HKUST CA. Certification Practice Statement

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HKUST CA. Certification Practice Statement"

Transcription

1 HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science & Technology

2 Table of Contents 1. Introduction Overview Scope of HKUST CA Certification Services HKUST CA Identity Publication Further Information HKUST CA Certification Infrastructure Overview Certificate Classes Personal Class 1 Certificates Personal Class 2 Certificates Secure Server Certificates Developer Certificates Certificate Class Properties Certification Authority (CA) Registration Authority (RA) Certificate Repository Certificate Application Overview Application for Personal Class 1 Certificate Application for Personal Class 2 Certificate Application for Secure Server Certificate Application for Developer Certificate Validation of Certificate Application Overview Validation Requirements for Certificate Application Approval of Certificate Application Rejection of Certificate Application Certificate Issuance Overview Issuance & Publication Refusal Certificate Validity and Operational Periods Certificate Format Certificate Revocation Overview General Reasons for Revocation Revocation of a HKUST CA Certificate Revocation at Certificate Owner s Request Certificate Expiration Overview Certificate Expiry Certificate Renewal Hong Kong University of Science & Technology ii

3 8. Rights and obligations Rights and obligations of Certificate Owners Rights and obligations of HKUST CA Liability Liability of Certificate Owner Liability of HKUST CA Use of Certificates Appendices Sample Letter for Secure Server Certificate Application Sample Letter for Developer Certificate Application Hong Kong University of Science & Technology iii

4

5 1. Introduction 1.1 Overview This HKUST CA Certification Practice Statement (CPS) describes the practices and standards employed by HKUST CA to perform Certification Authority Services and to exhibit trust by providing evidence of the methods used to manage and complete tasks associated with certificate generation. 1.2 Scope of HKUST CA Certification Services HKUST CA Certification Services are designed to support secure electronic transactions and other general security services to satisfy HKUST users for digital signatures and other network security services. To accomplish this, HKUST CA serves as a trusted third party, issuing, managing, renewing and revoking certificates in accordance with published practices. The services offered by HKUST CA include the following: Certificate Application Certificate Issuance Certificate Publication Certificate Expiry Certificate Revocation Certificate Revocation List (CRL) Management 1.3 HKUST CA Identity HKUST CA certifies certificates in the name of the organization detailed below. Company Name: Registered Offices: Hong Kong University of Science and Technology Hong Kong University of Science and Technology Information Technology Services Center Clear Water Bay Kowloon Hong Kong Hong Kong University of Science & Technology 1

6 Telephone: (852) Fax: (852) Electronic mail: 1.4 Publication This HKUST CA Certification Practice Statement is published in electronic form at Further Information HKUST user acknowledges that HKUST CA has provided him/her with sufficient information to become familiar with digital certificates before applying for, using, and relying upon a certificate. For more information about this CPS or information related to HKUST CA services, please contact our HKUST Certification Authority at Hong Kong University of Science & Technology 2

7 2. HKUST CA Certification Infrastructure 2.1 Overview HKUST CA acts as a trusted third party to facilitate the confirmation of identity within HKUST community. Such confirmation is expressly represented by a certificate, i.e. a message which is digitally signed and issued by HKUST CA. The high-level management of this certification process includes registration, naming, appropriate applicant authentication, issuance, revocation and audit-trail generation. HKUST CA currently offers distinct levels of certification services. Each level, or class of certificate provides specific functionality and security features. Certificate applicants choose from this set of service qualities according to their needs. Depending on the class of certificate desired, certificate applicants may apply electronically to HKUST CA, and they may be required to apply in person by visiting the HKUST Certification Authority. 2.2 Certificate Classes HKUST CA currently supports distinct certificate classes within the CPS. Each class provides for a designated level of trust. The following sections describe each certificate class in detail. Please note that the descriptions for each certificate class do not represent an endorsement or recommendation by HKUST CA for any particular application or purpose, and they must not be relied upon as such. Users must independently assess and determine the appropriateness of each class of certificate for any particular purpose Personal Class 1 Certificates Personal Class 1 Certificates are issued to person with a valid ITSC Network Account. Only ITSC Network Account and Password are verified and authenticated to assure the existence of the ITSC Network Account. The certificates do not facilitate the authentication of the identity of the applicant. Class 1 certificates typically used primarily for web browsing, personal services or for demonstration purpose. These certificates provide the lowest level of assurance of all HKUST CA certificates. They are not intended for serious use, like electronic transactions, where proof of identity is required and should not be relied upon for such uses. HKUST CA has the right, but not the obligation, to revoke Personal Class 1 certificates upon compromise or for other due cause. Hong Kong University of Science & Technology 3

8 2.2.2 Personal Class 2 Certificates Personal Class 2 Certificates are currently issued to individuals only. Class 2 certificates provide important assurances of the identity of individual certificate owners by requiring their personal (physical) appearance before a Registration Authority Officer with a valid proof of identity like HKUST Staff/Student ID card. They are typically used for services, online purchases, on-line subscription services or other web-based services. Class 2 certificate processes utilise various procedures to obtain probative evidence of the identity of individual applicants. These validation procedures provide stronger, but not foolproof, assurances of an applicant s identity than Class 1 certificates. Currently, the use of smart card as a security token is supported for Personal Class 2 certificates Secure Server Certificates Secure Server Certificates are currently issued to departmental servers in HKUST only. Department Head or Inter-departmental Liaison Person (IDLP) can submit a signed Secure Server Certificates Request for servers in their department. Secure Server Certificates can provide assurance of the existence and name of servers within HKUST. Secure Server Certificates are used primarily for secure web servers communication on a secure channel Developer Certificates Developer Certificates are currently issued to departments in HKUST only. Department Head or Inter-departmental Liaison Person (IDLP) can submit a signed Developer Certificates Request for objects of their department. Developer Certificates can provide assurance of the existence of the object within HKUST. Developer Certificates are used primarily for the signature of objects like software Certificate Class Properties Hong Kong University of Science & Technology 4

9 Summary of Confirmation of Identity Certificate Applicant Private Key Protection Possible Applications Personal Class 1 Personal Class 2 Automated Automated unambiguous unambiguous ITSC ITSC Network Account Network Account authentication plus personal authentication presence plus HKUST Staff / Student ID Cards Encryption software (PIN protected) required Web-browsing, certain usage or demonstration purpose Verification Encryption software (PIN protected) required; Smart Card as security tokens supported , online purchases, online subscription services, password replacement, software validation Summary of Confirmation of Identity Certificate Applicant Private Key Protection Possible Applications Secure Server Records provided by the applicant and independent call-backs Encryption software (PIN protected) required Secure web-server communication Developer Records provided by the applicant and independent call-backs Encryption software (PIN protected) required Secure object signing 2.3 Certification Authority (CA) HKUST Certification Authority operates in accordance with this CPS and issues, manages, and revokes Personal Class 1, Personal Class 2, Secure Server Certificates and Developer Certificates. Functions include the following: Certificate Application Certificate Issuance Certificate Publication Certificate Expiry Certificate Revocation Hong Kong University of Science & Technology 5

10 Certificate Revocation List (CRL) Management To ensure modest security level, Certification Authority will accept Certificate Request approved from Registration Authority Officer on the Registration Authority Console only. A Personal Class 2 Certificate is required to validate the identity of the Registration Authority Officer and a Secure Server Certificate is issued to Registration Authority Console to ensure secure server communication. HKUST CA NEITHER GENERATES NOR HOLDS the private keys of Certificate Applicants. HKUST CA s private key is secured against compromise via trustworthy hardware products. 2.4 Registration Authority (RA) HKUST Registration Authority evaluates and approves or rejects certificate applications, exclusively on behalf of the HKUST CA that actually issues the certificates. Registration Authority Officer is an assigned person to coordinate certificate applications and validate certificate applicants identity and confirm the information they provide during the application process. The type, scope and extent of confirmation depend upon the class of certificate and various other factors. Registration Authority Manager is an assigned person, who must be a different person other than the Registration Authority Officer, to approve certificate applications, depend upon the class of certificate, after the validation procedure performed by the Registration Authority Officer and ensure that the whole certification application procedure is performed according to the practice in this CPS. Registration Authority Console is a console machine being setup for the Registration Authority Officer to submit certificate request to the Certification Authority after getting the approval from the Registration Authority Manager. It is the only machine which can communicate with Certification Authority (CA) server to handle digital certificate request in a Certification Process. It is installed on different machine from the Certification Authority Server that it serves. 2.5 Certificate Repository Certificate Internal Database is a database to keep track of the pending certificate request, issued or revoked certificate, private Certificate Revocation List (CRL), etc. Only RA and CA have the rights to update this database. A web user interface will be provided for users to Hong Kong University of Science & Technology 6

11 query the status of their certificate requests and any issued or revoked certificate. Various fields in certificate, such as serial no, expiry date, subject name, etc will be indexed. This will allow faster queries based on these standard attributes. A high performance directory server, based on the IETF LDAP standard, is used as a public repository of Certificate Revocation List (CRL), user and CA certificates. Its design is based on the RFC 2587 schema. A standard LDAP interface will be provided to native client for retrieving certificate for applications like S/MIME or SSL client authentication. Hong Kong University of Science & Technology 7

12 3. Certificate Application 3.1 Overview This section describes the Certificate Application Process. It includes the requirements for key pair generation and protection and lists the information required for each class of certificate. Currently, there are 4 types of certificate application for HKUST CA services. Application for Personal Class 1 Certificate Application for Personal Class 2 Certificate Application for Secure Server Certificate Application for Developer Certificate 3.2 Application for Personal Class 1 Certificate All person desiring a Personal Class 1 Certificate shall contemporaneously complete the following general procedures. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise. Submit a certificate application to HKUST CA and agree to the certificate owner agreement of HKUST CA. Authenticate with a valid ITSC Network Account and Password HKUST CA communicates an on-line enrolment process and a certificate owner agreement to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and agrees to the term of the certificate owner agreement. Certificate applicant accepts the certificates issued by HKUST CA. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification Hong Kong University of Science & Technology 8

13 application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.3 Application for Personal Class 2 Certificate All person desiring a Personal Class 2 Certificate shall contemporaneously complete the following general procedures. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise, e.g. on a smart card. Submit a certificate application to HKUST CA and agree to the certificate owner agreement of HKUST CA via a web interface provided by HKUST CA on a secure channel. Authenticate with a valid ITSC Network Account and Password. Prove their identity to Registration Authority Officer in person with HKUST Staff / Student ID Card. Fill in a registration form and sign a certificate owner agreement acknowledge by the Registration Authority Officer. HKUST CA communicates an on-line enrolment process and a certificate owner agreement to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and agrees to the term of the certificate owner agreement. Certificate applicant accepts the certificates issued by HKUST CA. The certificate applicant proves his identity by submitting a signed copy of the registration form when going personally to the Registration Authority Officer. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.4 Application for Secure Server Certificate Department desiring a Secure Server Certificate shall contemporaneously complete the following general procedures. Hong Kong University of Science & Technology 9

14 Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise. Submit a signed certificate application letter with a hand-written signature of an authorized person in the department to HKUST CA and agree to the certificate owner agreement of HKUST CA, including the public key of this key pair to HKUST CA. A sample letter can be found in Appendices for reference. Authenticate with ITSC Network Account and Password from authorized person in the department like Department Head or Inter-departmental Liaison Person. HKUST CA communicates an on-line enrolment process to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and agrees to the term of the certificate owner agreement. Certificate applicant accepts the certificates issued by HKUST CA. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.5 Application for Developer Certificate Department desiring a Developer Certificate shall contemporaneously complete the following general procedures. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise. Submit a signed certificate application letter with a hand-written signature of an authorized person in the department to HKUST CA and agree to the certificate owner agreement of HKUST CA, including the public key of this key pair to HKUST CA. A sample letter can be found in Appendices for reference. Authenticate with ITSC Network Account and Password from authorized person in the department like Department Head or Inter-departmental Liaison Person. HKUST CA communicates an on-line enrolment process to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Hong Kong University of Science & Technology 10

15 Certificate applicant information is accurate. Certificate applicant has read, understands and agrees to the term of the certificate owner agreement. Certificate applicant accepts the certificates issued by HKUST CA. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. Hong Kong University of Science & Technology 11

16 4. Validation of Certificate Application 4.1 Overview This section presents the requirements for validation of certificate applications to be performed by HKUST CA. It also explains the procedures for applications that fail validation. 4.2 Validation Requirements for Certificate Application Upon receipt of a certificate application, HKUST CA shall perform all required validations as a prerequisite to certificate issuance. Particularly for Personal Class 2 Certificate Applications, the applicants must appear personally before an Registration Authority Officer to facilitate the confirmation of their identity. Once a certificate is issued, HKUST CA shall have no continuing duty to monitor and investigate the accuracy of the information in a certificate, unless HKUST CA is notified in accordance with this CPS of that certificate s compromise. The following tables highlight certain differences between the validation requirements for each certificate class. HKUST CA reserves the right to update these validation procedures to improve the validation process. Hong Kong University of Science & Technology 12

17 Personal Presence ITSC Network Account Authentication Submission of Signed Application Form HKUST Staff / Student ID Card Validation Submission by Department Head or IDLP Only Personal Class 1 Personal Class 2 No Yes Yes Yes No Yes No Yes No No Personal Presence ITSC Network Account Authentication Submission of Signed Application Form HKUST Staff / Student ID Card Validation Submission by Department Head or IDLP Only Secure Server No Yes Yes No Yes Developer No Yes Yes No Yes 4.3 Approval of Certificate Application Upon successful performance of all required validations of certificate application, HKUST CA shall approve the application. Approval is demonstrated by issuing a certificate according to this CPS. Hong Kong University of Science & Technology 13

18 4.4 Rejection of Certificate Application If a validation fails, HKUST CA shall reject the certificate application by promptly notifying the certificate applicant of the validation failure and providing a reason for such failure. Such notice shall be communicated to the certificate applicant using the same method as was used to communicate the certificate application to HKUST CA. A person whose certificate application has been rejected may thereafter reapply. Hong Kong University of Science & Technology 14

19 5. Certificate Issuance 5.1 Overview This section presents more information about the issuance of certificates. 5.2 Issuance & Publication Upon approving a certificate application, HKUST CA issues a certificate. The issuance of a certificate indicates a complete and final approval of the certificate application by HKUST CA. The issued certificate and the corresponding public key will be published to the HKUST Certificate Repository and the HKUST LDAP Directory server for public access. HKUST CA NEITHER GENERATES NOR HOLDS the private keys of Certificate Applicants or Certificate owners. 5.3 Refusal HKUST CA may refuse to issue a certificate to any person, at its sole discretion, without incurring any liability or responsibility for any loss or expenses arising out of such refusal. 5.4 Certificate Validity and Operational Periods All certificates shall be considered valid upon: Issued by HKUST CA, and Published on HKUST LDAP Directory Server, and Is not on the HKUST CA Certificate Revocation List, and Has not expired, and Can be verified by a valid HKUST Certification Authority certificate. The standard operational periods for the various classes of certificates are as follows, subject to earlier termination of the operational period due to revocation. Hong Kong University of Science & Technology 15

20 Validity Period starting from the date of certificate issuance by HKUST CA Class 1 Class 2 Secure Server Object 1 year 1 year 1 year 1 year 5.5 Certificate Format The format of all certificates issued by HKUST CA is in accordance with ISO/IEC 9594 X.509 Version 3. Hong Kong University of Science & Technology 16

21 6. Certificate Revocation 6.1 Overview This section explains the circumstances under which a certificate may or must be revoked. It also details the procedures for revoking certificates. 6.2 General Reasons for Revocation A certificate shall be revoked if There has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate s subject. The certificate s subject has breached a material obligation under this CPS. The performance of a person s obligations under this CPS is delayed or prevented by a natural disaster, computer or communications failure, or other cause beyond the person s reasonable control, and as a result another person s information is materially threatened or compromised. There has been a modification of the information contained in the certificate of the certificate s subject. 6.3 Revocation of a HKUST CA Certificate HKUST CA must make a reasonable effort to revoke a certificate if it determines any of the following: A material fact represented in the certificate is known or reasonably believed by HKUST CA to be false. A material prerequisite to certificate issuance was not satisfied. The private key or trustworthy system was compromised in a manner materially affecting the certificate s reliability. Hong Kong University of Science & Technology 17

22 The certificate s subject has breached a material obligation under this CPS. 6.4 Revocation at Certificate Owner s Request The certificate Owner must make a formal request to HKUST CA to revoke their certificate. The request must be made either the following ways. Sending a paper Certificate Revocation Request form to HKUST CA. The form must be signed with the same signature as on the original application for the certificate and/or with a valid proof of identity. On-Line Submission of a digitally signed Certificate Revocation Request Form. The online submission of the Certificate Revocation Request Form must be digitally signed by a valid HKUST CA certificate. Hong Kong University of Science & Technology 18

23 7. Certificate Expiration 7.1 Overview This section provides information about Certificate Expiry and Renewal procedures. 7.2 Certificate Expiry HKUST CA will undertake a reasonable effort to notify certificate Owners thirty (30) days before the expiration date, via , of the impending expiration of their certificates. Such notice is intended solely for the convenience of the certificate Owner in the renewal process. 7.3 Certificate Renewal For all class of certificate renewal, certificate Owner should submit a signed written request to HKUST CA before the expiration. Request received after the expiration of the certificate will not be accepted. Requirements for renewal are subject to change at HKUST CA s discretion. Hong Kong University of Science & Technology 19

24 8. Rights and obligations 8.1 Rights and obligations of Certificate Owners HKUST user acknowledges that HKUST CA has provided him/her with sufficient information to become familiar with digital certificates before applying for, using, and relying upon a certificate. By applying a certificate issued by HKUST CA, the applicant certifies to and agrees with HKUST CA and to all who reasonably rely on the information contained in the certificate that, at the time of acceptance and throughout the operational period of the certificate, until notified otherwise by the certificate owner, of the following points: All representations made by the certificate owner to HKUST CA regarding the information contained in the certificate are true. All information contained in the certificate is true to the extent that the certificate owner had knowledge or notice of such information. Each digital certificate created using the private key corresponding to the public key listed in the certificate is the digital certificate of the certificate owner and the certificate has been accepted and is operational (not expired or revoked) at the time the digital certificate is created. No unauthorised person has ever had access to the certificate owner's private key. The certificate owner is an end-user certificate owner and not an Issuing Authority, and will not use the private key corresponding to any public key listed in the certificate for purposes of signing any certificate (or any other format of certified public key) or CRL, as an Issuing Authority or otherwise, unless expressly agreed in writing between certificate owner and HKUST CA. By accepting a certificate, the certificate owner assumes a duty to retain control of the certificate owner's private key, to use a trustworthy system, and to take reasonable precautions to prevent its loss, disclosure, modification, or unauthorized use. The user must revoke his certificate when there has been a loss, theft, modification, unauthorized disclosure, or other compromise of the private key of the certificate with HKUST CA. By accepting a certificate, the certificate owner agrees to indemnify and hold HKUST CA harmless from any acts or omissions resulting in liability, any loss or damage, and any suits and expenses of any kind that HKUST CA may incur, that are caused by the use or publication of a certificate and that arises from: Falsehood or misrepresentation of fact by the certificate owner. Hong Kong University of Science & Technology 20

25 Failure by the certificate owner to disclose a material fact, if the misrepresentation or omission was made negligently or with intent to deceive HKUST CA or any person receiving or relying on the certificate. Failure to protect the certificate owner's private key, to use a trustworthy system, or to otherwise take the precautions necessary to prevent the compromise, loss, disclosure, modification or unauthorized use of the certificate owner's private key. 8.2 Rights and obligations of HKUST CA HKUST CA neither generates nor holds the private keys of certificate owners. Also HKUST CA cannot ascertain or enforce any particular private key protection requirements of any applicant or certificate owner. Upon receipt of a certificate application, HKUST CA shall perform all required validations as a prerequisite to certificate issuance, as follows: The certificate applicant is the person identified in the request (in accordance with and only to the extent provided in the certificate class descriptions). The information to be listed in the certificate is accurate, except for non-verified certificate owner information. Once a certificate is issued, HKUST CA shall have no continuing duty to monitor and investigate the accuracy of the information in a certificate. Unless otherwise provided in the CPS or mutually agreed upon by both HKUST CA and the certificate owner in an authenticated record, HKUST CA promises to the certificate owner named in the certificate that There are no mis-representations of fact in the certificate known to HKUST CA or originating from HKUST CA, There are no data transcription errors as received by HKUST CA from the certificate applicant resulting from a failure of HKUST CA to exercise reasonable care in creating the certificate. The certificate meets all material requirements of the CPS. Unless otherwise provided in this CPS or mutually agreed upon by both HKUST CA and the certificate owner in an authenticated record, HKUST CA promises to the certificate owner to make reasonable efforts: To promptly revoke certificates upon request of the certificate owner. To notify certificate owners of any facts known to it that materially affect the validity and reliability of the certificate it issued to such certificate owner. Hong Kong University of Science & Technology 21

26 Upon certificate owner's acceptance of the certificate, and checking by HKUST CA, HKUST CA shall publish a copy of the certificate in the HKUST CA repository and in one or more other repositories, as determined by HKUST CA. Certificate owners may publish their HKUST CA certificates in other repositories. HKUST CA provides the controls and foundation for PKI. Hong Kong University of Science & Technology 22

27 9. Liability 9.1 Liability of Certificate Owner Without limiting other certificate owner obligations stated in the CPS, certificate owners are liable for any mis-representation they make in certificates to third parties that, reasonably rely on the representations contained therein. 9.2 Liability of HKUST CA HKUST CA Does not warrant the accuracy, authenticity, completeness or fitness of any unverified information contained in certificates or otherwise compiled, published, or disseminated by or on behalf of HKUST CA. Does not warrant the accuracy, authenticity, completeness or fitness of any information contained in Personal Class 1 certificates. Shall not incur liability for representations of information contained in a certificate, provided the certificate content substantially complies with the CPS. Does not warrant "non-repudiation" of any certificate or message (because nonrepudiation is determined exclusively by law and the applicable dispute resolution mechanism). Hong Kong University of Science & Technology 23

28 10. Use of Certificates HKUST CA and "users" of the certificate, (i.e., the certificate owner and the relying parties), are notified of the following rules governing the respective rights and obligations of the parties among themselves: Verification of Digital Certificates Verification of a digital certificates shall be undertaken as follows: Checking with the HKUST CA (or other) repository for revocation of certificates. To verify a digital certificates, it is necessary to know precisely what data has been signed. In the case of public key cryptography standards (PKCS), a standard signed message format is specified to accurately denote the signed data. To support non-repudiation, the data to which the corresponding digital certificate is attached must include, or reference, a time stamp. The time stamp shall reflect the time at which date and time the digital certificate is affixed. Failure of Digital Certificate Verification A person relying on an unverifiable digital certificate assumes all risks with regard to it and is not entitled to any presumption that the digital certificate is effective as the certificate of the certificate owner. Security Measures Any person using or relying upon a HKUST CA certificate in conjunction with a message shall apply reasonable security measures to the message to provide message authentication and, as required, to support data confidentiality. Revocation A certificate shall be revoked under circumstances like: There has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate's subject. The certificate's subject (whether HKUST CA or a certificate owner) has breached a material obligation under the CPS. The performance of a person's obligations under the CPS is delayed or prevented by an act of God, natural disaster, computer or communications failure, or other cause Hong Kong University of Science & Technology 24

29 beyond the person's reasonable control, and as a result another person's information is materially threatened or compromised. HKUST CA must make a reasonable effort to revoke a certificate, if it determines any of the following: A material fact represented in the certificate is known or reasonably believed by HKUST CA to be false. A material prerequisite to certificate issuance was neither satisfied nor waived. The private key or trustworthy system was compromised in a manner materially affecting the certificate's reliability. The certificate's subject has breached a material obligation under the CPS. Hong Kong University of Science & Technology 25

30 11. Appendices 11.1 Sample Letter for Secure Server Certificate Application <Department Letter Head> Attention: HKUST Certificate Authority Information Technology Services Center Hong Kong University of Science and Technology Clear Water Bay Kowloon Hong Kong <Date> Application for Secure Server Certificate I, <Name of Applicants>, hereby approve the use of a HKUST CA Secure Server Certificate for secure and authenticated electronic transactions by HKUST CA. I hereby represent that I am fully authorized to make such approval, and that I understand that a digital certificate acts as a department stamp or director s signature for the purposes of electronic commerce, and that the management of the private keys associated with such certificates is the responsibility of our technical staff or contractors. The contents of that certificate are as follows: Server Domain Name : <Server Name> e.g. ccms01.ust.hk Department : <Department Name> e.g. Information Technology Services Center The person responsible for key management and security is fully authorized to install and utilise the certificate to represent this organization s electronic presence. Authorizing Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Technical Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Our department stamp appears below. <Department Stamp> Hong Kong University of Science & Technology 26

31 11.2 Sample Letter for Developer Certificate Application <Department Letter Head> Attention: HKUST Certificate Authority Information Technology Services Center Hong Kong University of Science and Technology Clear Water Bay Kowloon Hong Kong <Date> Application for Developer Certificate I, <Name of Applicants>, hereby approve the use of a HKUST CA Developer Certificate for secure and authenticated electronic transactions by HKUST CA. I hereby represent that I am fully authorized to make such approval, and that I understand that a digital certificate acts as a department stamp or director s signature for the purposes of electronic commerce, and that the management of the private keys associated with such certificates is the responsibility of our technical staff or contractors. The contents of that certificate are as follows: Object Description : <Object Name and Description> Department : <Department Name> e.g. Information Technology Services Center The person responsible for key management and security is fully authorized to install and utilise the certificate to represent this organization s electronic presence. Authorizing Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Technical Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Our department stamp appears below. <Department Stamp> Hong Kong University of Science & Technology 27

32 Hong Kong University of Science & Technology 28

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

3.Practices and procedures. v 1.1 05.12.2014

3.Practices and procedures. v 1.1 05.12.2014 v 1.1 05.12.2014 3.Practices and procedures DOMENY.PL Ltd / DOMENY.PL sp. z o.o. Marcika 27 30-443 Krakow, Poland tel.: (+48) 12 296 36 63 fax: (+48) 12 395 33 65 hotline / infolinia: (+48) 501 DOMENY

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU

More information

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia.

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card

Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card Subscribers must carefully read the terms and conditions in this Subscriber Agreement

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above).

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above). Subscriber Agreement for Certificates PLEASE READ THIS AGREEMENT AND MICROS CERTIFICATION PRACTICES STATEMENTS ("CPS") CAREFULLY BEFORE USING THE CERTIFICATE ISSUED TO YOUR ORGANIZATION. BY USING THE CERTIFICATE,

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

RapidSSL(tm) Subscriber Agreement

RapidSSL(tm) Subscriber Agreement RapidSSL(tm) Subscriber Agreement Please read the following agreement carefully. By submitting an enrollment form to obtain a RapidSSL Digital Certificate (the Certificate ) and accepting and using such

More information

Vodafone Group Certification Authority Test House Subscriber Agreement

Vodafone Group Certification Authority Test House Subscriber Agreement Vodafone Group Certification Authority Test House Subscriber Agreement Publication Date: 12/05/09 Copyright 2009 Vodafone Group Table of Contents Vodafone Group Certification Authority Test House Subscriber

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

ARTL PKI. Certificate Policy PKI Disclosure Statement

ARTL PKI. Certificate Policy PKI Disclosure Statement ARTL PKI Certificate Policy PKI Disclosure Statement Important Notice: This document (PKI Disclosure Statement, PDS) does not by itself constitute the Certificate Policy under which Certificates governed

More information

FREESSL SUBSCRIBER AGREEMENT

FREESSL SUBSCRIBER AGREEMENT FREESSL SUBSCRIBER AGREEMENT PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY. BY SUBMITTING AN ENROLLMENT FORM TO OBTAIN A FREESSL DIGITAL CERTIFICATE (THE CERTIFICATE ) AND ACCEPTING AND USING SUCH CERTIFICATE,

More information

GlobalSign Subscriber Agreement for DomainSSL Certificates

GlobalSign Subscriber Agreement for DomainSSL Certificates GlobalSign Subscriber Agreement for DomainSSL Certificates Version 1.3 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU OR YOUR ORGANISATION. BY USING THE DIGITAL

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark

More information

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US) GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE

More information

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015 ING Public Key Infrastructure Customer Certificate Policy Version 5.4 - November 2015 Colophon Commissioned by Additional copies Document version General Abstract Audience References ING PKI Policy Approval

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 1. Contact Information Enquiries or other communications about this statement should be addressed to: The Royal Bank of Scotland TrustAssured

More information

GEOSURE PROTECTION PLAN

GEOSURE PROTECTION PLAN GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates

More information

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Certification Authority means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates. QUICKSSL PREMIUM(tm) SUBSCRIBER AGREEMENT Please read the following agreement carefully. By submitting an application to obtain a QuickSSL Premium(tm) Certificate and accepting and using such certificate,

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

Vodafone Group CA Automated Code- Signing Certificate Policy

Vodafone Group CA Automated Code- Signing Certificate Policy Vodafone Group CA Automated Code- Signing Certificate Policy Publication Date: 05/05/09 Copyright 2009 Vodafone Group Table of Contents Acknowledgments...1 1. INTRODUCTION...2 1.1 Overview...3 1.2 Document

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is. Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

LDRC/LSM PUBLIC KEY INFRASTRUCTURE (PKI) LAWYER SUBSCRIBER AGREEMENT

LDRC/LSM PUBLIC KEY INFRASTRUCTURE (PKI) LAWYER SUBSCRIBER AGREEMENT LDRC/LSM PUBLIC KEY INFRASTRUCTURE (PKI) LAWYER SUBSCRIBER AGREEMENT Between: LEGAL DATA RESOURCES (MANITOBA) CORPORATION ("LDRC") - and - (the "Subscriber") 1. Purpose This Subscriber Agreement contains

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

Post.Trust Certificate Authority

Post.Trust Certificate Authority Post.Trust Certificate Authority Certification Practice Statement CA Policy and Procedures Document Issue date: 03 April 2014 Version: 2.7.2.1 Release Contents DEFINITIONS... 6 LIST OF ABBREVIATIONS...

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 1.5

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 1.5 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 1.5 Effective Date: 13 August 2012 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT TABLE of CONTENTS 1. INTRODUCTION VERSION 1.5 EFFECTIVE DATE:

More information

ODETTE CA Subscriber Agreement for Certificates

ODETTE CA Subscriber Agreement for Certificates ODETTE CA Subscriber Agreement for Certificates ODETTE Subscriber Agreement for Certificates 3 Table of Contents 1 ODETTE CA Subscriber Agreement for Certificates... 5 2 Definitions... 5 2.1 Digital Certificate...

More information

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document: Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement In this document: Company refers to the hospital, hospital group, or other entity that has been pre- registered by

More information

(This agreement is in rich text format and appears in a scrolling text box once you ve reached https://orgcert-renewal.equifax.com/orgcerts/...

(This agreement is in rich text format and appears in a scrolling text box once you ve reached https://orgcert-renewal.equifax.com/orgcerts/... (This agreement is in rich text format and appears in a scrolling text box once you ve reached https://orgcert-renewal.equifax.com/orgcerts/...) Equifax Subscriber Agreement This Agreement is between the

More information

EBIZID CPS Certification Practice Statement

EBIZID CPS Certification Practice Statement EBIZID EBIZID CPS Certification Practice Statement Version 1.02 Contents 1 General 7 1.1 EBIZID 7 1.2 Digital Certificates 7 1.3 User Interaction for Selecting a Certification Service 7 1.4 EBIZID Registration

More information

APPLICATION FOR DIGITAL CERTIFICATE

APPLICATION FOR DIGITAL CERTIFICATE Application ID Number (For Official Use only) APPLICATION FOR DIGITAL CERTIFICATE Instructions: 1. Please fill the form in BLOCK LETTERS ONLY. 2. All fields are mandatory. 3. Present one (1) copy and the

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER

More information

Authorized Subscribers

Authorized Subscribers Authorized Subscribers Obtaining a Digital Certificate following receipt of your Authorized Subscriber Membership number Instructions: April, 2013 Following the acceptance of your application to become

More information

NIC Certifying Authority National Informatics Centre Ministry of Communications and Information Technology Government of India

NIC Certifying Authority National Informatics Centre Ministry of Communications and Information Technology Government of India Page-1 NIC Certifying Authority National Informatics Centre Ministry of Communications and Information Technology Government of India Ref. No.... (To be filled by NICCA) NOTE: DIGITAL SIGNATURE CERTIFICATE

More information

Mid Carolina CU Internet Online Banking Services Terms and Conditions

Mid Carolina CU Internet Online Banking Services Terms and Conditions Mid Carolina CU Internet Online Banking Services Terms and Conditions This Agreement is the contract which covers your and our rights and responsibilities concerning the Home Banking services offered to

More information

Transnet Registration Authority Charter

Transnet Registration Authority Charter Registration Authority Charter Version 3.0 is applicable from Effective Date Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 544 9368 Fax +27 (0)11 544 9599 Website: http://www.transnet.co.za/

More information

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

MERCHANT SERVICE APPLICATION

MERCHANT SERVICE APPLICATION MERCHANT SERVICE APPLICATION MERCHANT INFORMATION Merchant Name Merchant Domain Name DBA Name Business Type Merchant Currency Merchant Country Business Registration No Paid Up Capital Registered Business

More information

Eskom Registration Authority Charter

Eskom Registration Authority Charter REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11

More information

Merchant Gateway Services Agreement

Merchant Gateway Services Agreement Merchant Gateway Services Agreement This Merchant Gateway Services Agreement ( Agreement ) is made as of, 20 ( Effective Date ), by and between American POS Alliance, LLC ( Reseller ) and the merchant

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

RapidSSL SSL Certificate Subscriber Agreement

RapidSSL SSL Certificate Subscriber Agreement RapidSSL SSL Certificate Subscriber Agreement YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A RAPIDSSL, RAPIDSSL ENTERPRISE OR FREESSL CERTIFICATE

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services.

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services. THIS EXTENDED WARRANTY PROTECTION PLAN ( Plan ) is provided by Symantec Corporation ( Symantec ) to NetSure Subscribers identified below. NetSure Subscribers holding Symantec Trust Network, Thawte, GeoTrust,

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 6 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

In the Agreement, "we", us" and "our" refer to Computerisms. "you" or "your" refers to the Client.

In the Agreement, we, us and our refer to Computerisms. you or your refers to the Client. Web Hosting Agreement! This Agreement covers the terms and conditions under which Computerisms provides web-hosting services to the agreeing party. As an organization or individual applying for web-hosting

More information

SYMANTEC TRUST NETWORK RELYING PARTY AGREEMENT FOR SSL CERTIFICATES

SYMANTEC TRUST NETWORK RELYING PARTY AGREEMENT FOR SSL CERTIFICATES SYMANTEC TRUST NETWORK RELYING PARTY AGREEMENT FOR SSL CERTIFICATES SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES, INCLUDING GEOTRUST AND THAWTE ( COMPANY ) IS WILLING TO PROVIDE THE SERVICES TO YOU AS

More information

PKI Disclosure Statement

PKI Disclosure Statement Land Registry Version 2.0 23/07/2008 PKI Disclosure Statement 1. Introduction Land Registry has created an e-security platform for its customers to facilitate role-based access, authentication and electronic

More information

SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement

SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement YOU MUST READ THIS EXTERNAL CERTIFICATION AUTHORITY SUBSCRIBER AGREEMENT ( SUBSCRIBER AGREEMENT ) BEFORE APPLYING

More information

ComSign Ltd. Certification Practice Statement (CPS)

ComSign Ltd. Certification Practice Statement (CPS) ComSign Ltd. Certification Practice Statement (CPS) Procedures relating to issuing electronic certificates that comply with provisions of the Electronic Signature Law and its regulations. Version 3. 1.1.

More information

IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE "DECLINE" BUTTON BELOW.

IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE DECLINE BUTTON BELOW. United States Department of Justice Drug Enforcement Administration Controlled Substance Ordering System (CSOS) Subscriber Agreement (Revision 8, February 7, 2007) SUBSCRIBERS MUST READ THIS SUBSCRIBER

More information

ComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS)

ComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS) ComSign Ltd. TM Security Certificate Approval Regulations For SSL Websites (CPS) Version 1.2 Publication date: [14/12/2008 ] Recommended effective date: [14/12/2008] ComSign Building 4, Kiryat Atidim,

More information

Network Security, spring Final Project Report X.509

Network Security, spring Final Project Report X.509 Network Security, spring 2008 Final Project Report X.509 This report is the final report for the Network Security course module of the LP 2 of the second semester in the Network Design course. The course

More information

Website Authentication, Electronic Signatures and Electronic Seals

Website Authentication, Electronic Signatures and Electronic Seals Website Authentication, Electronic Signatures and Electronic Seals Fulfilling the eidas requirements for providers of qualified certificates with BSI Technical Guidelines 6. May 2016 Federal Office for

More information

Linklaters Knowledge Portal Terms of Use

Linklaters Knowledge Portal Terms of Use Linklaters Knowledge Portal Terms of Use These terms of use govern access by an individual to information provided by Linklaters through the Linklaters Knowledge Portal. 1 Definitions Information means

More information

Amazon Trust Services Certificate Subscriber Agreement

Amazon Trust Services Certificate Subscriber Agreement Amazon Trust Services Certificate Subscriber Agreement This Certificate Subscriber Agreement (this Agreement ) is an agreement between Amazon Trust Services, LLC ( ATS, we, us, or our ) and the entity

More information

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation Please send your completed renewal confirmation to: Department of Human Services Fax number: 1800 890 698 Number of pages

More information

TERMS AND CONDITIONS OF USE

TERMS AND CONDITIONS OF USE TERMS AND CONDITIONS OF USE These Terms and Conditions of Use (herein after Agreement ) govern the terms and conditions pursuant to which the Account Holder through its User(s) will have access to the

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012 Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate

More information

Conditions of Supply of Internet Services

Conditions of Supply of Internet Services Conditions of Supply of Internet Services Terms and Conditions for domain name registrations Print this page. The Kirby Group Registration Agreement In this registration agreement ('Agreement'), the terms

More information

Compromise shall mean a loss, theft, disclosure, modification, unauthorized use, or other compromise of the security of a private key.

Compromise shall mean a loss, theft, disclosure, modification, unauthorized use, or other compromise of the security of a private key. VeriSign Class 3 Organizational Certificate Subscriber Agreement [Secure Server ID, Global Server ID and Shared Hosting Encryption ID (Shared Certification)] YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER

More information

New York State Electronic Signatures and Records Act

New York State Electronic Signatures and Records Act PIANY Doc. No. 31174 New York State Electronic Signatures and Records Act The information contained within this Resource kit was made available by the New York State Department of State Division of Administrative

More information

1. Definitions: The capitalized terms used in this Agreement shall have the following meanings unless otherwise specified:

1. Definitions: The capitalized terms used in this Agreement shall have the following meanings unless otherwise specified: Subscriber Agreement for ISP Certificate Request YOU, THE INTERNET SERVICE PROVIDER, MUST READ THIS SUBSCRIBER AGREEMENT ("AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A thawte SSL SERVER CERTIFICATE

More information

General Terms and Conditions of Use of Fina s e-invoice Internet Service

General Terms and Conditions of Use of Fina s e-invoice Internet Service General Terms and Conditions of Use of Fina s e-invoice Internet Service 1.0. Introduction and Definition of Terms 1.1. These General Terms and Conditions of Use of Fina s e-invoice Internet Service (hereinafter:

More information

We includes New Leaf Web Design or any party acting on New Leaf Web Design s implicit instructions.

We includes New Leaf Web Design or any party acting on New Leaf Web Design s implicit instructions. Definition of Terms We includes New Leaf Web Design or any party acting on New Leaf Web Design s implicit instructions. You or the Client includes the person or organisation purchasing the services or

More information

RapidSSL SSL Certificate Subscriber Agreement

RapidSSL SSL Certificate Subscriber Agreement RapidSSL SSL Certificate Subscriber Agreement YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A RAPIDSSL OR FREESSL CERTIFICATE (COLLECTIVELY A

More information

ONLINE BANKING ENROLLMENT FORM. Customer Information. Security and Identification Information. Bank Use

ONLINE BANKING ENROLLMENT FORM. Customer Information. Security and Identification Information. Bank Use ONLINE BANKING ENROLLMENT FORM Complete a separate form for each user Please print this Application and Terms & Conditions and fill out completely. If you have any questions about these forms, call one

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement Version: 2.12 April 6, 2015 2015 Entrust Limited. All rights reserved. Revision History Issue Date Changes in this Revision 1.0 May 26, 1999

More information

CITY OF LANCASTER RFP NO. 621-15 LANCASTER PERFORMING ARTS CENTER TICKETING SOFTWARE SUBMISSION DEADLINE. July 24, 2015 BY 11:00 A.M.

CITY OF LANCASTER RFP NO. 621-15 LANCASTER PERFORMING ARTS CENTER TICKETING SOFTWARE SUBMISSION DEADLINE. July 24, 2015 BY 11:00 A.M. CITY OF LANCASTER RFP NO. 621-15 LANCASTER PERFORMING ARTS CENTER TICKETING SOFTWARE SUBMISSION DEADLINE July 24, 2015 BY 11:00 A.M. SUBMIT TO: Office of the City Clerk Lancaster City Hall 44933 Fern Avenue

More information

Business Internet Banking Agreement (BIB)

Business Internet Banking Agreement (BIB) Business Internet Banking Agreement (BIB) Agreement This agreement governs your enrollment and use of Business Internet Banking (BIB). This service allows you to access your accounts through the Internet.

More information

(On client s letterhead) Attn: Subject: Application for online foreign exchange facility

(On client s letterhead) Attn: Subject: Application for online foreign exchange facility (On client s letterhead) Date: To, Kotak Mahindra Bank Ltd. Attn: Subject: Application for online foreign exchange facility Dear Sir, I/ We have understood the terms, conditions, operation and associated

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

TERMS OF USE 1 DEFINITIONS

TERMS OF USE 1 DEFINITIONS 1 DEFINITIONS In these Terms of Use a) CDA shall mean Common Data Access Limited, a company registered in England and Wales whose registered office is at 6th Floor East, Portland House, Bressenden Place,

More information

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB 2007-10-18 1 (46) TeliaSonera Root CA v1 Certificate Practice Statement Published by: TeliaSonera AB Company Information Created Modified Approved Valid from 2007-10-12 Reg. office: Printed Coverage Business

More information

TERMS AND CONDITIONS FOR THE USE OF SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM)

TERMS AND CONDITIONS FOR THE USE OF SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM) SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM) Contents 1 Definitions... 3 2 Singapore Power Supplier Relationship Management System (SPSRM)... 5 3 Security, Access and Use of SPSRM...

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information