1 CERTIFICATION PRACTICE STATEMENT (CPS) OF SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version.0
2 (CPS) INDEX 1. LEGAL FRAMEWORK Legal Base Validation Legal Support Conflicts Resolution Process INTRODUCTION Presentation Name of Document Identification Publication Definitions and Acronyms Definitions Acronyms General Aspects Obligations Responsibilities Participant Companies Authority (CA) Applicant Subscriber Signatory Password Protection Relaying Party Certificate types... 4/06/011 Página
3 (CPS).5.1. Recognized Cooperation Certificates Certificate for the Public Administration Private Secure Server Certificates Support Types Signature-Creation Device. SSCD Software support Roaming Support Particular use of certificates Appropriate use of certificates Unauthorized Use of Certificates Policy administrations Responsible Organization Revision Frequency Approval Procedure REPOSITORIES AND INFORMATION PUBLICATION Repositories Information Publication Policies and s Terms and conditions Certificate Diffusion Publication Frequency Access Control of the Repositories IDENTIFICATION AND AUTHENTICATION Name Registry Name Types Necessity of Names being Noteworthy Rules to interpret various name formats /06/011 Página
4 (CPS) Name Uniqueness Initial Identity Validation Proof of private key possession method Authentication of the identity of a Legal Entity Authentication of the Identity of a Natural Person Authentication of the RA Identity and RA Operators Validation Identification and Authentication in Certificate Renewal Online Certificate Renewal in Roaming Physical Certificate Renewal Identification and Authentication of Renewed Certificates OPERATIONAL REQUIREMENTS FOR THE CERTIFICATES LIFE CYCLE Certificate Request Who can request a Certificate Application Process Certificate Validity of an Electronic Signature for a Natural Person Application Process Completion of Identification Authentication Functions Approval or rejection of the Certificate Applications Certificate Emission CA Actions during the Certificate Emission Certificate Delivery Certificate Acceptance Manners to Accept a Certificate Certificate Publication Password Uses and Certificates Private Key and subscriber Certificate Use Use of Public key and Certificate by third parties that trust Certificates /06/011 Página 4
5 (CPS) 5.7. Certificate Renewals without Changing Passwords Renewal with Password Changes Online Renewal Circumstances Who can request for an Online Certificate Renewal Online Application Renewal Processing Requests of Online Renewal Notification of the Renewed Certificate Issuance Ways to accept a Renewed Certificate Publishing the Renewed Certificate Certificate Modification Revocation and Suspension of Certificates Causes for Revocation Who can request a revocation Application Revocation Procedures Period in which the CA should Resolve the Revocation Verification Obligation of Revocations by Third Parties Emission Frequency of the CPSs Maximum Time between the Generation and Publication of the CRLs Availability of the Online Certificate Verification Status System Requirements for Online Revocation Checking Suspension Circumstances Who can Request a suspension Suspension Period Limits Information Certificate Services State Operation Characteristics Service Availability Subscription Suspension PHYSICAL SECURITY, INSTALLATIONS, MANAGEMENT AND OPERATIONAL CONTROLS /06/011 Página 5
6 (CPS) 6.1. Physical Controls Physical Location and Construction Physical Access Electrical Power and Air Conditioning Water Exposure Fire Protection, and Prevention Storage Systems Elimination of Information support Procedure Controls Responsibility roles Number of people required per Tasks Role Identification and Authentication Role that Require Function Segregation Personnel control Requirements related to Professional Qualifications, Knowledge, and Experience Antecedents Verification Process Education Requirement Education Requirements, Frequency and Actualization Third party Contract Requirements Security Auditory Processes Registered Event Types Frequency of Auditing Registry Processes Auditing Registry Conservations Auditing Registry Protection Auditing Registry Backup Procedures Auditing Systems Information Gathering Vulnerability Analysis Registry Archives /06/011 Página 6
7 (CPS) Event Archive Types Registry Storage Period Archive Protection Archive Security Copy Procedure Registry Time Stammping Requirements Auditing Information Archiving System Procedure in Order to Obtain and Verify Archived Information CA Rekeying Root CA Subordinate CA Disaster Recuperation Plan Fire and Vulnerabilities Management Procedure Altering Hardware, Software and/or Data Resources Procedure to follow in the event of password theft from a Certificate Authority Continuing Business after a Catastrophe Activity Suspension Authority Registry Authority TECHNICAL SECURITY CONTROLS Generation and Installation of the Key Pair Generation of the Key Pair Delivery of the Private Key to the Subscriber Delivery of the Public Key to the Certificate Emissary Delivery of the CA Public Key to Trusted Certificate CA Third party Members Permitted uses of the Key (X509v Key Usage) Private Key Protection and Engineering Controls of the Cryptographic Module Cryptographic Standard Model Multi-person Control (k of n) of the Private Key /06/011 Página 7
8 (CPS) 7... Protection of the Private Key Security Copy of the Private Key Private Key Archiving Transferring the Private Key to/or from a Cryptographic Module Private Key Activation Method Private Code Deactivation Private Key Destruction Method Other Aspects of the Management of Key Pairs Public Key Storage Certificate Operation Period and Key Pair Usage Period Activation Data Activation Data Installation and Generation Activation Data Protection Information System Controls Security Requirements Information Security Evaluation Security Life Cycle Controls System Development Controls Security Management Controls Network Security Controls PROFILE CERTIFICATE Certificate profiles Version Number Certificate Extension Name Format CRL Profile Version Number CRL and Extensions /06/011 Página 8
9 (CPS) 9. AUDIT COMPLIANCE AND OTHER CONTROLS Auditing Frequency Auditor Qualification Relation between the Auditor and the Authority Audited Aspects Covered by the Controls Registry Authority Audit Actions to be taken as a result of incident detection Communication Results OTHER BUSINESS AND LEGAL MATTERS Fees Certificate Emission Fees and Renewal Certificate Access Fees Access Fee of the Information Status or Revocation Fees and Other Services Information Confidentiality Scope of Confidential Information Non Confidential information Responsibility in the Protection of Confidential Information Reviews /06/011 Página 9
10 (CPS) 1. LEGAL FRAMEWORK 1.1. Legal Base The Electronic Commerce, Electronic Signatures and Data Messaging Law, its Regulation; Organic Consumer Defense Law, CONATEL Organic Transparency Law of Information and Accreditation. 1.. Validation The present document will become valid since approval date. 1.. Legal Support a) The electronic commerce, electronic signatures and data messaging law, published in the Official Register No. 577 April 17, 00. b) According to Art. 7 of the electronic commerce, electronic signatures and data messaging law, the National Telecommunications Council is the organism for authorization, registry and regulation of information certification entities and accredited related services. c) The General Regulation of the electronic commerce, electronic signatures and data messaging law, was expended by executive decree No 496 published in the official registry 75 December 1, 00, and its constant reforms in executive decree 156 of September 9, 008, published in the Official Registry No. 440 of October 6, 008. d) The second listed article added by article 4 of the executive decree No. 156 after article 17 of general regulation by the law of electronic commerce, electronic signatures and data messaging, says that the accreditation as an information certification entity and related services, will consist in an administrative act emitted by CONATEL through a resolution that will be registered in the National Public Registry of Information certification entity. e) Resolution CONATEL-008 of October 08, 008, the resolution model was approved for the Accreditation as an Information Entity and related services f) Resolution No. TEL CONATEL-010 of October, 010, approved the 4/06/011 Página 10
11 (CPS) Petition for Accreditation for the company SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL S.A. as an information certification entity and related services, for which SENATEL subscribed in the respective administrative act, as the model approved by the National Telecommunications Council 1.4. Conflicts Resolution Process The differences that are presented between parties with occasion of this service during its execution or its interpretation will be resolved directly in the first instance by the User and SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL S.A. If no agreement exists, this may be submitted to the mediation process dispute to the as an alternative system for solution of conflicts recognized constitutionally, for which both parts agree to go to the Mediation Center of the General Attorney of State. The mediation process will be subject to the arbitration and mediation law and the regulations of the operation of the Mediation Center from the General Attorney of State. If in the case of signing a Total act, this will have the same effect as a final sentence and the judged element and its execution will be the same as a sentence from the last instance following legal procedures, as provided in Art. 47 in the Arbitration and Mediation Law. In the case of no agreement between parties, they will agree to the impossibility of agreement act and the dispute will be taken to the respective District Court of the competent administrative law. In case of subscribing acts of partial agreement, this will have the same effect and will happen over the agreed matters; and in the case of unresolved aspects, will be judged in front of the District Court of the competent administrative law. The applied legislation is the Ecuadorian one.. INTRODUCTION.1. Presentation Security Data Seguridad en Datos y Firma Digital S.A. is a certification entity that was created to meet the necessities of the Ecuadorian market in electronic signatures and digital certificates. The certification information services and related electronic services offered by Security Data Seguridad en Datos y Firma Digital are aimed to natural people, public and private corporations (such as businesses, public entities) and its objective is to accredit digital 4/06/011 Página 11
12 (CPS) identity of corporations and natural people that work through the internet. In this Declaration of the conditions are specified, policies and procedures are valid in the application, emission, use, suspension and revocation of certificates of electronic signatures and as well to related services and contains: 1. Identification Data of the Information Entity and Related Services in accreditation.. Terms of information use provided by users. Responsibility limits in services for information certification and related services in electronic signatures. 4. Obligations in the Accredited Information Entity and Related Services when providing certification, information, and related services concerning the signature. 5. User obligations and precautions that must be observed in the management, the use and safekeeping of certificates and passwords. 6. Management policies of electronic signature certificates. 7. Policies and management conditions of related services concerning electronic signatures. 8. Guarantees in the compliance of obligations that arise from activities. 9. Costs and Taxes in the information certification services and related concerning electronic signatures. The structure of this document is based on the specification of the Standard "RFC647 - Internet X.509 Public Key Infrastructure: Certificate Policy and s Framework, created by the work group PKIX of IETF. Furthermore the general conditions established in this CPS, each certificate type emitted by Security Data Seguridad en Datos y Firma Digital is based on particular conditions contained in a document entitled "Política de Certificación" (in English CP o Certificate Policy). There is a certification policy for every type of document emitted... Name of Document..1. Identification Name: Declaration of s (CPS) Version:.0 Description: Declaration of of Security Data Seguridad en Datos y Firma Digital S.A. Emission Date: September, 010 4/06/011 Página 1
13 (CPS)... Publication This document is free in the website Definitions and Acronyms..1. Definitions Electronic Certificate: Is an electronical document signed by a certification service provider which links signature verification data to a signatory and confirms its identity. Recognized Certificate: A certificate issued by an Accredited Entity that meets the requirements established by the law regarding identity verification and other circumstances by applicants and reliability of guarantees of certification services given. Public Key and Private Key: The asymmetric cryptography in which PKI is based on key pairs uses (this could also be two key pairs), which is encrypted with one and can only be decrypted with the other and viceversa. One of these keys is called Public and is included in the electronic certificate, while the other is called private and only is known by the certificate holder Signature Creation Data (Private Key): Are unique data, such as codes or private cryptographic passwords, which the subscriber uses to create electronic signatures. Data Signature Verification (Public Key): Are the data, such as codes or private cryptographic passwords, used to verify the electronic signature. Secure Signature-Creation Device. (SSCD): Instruments used to apply data for signature creation. Electronic Signature: Is a group of data in electronic form, entered with others, which can be used as a medium for personal identification. Advanced Electronic Signature: Is an electronic signature that establishes personal subscriber identification concerning signed data, and is used to check integrity, being linked exclusively to the subscriber, like referred data, and also it has been created by means to maintain exclusive control. Hash Function: Is an operation that is done in any size data group, so that the obtained result is another data group, regardless of the original size, that has the property of being uniquely associated with the initial data. Certificate Revocation List (CRL): This is a List that contains revoked or suspended certificates Hardware Security Module (HSM): This is a Hardware Module used to make cryptographic functions and also it is used to store passwords in safemode. Time Stamping: Electronic annotation signed electronically which is added to a message data that records the date, hour, and the identity of the person making the annotation. Time Stamping Authority (TSA): entity that issues trusted time stamps. Validation Authority (VA): trusted entity that provides information on the validity of digital certificates and electronic signatures. 4/06/011 Página 1
14 (CPS)... Acronyms CA: Authority SUB CA: Authority Subordinate RA: Register Authority CP: Policy CPS: Declaration for s CRL: Certificate Revocation List HSM: Hardware Security Module LDAP: Lightweight Directory Access Protocol OCSP: Online Certificate Status Protocol. PKI: Public Key Infrastructure CSP: Cryptographic Service Provider TSA: Time Stamp Authority VA: Validation Authority ICE: Information Entity OID: Object identifier DN: Distinguished Name C: Country, Distinguished Name Attribute CN: Common Name, Distinguished Name Attribute O: Organization, Distinguished Name Attribute OU: Organizational Unit (Organizational Unit), Distinguished Name attribute SN: ISO: PKCS: UTF8: SurName, Distinguished Name attribute International Organizational for Standardization Public Key Cryptography Standards, Unicode Transformation Format 8 bits. 4/06/011 Página 14
15 (CPS).4. General Aspects.4.1. Obligations CA Obligations Issue Certificates under the CPS, the corresponding PCs, and the standards of the application. Issue Certificates whose minimum content is defined by the current Policy Certificate. Issue Certificates based on the information in possession and error free from the entry data. Maintain their own private passwords under exclusive control using trustworthy products and systems for storage to ensure confidentiality and to make them inaccessible to unauthorized people, avoiding loss and compromise. Issue the requested certificates adjusting themselves according to the CPS, in the PCs each certificate type and, when appropriate, the contracts of provided services to the corresponding certifications and the agreement for the authority register. Facilitate the current versions access of the CPS and the PCs of each type of certificate. Offer and maintain the necessary infrastructure for certification services, as well as the physical security controls, the procedures and the personnel necessary to practice certification activities. Use reliable systems and products that are protected against alteration and that guarantee technical security and when appropriate, cryptography certification processes used as support. Publish issued certificates according to what is established in the law of Electronic Commerce, electronic signatures and data messaging. Protect personal data according to what is established in the law of Electronic Commerce, Electronic Signatures and data messaging. Use reliable systems to store recognized certificates that permit to verify their authenticity and prevent unauthorized alteration to data. Publish certificate copies and revocation information available to anyone who wishes to verify an electronic signature with reference to the certificates, which will be published on the web page Provide minimum information necessary for the use of certificates to the applicant, which information should be transmitted, by letter or by Take measures against certificate forgery and guarantee the confidentiality of the signature creation data during the generation process, as well as the safe delivery by a secure procedure by subscriber. Do not copy or store data from the signature creation by the subscriber. Report modifications of certificate policies and the Declaration to the subscribers and RA s which are linked. Comply with the obligations of the current CPS. All the obligations imposed by the current CPS in this case, the law of Electronic Commerce, Electronic Signatures and data messaging. Approve or reject emission applications for digital certifications from an electronic signature, according to the Established in the CPS and in the PCs. 4/06/011 Página 15
16 (CPS) Make available to the users the Certificate Revocation List, (CRL) which will be published in the webpage Constantly guard in any way all the information and relative documentation in a recognized certificate and the current declaration of certificate practice, during at least 15 years starting since the moment of its expedition date, so that the signatures can be verified. To this end SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL stores in digital format or on paper all the versions of the CPS published and contract copies of the provided services between the Information Entity and its subscriber. Report immediately to the certificate holders emitted by the ICE, the commitment of a private password, loss, disclosure, alteration, unauthorized use, for a revocation. Perform an identification and Authentication of users as in prior steps to the revocation of certificates and electronic signatures. Protect the personal data of applicants and digital or electronic certificate users Perform each of the steps described in the emission procedure of certificates for electronic signatures. Implement and maintain the security requirements imposed by lost passwords in the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, according to the CPS and PCs. Provide and maintain the necessary technological infrastructure to establish a structure, for both hardware and software to operate according to international standards Obligations of the RA The RA may assume the following obligations which will be responsible for: Identify and authenticate correctly the subscriber and/or applicant of the organization that it represents, according to the procedures established in the CPS and in the specific for each certificate type, using any means permitted by the law. Formalize issued contracts for certificates with the subscriber in terms and conditions established by the CA. Store securely and by period the provided documentation never below 15 years in the emission process of the certification and the suspension process / revocation, in the terms and conditions established by the CPS, in the CP for each type of certificate and, when appropriate, from the agreement for the Registration Authority. Carry out any other function that corresponds, through the personnel that is necessary in each case, according to the established in the CPS and in the CP for each certificate type and when appropriate, from the agreement for the Registration Authority In any case the RA will permit the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL the access to files and the procedures for the conservation of the archives assumed by the RA and it will give the right to investigate any suspicion of infraction from the CPS and/or from the CP by the RA or any certificate holder. The RA and its holders for any certificate must inform the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL immediately for any suspicion of possible infractions. 4/06/011 Página 16
17 (CPS) Applicant Obligations Pay the registration fees that correspond in virtue to the requested services. Provide the RA the information necessary for proper identification. Confirm the truthfulness and veracity of the provided information. Notify any change in provided data for the certificate creation during its valid period. Request the certificate according to the terms and conditions established by the CP for each certificate type and when appropriate, from the contract of provided services for subscribed certificates with the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL Subscriber Obligations Comply at all times with the norms and regulations issued by SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL in the corresponding certificate policies. Inform the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL any alteration or modification in the provided data to obtain the electronic signature certificate. Verify, through the list of Revoked Certificates, the status of the electronic signature certificates. Protect and conserve the Token-Security Portable Device. Request the revocation of the certificate and the emission of a new one from ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL in case of failure of remembering the protection password of the electronic signature certificate. Respond for the use of the electronic signature certificate and the consequences that arise from using it. Comply with the established in article 17 from the electronic commerce, electronic signatures and data messaging law User Obligations The users that wish to use the certificates emitted by the CA should verify the validity of the signatures emitted by the subscribers. In the event that the users do not proceed to verify the signatures through the CRL (Certificate Revocation list), the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL is not responsible for the use and reliance of these certificates. 4/06/011 Página 17
18 (CPS) Every person is entitled to trust in an electronic signature emitted by the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL certificate to a reasonable extent. To determine if it s reasonable to trust; it must be taken into account, where appropriate, the following: The nature of the operation correspondent to the signature intended to endorse. It will be not considered reasonable to trust a signature emitted by a certificate from the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, if the operation could be considered as a misuse. If the relying party has adopted adequate steps to determine the signature reliability, especially, if it has been verified that the certificate is not expired, suspended or revoked. The expiration will be stated in the certificate itself. The possible suspension or revocation of the certificate will be consulted in the revocation list or certification suspension (CRL). If the relying party knew or should have known that the signature was questioned or had been revoked or suspended The policies and procedures that rule the activity of ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL in relation to the different electronic signatures made with different emitted certificate types by ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, policies and procedures that are specified in the CPS and in the PCs are different for each certificate..4.. Responsibilities Responsibility of the CA Guarantee responsibilities and obligations fulfillment described in the CPS; and what is seen in the law of electronic commerce, electronic signatures and messaging data, and its norms. Solely and exclusively ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, will respond to damages caused to any person, when the certification services are not complying or neglecting with its legal obligations under the legislation of the Ecuadorian government. The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not be responsible for the derived or related damage from a non or defective execution of obligations made by the applicant, subscriber and/or Users. The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not be responsible for the negligent or illegal use of certificates and passwords. The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not be responsible for the damage resulting from negligent or illegal actions caused by third parties in relation to certificates by the ones emitted in favor to the determined subscriber. The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not be responsible of eventual inaccuracies in the certificate that result from the information given by the subscriber, except when always acting with the maximum negligence. The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not be responsible due to derived damage from operations whose limits haven t been identified in PCs for each certificate type. 4/06/011 Página 18
19 (CPS) The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not assume any responsibility for the delay or non execution of any of the obligations in virtue of the present CPS, if the delay or non execution results from a consequence of any fortuitous case, force majeure or any circumstance that the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL could not have reasonable control over. The ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL will not be responsible of the content of those electronically digitally signed documents. Nor the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL nor its register authorities will be responsible for damage caused by the use of its public certification services in those environments Responsibility of the RA The RA is responsible for the functions corresponding under the CPS and, in particular, will assume all responsibility for the correct identification and validation of the applicant/subscriber, with the same limitations that are established in the preceding paragraph in relation to the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL. The RA, is responsible under the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL for the damage resulting from the concerted execution of its functions in a negligent manner or in a different way other than the one specified from the present CPS and the PCs emitted for each type of certificate. Nevertheless, the RA is not responsible in any case, of the identity or identification of the applicant and/or subscriber in the event of a document falsification or other provided data, by himself or by the person who is impersonating him Responsibility of the Subscriber The subscriber is responsible for the damage caused by the non-compliance of the respective obligations listed in the CPS The subscriber is responsible of the compliance of all the obligations imposed by the present CPS, the CP of every certificate type, and the current regulations regarding the provision of certification services The subscriber agrees to compensate the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL the damage that may cause any omission or intention act, assuming procedural costs in which ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL could incur including professional lawyer and attorney fees. The subscriber shall compensate and to hold harmless the ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL for any damage that it may suffer from the full, partial or defective compliance of assumed obligations based on any complaint against it by any third party which the subscriber would have contracted. 4/06/011 Página 19
20 (CPS) User Responsibilities The user will be responsible for any legal damages caused by the non-fulfillment of its respective obligations stated in this CPS. The user will be responsible for the fulfillment of all obligations stated in this CPS, the CP of each Certificate type, and by the current certificate rendering services norm. In any case, the user will assume all responsibility and risks derived from accepting a certificate without having observed the obligations in the CPS and in the case, in the CP of each certificate, guaranteeing the compensation of ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL for this concept..4.. Participant Companies Credited Entity (CE) Security Data Seguridad en Datos y Firma Digital is a Credited Entity (CE) that emits certificates recognized by the Electronic Signatures and Data Messaging Commerce Law. Security Data Seguridad en Datos y Firma Digital is the entity that emits these certificates and is the company responsible of the operation of life cycle certificates. The authorization functions, registry, issuing and revoke of personal certificates of the destination entity, can be done by other entities associated by contract with Security Data Seguridad en Datos y Firma Digital, which will considered as intermediary. Security Data Seguridad en Datos y Firma Digital also offer electronic signatures validation services and timestamping, which is controlled by their own norms and regulations which are not included in this document Authority (CA) The system of certification of Security Data Seguridad en Datos y Firma Digital is composed of diverse CA or Authority which is organized under a Hierarchy CA Root A CA Root is the entity inside the hierarchy that emits certificates to other certification authorities and whose public key certificate has been self-signed. Its purpose is to sign the certificate of other CAs in the Hierarchy. 4/06/011 Página 0
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
CERTIFICATE POLICIES (CP) Natural Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP INDEX 1. LEGAL FRAMEWORK... 5 1.1. Legal Base... 5 1.2. Validation... 5 1.3. Legal Support...
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10
Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by
Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the
Fraunhofer Corporate PKI Certification Practice Statement Version 1.1 Published in June 2012 Object Identifier of this Document: 184.108.40.206.4.1.7220.127.116.11.1 Contact: Fraunhofer Competence Center PKI Fraunhofer
SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
TC TrustCenter GmbH Certification Practice Statement NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification Practice Statement is published in conformance
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT
Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...
E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) QUALIFIED CERTIFICATE POLICY AND PRACTICE STATEMENT (CP-CPS) VERSION 1.0 DATE OF ENTRY INTO FORCE : JUNE, 2008 OID 2.16.718.104.22.168.1.1.2 E-TUGRA
CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-
[Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank
(CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...
Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)
CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER
ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document
CERTUM QCA PKI Disclosure Statement v1.1 1 Certum QCA PKI Disclosure Statement Version 1.1 Effective date: 1 st of April, 2016 Status: valid Asseco Data Systems S.A. ul. Żwirki i Wigury 15 81-387 Gdynia
Certificate Policy for SSL Client & S/MIME Certificates OID: 22.214.171.124.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
PKI Belgium Government CA Government AA Certification Practice Statement 126.96.36.199.1.1.3 188.8.131.52.184.108.40.206 220.127.116.11.18.104.22.168 22.214.171.124.126.96.36.199 188.8.131.52.1.1.6 184.108.40.206.220.127.116.11 18.104.22.168.1.1.3 22.214.171.124.126.96.36.199
phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a
Post.Trust Certificate Authority Certification Practice Statement CA Policy and Procedures Document Issue date: 03 April 2014 Version: 188.8.131.52 Release Contents DEFINITIONS... 6 LIST OF ABBREVIATIONS...
Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate
Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA
Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro
GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates
Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED
PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...
Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Version 2.2 Document OID: 184.108.40.206.4.1.363220.127.116.11.2 February 2012 Contents
2007-10-18 1 (46) TeliaSonera Root CA v1 Certificate Practice Statement Published by: TeliaSonera AB Company Information Created Modified Approved Valid from 2007-10-12 Reg. office: Printed Coverage Business
CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final
Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential
X.509 Certificate Policy for India PKI Version 1.4 May 2015 Controller of Certifying Authorities Department of Information Technology Ministry of Communications and Information Technology Document Control
DigiCert Certificate Policy and Certification Practice Statement DigiCert, Inc. Version 3.03 March 15, 2007 333 South 520 West Lindon, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com
SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities
Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as
Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the
Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized
DigiCert Certificate Policy DigiCert, Inc. Version 4.03 May 3, 2011 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1 801 877 2100 Fax: 1 801 705 0481 www.digicert.com TABLE OF
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
Certificate Practice Statement of the Trusted Network Service Center of the China Internet Network Information Center (CNNIC) Version No.: 3.03 Validity from July 1st, 2013 China Internet Network Information
User Manual Internet Access for the public key certification service Version 1.2 / October 2014 1 Content TABLE OF CONTENTS 1 GENERAL INFORMATION... 3 1.1 INTRODUCTION... 3 2 IDENTIFICATION DATA... 3 2.1
Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate
Certificate Policy for Secure Server (SSL), Extended Validation (EV) SSL, Electronic Office and Extended Validation (EV) Electronic Office Certificates National Register of Associations. Number 171.443.
e-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013 e-mudhra emudhra Consumer Services Ltd., 3rd Floor, Sai Arcade, Outer
TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1
Internet Security Research Group (ISRG) Certificate Policy Version 1.0 Updated May 5, 2015 Approved by ISRG Policy Management Authority ISRG Web Site: https://letsencrypt.org Page 1 of 83 Copyright Notice
TC TrustCenter GmbH Certificate Policy for SAFE NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certificate Policy is published in conformance with international