONTACT DETAILS Specification administration organization Contact person Person determining CPS suitability for the policy GENERAL PROVISIONS [PROV] OBLIGATIONS CA obligations RA obligations Subscriber obligations Relying party obligations Repository obligations TASCS Service obligations LIABILITY CA liability RA liability FINANCIAL RESPONSIBILITY INTERPRETATION AND ENFORCEMENT Governing law Severability, survival, merger, notice Dispute resolution procedures FEES Certificate issuance or renewal fees Certificate access fees Revocation or status information access fees Fees for other services such as policy information Refund policy PUBLICATION AND REPOSITORY Publication of CA information Frequency of publication... 21
6 ISSUE : 02 PAGE : Access controls Repositories COMPLIANCE AUDIT Frequency of entity compliance audit Identity/qualifications of auditor Auditor's relationship to audited party Topics covered by audit Actions taken as a result of deficiency Communication of results CONFIDENTIALITY Types of information to be kept confidential Types of information not considered confidential Disclosure of certificate revocation/suspension information Release to law enforcement officials Release as part of civil discovery Disclosure upon owner's request Other information release circumstances INTELLECTUAL PROPERTY RIGHTS IDENTIFICATION AND AUTHENTICATION [AUTH] INITIAL REGISTRATION Types of names Need for names to be meaningful Rules for interpreting various name forms Uniqueness of names Name claim dispute resolution procedure Recognition, authentication and role of trademarks Method to prove possession of private key Authentication of organization identity Authentication of individual identity AUTHENTICATION FOR RENEWAL AFTER PERIOD OF VALIDITY (ROUTINE REKEY) REKEY AFTER REVOCATION REVOCATION REQUEST OPERATIONAL REQUIREMENTS [OPER] CERTIFICATE APPLICATION CERTIFICATE ISSUANCE CERTIFICATE ACCEPTANCE CERTIFICATE SUSPENSION AND REVOCATION Circumstances for revocation Who can request revocation Procedure for revocation request Revocation request grace period Circumstances for suspension Who can request suspension Procedure for suspension request Limits on suspension period CRL issuance frequency CRL checking requirements On-line revocation/status checking availability On-line revocation checking requirements Other forms of revocation advertisements available Checking requirements for other forms of revocation Advertisements... 31
7 ISSUE : 02 PAGE : Special requirements rekey compromise SECURITY AUDIT PROCEDURES Types of event recorded Frequency of processing log Retention period for audit log Protection of audit log Audit log backup procedures Audit collection system (internal vs external) Notification to event-causing subject Vulnerability assessments RECORDS ARCHIVAL Types of event recorded Retention period for archive Protection of archives Archive backup procedures Requirements for time-stamping of records Archive collection system (internal or external) Procedures to obtain and verify archive information KEY CHANGEOVER COMPROMISE AND DISASTER RECOVERY Computing resources, software, and/or data are corrupted Entity public key is revoked Entity key is compromised Secure facility after a natural or other type of disaster CA TERMINATION PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS [PSEC] PHYSICAL CONTROLS Site location and construction Physical access Power and air conditioning Water exposures Fire prevention and protection Media storage Waste disposal Off-site backup PROCEDURAL CONTROLS Trusted roles Number of persons required per task Identification and authentication for each role PERSONNEL CONTROLS Background, qualifications, experience, and clearance requirements Background check procedures Training requirements Retraining frequency and requirements Job rotation frequency and sequence Sanctions for unauthorized actions Contracting personnel requirements Documentation supplied to personnel TECHNICAL SECURITY CONTROLS [TSEC] KEY PAIR GENERATION AND INSTALLATION Key pair generation Private key delivery to entity... 41
8 ISSUE : 02 PAGE : Public key delivery to certificate issuer CA public key delivery to users Key sizes Public key parameters generation Parameter quality checking Hardware/software key generation Key usage purposes PRIVATE KEY PROTECTION Standards for cryptographic module Private key (n out of m) multi-person control Private key escrow Private key backup Private key archival Private key entry into cryptographic module Method of activating private key Method of deactivating private key Method of destroying private key OTHER ASPECTS OF KEY PAIR MANAGEMENT Public key archival Usage periods for the public and private keys ACTIVATION DATA Activation data generation and installation Activation data protection Other aspects of activation data COMPUTER SECURITY CONTROLS Specific computer security technical requirements Computer security rating LIFE CYCLE TECHNICAL CONTROLS System development controls Security management controls Life cycle security ratings NETWORK SECURITY CONTROLS CRYPTOGRAPHIC MODULE ENGINEERING CONTROLS CERTIFICATE AND CRL PROFILES [PROF] CERTIFICATE PROFILE Version Certificate extensions Algorithm object identifiers Name forms no stipulation Name constraints Certificate policy Object Identifier Usage of Policy Constraints extension Policy qualifiers syntax and semantics Processing semantics for the critical certificate policy extension CRL PROFILE Version number(s) CRL and CRL entry extensions SPECIFICATION ADMINISTRATION [SPEC] SPECIFICATION CHANGE PROCEDURES Items That Can Change Without Notification Changes With Notification PUBLICATION AND NOTIFICATION POLICIES...52
9 ISSUE : 02 PAGE : CPS APPROVAL PROCEDURES...52 LISTE DES FIGURES / LIST OF FIGURES Figure 1: TASCS architecture overview Figure 2 Method of activating private key... 45
10 ISSUE : 02 PAGE : 8 1. OBJET / OBJECT In order to provide a digital signature system integrated to its document management systems, Thales Alenia Space has decided to deploy a Public Key Infrastructure. The deployment of any public key infrastructure requires the definition of a certificate policy and a certification policy statement. This document describes the principles of the Thales Alenia Space signature Certification Policy in order to highlight the rights, duties, commitments and responsibilities of each members involved in PKI. This document is based on RFC 2527 document model. 2. DOMAINE D'APPLICATION / APPLICABILITY Tous sites Cannes Kourou Nanterre Toulouse Valence 3. TERMINOLOGIE ET DOCUMENTATION / TERMINOLOGY AND DOCUMENTATION 3.1 DOCUMENTS APPLICABLES / APPLICABLE DOCUMENTS Id Référence Issue Titre TI1 REF-ASPI-TI-1-F 2/- DIRECTIVE RELATIVE AU PROCESSUS TRAITEMENT DE L'INFORMATION TI2 REF-ASPI-TI-2-F 2/- LE PROCESSUS TRAITEMENT DE L'INFORMATION GEDSIG-SP TIGED-ASP-SP-16 1/- GEDSIG SPECIFICATIONS GEDPKI-SP GED-ASP-SP-979 1/- GEDPKI SPECIFICATIONS 3.2 DOCUMENTS DE REFERENCE / REFERENCE DOCUMENTS Id Référence Issue Titre RFC1321 RFC 1321 The MD5 Message-Digest Algorithm RFC2459 RFC 2459 Internet X.509 Public Key Infrastructure RFC2527 RFC2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework X501 X.501 ITU-T Recommendation X.501: Information Technology - Open Systems Interconnection - The Directory: Models, X509 X.509 ITU-T Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, June 1997.
11 ISSUE : 02 PAGE : TERMINOLOGIE / TERMINOLOGY Activation Data Private data, other than keys, that are required to access cryptographic modules. Authority A list of revoked sub-cas and CAs Certificates published by the current Revocation List Thales Alenia Space Root CA. (ARL) Certificate A digital certificate is a signed data structure that binds one or more attributes of an entity with its corresponding public key. By being signed by a recognized and trusted authority (i.e. the Certification Authority) a digital certificate provides assurance that a particular public key belongs to a specific entity (and that the entity possesses the corresponding private key). The certificate format is in accordance with ITU Recommendation X.509. Certificate are documents that define the rules, procedures and practices to be Policies (CP) and employed in the use, administration and management of certificates within Certification a PKI environment. The CP contains rules and obligations to be fulfilled. Practice The CPS describes the concrete processes implemented to respect these Statements (CPS) rules. Certificate Revocation List (CRL) Certification Authority (CA) Certification Authorization Certificate repository Cross-Certificate Data Integrity Department Digital Signature A list maintained by a Certification Authority of the certificates which it has issued that have been revoked before their natural expiry time. Certification Authorities are the people, processes and tools responsible for the creation, issue and management of public-key certificates used within a PKI. Authorization for a Subscriber to request an Thales Alenia Space Certificate. A database or other storage component, which is accessible to all users of a PKI, within which public-key certificates, certificate revocation information and policy information can be held. A certificate used to establish a trust relationship between two Certification Authorities. Each CA certifies the public key of the other CA and trusts the certificates that have been issued by the other CA as its own issued certificates. Assurance that the data are unchanged from creation to reception. A department is a subset of any organization identified by Thales Alenia Space HQ. The result of a transformation of a message by means of a cryptographic system using keys such that a person who has the initial message can determine: - Whether the transformation was created using the key that corresponds to the signer s key and
12 ISSUE : 02 PAGE : 10 - Whether the message has been altered since the transformation was made Employee End-Entity Entity FIPS Issuing CA ITSEC Key Pair MD5 Object Identifier (OID) Organization PIN Policy Policy (PA) Private Key Public Key Authority Public Key Infrastructure (PKI) PKI client software PKI-enabled applications An employee is any person employed by an Thales Alenia Space unit. An Entity that uses the keys and Certificates created within the PKI for purposes other than the management of these keys and Certificates. An End-Entity may be a Subscriber or a Relying-Party. Any autonomous element within the Public Key Infrastructure. This may be a CA, an RA or an End-Entity. Federal Information Processing Standards. In the context of a particular certificate, the issuing CA is the CA that signed and issued the certificate. Information Security Technology Evaluation Criteria a Public Key and the corresponding Private Key One of the message digest algorithms developed by RSA Data Security, Inc. The unique alphanumeric/numeric identifier registered according to the ISO registration standard to reference a specific object or object class. In the Thales Alenia Space PKI it is used to identify uniquely each of the 2 policies and cryptographic algorithms supported. An Thales Alenia Space organization identified by Thales Alenia Space HQ. Personal Identity Number a secret code that can be used as activation data Certificate Policies and Certification Practice Statements are policy documents that define the procedures and practices to be applied in the use, the administration and the management of certificates within a PKI. An Thales Alenia Space body responsible for setting, implementing, and administering policy decisions regarding CP and CPS throughout the Thales Alenia Space PKI. The key kept secret by its owner. Associated with the corresponding Public Key within a Key Pair. The key is included in the Certificate and is published. Matching with its Private Key to form a Key Pair. A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and keys. Client-side software required to ensure that PKI-entities are able to make full use of the key and digital certificate management services of a PKI (e.g. key creation, automatic key update and refreshment) Software applications which have been modified to enable their use within a PKI. Typically this involves modifying an application so that it becomes compatible with the use of digital certificates (e.g. to authenticate a remote user and authenticate itself to a remote user)
13 ISSUE : 02 PAGE : 11 PKI Operator System A person with the following roles: - Configuration and maintenance of the CA system hardware and software, - Configuration of CA Security policies, - Commencement and cessation of CA services PKI Administrator with the following roles : - Management of the Subscriber initialization process - Creation, renewal or revocation of certificates - Distribution of tokens (where applicable) Registration Authority (RA) Relying Party Root CA Routine Rekey SHA-1 Sponsor Sub CA Subscriber Trusted CA Registration Authorities are the people, the processes and the tools that are responsible for authenticating the identity of new entities (users or computing devices) requiring certificates from CAs. They act as agents of CAs (and can carry out some of the functions of a CA if required). Entity trusting the Certificates signed by the Thales Alenia Space Internal CA to, but not limited to, authenticate Digital Signatures, to check documents integrity or to encrypt communications to the Certificate subject. The self signed CA signing the sub CAs (for instance the Internal or B to B CA) Certificates. Procedure which is used to generate a new key-pair for an entity as the previous key-pair is about to expire.. One of the message digest algorithms In the Thales Alenia Space PKI, a sponsor is a department or an employee s manager that has nominated a specific individual or organization to be issued with a certificate. A CA, which Certificate is signed by the Root CA Private Key. Individual or application to whom the CA has issued a signature A CA recognized by the Thales Alenia Space Internal CA as issuing Certificates respecting satisfying standards of quality and security. 3.4 ABREVIATIONS / ABBREVIATIONS ARL CA CMA CPS CRL DMS DN DSA I&A LDAP ISO OID PKI Authority Revocation List Certification Authority Certificate Manufacturing Authority Certification Practice Statement Certificate Revocation List Document Management System Distinguished Name Digital signature algorithm Identification and Authentication Lightweight Directory Access Protocol International Standards Organization Object Identifier Public Key Infrastructure
14 ISSUE : 02 PAGE : 12 PMA Policy Management Authority RA Registration Authority X.500 The ITU-T (International Telecommunication Union-T) standard that establishes a distributed, hierarchical directory protocol organized by country, region, Organization, etc. 3.5 CONVENTIONS Paragraphs preceded by symbol "F" gives information of how to satisfy requirements specified just above. 4. INTRODUCTION 4.1 OVERVIEW This document contains the rules governing the use of Thales Alenia Space centralized signature certificates among those parties involved in the Public Key Infrastructure described by this policy, namely PKI service provider and end entities. PKI Service Provider is consisted of : Policy Management Authority, Issuing Certification Authorities, Registration Authorities and Repositories End Entities are consisted of : Certificate Holders and Authorized Relying Parties This document describes the roles, responsibilities, and relationships of the PKI Service Providers and End Entities (collectively Participants ), and the rules and requirements for the issuance, acquisition, management, and use of TASCS Certificates to verify Digital Signatures. This document also describes the practices TASCS follows in issuing and managing certificate, and to inform potential users of TASCS certificates about what they need to know prior to relying on TASCS-issued certificates. 4.2 NEEDS AND CONSTRAINTS OVERVIEW Thales Alenia Space provides to all its employees a service allowing to digitally sign very easily electronic documents. This signature service, called Thales Alenia Space Centralized Signature (TASCS) service shall be integrated to Thales Alenia Space business tools, such as its document management system.
15 ISSUE : 02 PAGE : 13 This signature service must be very simple to deploy, to maintain, to administrate and to use, taking into account the large employees number. The TASCS must be implemented with the international norms representing state of the art. 4.3 TASCS PRINCIPLES ET ARCHITECTURE OVERVIEW Digital signature relies on X.509 certificates delivered by a PKI. Because classical certificate enrollment process may be tedious for this purpose and not satisfy Thales Alenia Space requirements, TASCS service relies on a PKI called TASCS PKI, issuing automatically and centralizing certificates for all Thales Alenia Space users according to TAS common directory (SIPRO). Thales Alenia Space SIPRO users SIPRO Thales Alenia Space Centralized Signature CA Thales Alenia Space Centralized Signature Service Secure Certificate Store Thales Alenia Space DMS users DMS Figure 1: TASCS architecture overview When signing, users do not have to request a certificate, nor have a specific signature tool. The TASCS service relies on a dedicated PKI, named TASCS (Thales Alenia Space Centralized Signature) PKI, automatically creating and renewing certificates and keys for all Thales Alenia Space internal users. When creating certificates, TASCS CA gets information on users (name, address, status, ) from the TAS common directory (SIPRO). SIPRO is updated by human resource team. It is supposed to contain the most up-to-date and reliable information.
16 ISSUE : 02 PAGE : 14 TASCS CA stores users certificates and keys in a secure certificate store. This store is only accessed by TASCS service that uses keys only when signing a document after authenticating the users for each signature apposition. 4.4 IDENTIFICATION An Object IDentifier (OID) will be included upon identification by the Policy Authority. 4.5 COMMUNITY AND APPLICABILITY This certificate policy has satisfied the general public key certificate needs and constraints of Thales Alenia Space for digital signature Certification authorities A CA operating under this policy is responsible for: Creating and Signing certificates binding Subscribers with their digital signature keys, Promulgating certificate status through CRLs, Ensuring adherence with this certificate policy. A CA ensures that there is at least one Certificate and CRL repository associated with this policy Registration authorities As far as certificates are automatically created for users (cf. 4.3), there is no RA. This section is not applicable End entities Subscribers within TASCS PKI are issued to Thales Alenia Space users referenced and activated in Thales Alenia Space Common directory (SIPRO). TASCS service is available from Thales Alenia Space site Applicability This CPS applies to all TASCS PKI participants, including Thales Alenia Space users, customers, resellers and relying parties involved in document signature process.
17 ISSUE : 02 PAGE : 15 TASCS certificates are only used for digital signature. Applications using these certificates are: TASCS service for signature apposition signature verification tools 4.6 CONTACT DETAILS Specification administration organization The Thales Alenia Space Corporate Information System Security Officer (ISSO) is responsible for this document and for applying this CP and CPS Contact person The contact person for this policy is the Thales Alenia Space ISSO Person determining CPS suitability for the policy The Thales Alenia Space ISSO is responsible for determining CPS suitability for this policy. 5. GENERAL PROVISIONS [PROV] 5.1 OBLIGATIONS CA obligations Reference PKI-SP0007-PROV-001 : A CA will operate in accordance with its Certificate Practice Statement (CPS), with this Certificate Policy (CP), and with Thales Alenia Space standards when issuing and managing the keys. Reference PKI-SP0007-PROV-002 : The CA will ensure that the RA operating on its behalf will comply with the relevant provisions of this CP concerning the operation of RA. Reference PKI-SP0007-PROV-003 : A CA shall take all reasonable measures to ensure that Subscribers are aware of their respective rights and obligations regarding the operation and management of any keys, certificates, or End- Entity hardware and software used in connection with the PKI. Reference PKI-SP0007-PROV-004 : A CA must:
18 ISSUE : 02 PAGE : 16 Publish this document, Have in place mechanisms and procedures to ensure subscribers are aware of and agree to abide by the stipulations in this document Ensure that its certification services are in accordance with this document Notification of revocation of certificates Reference PKI-SP0007-PROV-005 : A CA must make CRLs available to a Subscriber or Relying Party in accordance with Section Accuracy of representations Reference PKI-SP0007-PROV-006 : A CA will provide to each Subscriber notice of the Subscriber s rights and obligations under this Certificate Policy. Such notice will include a description of the permitted uses of certificates issued under this CP, the Subscriber s obligations concerning key protection, and procedures for communication between the Subscriber and the RA, including communication of changes in service delivery or changes to this policy. Such notice will also indicate procedures to address suspected key compromise, certificate or key renewal, service cancellation, and resolution of disputes. F At certificate generation time, the CA takes information from TAS common directory (SIPRO) which contains the most reliable information on Subscribers (first name, last name, address, status). SIPRO is updated every day with information coming from Human Resource management tool. The CA checks every day the validity of the Subscriber information. It compares information from TAS common directory and the generated certificates. The checked information are information in certificate subject of the subscriber (cf. 10.1). If there is a difference, CA automatically renews the certificate for this user. Reference PKI-SP0007-PROV-007 : A CA will ensure that any notice includes a description of a Relying Party s obligations with respect of use, verification, and validation of certificates Time between request for a certificate and the issue thereof Not applicable.
19 ISSUE : 02 PAGE : Revocation and renewal of certificates Reference PKI-SP0007-PROV-008 : A CA will ensure that procedures concerning the expiry, revocation, or re-issue of a certificate will be compliant with the relevant provisions of this CP and will be expressly stated in its CPS, the Subscriber Agreement, or any other applicable document outlining the terms and conditions of the certificate use. Reference PKI-SP0007-PROV-009 : A CA will also ensure that notice of revocation of a certificate will be posted to the CRL within the time limits stated in and The address of the CRL must be defined in the certificate Protection of private keys Reference PKI-SP0007-PROV-010 : A CA will ensure that its private keys and its activation data are protected in accordance with Sections 4 and 9. Reference PKI-SP0007-PROV-011 : A CA will ensure that the private keys that it holds or stores, and the activation data are protected in accordance with Sections 7 and 9. Reference PKI-SP0007-PROV-012 : A CA will ensure that any private keys for the confidentiality of a Subscriber that have been backed-up or archived are protected in accordance with Section Restrictions on the use of an issuing CA's private key Reference PKI-SP0007-PROV-013 : A CA will ensure that its certificate signing private key is used only to sign certificates and CRLs. A CA may issue certificates to Subscribers. A CA may also recognize other CAs when expressly authorized by the Thales PA RA obligations Not applicable.
20 ISSUE : 02 PAGE : Subscriber obligations Reference PKI-SP0007-PROV-014 : The Subscriber is obliged to enter into an agreement or abide by an acceptable use policy which outlines the terms and conditions of use of the certificates and keys, including permitted applications and purposes. This agreement may be read during signature process Accuracy of representations Not applicable Protection of subscriber private key and key token Not applicable Restrictions on use of private keys by subscribers Reference PKI-SP0007-PROV-015 : The Subscriber will use the keys and certificates only for the purposes authorized by this policy. F This requirement is conformed in so far as only TASCS service accesses subscriber private keys Notification if private keys are compromised Reference PKI-SP0007-PROV-016 : If a Subscriber suspects that a private key has been compromised, he or she must immediately notify the CA in the manner Relying party obligations The rights and the obligations of a Relying Party who is a member of this PKI are covered by this policy Use of certificates for appropriate purpose Reference PKI-SP0007-PROV-017 : Before using a Subscriber s certificate, a Relying Party must ensure that it is appropriate for the intended use.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT
Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
Fraunhofer Corporate PKI Certification Practice Statement Version 1.1 Published in June 2012 Object Identifier of this Document: 22.214.171.124.4.1.7126.96.36.199.1 Contact: Fraunhofer Competence Center PKI Fraunhofer
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
Dexia Root CA Certification Practice Statement Version 1.0 Version History Version Description Date Author 0.1 Initial Draft 17 September 2001 Jan Raes 0.2 Minor adaptation after review PA 16 October 2001
.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA) June 11, 2007 FINAL Version 1.6.1 FOR OFFICIAL USE ONLY SIGNATURE PAGE U.S. Government
Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Version 2.2 Document OID: 188.8.131.52.4.1.363184.108.40.206.2 February 2012 Contents
ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document
SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10
X.509 Certificate Policy for India PKI Version 1.4 May 2015 Controller of Certifying Authorities Department of Information Technology Ministry of Communications and Information Technology Document Control
TCS Server and Code Signing Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service TCS Server CAs, escience Server CA, and Code Signing CA Certificate Practice Statement Version 2.0
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...
CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,
phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a
VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities
American International Group, Inc. DNS Practice Statement for the AIG Zone Version 0.2 1 Table of contents 1 INTRODUCTION... 6 1.1 Overview...6 1.2 Document Name and Identification...6 1.3 Community and
Preface This Key Recovery Policy (KRP) is provided as a requirements document to the External Certification Authorities (ECA). An ECA must implement key recovery policies, procedures, and mechanisms that
[Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank
Metropolitan Police Service Enterprise PKI Root Certificate Authority, Certificate Policy Version 6.1 10 th February 2012 Version Control Issue Release Date Comments A 02/11/07 First draft release of CP
CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final
TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1
Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust
CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original
Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published
(CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...
Certification Practice Statement Internet Security Research Group (ISRG) Version 1.0 Updated May 5, 2015 Approved by ISRG Policy Management Authority Web Site: https://letsencrypt.org Page 1 of 11 Copyright
thawte Certification Practice Statement Version 2.3 Effective Date: July, 2006 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision
TC TrustCenter GmbH Certification Practice Statement NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification Practice Statement is published in conformance
Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)
The Boeing Company Boeing Commercial Airline PKI Basic Assurance CERTIFICATE POLICY Version 1.4 PA Board Approved: 7-19-2013 via e-mal PKI-233 BCA PKI Basic Assurance Certificate Policy Page 1 of 69 Signature
Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential
thawte Certification Practice Statement Version 3.7.5 Effective Date: 4 June, 2012 (All CA/Browser Forum-specific requirements are effective on July 1, 2012) thawte Certification Practice Statement 2012
Internet Security Research Group (ISRG) Certificate Policy Version 1.0 Updated May 5, 2015 Approved by ISRG Policy Management Authority ISRG Web Site: https://letsencrypt.org Page 1 of 83 Copyright Notice
SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized
Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority
Starfield Technologies, LLC Certificate Policy and Certification Practice Statement (CP/CPS) Version 3.8 April 15, 2016 i Starfield CP-CPS V3.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2
Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA
Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Prepared by: United States Patent and Trademark Office Public Key Infrastructure Policy Authority This page is intentionally
REVENUE ON-LINE SERVICE CERTIFICATE POLICY Document Version 1.2 Date: 15 September 2007 OID for this CP: 1.2.372.980003.1.1.1.1.1 No part of this document may be copied, reproduced, translated, or reduced
Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit
XN--P1AI (РФ) DNSSEC Policy and Practice Statement XN--P1AI (РФ) DNSSEC Policy and Practice Statement... 1 INTRODUCTION... 2 Overview... 2 Document name and identification... 2 Community and Applicability...
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Version 2 24 April 2013 (Portions of this document have been redacted.) Symantec Corporation 350 Ellis Street Mountain View,
Post.Trust Certificate Authority Certification Practice Statement CA Policy and Procedures Document Issue date: 03 April 2014 Version: 220.127.116.11 Release Contents DEFINITIONS... 6 LIST OF ABBREVIATIONS...
Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate
Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro
Tata Consultancy Services Limited Certifying Authority Certification Practice Statement IN SUPPORT OF PUBLIC KEY INFRASTRUCTURE SERVICES TCS-CA TRUST NETWORK DATE OF PUBLICATION: DECEMBER 2007 PROPOSED
2007-10-18 1 (46) TeliaSonera Root CA v1 Certificate Practice Statement Published by: TeliaSonera AB Company Information Created Modified Approved Valid from 2007-10-12 Reg. office: Printed Coverage Business
CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
Committee on National Security Systems CNSS Instruction No. 1300 October 2009 INSTRUCTION FOR NATIONAL SECURITY SYSTEMS PUBLIC KEY INFRASTRUCTURE X.509 CERTIFICATE POLICY Under CNSS Policy No. 25 National
Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate
DigiCert Certificate Policy and Certification Practice Statement DigiCert, Inc. Version 3.03 March 15, 2007 333 South 520 West Lindon, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com
Swiss Government Root CA II CP/CPS End-user Certificates Swiss Government PKI - Root CA II Certificate Policy and Certification Practice Statement (CP/CPS) Document OID: 2.16.718.104.22.168.21.1 Project Name:
Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark
X.509 Certification Practice Statement for the Australian Department of Defence Version 5.1 December 2014 Document Management This document is controlled by: Changes are authorised by: Defence Public Key
Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as
TC TrustCenter GmbH Certificate Policy for SAFE NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certificate Policy is published in conformance with international