Certification Practice Statement

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Certification Practice Statement"

Transcription

1 Certification Practice Statement Version 2.0 Effective Date: October 1, 2006

2 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark Notices ITRANS, ITRANS logo and equalifid are trade-marks of Continovation Services Inc. Other trade-marks and service marks in this document are the property of their respective owners. Without limiting the rights reserved above, and except as licensed below, no part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without prior written permission of Continovation Services Inc. Notwithstanding the above, permission is granted to reproduce and distribute this CSI Certification Practice Statement on a nonexclusive, royalty-free basis, provided that: (i) the foregoing copyright notice and the beginning paragraphs are prominently displayed at the beginning of each copy; and (ii) this document is accurately reproduced in full, complete with attribution of the document to Continovation Services Inc. Requests for any other permission to reproduce this CSI Certification Practice Statement (as well as requests for copies from CSI) must be addressed to Continovation Services Inc., 800 Industrial Avenue, Suite 11, Ottawa, Ontario K1G 4B8 Tel: Fax: Attn: Randy Baird, Manager Operations & CSO.

3 TABLE OF CONTENTS 1. Introduction Acronyms and Definitions Private Hierarchy Certification Authority Registration Authorities Subscribers and Certificate Application Contact Details General Provisions Obligations Liability Access to Repository Confidentiality and Privacy Release to Law Enforcement Officials Property Rights in Certificates and Revocation Information Identification and Authentication Initial Registration Authentication of CSI Identity as a CA CSI Authentication Process Rekey after Revocation Revocation Request Operational Requirements Certificate Applications Enrollment Details Issuance of Certificates Certificate Acceptance Certificate Suspension and Revocation Circumstances for Revocation CRL Issuance Frequency Certificate Revocation List Checking Requirements Security Audit Procedures Types of Events Recorded Frequency of Processing Log Retention Period for Audit Log Protection of Audit Log Audit Log Backup Procedures Audit Collection System Records Archival Disaster Recovery and Key Compromise Technical Security Controls Key Pair Generation and Installation ii -

4 8.2 Public Key Delivery to CSI Method of Activating Private Key Subscriber Private Keys Method of Deactivating Private Key Usage Periods for the Public and Private Keys Activation Data Specific Computer Security Technical Requirements Certificate and CRL Profile Certificate Profile Certificate Profile Basic Fields Profile iii -

5 1. Introduction This document is the Continovation Services Inc. ( CSI ) Certification Practice Statement ( CPS ). It states the practices that CSI uses in providing certification services, and governs the use of Certificates by all individuals and entities who subscribe for a Certificate issued by CSI ( Subscribers ). Please note that the capitalized terms in this CPS are defined terms with specific meanings. Please see Section 1.1 for a list of definitions and acronyms. CSI issues Certificates to Subscribers in a private hierarchy, which means that CSI digitally signs each Certificate. The root key pair used to create the CSI Certificate Authority (CA) certificate was generated by the Root CSI CA and signed by that same CA. CSI operates one or more Issuing CAs who s certificates are issued and signed by the Root CSI CA. The Issuing CAs publish CRLs, and sign and publish Subscriber Certificates. This CPS describes, among other things: (i) Obligations of CSI as the CA, Registration Authorities, Subscribers, and Relying Parties within the CSI Private Hierarchy; (ii) Summary of legal matters covered in Subscriber Agreements and Relying Party Agreements within the CSI Private Hierarchy; (iii) Methods used by CSI to confirm the identity of Certificate Applicants; (iv) Operational procedures for Certificate lifecycle services; (v) Physical and security practices of CSI; and (vi) Certificate and Certificate Revocation List content. 1.1 Acronyms and Definitions Acronyms CA Certificate Authority CPS Certificate Practice Statement CRL Certificate Revocations List CSR Certificate Signing Request PKI Public Key Infrastructure RA Registration Authority X.509 The ITU-T standard for Certificates and the authentication framework - 1 -

6 Definitions Certificate shall mean a message that, at least, states a name or identifies the CA, identifies the Subscriber, contains the Subscriber s public key, identifies the Certificate s Operational Period, contains a Certificate serial number, and is digitally signed by the CA. Certificate Applicant shall mean an individual or organization that requests the issuance of a Certificate by a Certification Authority. Certificate Application shall mean a request from a Certificate Applicant (or authorized agent of the Certificate Applicant) to a CA for the issuance of a Certificate. Certificate Chain shall mean an ordered list of Certificates containing an end-user Subscriber Certificate and CA Certificates, which terminates in a root Certificate. Certificate Revocation List shall mean a periodically (or exigently) issued list, digitally signed by a CA, of identified Certificates that have been revoked prior to their expiration dates. The list generally indicates the CRL issuer s name, the date of issue, the date of the next scheduled CRL issue, the revoked Certificates serial numbers, and the specific times and reasons for revocation. Certification Authority shall mean an entity authorized to issue, manage, revoke, and renew Certificates. Certification Practice Statement shall mean the practices that CSI employs in approving or rejecting Certificate Applications and issuing, managing, and revoking Certificates, and requires its Subscribers and Relying Parties to employ. The CPS may be amended from time to time and may be accessed at Nonverified Subscriber Information means any information submitted by a Certificate Applicant to a CA or RA, and included within a Certificate, that has not been confirmed by the CA or RA and for which the applicable CA and RA provide no assurances other than the information was submitted by the Certificate Applicant. Operational Period shall mean the period starting with the date and time a Certificate is issued (or on a later date and time if stated in the Certificate) and ending with the date and time on which the Certificate expires or is earlier revoked. Registration Authority shall mean an entity approved by a CA to assist Certificate Applicants in applying for Certificates, and to approve or reject Certificate Applications, revoke Certificates, or renew Certificates. Relying Party shall mean an individual or organization that acts in reliance on a Certificate and/or a digital signature

7 Relying Party Agreement shall mean an agreement used by a CA setting forth the terms and conditions under which an individual or organization acts as a Relying Party. In the context of this Relying Part Agreement, Relying Party Agreement means this document. Repository shall mean a database of Certificates and other relevant information accessible online. Subject means the holder of a private key corresponding to a public key. The term Subject can, in the case of organizational Certificate, refer to the equipment or device that holds a private key. A Subject is assigned a name which is bound to the public key contained in the Subject s Certificate. Subscriber shall mean in the case of an individual Certificate, a person who is the Subject of and has been issued, a Certificate. In the case of an organizational Certificate, an organization that owns the equipment or device that is the Subject of, and that has been issued, a Certificate. A Subscriber is capable of using, and is authorized to use, the private key that corresponds to the public key listed in the Certificate. Subscriber Agreement shall mean an agreement used by a CA or RA setting forth the terms and conditions under which an individual or organization acts as a Subscriber. 1.2 Private Hierarchy The community governed by this CPS is the CSI Private Hierarchy. The CSI Private Hierarchy Participants include: members of the healthcare community (including licensed provider members of the professions represented by: Canadian Dental Association, Opticians Association of Canada, and the Canadian Physiotherapists Association); non-licensed healthcare related service providers; the organizations or business entities within which these providers work; and, healthcare industry allied personnel and organizations. These participants are principally in Canada, but over time will include international participants. 1.3 Certification Authority In the CSI Private Hierarchy, the Root CSI CA is responsible for issuing both it s own certificate and signing and issuing Certificates for subordinate Issuing CA(s). The Issuing CA(s) are responsible for signing all Subscriber Certificates and perform other CA functions in accordance with this CPS. The Distinguished Name of the Root CSI CA is: CN = ROOT CSI CA The Distinguished Name of the CSI CA (main Issuing CA) is: O = Continovation Services Inc. CN = CSI CA - 3 -

8 1.4 Registration Authorities RAs within the CSI Private Hierarchy, the professional associations and professional regulatory authorities, have the ability provide CSI with member data, manually and/or electronically, which CSI uses to populate and maintain the Subscriber database, and manage the certificate lifecycle. The RAs do not have direct access to the Issuing CA(s). 1.5 Subscribers and Certificate Application Subscribers for Certificates will be individuals or healthcare related service providing entities (clinics, vendors, insurers, etc.). CSI is also a Subscriber as it uses CSI issued Certificates to authenticate it s transaction and processes servers. Use of a CSI Certificate allows the Subscriber to create digital signatures for authentication and web based access control in the CSI domain, for services offered by CSI and other Relying Parties. 1.5 Contact Details Address inquiries about the CSI CPS to: Continovation Services Inc. 800 Industrial Avenue, Suite 11 Ottawa, Ontario K1G 4B8 Telephone: Fax: ITRANS & equalifid Help Desk General Provisions 2.1 Obligations CA Obligations CSI performs the specific obligations appearing throughout this CPS. CSI uses commercially reasonable efforts to ensure that Subscriber Agreements and Relying Party Agreements bind Subscribers and Relying Parties within the CSI Private Hierarchy. Examples of such efforts include, but are not limited to, requiring Subscribers to agree to the terms and conditions of the CSI Subscriber Agreement as a condition of enrollment, or requiring assent to a Relying Party Agreement as a condition of receiving Certificate status information

9 Subscriber Obligations Subscriber obligations within the CSI Private Hierarchy are set out in the CSI Subscriber Agreement. The CSI Subscriber Agreement is displayed whenever the user requests a certificate, for example at: The CSI Subscriber Agreement requires that Certificate Applicants provide complete and accurate information on their Certificate Applications and accept the terms and conditions of the Subscriber Agreement as a condition of obtaining a Certificate. Subscribers are required to protect their private keys in accordance with the provisions of this CPS. A Subscriber must notify CSI promptly if the Subscriber discovers, or has reason to believe, that the Subscriber's private key or the activation data protecting the private key has been compromised, or if the information within the Certificate is incorrect or has changed. Subscribers must cease using their private keys at the end of the specified key usage period. Registration Authority Obligations Professional associations and regulatory bodies, acting as an RA, have the obligation to provide and verify the professional member information. This information is provided on a regular basis to a CSI RA. The CSI RA is responsible for checking the Subscriber supplied information with Professional associations and/or regulatory authorities and/or third parties to confirm the accuracy and authenticity of the information supplied. The CSI RA is responsible for inputting the information received and providing certificate lifecycle management, managing the operation of the overall account and providing support to the end user community. Relying Party Obligations The CSI Relying Party Agreement can be accessed at: The CSI Relying Party Agreement states that the Relying Party must perform certain checks and make certain independent assessments before relying on a Certificate. Under the terms of the Relying Party Agreement, relying parties must, among other things: assess for themselves whether or not the Certificate will be used for an appropriate purpose; use appropriate hardware and software to verify the digital signature they wish to verify; - 5 -

10 check the status of the Certificate they wish to rely on; and read and agree to the terms and conditions of the Relying Party Agreement. A Relying Party is not entitled to rely on a Certificate unless all of the above checks are successful and reliance upon the Certificate is reasonable under the circumstances. If the circumstances indicate a need for additional assurances, the Relying Party must obtain such assurances for such reliance to be deemed reasonable. Repository Obligations CSI maintains and is responsible for the CSI Repository as part of its CA obligations. CSI publishes the certificates it issues as well as the revocation list in the CSI Repository. 2.2 Liability CA Disclaimer of warranty and limitation of liability To the extent permitted by applicable law, the CSI Subscriber Agreement and the Relying Party Agreement disclaim possible warranties, including any warranty of merchantability or fitness for a particular purpose and they limit CSI s liability. Limitations of liability include an exclusion of indirect, special, incidental, and consequential damages. Subscriber Liability The CSI Subscriber Agreement requires Subscribers to warrant, among other things, that: Each digital signature created using the Subscriber s private key is the digital signature of the Subscriber and the Certificate has been accepted and is operational (not expired or revoked) at the time the digital signature is created; No unauthorized person has ever had access to the Subscriber's private key; All information supplied by the Subscriber and contained in the Certificate is accurate and true; The Certificate is being used exclusively for authorized and legal purposes, consistent with the Subscriber Agreement; and The Subscriber is an end-user Subscriber and not a CA, and is not using the Certificate for purposes of digitally signing any Certificate (or any other format of certified public key) or CRL, as a CA or otherwise. Relying Party Liability The CSI Relying Party Agreement requires Relying Parties to acknowledge that they have sufficient information to make an informed decision as to the extent to which they choose to rely on the information in a Certificate, that they are solely responsible for - 6 -

11 deciding whether or not to rely on such information, and that they are solely liable for the consequences if they fail to perform their obligations. Subscribers often act as Relying Parties as well. Note, therefore, that the terms applicable to Relying Parties are also incorporated by reference in the CSI Subscriber Agreement, which means that Subscribers accept the Relying Party terms when they accept the CSI Subscriber Agreement. 2.3 Indemnification by Subscribers and Relying Parties Indemnification by Subscribers The CSI Subscriber Agreement requires Subscribers to indemnify CSI, and other identified entities, against, among other things: Falsehood or misrepresentation of fact by the Subscriber on the Subscriber's Certificate Application; The Subscriber s failure to disclose a material fact on the Certificate Application, if the misrepresentation or omission was made negligently or with intent to deceive any party; The Subscriber's failure to protect the Subscriber's private key, to use a Trustworthy System, or to otherwise take the precautions necessary to prevent the compromise, loss, disclosure, modification, or unauthorized use of the Subscriber's private key; or Infringement of the Intellectual Property Rights of a third party. Indemnification by Relying Parties The CSI Relying Party Agreement requires Relying Parties to indemnify CSI and other identified entities against: The Relying Party's failure to perform the obligations of a Relying Party; The Relying Party's reliance on a Certificate that is not reasonable under the circumstances; or The Relying Party's failure to check the status of such Certificate to determine if the Certificate is expired or revoked. 2.4 Access to Repository Information published in the repository portion of the CSI web site is publicly-accessible information. Read only access to such information is unrestricted. CSI has implemented logical and physical security measures to prevent unauthorized persons from adding, deleting, or modifying repository entries. Acceptance of the Relying Party Agreement terms and conditions is required in order to access the CRL

12 2.5 Confidentiality and Privacy The CSI privacy policy governing CSI s confidentiality and privacy obligations can be accessed at Release to Law Enforcement Officials CSI will disclose Confidential Information if, in good faith, CSI believes disclosure is necessary in response to subpoenas, search warrants or other court or governmental orders. This section is subject to applicable privacy laws. 2.7 Property Rights in Certificates and Revocation Information CSI retains all Intellectual Property Rights in and to the Certificates and revocation information that it issues. 3. Identification and Authentication 3.1 Initial Registration Types of Names Distinguished Name Attributes in CSI Certificates CSI Certificates contain an X.501 distinguished name in the Subject name field, and consist of the components specified in the Table below. Attribute CA issuer Address Common Name (CN) ID OID ID Type OID Site ID OID Value Name of the Issuing CA (eg. CSI CA) Current address (eg. Name (first and last name) or Business Name Health Care profession namespace and unique identifier Type of professional occupation Optional Site location namespace and unique identifier The common name value included in the Subject distinguished name of individual Certificates represents the individual's generally accepted personal name, or the entity's or device s business name. Method to Prove Possession of Private Key CSI verifies the Certificate Applicant's possession of a private key through the use of a digitally signed certificate request (CSR)

13 3.2 Authentication of CSI Identity as a CA The CSI CA Certificate is issued by the Root CSI CA. The Root CSI CA Certificate is self issued. 3.3 CSI Authentication Process Before issuing a Certificate, CSI confirms that: the Certificate Applicant is the person identified in the Certificate Application; the Certificate Applicant rightfully holds the private key corresponding to the public key to be listed in the Certificate; and the information to be included in the Certificate is accurate. In addition, CSI performs the more detailed procedures described below: The certificate enrollment request from the end user is validated against a CSI database; the information included in the application is consistent with the information provided by the licensing body or Registration Authority; a confirmation of the address; and confirmation that applicant is a member of the healthcare community (i.e. doctor, dentist, chiropractor, clinic, service supplier). The following table classifies the required fields for enrollment, their source, and whether the field will be shown on the Certificate. The end-user is required to fill in certain fields on the enrollment form, which is either a Web based form or CSI supplied enrollment application. Enrollment Fields Field Source Fields used for Authentication O = Organization Continovation Services Inc. No CN= Individual/Business Name Pre-populated from the DB No Provider ID - ID OID (This will be a combination of ID Issuer OID and ID Number) - ID Type OID Location ID ID Site OID (This is a combination of ID Site Issuer OID and Site ID) Password Gathered during the enrollment process. (e.g. license number) Optional. Namespace identifier and Unique ID gathered during the enrollment. Gathered during the enrollment process. Yes. Authenticated against the CSI database Yes. Authenticated against the CSI database Yes. Authenticated against the CSI - 9 -

14 address Gathered during the enrollment process. database Yes. Authenticated against the CSI database 3.4 Routine Rekey and Renewal Subscribers must renew their Certificates, by generating a new key pair, before the expiry date to ensure continued usage of the Certificate. CSI Certificates, which have not been revoked, may not be replaced. A new certificate must be requested and authenticated as if it was an original Certificate Application. For renewal, a non-revoked certificate may be used to authenticate the subscriber to allow the enrollment form to gather required information without requiring entry on the part of the user. 3.5 Rekey after Revocation CSI will not rekey after revocation if: (i) revocation occurred because the Certificate was issued to a person other than the one named as the Subject of the Certificate; (ii) the Certificate was issued without the authorization of the person named as the Subject of such Certificate; or (iii) CSI discovers or has reason to believe that a material fact in the Certificate Application is false. 3.6 Revocation Request Prior to the revocation of a Certificate, CSI verifies that the revocation has been requested by the Certificate's Subscriber and/or by the RA. Acceptable procedures for authenticating Subscriber revocation requests include: Receiving a message purporting to be from the Subscriber that requests revocation and contains a digital signature verifiable with reference to the Certificate to be revoked; and Communication with the Subscriber providing reasonable assurances that the person or organization requesting revocation is, in fact the Subscriber. Depending on the circumstances, such communication may include one or more of the following: telephone, facsimile, , postal mail, or courier service. Communication with the RA providing reasonable assurances that the person or organization requesting revocation is, in fact the RA. Depending on the circumstances, such communication may include one or more of the following: telephone, facsimile, , postal mail, or courier service

15 4. Operational Requirements 4.1 Certificate Applications All Certificate Applicants are required to do the following: complete a Certificate Application and provide the required information; generate, or arrange to have generated, a key pair; deliver his, her, or its public key, to CSI; demonstrate to CSI that the Certificate Applicant has possession of the private key corresponding to the public key delivered to CSI; and manifest assent to the Subscriber Agreement. 5. Enrollment Details End-users are required to provide either: current address, current member password, and their license number, site field ID (optional). Or a currently valid CSI issued certificate. Upon successful validation of the credentials submitted, the end user information is harvested from the database and submitted as part of the CSR (certificate signing request). The correct information is inserted into the Certificate constructed by the CA to prevent CSR tampering. 5.1 Issuance of Certificates CSI will create and issue a Certificate to the Certificate Applicant provided the authentication procedures have been successfully carried out. CSI creates and issues to a Certificate Applicant a Certificate based on the information in a Certificate Application following approval of such Certificate Application. These procedures also apply to requests for replacement Certificates. 5.2 Certificate Acceptance Upon enrollment, CSI will mail or fax the Subscriber s Digital Certificate Letter, a document which contains fields which the Subscriber must key into the certificate enrollment/issuance web page to obtain a certificate. For renewals the Subscriber may either again enter the supplied fields or provide a valid CSI Certificate to, the enrollment web page at: to obtain the Certificate

16 Downloading a Certificate constitutes the Subscriber's acceptance of the Certificate. Upon Certificate generation and installation, CSI notifies the Subscriber, via to the address on file, that a Certificate has been generated and issued to them so that the Subscriber may contact CSI to revoke the Certificate if this was not an intended action of the Subscriber. 6. Certificate Suspension and Revocation 6.1 Circumstances for Revocation CSI will revoke a Certificate under the following circumstances: CSI or a Subscriber has reason to believe or strongly suspects that there has been a Compromise of a Subscriber's private key; CSI has reason to believe that the Subscriber has materially breached a material obligation, representation, or warranty under the CSI Subscriber Agreement; The Subscriber Agreement with the Subscriber has been terminated; CSI has reason to believe that the Certificate was issued to a person other than the one named as the Subject of the Certificate, or the Certificate was issued without the authorization of the person named as the Subject of such Certificate; CSI has reason to believe that a material fact in the Certificate Application is false; CSI determines that a material prerequisite to Certificate Issuance was neither satisfied nor waived; The information within the Certificate is incorrect or has changed (excluding the address); or The Subscriber or professional association RA requests revocation of the Certificate. 6.2 CRL Issuance Frequency CSI publishes a CRL that shows the revocation of CSI Certificates. Full CRLs are generated every 7 days and delta CRLs are generated daily. The serial number for each revoked certificate is kept in the CA s database and published as part of the CRL until the certificate expires. Typically, a revoked and expired certificate remains in the CRL for one additional CRL publication interval. 6.3 Certificate Revocation List Checking Requirements Relying Parties must check the status of Certificates on which they wish to rely. Relying Parties may check the status of CSI Certificates by consulting the CRL publication site specified in the certificate, generally at %20CA.crl

17 7. Security Audit Procedures 7.1 Types of Events Recorded CSI manually or automatically logs the following significant events: Subscriber certificate life cycle management events, including: i. Certificate Applications, renewal, rekey, and revocation; ii. Successful or unsuccessful processing of requests; and iii. Generation and issuance of Certificates and CRLs. Log entries include the following elements: i. Date and time of the entry; ii. Serial or sequence number of entry, for automatic journal entries; iii. Identity of the entity making the journal entry; and iv. Kind of entry. CSI logs Certificate Application information including: i. Kind of identification presented by the Certificate Applicant; ii. Record of unique identification data, numbers, or a combination thereof; iii. Storage location of copies of applications and identification documents; and iv. Method used to validate identification documents. 7.2 Frequency of Processing Log Audit logs are examined periodically for significant security and operational events. Audit log processing consists of a review of the audit logs and documentation for all significant events in an audit log summary. Audit log reviews include a verification that the log has not been tampered with, a brief inspection of all log entries, and a more thorough investigation of any alerts or irregularities in the logs. Actions taken based on audit log reviews are also documented. 7.3 Retention Period for Audit Log Audit logs are retained at least two (2) months after processing. 7.4 Protection of Audit Log Electronic and manual audit log files are protected from unauthorized viewing, modification, deletion, or other tampering through the use of physical and logical access controls

18 7.5 Audit Log Backup Procedures Full backups of audit logs are performed daily. 7.6 Audit Collection System Automated audit data is generated and recorded at the application, network and operating system level. 7.7 Records Archival Types of Events Recorded In addition to the audit logs specified above, CSI maintains records that include documentation of actions and information that are material to each Certificate Application and to the creation, issuance, use, revocation, expiration, and rekey or renewal of all Certificates it issues. CSI s records of Certificate life cycle events include: (i) the identity of the Subscriber named in each Certificate; (ii) the identity of persons requesting Certificates; (iii) other facts represented in the Certificate; and (iv) time stamps. Records may be maintained electronically or in hard copy, provided that such records are accurately and completely indexed, stored, preserved, and reproduced. Retention Period for Archive Records associated with a Certificate are retained for at least five (5) years following the date the Certificate expires or is revoked. If necessary, CSI may implement longer retention periods in order to comply with applicable laws. 7.8 Disaster Recovery and Key Compromise CSI has implemented a combination of physical, logical and procedural controls to minimize the risk and potential impact of a key compromise or disaster. Site Location and Disaster Recovery The CSI system and network is housed at third-party secure facilities in the Ottawa and Toronto areas, with redundant backbone Internet connections, 7 x 24 service and technical support and controlled access

19 8. Technical Security Controls 8.1 Key Pair Generation and Installation CSI CA key pairs were generated using a FIPS level 1 certified cryptographic module as provided in the Microsoft Windows Certificate Service. Generation of end-user Subscriber key pairs is generally performed by the Subscriber, typically using a FIPS level 1 certified cryptographic module provided with their browser software for key generation. 8.2 Public Key Delivery to CSI Subscribers submit their public key to CSI for certification electronically through the use of a PKCS#10 Certificate Signing Request (CSR) or other digitally signed package in a session secured by Secure Sockets Layer (SSL). 8.3 Method of Activating Private Key All CSI Private Hierarchy Participants are required to protect the activation data for their private keys against loss, theft, modification, unauthorized disclosure, or unauthorized use. 8.4 Subscriber Private Keys Subscribers are required to protect the activation data for their private keys as set out below: Use a password or security of equivalent strength to authenticate the Subscriber before the activation of the private key; and Take commercially reasonable measures to prevent use of the Subscriber s workstation and its associated private key without the Subscriber's authorization. In addition, CSI encourages Subscribers to enable mechanisms which deny export of certificates containing private keys. 8.5 Method of Deactivating Private Key Subscriber private keys may be deactivated after each operation, upon logging off their system, or upon removal of a smart card from the smart card reader depending upon the authentication mechanism employed by the user. When deactivated, private keys should be kept in encrypted form only. 8.6 Usage Periods for the Public and Private Keys

20 The Operational Period of a Certificate ends upon its expiration or revocation. The Operational Period for key pairs is the same as the Operational Period for the associated Certificates, except that private keys may continue to be used for decryption and public keys may continue to be used for signature verification. 8.7 Activation Data Activation Data Generation and Installation CSI recommends that Subscribers store their private keys in encrypted format and optionally use hardware and / or select strong passwords to protect their private keys. CSI suggests that passwords: be generated by the user; have at least eight characters; have at least one alphabetic and one numeric character; have at least one lower-case letter; not contain many occurrences of the same character; not be the same as the operator's profile name; and not contain a long substring of the user's profile name. 8.8 Specific Computer Security Technical Requirements CSI ensures that the systems maintaining RA and CA software and data files are Trustworthy Systems secure from unauthorized access. In addition, access is limited to production servers to those individuals with a valid business reason for such access. 9. Certificate and CRL Profile 9.1 Certificate Profile Certificates conform to: (a) ITU-T Recommendation X.509 (1997): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, June 1997; and (b) RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, April 2002 ("RFC 3280"). At a minimum, X.509 contain the basic X.509 Version 1 fields and indicated prescribed values or value constraints as below: Field Value or Value constraint Version X.509, Version 3.0 Serial Unique value per Issuer DN Number Signature Name of the algorithm used to sign the certificate Algorithm

21 Field Value or Value constraint Issuer DN O = Continovation Services Inc., and CN = CSI CA Valid From Universal Coordinate Time base. Synchronized to Master Clock of U.S. Naval Observatory. Encoded in accordance with RFC Valid To Universal Coordinate Time base. Synchronized to Master Clock of U.S. Naval Observatory. Encoded in accordance with RFC The validity period will be 1 year. Subject DN See section 3.1 Subject Encoded in accordance with RFC 3280 using shawithrsaencryption Public Key (OID ) or md5withrsaencryption (OID: ) algorithm and key lengths of Signature Generated and encoded in accordance with RFC Certificate Profile Basic Fields Key Usage The CSI CA KeyUsage criticality field extension has been set to FALSE. Basic Constraints CSI X.509, Version 3.0 CA Certificates has a BasicConstraints extension with the Subject Type set to CA. End-user Subscriber Certificates are also populated with a BasicConstraints extension with the Subject Type equal to End Entity. The criticality of the BasicConstraints extension is generally set to FALSE for End-Entity Certificates and TRUE for CA Certificates. Algorithm Object Identifiers The CSI X.509 Certificates are signed with shawithrsaencryption (OID ) or md5withrsaencryption (OID: ) in accordance with RFC Profile CSI issues the CSI CRL that conforms to RFC At a minimum, these CRLs contain the basic fields and contents specified below: Field Version Signature Algorithm Issuer Value or Value constraint X.509 Version 1 or 2 CRLs. Algorithm used to sign the CRL. CRLs are signed using sha1withrsaencryption (OID ) or md5withrsaencryption (OID: ) or md2rsa (OID: ) in accordance with RFC Entity who has signed and issued the CRL

22 Field Effective Date Next Update Revoked Certificates. Value or Value constraint Issue date of the CRL. CSI CRLs are effective upon issuance. Date by which the next CRL will be issued. Listing of revoked certificates, including the Serial Number of the revoked Certificate and the Revocation Date

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above).

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above). Subscriber Agreement for Certificates PLEASE READ THIS AGREEMENT AND MICROS CERTIFICATION PRACTICES STATEMENTS ("CPS") CAREFULLY BEFORE USING THE CERTIFICATE ISSUED TO YOUR ORGANIZATION. BY USING THE CERTIFICATE,

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

KIBS Certification Practice Statement for non-qualified Certificates

KIBS Certification Practice Statement for non-qualified Certificates KIBS Certification Practice Statement for non-qualified Certificates Version 1.0 Effective Date: September, 2012 KIBS AD Skopje Kuzman Josifovski Pitu 1 1000, Skopje, Republic of Macedonia Phone number:

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

thawte Certification Practice Statement

thawte Certification Practice Statement thawte Certification Practice Statement Version 3.7.5 Effective Date: 4 June, 2012 (All CA/Browser Forum-specific requirements are effective on July 1, 2012) thawte Certification Practice Statement 2012

More information

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia.

More information

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage...

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage... 1.1.1 Additional requirements for Trusted Root Issuer CAs... 10 1.3.1 Certification Authorities ( Issuer CAs )... 11 1.3.2 Registration Authorities... 11 1.3.3 Subscribers... 12 1.3.4 Relying Parties...

More information

Vodafone Group Certification Authority Test House Subscriber Agreement

Vodafone Group Certification Authority Test House Subscriber Agreement Vodafone Group Certification Authority Test House Subscriber Agreement Publication Date: 12/05/09 Copyright 2009 Vodafone Group Table of Contents Vodafone Group Certification Authority Test House Subscriber

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Version 1.8 May 30, 2006 i Starfield CP-CPS V1.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is. Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com

More information

TACC ROOT CA CERTIFICATE POLICY

TACC ROOT CA CERTIFICATE POLICY TACC ROOT CA CERTIFICATE POLICY AND CERTIFICATE PRACTICES STATEMENT (In RFC 3647 format) January 20, 2009 OID: 1.3.6.1.4.1.17940.5.1.1.1 Version 1.2 1 INTRODUCTION... 3 1.1 Overview...3 1.2 Document Name

More information

VeriSign Trust Network Certificate Policies

VeriSign Trust Network Certificate Policies VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-

More information

thawte Certification Practice Statement Version 2.3

thawte Certification Practice Statement Version 2.3 thawte Certification Practice Statement Version 2.3 Effective Date: July, 2006 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Version 2.4 June 15, 2009 i Starfield CP-CPS V2.4 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document: Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement In this document: Company refers to the hospital, hospital group, or other entity that has been pre- registered by

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement for Extended Validation (EV) SSL Certificates Version: 1.3 February 28, 2011 2011 Entrust Limited. All rights reserved. Revision History Issue

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 6 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement Version: 2.13 February 12, 2016 2016 Entrust Limited. All rights reserved. Revision History Issue Date Changes in this Revision 1.0 May 26,

More information

3.Practices and procedures. v 1.1 05.12.2014

3.Practices and procedures. v 1.1 05.12.2014 v 1.1 05.12.2014 3.Practices and procedures DOMENY.PL Ltd / DOMENY.PL sp. z o.o. Marcika 27 30-443 Krakow, Poland tel.: (+48) 12 296 36 63 fax: (+48) 12 395 33 65 hotline / infolinia: (+48) 501 DOMENY

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement Version: 2.12 April 6, 2015 2015 Entrust Limited. All rights reserved. Revision History Issue Date Changes in this Revision 1.0 May 26, 1999

More information

ARTL PKI. Certificate Policy PKI Disclosure Statement

ARTL PKI. Certificate Policy PKI Disclosure Statement ARTL PKI Certificate Policy PKI Disclosure Statement Important Notice: This document (PKI Disclosure Statement, PDS) does not by itself constitute the Certificate Policy under which Certificates governed

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY The Boeing Company Boeing Commercial Airline PKI Basic Assurance CERTIFICATE POLICY Version 1.4 PA Board Approved: 7-19-2013 via e-mal PKI-233 BCA PKI Basic Assurance Certificate Policy Page 1 of 69 Signature

More information

Version 3.0. Effective Date: 15 october, 2008

Version 3.0. Effective Date: 15 october, 2008 Getronics Version 3.0 Effective Date: 15 october, 2008 Getronics Nederland B.V. Fauststraat 1 P.O. Box 9105 7300 HN Apeldoorn The Netherlands Phone: +31 (0)20 570 4511 http://www.pki.getronicspinkroccade.nl

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US) GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE

More information

SafeScrypt Certification Practice Statement

SafeScrypt Certification Practice Statement SafeScrypt Certification Practice Statement Version 2.1 Effective Date: August 08 th, 2004 SafeScrypt Ltd 2 nd Floor, Tidel Park, #4, Canal Bank Road Taramani, Chennai 600113 Tel: +91-44-2254 0770 Fax:

More information

SECOM Trust.net Root1 CA

SECOM Trust.net Root1 CA CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese

More information

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

phicert Direct Certificate Policy and Certification Practices Statement

phicert Direct Certificate Policy and Certification Practices Statement phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a

More information

GlobalSign Subscriber Agreement for DomainSSL Certificates

GlobalSign Subscriber Agreement for DomainSSL Certificates GlobalSign Subscriber Agreement for DomainSSL Certificates Version 1.3 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU OR YOUR ORGANISATION. BY USING THE DIGITAL

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

Cisco SSCA Certificate Policy and Practice Statements. Corporate Security Programs Office Version 1.0 October 21, 2010

Cisco SSCA Certificate Policy and Practice Statements. Corporate Security Programs Office Version 1.0 October 21, 2010 Cisco SSCA Certificate Policy and Practice Statements Corporate Security Programs Office Version 1.0 October 21, 2010 Table of Contents Cisco SSCA Certificate Policy and Practice Statements Version Information:

More information

CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.3 CA/BROWSER FORUM

CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.3 CA/BROWSER FORUM CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.3 BASED ON: CA/BROWSER FORUM GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CERTIFICATES Version 1.3 Copyright

More information

Advantage Security Certification Practice Statement

Advantage Security Certification Practice Statement Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro

More information

Vodafone Group CA Automated Code- Signing Certificate Policy

Vodafone Group CA Automated Code- Signing Certificate Policy Vodafone Group CA Automated Code- Signing Certificate Policy Publication Date: 05/05/09 Copyright 2009 Vodafone Group Table of Contents Acknowledgments...1 1. INTRODUCTION...2 1.1 Overview...3 1.2 Document

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Certification Authority means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates. QUICKSSL PREMIUM(tm) SUBSCRIBER AGREEMENT Please read the following agreement carefully. By submitting an application to obtain a QuickSSL Premium(tm) Certificate and accepting and using such certificate,

More information

LDRC/LSM PUBLIC KEY INFRASTRUCTURE (PKI) LAWYER SUBSCRIBER AGREEMENT

LDRC/LSM PUBLIC KEY INFRASTRUCTURE (PKI) LAWYER SUBSCRIBER AGREEMENT LDRC/LSM PUBLIC KEY INFRASTRUCTURE (PKI) LAWYER SUBSCRIBER AGREEMENT Between: LEGAL DATA RESOURCES (MANITOBA) CORPORATION ("LDRC") - and - (the "Subscriber") 1. Purpose This Subscriber Agreement contains

More information

FREESSL SUBSCRIBER AGREEMENT

FREESSL SUBSCRIBER AGREEMENT FREESSL SUBSCRIBER AGREEMENT PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY. BY SUBMITTING AN ENROLLMENT FORM TO OBTAIN A FREESSL DIGITAL CERTIFICATE (THE CERTIFICATE ) AND ACCEPTING AND USING SUCH CERTIFICATE,

More information

Version 1.0 Effective Date: 2013-01-25 Copyright 2013 All rights reserved.

Version 1.0 Effective Date: 2013-01-25 Copyright 2013 All rights reserved. SITHS Registration Authority Policy Version 1.0 Effective Date: Copyright 2013 All rights reserved. Copyright Notices No part of this publication may be reproduced, stored in or introduced into a retrieval

More information

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, LLC Certificate Policy and Certification Practice Statement (CP/CPS) Version 3.8 April 15, 2016 i Starfield CP-CPS V3.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally

More information

Certification Practice Statement For Non-Qualified Certificates

Certification Practice Statement For Non-Qualified Certificates Malta Electronic Certification Services Ltd For Non-Qualified Certificates Government of Malta Certification Authority Date: 14/09/2012 Version: 1.3 Unclassified Malta Electronic Certification Services

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1

More information

Adobe Systems Incorporated. Adobe Root CA Certification Practice Statement. Revision #5. Revision History

Adobe Systems Incorporated. Adobe Root CA Certification Practice Statement. Revision #5. Revision History Adobe Systems Incorporated Adobe Root CA Revision #5 Revision History Rev # Date Author Description of Change(s) 1 4/1/03 Deloitte & Touche First draft 2 4/7/03 Deloitte & Touche Further refinements 3

More information

SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement

SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement YOU MUST READ THIS EXTERNAL CERTIFICATION AUTHORITY SUBSCRIBER AGREEMENT ( SUBSCRIBER AGREEMENT ) BEFORE APPLYING

More information

TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0)

TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0) TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0) Effective Date: 23 November 2012 1 Revision Record Rev Effective Date Issuer Note 1.0 1 Apr 2001 TaiCA PMA CP first issue 1.1 1

More information

Certificate Policy for the Government Public Key Infrastructure

Certificate Policy for the Government Public Key Infrastructure Certificate Policy for the Government Public Key Infrastructure Version 1.7 Administrative Organization: National Development Council Executive Organization: ChungHwa Telecom Co., Ltd. January 31, 2013

More information

Dexia Root CA Certification Practice Statement. Version 1.0

Dexia Root CA Certification Practice Statement. Version 1.0 Dexia Root CA Certification Practice Statement Version 1.0 Version History Version Description Date Author 0.1 Initial Draft 17 September 2001 Jan Raes 0.2 Minor adaptation after review PA 16 October 2001

More information

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS)

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Version 2 24 April 2013 (Portions of this document have been redacted.) Symantec Corporation 350 Ellis Street Mountain View,

More information

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) [Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement for Extended Validation (EV) Certificates Version: 1.9 February 12, 2016 2016 Entrust Limited. All rights reserved. Revision History Issue

More information

InCommon Certification Practices Statement. Client Certificates

InCommon Certification Practices Statement. Client Certificates InCommon Certification Practices Statement for Client Certificates 14 February 2011 Version 1.0 Latest version: 14 February 2011 This version: 14 February 2011 Table of Contents 1 INTRODUCTION... 4 1.1

More information

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00 Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

EBIZID CPS Certification Practice Statement

EBIZID CPS Certification Practice Statement EBIZID EBIZID CPS Certification Practice Statement Version 1.02 Contents 1 General 7 1.1 EBIZID 7 1.2 Digital Certificates 7 1.3 User Interaction for Selecting a Certification Service 7 1.4 EBIZID Registration

More information

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1.

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1. REVENUE ON-LINE SERVICE CERTIFICATE POLICY Document Version 1.2 Date: 15 September 2007 OID for this CP: 1.2.372.980003.1.1.1.1.1 No part of this document may be copied, reproduced, translated, or reduced

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT

More information

Trusted Certificate Service

Trusted Certificate Service TCS Server and Code Signing Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service TCS Server CAs, escience Server CA, and Code Signing CA Certificate Practice Statement Version 2.0

More information

X.509 Certificate Policy for the Australian Department of Defence Individual Software Certificates (Medium Assurance)

X.509 Certificate Policy for the Australian Department of Defence Individual Software Certificates (Medium Assurance) X.509 Certificate Policy for the Australian Department of Defence Individual Software Certificates (Medium Assurance) Version 4.0 May 2014 Notice to all parties seeking to rely Reliance on a Certificate

More information

Symantec Managed PKI Service for Windows Service Description

Symantec Managed PKI Service for Windows Service Description Introduction Symantec Managed PKI Service for Windows Service Description Symantec Managed PKI Service for Windows provides a flexible PKI platform to manage complete lifecycle of certificates, which includes:

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT

More information

InCommon Certification Practices Statement. Server Certificates

InCommon Certification Practices Statement. Server Certificates InCommon Certification Practices Statement for Server Certificates 16 August 2010 Version 1.0 Latest version: https://www.incommon.org/cert/repository/cps_ssl.pdf This version: https://www.incommon.org/cert/repository/cps_ssl_20100816.pdf

More information

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0.

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0. QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0.3 Effective Date: 03 April 2007 Version: 4.3 Copyright QuoVadis

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

Eskom Registration Authority Charter

Eskom Registration Authority Charter REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11

More information