1 This PIV-I Credentialing Services Customer Agreement between the Customer (as defined in Schedule A) and Citibank, N.A. (New York) ( Citi ), is supplemented by the Schedules (which are made part hereof), as may be modified in accordance with this Agreement (collectively, the Agreement ). Customer acknowledges and agrees that it and its Purchasing Agent (as defined in Schedule A) and Subscribers (as defined in Schedule A) are or will be familiar with and will comply with their respective obligations as set out in this Agreement. Capitalized terms used herein have the meanings specified in the Glossary, attached hereto as Schedule A. Section 1. MANAGED IDENTITY SERVICES. Citi will provide certain managed identity services relating to issuance of Personal Identity Verification Interoperable Credentials. These services include issuance, Credential Lifecycle management, Credential Validation and Revocation all in accordance with Citi s Certificate Policy which can be located within every Credential and at ( Identity Services ). Credentials may, among other things, enable Subscribers to access facilities and systems, to which they have explicitly been granted access, using their own Credentials. Subscribers also have the ability to create unique Digital Signatures and Encrypt/Decrypt electronic messages using their Credentials. Credentials issued pursuant to this Agreement are interoperable with the CertiPath Bridge Certificate Authority which serves as a trust hub that enables participating parties to (i) collaborate and share information on a global basis and (ii) make online transactions with multiple government agencies using a single set of identity Credentials. The Credentials issued and supported under this Agreement are limited exclusively to PIV-I compatible Credentials. Section 2. CUSTOMER RESPONSIBILITIES. (a) Standard Operating Procedures. Schedule B provides Standard Operating Procedures of which Customer and its Purchasing Agents and its Subscribers must adhere to as holders of Citi issued Credentials. In accord with these procedures, Customer, through its Purchasing Agent, directs Citi to issue Credentials to its designated personnel, hereafter referred to as Subscribers. Customer agrees it will comply with, and will ensure its Purchasing Agents and Subscribers comply with, Schedule B as well as Citi s Certificate Policy, Certificate Practice Statement and Key Recovery Practice Statement. Customer is responsible for notifying its Purchasing Agents and Subscribers of any changes to the terms of this Agreement, Citi s Certificate Policy, Certificate Practice Statement and Key Recovery Practice Statement, and ensuring compliance with the changed terms. (b) Purchasing Agent. Customer must appoint at least one (1) Purchasing Agent, considered the Initial Purchasing Agent. Customer may designate multiple Purchasing Agents if Customer deems it necessary. Only the Initial Purchasing Agent will obligate Customer to this Agreement and shall be duly authorized to do so. An individual agreement must be in place for all Purchasing Agents designated by Customer. Customer may change its Purchasing Agent designation at any time during the term of this Agreement. On the Customer s behalf, the Initial Purchasing Agent acts as the main point of contact for any communications with Citi. Purchasing Agents maintain an account in the order entry system, order and pre pay for Credentials, assign Credentials to designated Subscribers, and coordinate Subscriber activities. (c) Purchasing Agent Oversight. Customer agrees it is responsible for acts and omissions of its Purchasing Agents in connection with the Identity Services, and agrees to oversee its Purchasing Agent(s) as well as to act promptly and halt any unauthorized actions taken by a Purchasing Agent. (d) Subscribers. Customer acknowledges that each Subscriber is obligated to comply with any terms applicable to Subscribers as per this Agreement as well as the entire Subscriber Agreement, in the form attached hereto in Schedule C, and any updated or replacement versions of such Subscriber Agreement as may be promulgated by Citi from time to time. Customer is responsible for notifying its Subscribers of any updated or replacement versions of such Subscriber Agreement. Customer agrees to (i) cause its Subscribers to execute and comply with the Subscriber Agreement, and any updated or replacement versions thereof from and after the date such versions are made effective by Citi, and (ii) be responsible for any breach of the terms of this Agreement and the Subscriber Agreement (including any updated and replacement versions thereof) by any Subscriber. (e) Affiliation. Subscribers, under this Agreement, must be Affiliated with Customer through either an employer/employee or principal/agent relationship. (f) Credential Revocation. Customer, through its Purchasing Agent(s), may request revocation of a Subscriber s
2 Credential at its discretion for any Subscriber affiliated with the Customer and Citi will accept such request without further vetting. Customer shall immediately notify Citi and request revocation of a Subscriber s Credential under the following circumstances: Subscriber no longer has an affiliation with the Customer or is no longer authorized to hold the Credential; Identifying information or affiliation components of any names in the Credential becomes invalid; Subscriber has violated the stipulations of its respective Subscriber Agreement; Subscriber s Private Key has been Compromised or is suspected of being Compromised; Subscriber s Credential is lost, stolen or damaged; Subscriber takes such action as to challenge or call into question the Subscriber s trustworthiness, as determined by Customer in its discretion; Subscriber no longer holds one or more of any authorizations (as described in Section 2(h) below) explicitly stated in the Credential; or Subscriber fails to meet contractual obligations. (g) Data Accuracy. Purchasing Agent(s), on behalf of Customer, will review and verify all data provided to be accurate prior to entering such data into Citi s order entry application. Purchasing Agent(s) will (i) confirm Subscriber I 9 documents are valid, unexpired and accepted by Citi (as specified at and (ii) that the legal name provided by Subscriber and the name on the I 9 documents match prior to entering such data into Citi s order entry application. All addresses entered will be from domains owned or accurately reflecting the Customer s organizational hierarchy. (h) Identity Change Events. Customer, immediately upon becoming aware that identity information asserted in a Customer Subscriber s Credential has changed (e.g., legal name change, address change), will notify Citi, through its Purchasing Agent(s). Within 30 days of the time where the Customer becomes aware, Customer shall subsequently request a replacement credential or request credential revocation. In addition, in general, Credentials do not assert authorizations within the Credential itself. Applications may, however, assume Subscriber authorizations based solely on the fact that a Credential is valid. Revoking a Credential under such circumstances is at the Customer's discretion. (i) Use of Credentials. Customer will use, and will cause its Subscribers to use, its Credentials in accordance with this Agreement. Customer acknowledges and affirms that Customer is responsible for how, when and where a Credential is used and protected by Customer and its Subscribers, regardless of context, except where Citi s Certificate Policy and Certificate Practice Statement expressly provide that Citi is responsible. Customer is responsible for complying with, and will cause its Subscribers to comply with, any and all security measures (discussed in greater detail in Schedule B) required to protect its Credentials. (j) Prohibited Uses. Credentials issued under this Agreement may not be used for: (i) any application requiring failsafe performance such as: (a) the operation of nuclear power facilities, (b) air traffic control systems, (c) aircraft navigation systems, (d) weapons control systems, or (e) any other system whose failure could lead to injury, death or environmental damage; or (ii) transactions where applicable law prohibits the use of Credentials for such transactions or where otherwise prohibited by law. (k) Binding Effect. Customer understands and agrees that each Digital Signature and Digital Transmission effectuated by use of a Credential will have the same legal effect, validity or enforceability as if it had been manually signed by a Subscriber. Customer will not challenge the legal effect, validity or enforceability of any such Digital Signature or Digital Transmission on the basis that it is in digital form, rather than in written form, and that the use of the Credentials to legally sign cannot be denied legal effect simply because it is electronic. Customer shall retain, and shall cause all of its Subscribers and third party service providers to retain, all records necessary to validate Digital Signatures when those Digital Signatures are used to sign legally-binding documents. (l) Validating a Credential. If and when a Customer relies upon a Citi Issued Credential, Customer is responsible for validating the authenticity of the Credential. To fully validate a Credential, Customer shall perform the following validations: Reconcile the Credential against Citi's OCSP services for a Valid/Good Status Response;
3 Verify that the Credential is issued by a Certificate Authority which is trusted by CertiPath or similar such PKI Bridge; and Verify that the Credential had not Expired at the time of use by either automated or manual inspection of the Credential. (m) Translator Services. All agreements with Subscribers will be written in English. Customer will provide translator services to their Subscribers and will coordinate logistics to ensure a translator appears at the correct time to support in person activities required for Citi to perform its responsibilities under this Agreement. (n) Subscriber Coordination. Purchasing Agent(s) will coordinate Subscriber in-person appointment(s) and missed appointment(s) for enrollment and issuance of Subscriber Credentials. Subscriber may modify their appointment up to 3 days prior to the appointment. If a Subscriber misses an appointment, Citi will charge the full credential fee. If a missed appointment is caused by a Citi or Third Party Supplier service disruption, no fee will be charged, and Citi will coordinate with the Purchasing agent(s) to determine alternate locations and appointment times. Subscribers will arrive for in-person appointment(s) fifteen (15) minutes in advance of the scheduled appointment time, and will reserve one (1) hour from the scheduled appointment time for enrollment and issuance activities. Processing of Subscriber s enrollment and issuance may be started prior to the schedule appointment time in Citi s or the Third Party Supplier s discretion. If processing of the Subscriber s enrollment and issuance is not started within one (1) hour from the scheduled appointment time, the Subscriber may reschedule the appointment, and no fee will be charged. (o) Request Private Key Recovery. Purchasing Agent(s) may request recovery of a Private Key at Customer's discretion for any Subscriber affiliated with the Customer and Citi will accept such request without further vetting. Any such requests shall be made using the Key Recovery Request Form attached hereto as Schedule D. Purchasing Agents may be authenticated by Citi through an digitally signed with a Citi Issued credential of equal or greater assurance to the credential which hosted the Private Key to be recovered or by in person appearance of the requester to a location that Citi has approved for Key Recovery transactions. (p) Forbidden Activities. Customer will not, and will cause its Subscribers to not, use Credentials for purposes classified as forbidden as specified in Schedule B. Section 3. CITI RESPONSIBILITIES (a) Registration Authority. Citi, directly or indirectly, carries out the Registration Authority function which includes conducting such activities as providing access to an Online Order Entry Application and Appointment Booking Services, verifying Customer data, Identification and authentication of the Subscriber at Citi's authorized enrollment locations, collection of biometrics (e.g. photo, fingerprints), encoding and printing the Credential, delivering the Credential to the Subscriber, collecting a Subscriber Agreement, maintaining historical records of such events, and providing customer support via and telephone. Registration Authority shall also support, in concert with the Customer, Purchasing Agent(s), and Subscriber(s), the Credential Lifecycle events. (b) Certification Authority. Citi, directly or indirectly, carries out the Certification Authority function which includes issuing certificates, maintaining Certificate Revocation Lists, maintaining certificate management software and operations, and providing Key Recovery services. (c) Certificate Status Authority. Citi, directly or indirectly, carries out the certificate status authority function for those Credentials issued by Citi under this Agreement to provide Credential status information (e.g. Valid, Revoked, or Unknown). (d) Policy Management and Adherence. Citi shall deliver Credentialing and Key Recovery services as governed by the Certificate Practice Statement (CPS), Certificate Policy (CP) and Key Recovery Practice Statement (KRPS), each as hosted at Citi will provide notice of any changes to the CPS, CP and KRPS in the manner described in Schedule B. (e) Credential Revocation. Citi shall Revoke or Suspend a Subscriber s Credential under the following conditions: Subscriber or Customer, through Purchasing Agent(s), request Revocation;
4 Identifying information or affiliation components of any names in the Credential become invalid; Customer terminates its relationship with Citi such that it no longer provides affiliation information; Subscriber can be shown to have violated the stipulations of its respective Subscriber Agreement or the stipulations of Citi s CP or CPS; Private Key has been Compromised or is suspected of being Compromised; Citi suspects or determines that Revocation of a Credential is in the best interest of the integrity of the PKI; The Subscriber no longer has an affiliation with the Customer or is no longer authorized to hold the Credential; The Applicant rejects a newly issued Credential; Information in the Credential is false, deceptive or misleading; or The Subscriber fails to meet contractual obligations. Section 4. CONFIDENTIALITY (a) Citi Confidential Information is any information regarding Identity Services, including without limitation this entire Agreement and inclusive of future product information and plans, vendor related data and trademarks, technical or know how data, research and development, trademarks, ideas, whether in written, oral, electronic, website based, or other form, and whether information or data of Citi, its Affiliates, its licensors, or CertiPath. Customer may use Citi Confidential Information only for the purpose of utilizing the Identity Services, and only may disclose it to its employees, agents, or Affiliates to the extent necessary to facilitate Customer s use of the Identity Services. (b) Subscriber legal name and address, although PII, will not be considered nor treated as confidential information and will be used for day to day business purposes. (c) Unless specified otherwise herein, Citi shall treat Customer information received as part of Citi s fulfillment of its responsibilities in connection with this Agreement as confidential. Customer consents to, and shall ensure that Customer s Subscribers consent to, Citi s use of and transfer and disclosure of such information to and between branches, Affiliates, agents and third parties of Citi in connection with providing Identity Services. The following information may also be used and transferred to and between branches, Affiliates, agents, and third parties of Citi for performing risk and statistical analysis in connection with offering and providing banking services: Customer and Subscriber name and contact information. Customer acknowledges and agrees that Credentials, CRLs and Online Certificate Status Protocol responses, and any information appearing in them or in the LDAP Directory, are not considered confidential information. Additionally, Customer specifically acknowledges and agrees that the full legal name, components of the name, nick names, and addresses of Customer and/or its Subscribers, are not confidential information and are used in day to day business correspondence. (d) Customer acknowledges and agrees that information, data and other materials provided by Customer to Citi in connection with the Identity Services ( Identity Information ) may include non public, personal, financial or identifying information of an individual ( Non public Personal Data ), which may be subject to the data protection laws of one or more countries that limit the collection, disclosure, processing or transfer of such information. Provided it is in furtherance of fulfilling the obligations of the Identity Services, Customer acknowledges and authorizes that Citi, IdentTrust, and other third party suppliers and their respective personnel and agents may transmit and receive Identity Information about, regarding or involving Customer, its clients and other third parties and its Subscribers among and between themselves, their Affiliates and other third parties: (i) to provide the Identity Services to Customer (including the transfer of such Identity Information from the home jurisdiction of Customer and the transfer of such Non public Personal Data); (ii) to resolve any dispute arising from the Identity Services; or (iii) pursuant to applicable law or regulation including, but not limited to, any anti terrorism, fraud or anti money laundering requirements. In the event applicable law requires the written consent of any person or other authorization, Customer will be responsible to obtain such consent, authorization or registration. Customer represents and warrants that in furnishing such Identity Information data to Citi, and authorizing Citi to use and process such Identity Information as provided in this Agreement, Customer and Citi are and will be in compliance with applicable law (including data protection laws) and its contractual commitments. (e) In the event disclosure of either party s Confidential Information is required by legal process, the receiving party will give the disclosing party notice within five days of the request, or if legal process allows for a lesser period of
5 time, then within a commercially reasonable time. Section 5. LICENSE (a) Customer acknowledges and agrees that Citi, to its knowledge, has the right to provide the Identity Services to Customer. Additionally, Customer s acknowledgment of the aforementioned includes Customer s understanding that there are multiple parties with whom Citi has contracted (e.g. IdenTrust, CertiPath, third parties, etc.) who either own or have the right to license or sublicense certain Intellectual Property related to Citi s provision of PIV I credentials to Customer. As such, Customer acknowledges and understands the full scope of Intellectual Property rights associated with the Identity Services. (b) Citi hereby grants to Customer a non exclusive, non transferable, limited license or sublicense, during the term of this Agreement, to use the products and services of the Identity Services, as either are provided by Citi to Customer and/or created in the course of using the Identity Services. All rights not expressly granted to Customer in such products and services and the Identity Services are, as between the parties, reserved solely for Citi. (c) Customer will not make or have made a copy or derivative of any part of the products or services made available via this Agreement or the Identity Services, in any form or by any means, whether in part or in whole, except for any copy that is made as part of installing, using, testing, or backing up the products or otherwise as necessary to perform the Identity Services under this Agreement. (d) Customer will not assign, transfer, lease, rent, sublicense, disclose or distribute the Identity Services, or any of their components, to any third party without the express, written consent of Citi. Customer will not alter, modify, transfer, de compile, disassemble or reverse engineer the Identity Services, associated products or services, or any other related item including, but not limited to, IdenTrust, CertiPath, or any components thereof. (e) Customer acknowledges and agrees that Citi and Citi s licensors are the intended third party beneficiaries of this Agreement and the provisions of this Agreement that relate to the licenses granted under this Section 5 are made expressly for their benefit as well as the benefit of Citi. Section 6. LIABILITY (a) Neither Citi or Citi s licensors or Third Party Suppliers are responsible or liable, in any manner, for the contents of any Digital Transmission effectuated by use of a Credential. Customer acknowledges and agrees to be liable for any damages to the extent those damages result from Customer s or its Subscribers breach of this Agreement. (b) Customer expressly recognizes and agrees that it has no direct recourse to Citi or its licensors or Third Party Suppliers (except as set out in Section 5(e) below) or any other person in connection with the Identity Services, except that Customer may have recourse against or liability to the counterparty of a Digital Transmission sent or received by Customer, under applicable law. (c) Customer assumes all liability arising out of or in connection with all information processed by its Purchasing Agent and all orders fulfilled in reliance thereof. (d) Customer will indemnify, defend, and hold harmless Citi and Citi s licensors and Third Party Suppliers, and their respective Affiliates, employees and agents, from and against any and all claims, liabilities, losses or damages of any kind arising from or relating to any third party claims relating to or resulting from Customer s (i) use of the Identity Services, including any Digital Transmissions or Digital Signing events using its Credentials, or (ii) breach of this Agreement including, without limitation, conduct resulting in the erroneous issuance of a Valid Certificate Status Response with respect to a Credential registered to the Customer, or (iii) use of its Credentials with Digital Transmissions or other electronic messages or communications sent to persons or entities outside of Customer controlled systems. (e) Without limiting any limitations of liability or other protections afforded to Citi under applicable law, including without limitation under the SAFETY Act of 2002 (6 U.S.C ), Citi s total, aggregate liability arising out of or in connection with this Agreement, the Identity Services and the Credentials (including, but not limited to, the
6 use of or inability to use Credentials) (i) will be exclusively limited to direct damages resulting from Citi s gross negligence or willful misconduct in its performance of its obligations under this Agreement, and (ii) will not in any event exceed (A) one thousand dollars ($1,000 USD) per transaction, and (B) one million dollars ($1,000,000 USD) per incident in the aggregate for all liabilities to Customer, all Subscribers and all third parties. Citi will have no liability to Customer to the extent that Customer s losses, liabilities, or damages are caused by improper use of the Credentials or the Identity Services. (f) In no event will either party be liable to the other for any exemplary, punitive, indirect, special, incidental or consequential damages, including, without limitation, any loss of profits, or cost of procurement of substitute services, however caused, and on any theory of liability whether or not a party has been advised of the possibility of such damages, whether or not a party could have foreseen such damages, and notwithstanding any failure of essential purpose of any limited remedy. Notwithstanding the foregoing and to the extent permitted by law, any provisions set forth in this Agreement that operate to limit damages will not be applicable to any damages resulting from infringement by Customer of the Intellectual Property rights of Citi, Citi s licensors or any Third Party. (g) Except as expressly provided in this Agreement, Citi makes no representations or warranties of any kind, express or implied, including any implied warranties of merchantability or fitness for a particular purpose, with respect to the Identity Services, the Citi System, or any portion thereof. Customer acknowledges that there is no assurance that any data or communications sent or received through the Issuance Services will meet the local legal requirements of countries to effect a binding transaction or produce material that will be admissible as evidence in legal proceedings. Citi will have no liability arising out of a violation of any applicable law or regulation. (h) Notwithstanding anything in this Agreement to the contrary, neither Customer nor Citi will be liable in contract or otherwise for any losses or damages resulting from causes outside of, respectively, Customer s or Citi s reasonable control including, without limitation, acts of God, fires, strikes, telecommunications or power outages, the unavailability of the standards of CertiPath, from a technical or operational standpoint, acts of war or terrorism, intervention by any governmental authority (each a Force Majeure Event ), provided that the affected party timely implements business continuity procedures as appropriate to the circumstances. Section 7. GENERAL TERMS Entire Agreement. This Agreement, specifically limited to the subject matter of the Identity Services (as defined herein), together with all Schedules hereto and all Subscriber Agreements executed by Customer s Subscribers, constitutes the entire agreement between Customer and Citi for Identity Services, and supersedes all prior discussions and agreements (oral or written) between the parties with respect to that subject matter. For the avoidance of doubt, this Agreement relates solely to the provision by Citi of Identity Services, and to the extent that Customer or any of its representatives uses Credentials in connection with communications or transactions relating to or covered by other agreements between Customer and Citi or a Third Party, this Agreement is not intended to control with respect to the subject matter of such communications or transactions, and the agreements relating to such communications or transactions will control. Amendments. Citi may at any time amend this Agreement by appropriate notice to Customer, as set forth in Schedule B. Except as provided above, any modification to the terms of this Agreement will not be effective unless executed by the parties either in written or digital form. Encryption. Customer acknowledges that the laws of some countries restrict the use, import or export of encryption hardware and software. Where Customer and/or Customer s Subscriber(s), receive or take the Credentials or any other encryption hardware or software provided by Citi outside of the borders to which it is originally distributed, Customer acknowledges that it does so at its own risk and Customer undertakes to fully comply with applicable laws and regulations relating to their export and import and, in particular, Customer undertakes to obtain any license, permit or any approval that may be required. Governing Terms. This Agreement shall be governed by and construed in accordance with the laws of the State of New York without regard to conflict of laws rules. The parties hereto irrevocably consent to the exclusive jurisdiction of and venue in the applicable federal and/or state courts located in the Borough of Manhattan, State of New York. No act, omission or delay by Citi will be a waiver of Citi s rights or remedies under this Agreement unless otherwise agreed in writing by Citi.
7 The parties waive any right either may have to a trial by jury in respect to any litigation arising in connection with this Agreement. The parties expressly disclaim the applicability of, and waive any rights based upon, the Uniform Computer Information Transactions Act or the United Nations Convention on the Sale of Goods. Disputes. Any dispute that arises under or is related to the Agreement that cannot be settled by mutual agreement of the parties may be decided by a court of competent jurisdiction pursuant to the Governing Terms provision set forth above. Pending final resolution of any dispute, and provided it is not in contravention of any other provision in this Agreement, Citi shall proceed with performance of this Agreement according to Customer s instructions so long as Customer continues to pay amounts not in dispute. Third Party Suppliers. Citi may elect to retain and use third-party suppliers ( Third Party Suppliers ) to provide or deliver the Identity Services, in whole or in part, within this Agreement pursuant to the terms and procedures authored by Citi and compliant with its Certificate Policy. Assignment/Transfers. Customer shall not assign, sublicense or otherwise transfer or subcontract (whether by contract, operation of law or otherwise) any of its rights or obligations (in whole or in part) under this Agreement. Citi may assign, delegate, sublicense or otherwise transfer any of Citi s rights or obligations (in whole or in part) under this Agreement so long as it does not materially adversely affect the provision of services to Customer. Notwithstanding anything herein, this Agreement shall be binding upon and inure to the benefit of the parties and their permitted assigns and successors. Audit Rights. Citi has the right to audit Customer s compliance with Customer Responsibilities and Schedules upon seventytwo (72) hours notice to Customer. Term; Effect of Termination or Expiration. This Agreement will commence on the Effective Date and, unless earlier terminated as provided herein, will continue for an initial term of 3 years. After the initial term, this Agreement automatically will renew for additional successive renewal terms of one (1) year each unless either party provides appropriate notice pursuant to Schedule B to the other party of its intent to not renew this Agreement at least ninety (90) days prior to the commencement of the next renewal term. Except as otherwise provided, Citi may terminate this Agreement immediately on appropriate notice pursuant to Schedule B to Customer (A) upon the occurrence of any event that gives Citi the right to Revoke or Suspend Customer s Credentials pursuant to this Agreement; (B) if Citi ceases to be in the business of making the Identity Services generally available to Customers; (C) if required to do so by applicable law, rule or regulation; or (D) as otherwise stated in this Agreement (including the Operating Rules). Customer may terminate this Agreement upon providing ninety (90) days written notice as specified above. Unless arrangements are made otherwise between Cit and Customer, Customer acknowledges and agrees that upon the effective date of the termination, Citi will terminate (e.g. revoke) all Credentials immediately. Upon the expiration or termination of this Agreement, (i) Customer will cease use of the Identity Services; (ii) Customer and Customer s Subscriber(s) promptly will de install from Customer s computer systems all hardware and software provided by Citi or a Citi Provider to Customer in connection with the Identity Services and, at Citi s option, immediately destroy in accordance with Citi s instructions or return promptly via secure courier to Citi at Customer s cost such hardware and software; and (iii) Customer must immediately pay to Citi any outstanding charges due hereunder, including Citi s standard disposition fees for Revoking or otherwise disabling all Key Pairs and Credentials held by Customer or on Customer s behalf. Further, Citi will revoke or otherwise disable all Key Pairs and Credentials held by Customer or on Customer s behalf, and Customer will take such actions as may be reasonably required by Citi in connection with such Revocation or disablement. Customer will submit to Citi an accounting for all issued Key Pairs and Credentials, and Customer may retain such Key Pairs and Credentials solely for audit purposes, but Customer and Customer Subscriber(s) will in no event have any right to use such Key Pairs and Credentials for any other purpose. SAFETY Act. With respect to any monetary losses, damages and/or expenses, including without limitation business interruption losses, that result from any activity constituting or resulting from an "Act of Terrorism" for which a Citi product or service "Designated" or "Certified" as "Qualified Anti-Terrorism Technologies" (as such terms are defined in the SAFETY Act of 2002 (6 U.S.C )) has been deployed in defense against, or response or recovery from, such "Act of Terrorism" (collectively, "Qualified Losses"), each of Citi and Customer agrees, as between the Parties and notwithstanding
8 anything to the contrary in this Agreement, to be solely responsible for such Qualified Losses sustained by such Party or its employees, and hereby waives all claims against the other Party for any such Qualified Losses, in each case to the extent such Qualified Losses fall within the scope of Section 442(a)(i) of the SAFETY Act of Survival. Those provisions which by their nature are intended to survive termination of this Agreement will survive, including Sections 4, 6 and 7. If you would like to print this Agreement, please use the print function from the menu of choices provided by your browser. At any time in the future, if you would like to read or print this Agreement, please click on the link for PIVI-I Credentialing Services Customer Agreement located at [http://www.citibank.com/transactionservices/home/identityplus/resources/docs/customer_agreement.pdf].
9 SCHEDULE A GLOSSARY OF TERMS AND ACRONYMS Affiliate(s) means, at any time, any entity that at such time directly or indirectly controls, is controlled by, or is under common control with a party, where control means the ownership of, or the power to vote, at least fifty percent (50%) of the voting stock, shares or interests of an entity, or to otherwise direct the business affairs of an entity. An entity that otherwise qualifies under this definition will be included within the meaning of Affiliate even though it qualifies after the execution of this Agreement. Appointment Booking Services means the services offered by Citi which assist Subscribers in finding and claiming an open time period to appear in-person at an enrollment location. Authentication means the use of a person s or entity s Private Key, corresponding to a related Public Key of a Credential holder, to create a cryptographic transformation of data contained in a Digital Transmission for the purpose of indicating the identity of the person or entity and their association with the contents of the Digital Transmission. The word Authenticate shall have a corollary meaning. Biometrics means methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Cancelbot means any software that maliciously performs actions or counteracts authorized actions CertiPath Bridge Certificate Authority or CBCA means the Certificate Authority managed and operated by CertiPath. Certificate Authority means an entity authorized by CertiPath to generate, assign and Authenticate Credentials. For purposes of providing Identity Services under the Agreement, the Certificate Authority shall be Citi or a designated Citi Provider. Certificate Policy or CP means the policy by which the Certificate Authority has authority to issue Credentials. Copy of the policy is located at: Certification Practice Statement or CPS means the operational procedures by which the Certificate Authority has authority to issue Credentials. Copy of the policy is located at: Certificate Revocation List or CRL means a list of Credentials issued and Revoked by the Certificate Authority and published by that Certificate Authority on a pre-determined schedule, which can be consulted to check the validity of a particular Digital Credential. CRL is often implemented via a LDAP-based data structure. Certificate Status Request means a Digital Transmission that requests confirmation of the status of a Credential included in a Digital Transmission as a Valid Credential. Certificate Status Response means a Digital Transmission transmitted by a Certificate Authority in response to a Certificate Status Request. CertiPath means the entity that provides PKI Bridge functionality between Citi and the US Federal Government. Citi Hardware means any equipment provided to Customer by Citi or a Citi Provider, for use of the Identity Services including Personalized Credential(s), Credential reader(s), Hardware Security Module (HSM) and/or other hardware token(s), including any updates issued to Customer. Citi Provider means each of (a) Citi; and (b) a Citi Affiliate or Third Party Supplier that assists Citi to provide the Identity Services. Citi Software means the machine executable code provided, or otherwise made available, to Customer from time to time for use in connection with the Service.
10 Citi System means the computer network, communications and other systems operated by or on behalf of Citi through which Citi provides the Identity Services to its Customers, including Customer. For the avoidance of doubt, the term Citi System includes any Citi Hardware or Citi Software furnished to Customer for use in connection with the Identity Services. Compromise means, with respect to a Private Key, PIN, KSM, or Digital Credential that it has, or may have been, lost, stolen, or otherwise misappropriated, or was used, accessed, or modified without authority. Credential means an X.509 v.3, or its successor, compliant, digitally signed data file which binds a Public Key to information uniquely identifying the possessor of the Private Key corresponding to such Public Key. In addition to X.509 it may also include biometrics. For purposes of this Agreement, Credential refers to such digitally signed data file as well as any associated hardware (such as a KSM), as the context requires. Customer means the entity delivered services under this Agreement and on whose behalf this Agreement has been executed by the initial Purchasing Agent as part of such entity s account creation process for the Identity Services. Decryption means the process of transforming encrypted information into its original form. Digital Signature means data appended to and a cryptographic transformation of data contained within a Digital Transmission, both to Authenticate the source and integrity of the data, and to signify assent, consent, authorization, or agreement to the content of the data in a manner analogous to a manual signature of a writing by an individual representative on behalf of a business or organizational entity. A Digital Signature is the unique digital identification of an entity that is created by the entity applying its Private Key to a Digital Transmission for the purpose of confirming the identity of that entity, and its association with the Digital Transmission, to the recipient of the Digital Transmission. A Digital Signature employs a Private Key, a corresponding Public Key, and a mathematical function known as a message digest function, such that a person receiving or otherwise accessing the Digital Transmission and the signer s Public Key can assess: (a) whether the transformation of the Digital Transmission into the message digest function was achieved using the Private Key that corresponds to the signer s Public Key; and (b) whether the Digital Transmission has been altered since the transformation was made. Digital Transmission means an electronic message in digital form sent containing data which may be Authenticated with a Digital Signature. Effective Date means the date on which this Agreement has been executed by the initial Purchasing Agent on behalf of the Customer. Encryption means the process of transforming information to make it unreadable to those who are not intended to view such information. Expired means, with respect to a Credential, that the date specified in such Credential s Validity field has passed. The words Expire and Expiration shall have a corollary meaning. See also Operational Period. I-9 Documents means those documents listed in the US Federal Government s form entitled Employment Eligibility Verification. Identification means the process for ascertaining and confirming through appropriate inquiry and investigation the identity and authority of: (a) any Applicant undertaking the Registration Process, and the Subscribing Customer and subject designated by the Applicant to be named in the requested Credential; or (b) a Subscribing Customer or individual making a Re-Issuance, Suspension, Re-Activation, or Revocation request. The current suggested guidelines for Identification are described in the Schedule B: Standard Operating Procedures. The terms Identity Proofing or Identity Vetting have a corollary meaning. IdenTrust means the organization that developed and maintains the IdenTrust Trust Network. Identity Lifecycle or Credential Lifecycle means the management processes of detecting and processing of real world
11 events that require an update to a Credential. Initial Purchasing Agent means the first purchasing agent for an entity. This is the person who obligates the entity into this Agreement. Intellectual Property means all intellectual property or other proprietary rights, whether registered or unregistered, in any jurisdiction, including all such rights in patents and patent applications, trademarks (including any goodwill therein or relating thereto), service marks, trade names, business names, Internet domain names, address names, copyrights (including rights in computer software), moral rights, database rights, design rights, rights in know-how, rights in confidential information and trade secrets, and rights in inventions (whether or not patentable). Intellectual Property additionally includes, but is not limited to, all interests and rights in and to (i) any products and/or services offered under this Agreement; (ii) any technology, network infrastructure, URL s, hardware or software and any other information or data created, used or provided by Citi in providing to Customer the Identity Services; (iii) any trademarks, patents and other intellectual property rights used by Citi, IdenTrust or CertiPath in association with the Identity Services and (iv) any Citi Confidential Information provided to the Customer. Invalid see defined term Revoked herein. Issuer means an entity that has undertaken the function of Certificate Authority to generate and revoke Credential. Key Pair means a Private Key and its associated Public Key. Key Recovery or Key Recovery Transaction means the process for retrieving a Subscriber s Private Key. This is most commonly exercised to allow a Subscriber to recover their encrypted data after losing and replacing their credential. Key Recovery Practice Statement means the operational procedures by which a Certificate Authority retrieves a Subscriber s Private Key. Copy of the policy is located at: Key Storage Mechanism or KSM means a hardware or software system used to store cryptographic Keys and Credentials securely. A Subscriber s Credential is a KSM. LDAP means Lightweight Directory Access Protocol and is an Internet standard protocol based on the X.500 directory standard for accessing online directly services; LDAP uses the X.509 naming conventions. This protocol is targeted at simple management applications and browser applications that provide simple read/write interactive access to the LDAP Directory. Online Certificate Status Protocol or OCSP means Online Certificate Status Protocol which is an Internet protocol used to request the Validity Status of a Digital Credential. OCSP is commonly used in lieu of LDAP-based CRLs. Online Order Entry Application means the software application which allows Purchasing Agents to made credentialing orders on behalf of their organization. Operating Rules means the published rule set (which encompasses policies and practices) developed and sponsored by CertiPath regarding Credential issuance and lifecycle management. Operational Period means a Credential s intended term of validity as determined by its Issuer, and as indicated in such Credential s Validity field. Participant means a party whom has either entered into a contract directly or indirectly (e.g. party has certain issuance rights otherwise) with CertiPath and thereby is bound by the applicable Operating Rules and has the authority to issue Credentials and offer the corollary services of CertiPath. Person means any individual, firm, corporation, partnership, limited liability company, trust, business trust, joint venture company, governmental authority, association or other entity.
12 Personalized Credential means a card containing a computer chip or other Key Storage Mechanism that meets the specifications and standards specified under the respective identity trust framework. Personally Identifiable Information or PII means information that can be used directly or with other sources to uniquely identify a person. Personal Identity Verification Interoperable or PIV-I means a Credential which adheres to the CertiPath IceCAP level of assurance certificate policy, which has been mapped and found equivalent to the US Federal Government s PIV-I policy requirements. PKI Bridge means an entity that brokers a trust relationship between two or more parties. Private Key means that key of an entity s asymmetric Key Pair normally known only to the entity. A Private Key is onehalf of a cryptographic Key Pair as drawn from the class of asymmetric key cryptographic functions used in the Citi System, and that may be applied to Digital Transmissions, including by way of example, to affix a Digital Signature on a Digital Transmission. Public Key means the key or an entity s asymmetric Key Pair that may be made public. A Public Key is one-half of a cryptographic Key Pair drawn from the class of asymmetric key cryptographic and is uniquely related to the associated Private Key. Public Key Infrastructure or PKI means the infrastructure that supports the use of public and private key cryptographic transactions. Purchasing Agent means an individual designated by Customer who is responsible to perform, on Customer s behalf, the administration of ordering and paying for Credentials as well as submitting Subscriber names to whom Citi must distribute Credentials as outlined in this Agreement. Registrar is the function responsible for the process of confirming the identities of Applicants for Digital Credentials and subsequent request for and management of Credentials issued by a Certificate Authority. Registration Authority means an entity responsible for registering and confirming the identities of Subscribers to whom Credentials will be issued and managed. Registration Process means the process administered by the Registrar with respect to an Applicant proposed by Customer, to identify and authenticate the Applicant in order that they may be issued a Credential and become a Subscriber. Re-Issuance means the process of acquiring a new Credential(s) and associated Key Pair(s) to replace an existing Credential and associated Key Pair, prior to the Expiration of the existing Credential and associated Key Pair s Operational Period. Relying Party means one who uses a Subscriber s Credential to verify the integrity of a digitally signed message to identify the creator of the messages, to authenticate a Subscriber, or to establish confidential communications with the Subscriber. Revoked or Invalid means, with respect to a Digital Credential, that its Certificate Authority has designated it, with immediate and irrevocable effect, as not Valid or Good. When a Digital Credential has been Revoked its status is Revoked. The words Revoke and Revocation shall have a corollary meaning. Service Enabled Application means a computer service/application that has been constructed to make use of the Identity Services. Status means the status of a Digital Credential, as determined by a Certificate Authority. A Credential may be Valid, Revoked or Suspended.
13 Subscriber means any employee or agent of Customer or Customer s Affiliates that is issued a Credential at Customer s request. Suspended means, with respect to Customer, that its Credentials have been suspended by the Certificate Authority. Suspended means, with respect to a Credential, that its Issuer, have designated it, with immediate, but revocable, effect as not Valid. The words Suspend and Suspension shall have a corollary meaning. Third Party means a Person other than a party or its Affiliates. Third Party Suppliers has the meaning defined in Section 7 of the Agreement. Time Bomb means a type of malicious software. Unknown means, with respect to a Credential, that its Certificate Authority does not know about the Credential being requested. URL means Uniform Resource Locator, a standard addressing scheme used in Internet protocols, such as HTTP or FTP. Valid means with respect to a Digital Credential, that its Status has not been designated as Revoked or Unknown. The term Good shall have corollary meaning. Validation means the process by which a Digital Credential has made a request for and received a response from an Issuer as to the Validity of a Subscriber s Credential. See Validity Request and Validity Response. Validity Request means a Digital Transmission transmitted by a Relying Party to an Issuer that requests confirmation of the Status of a Credential included in a Digital Transmission. The word Validation Request shall have corollary meaning. Validity Response means a Digital Transmission transmitted by an Issuer to a Relying Party responding to the Relying Party s Validity Request. The word Validation Response shall have corollary meaning. Virus means a type of malicious software. Worm means a type of malicious software.
14 SCHEDULE B STANDARD OPERATING PROCEDURES for Citi Issued PIV-I Credentials CUSTOMER COMPUTER SYSTEMS Customer s computer systems will at all times meet the minimum configuration requirements specified by Citi as necessary to enable Customer to use the Identity Services. Purchasing Agents will be required to have Microsoft Internet Explorer version 7 or higher, a corporate account and phone, and an accepted credit card. Other web browsers may also interoperate but Citi does not provide assurance that such browsers will work at all times. At least one Purchasing Agent must hold an active Citi-issued PIV-I credential and smartcard middleware so they may make Key Recovery and Certificate Revocation Requests through a digitally signed . Customer is responsible for supplying the Purchasing Agent with the software required to digitally sign an if applicable. All Subscribers shall have an address from a domain that is approved for use by the Customer, shall be owned or controlled by the Customer, and shall reflect the organizational hierarchy at the Customer's discretion. In the event that Citi furnishes to Customer any upgrade or replacement for any Citi Hardware or Citi Software, Customer will install and use such upgrade or replacement as soon as reasonably practicable after receipt thereof. Citi will provide to Customer advance notice of such upgrade or replacement, with the timing of such notice commensurate with the urgency of the upgrade or replacement (e.g., only minimal advance notice may be possible for emergency bug fixes, and greater advance notice will be possible for scheduled replacements). Within three (3) months after Citi furnishes an upgrade or replacement for any Citi Hardware or Citi Software, the prior version will no longer be supported by Citi. PURCHASING AGENT TASKS Persons designated as Purchasing Agents are the agents of Customer and are intended to perform (on behalf of Customer) the following administrative tasks: (a) Account Setup. The Initial Purchasing Agent will be responsible to apply for the first Purchasing Agent Customer account using Citi s Online Order Entry Application. This requires that the Initial Purchasing Agent complete an online application that will then initiate an internal Citi process used to approve the setup of new customers. This will require that the Purchasing Agent enters pertinent company legal entity description and their corollary contact information, and accept this Agreement. Subsequent Purchasing Agents will repeat this process but will not need to be authorized to obligate the entity to this Agreement. The account for an Initial Purchasing Agent will NOT be fully activated until their first order is placed. (b) Product Ordering. Purchasing Agent(s) will create orders as needed. Orders are made with a quantity of Credentials that a Purchasing Agent will assign to a Subscriber within the 60 calendar days after the order is placed. Any orders not assigned within such 60 day period may be cancelled by Citi without refund at Citi s discretion. Purchasing Agent(s) may create new orders at any time. If a Customer has multiple Purchasing Agents, a new order will increase the total credentials available for assignment for ALL Purchasing Agents of the Customer. (c) Product Payment. The Citi Online Order Entry Application functions as an on line shopping cart where the Purchasing Agent can select and purchase credentialing products and services. Purchasing Agent(s) will pay for their orders on the Citi Online Order Entry Application using a credit card. (d) Assign Subscriber. Once the Purchasing Agent has purchased Citi Credential related products, in this case in the form of PIV-I smart card credentials, Purchasing Agent will need to assign these products to each respective Subscriber. By submitting such names, the Purchasing Agent is completing such assignment transaction ( Assign or Assignment ) and authorizing Citi to issue a Credential to these individuals. This submission will also act as confirmation by the Purchasing Agent of the Subscriber s affiliation with Customer. Purchasing Agent(s), on behalf of Customer, will review and verify all data to be accurate prior to entering such data into Citi s order entry application. All addresses entered will be from domains owned by the Customer or accurately reflecting the Customer s organizational hierarchy. Purchasing Agent(s) shall verify the legal name of Subscribers against their I 9 documents prior to entering each Subscriber s legal name and shall verify that their I 9 documents are not expired. Once a Subscriber has been Assigned, (i) the transaction is complete and any modifications will require an additional assignment at customer s expense, and (ii) the Assignment cannot be allocated to another
15 Subscriber. Purchasing Agent(s) ensure and agree that Subscriber legal name and address, although PII, will not be considered nor treated as confidential information and will be used for day to day business purposes. (e) Main Customer Contact. Purchasing Agent(s) will act as the main point of contact for communications between Citi and Customer. As an example, if there is a service outage, Purchasing Agents would become the main point of contact to coordinate missed appointments. (f) Manage Subscriber In Person Appearance. Purchasing Agent(s) are responsible to ensure that the submitted Subscribers are informed that they will be required to participate in an in person Identity Vetting interview and subsequently obtain a Credential. A Credential that has not been issued to a Subscriber within 60 calendar days from the date the Credential was Assigned may be canceled without refund at Citi s discretion. The Purchasing Agent will ensure that the Subscriber has physical access to an enrollment site prior to their appointment. (g) Request Credential Revocation. Purchasing Agent(s) may request, by sending to the help desk an digitally signed with their Credential(s), a Credential Revocation at their discretion for any Subscriber affiliated with the organization/company and Citi will accept such request without further vetting. (h) Request Private Key Recovery. Purchasing Agent(s) may request Recovery of a Private Key at their discretion for any Subscriber affiliated with the organization/company and Citi will accept such request without further vetting. Purchasing Agents may be authenticated by Citi through an digitally signed with a Citi Issued Credential of equal or greater assurance to the Credential which hosted the Private Key to be recovered or by in person appearance of the requestor to a location that Citi has approved for Key Recovery transactions. FORBIDDEN ACTIVITIES The Customer will not transmit any Digital Transmission to or using the Identity Services that contains any Viruses, Trojan horses, Worms, Time Bombs, Cancelbots or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information. Customer agrees that Citi and its respective affiliates, employees and agents will not be liable in any way if Subscribers send Digital Transmissions or transmit other electronic messages provided for in this Agreement in association with any prohibited transactions or to Persons, Service Enabled Applications, or Customers or any other party. The Customer will not allow any of its Subscribers to engage in fraudulent behavior, including in any of the following: (i) manipulating the Customer clock to reflect anything other than the correct, current, regional time, and/or (ii) damaging, investigating, re engineering, or otherwise interfering with the KSM or, clock, certificate, or other element of the Identity Services. Additionally, Citi will not be liable whatsoever to the extent that Customer s losses, liabilities, or damages are: (i) Due to an unauthorized request for the issuance of a Credential, an unauthorized use of an Credential, the use of a Credential beyond authorized limits and amounts, or the use of a Credential returned with an Revoked/Invalid or Unknown response; provided that such unauthorized request or use is by any individual or an entity other than Citi; (ii) Due to inadequate protection or safekeeping of a Private Key, KSM, a Credential, or Customer s systems by any individual or an entity other than Citi; or any Customer s failure to promptly request Suspension or Revocation of an Revoked/Invalid Credential; or (iii) Related to the contents of or the validity, veracity, or legality of the content of any Digital Transmission; or (iv) In a manner of use that conflicts with the guidance provided in the Agreement. NOTIFICATIONS Notifications are the mechanism by which Citi and Customer will inform each other and any organizational representative or contacts of information pertaining to the Identity Services. There are three (3) types of notifications: Legal, Administrative, and Operational. Legal Notices. Legal Notices are those related to termination, a material change in the terms and conditions of the Agreement, a breach of contract, or other non operational aspects of the Agreement. Such notices from Customer must be made in writing and delivered by a nationally recognized overnight courier with tracking capabilities and signature required, or by certified mail, return receipt requested. Such notices from Citi may be made by digitally signed , through a click-through agreement presented to the initial Purchasing Agent, or in writing and delivered by a nationally recognized overnight courier with tracking capabilities and signature required, or by certified mail, return receipt
16 requested. Any Legal Notices, by either Citi or the Customer to the other, made pursuant to this Agreement, will be sent to the following addresses: Legal Notifications Addressees Customer The contact information specified by the Customer s Purchasing Agent during the account creation process for Customer. Citi Citi GTS Identity Services 388 Greenwich Street New York, NY, The Customer will continuously provide Citi with up-to-date contact information and agrees to maintain all contact data current. Either party may designate a new address for Legal Notices hereunder upon ten (10) days advance notice to the other party in the manner set forth in this section. Administrative Notices. Administrative notices are initiated by Customer and relate to administration matters of the Identity Services. Administrative matters may include notifications designating a new Purchasing Agent, for example, and/or other material changes to the administrative aspects of Identity Services. Any such administrative notice from the Customer may either be initiated by the Purchasing Agent or the Customer and in either case will be done by telephone via the help desk line. Operational Notices. Operational notices are initiated by Citi and relate to certain events and/or updates regarding the Identity Services from time to time, including changes of an operational nature to Citi s Certificate Policy, Certificate Practice Statement and Key Recovery Practice Statement. Citi will provide operational notices to Customer by sending an to Customer s Purchasing Agent(s), using the address on file with Citi for the Purchasing Agent(s). Customer hereby acknowledges and agrees that notices from Citi will be effective and binding on Customer and its Subscribers upon transmission from Citi s computer systems to the Internet. The Customer is responsible for ensuring that (a) active and correct addresses for its Purchasing Agent(s) are on file with Citi, (b) sent from Citi is not filtered by Customer s computer systems, and (c) Customer s Purchasing Agent(s) monitors their accounts for, and review, s received from Citi. Customer s failure to do any of the foregoing will not in any way affect the effectiveness and binding of notices from Citi.
17 SCHEDULE C SUBSCRIBER AGREEMENT (Version February 22, 2012) PLEASE READ THE SUBSCRIBER AGREEMENT FOR CITI ISSUED PERSONAL IDENTITY VERIFICATION INTEROPERABLE ( PIV-I ) CREDENTIALS ( SUBSCRIBER AGREEMENT ) BELOW, WHICH GOVERNS THE CREDENTIALS (AS DEFINED IN THE SUBSCRIBER AGREEMENT) ISSUED TO YOU AS PROVIDED BY CITIBANK, N.A. AND ITS AFFILIATES, AND YOUR RECEIPT AND USE OF THE CREDENTIALS. IN ORDER TO USE THE CREDENTIALS, YOU MUST REVIEW AND AGREE TO THE SUBSCRIBER AGREEMENT BY DIGITALLY EXECUTING IT WITH YOUR CREDENTIAL. IF YOU DO NOT AGREE WITH THE TERMS OF THE SUBSCRIBER AGREEMENT, DO NOT EXECUTE IT AND RETURN YOUR CREDENTIAL, WHICH WILL BE REVOKED. SUBSCRIBER AGREEMENT for Citi Issued Personal Identity Verification Interoperable ( PIV-I ) Credentials This Subscriber Agreement (the Agreement ), is entered into by and between Citibank N.A. ( Citi ) and me ( I or me or my ) and is made effective when executed by me. Upon execution of this Agreement, Citi will issue a digital Certificate and associated hardware ( Credential ) to me. The Credential in form is an electronic document that uses cryptographic technology to bind a Public Key to my identity enabling me to, among other things, create a unique Digital Signature, authenticate to Relying Party physical and logical access control points and encrypt/de-crypt electronic messages. I acknowledge and agree that my receipt and use of the Credential is subject to the terms and conditions of this Agreement, and I hereby accept the Credential and notify Citi that there are no errors or problems with my Credential. Credentials issued pursuant to this Agreement are interoperable with the CertiPath PKI bridge which serves as a hub that enables participating parties to (i) collaborate and share information on a global basis and (ii) make online transactions with multiple government agencies using a single set of identity Credentials. Capitalized terms not defined herein have the meanings described in the Certificate Policy which can be found at <www.identityplus.com>. 1. REPRESENTATIONS AND WARRANTIES. I represent and warrant to Citi and, as applicable, any Relying Party, that: a. all information, including personally identifiable information ( PII ) about me, inclusive of my legal name, address, phone number and birth date, provided in connection with my application for the Credential is true, complete and accurate; b. if any information I have provided in connection with my application for the Credential changes, I will immediately notify Citi and the company that has authorized the issuance of Credentials to me in thirty days and if warranted, simultaneously request a replacement Credential reflecting such updated information; and c. I have and will remain the only person (i) able to access my Private Key and, unless otherwise noted herein, and (ii) able to access hardware mechanism protecting my Private Key. 2. ACKNOWLEDGEMENTS. I understand and represent and warrant that: a. my legal name and address, although PII, will not be considered nor treated as confidential information and will be used for day-to-day business purposes including, but not limited to, compilation of LDAP-type directories;
18 b. my Digital Signature will have the same legal effect, validity and enforceability as if the Digital Signature had been in writing and manually signed by me; c. I will not challenge the legal effect, validity or enforceability of any electronic record or electronic transmission (inclusive of Digital Signature use) on the basis that it is in digital, rather than paper, form, and I will retain, and cause my third party service providers to retain, all records necessary to validate my Digital Signatures when those Digital Signatures are used to sign legally-binding documents; d. as a security measure, the Private Key associated with my Credential will be escrowed and will be retrievable by me or a third-party as per the guidelines of CertiPath s Key Recovery Policy and Citi s Key Recovery Policy Practice Statement; e. in the event I need to retrieve my Private Key in the manner detailed in Section 2(d) above, when I am notified that my Private Key has been recovered, I will determine whether revocation of the Public Key is needed and if so, request revocation accordingly; f. I have been instructed on how to securely retrieve the trust anchor certificate; g. my use of the Credentials is subject to the terms and conditions of the PIV-I Credentialing Services Customer Agreement between Citi and the company that has authorized the issuance of Credentials to me, and I agree to comply with such terms and conditions, including without limitation Citi s Certificate Policy, Certificate Practice Statement and Key Recovery Practice Statement, all of which are located at: and h. Citi may from time to time update or replace this Agreement, which updated or replacement Agreement will be posted at or otherwise provided to me and/or the company that has authorized the issuance of Credentials to me, and I agree that my use of my Credential from and after the date on which such updated or replacement Agreement has been made effective by Citi will constitute my agreement to such updated or replacement Agreement and I agree to comply with all terms and conditions thereof. 3. SECURITY COVENANTS/OBLIGATIONS. I represent and warrant that I will: a. use my smart card solely for authorized and permissible legal business purposes; b. create strong PIN codes, memorize my PIN code and not write it down or reveal it to anyone, and protect my smart card PIN; c. not leave my smart card unattended while activated with my PIN; d. deactivate my smart card when not in use through a manual logout or automatic inactivity timeout; e. immediately notify Citi and the company that has authorized the issuance of Credentials to me in the event my smart card is suspected to be compromised, or is lost, stolen or damaged; f. not use my smart card when the relationship with my affiliated organization is inactive or has ceased; g. destroy my Private Key as I have been instructed and as described at <www.identityplus.com> once the Credentials have expired or have been revoked; and h. at all times, accurately represent myself in all communications with Citi and PKI authorities. With respect to any monetary losses, damages and/or expenses, including without limitation business interruption losses,
19 that result from any activity constituting or resulting from an "Act of Terrorism" for which a Citi product or service "Designated" or "Certified" as "Qualified Anti-Terrorism Technologies" (as such terms are defined in the SAFETY Act of 2002 (6 U.S.C )) has been deployed in defense against, or response or recovery from, such "Act of Terrorism" (collectively, "Qualified Losses"), Citi and I agree, as between us, to be solely responsible for such Qualified Losses sustained by such party or its employees, and hereby waives all claims against the other party for any such Qualified Losses, in each case to the extent such Qualified Losses fall within the scope of Section 442(a)(i) of the SAFETY Act of By my execution of this Agreement with my Credential, I acknowledge and declare, under penalty of perjury, that (i) I have read and understand this Agreement and agree to comply with this Agreement, (ii) my identity matches the identity I have claimed in this Agreement and (iii) any falsification on my behalf is punishable under the provisions of 18 U.S.C
20 SCHEDULE D Key Recovery Request Form Key Recovery Request and Acknowledgement of Agreement [REQUESTING ORGANIZATION S LETTERHEAD] [DATE] ATTN: RECOVERY REQUESTS Citibank North America 255 North Admiral Byrd Road Salt Lake City, UT 84116SUBJECT: KEY RECOVERY REQUEST AND ACKNOWLEDGEMENT OF AGREEMENT TO WHOM IT MAY CONCERN: I, <Requestor s Name>, hereby state that I have legitimate and official need to recover this key in order to obtain (recover) the encrypted data that I have authorization to access. I acknowledge receipt of a recovered encryption key associated with the subscriber identified here. I certify that I have accurately identified myself to [the KRO], and truthfully described all reasons that I require access to data protected by the recovered key. I acknowledge my responsibility to use this recovered key only for the stated purposes, to protect it from further exposure, and to destroy all key materials or return them to [the KRO] when no longer needed. I understand that I am bound by subscriber s [Affiliated Organization] policies, applicable laws and Federal regulations concerning the protection of the recovered key and any data recovered using the key. First Name: Last Name: Address: Telephone (Ext): Job Title: REQUESTOR S IDENTITY INFORMATION (Requestor s Use) Middle Initials: Organization: REQUESTOR S IDENTITY INFORMATION (Key Recovery Officer s Use) NOTE: Process this section in person if Requestor cannot submit digitally signed request Option 1: I will send this form as a digitally signed using my Citi PIV-I Credential Option 2: I will appear in person, provide the following identification documents, and manually sign this form (1) ONE FEDERALLY-issued photo ID: Exact Name Listed on Photo ID Identification Number Expiration Date Identification Type Date of Issuance Issuing Authority (2) If photo ID (1) does not have a serial number, a STATE-issued photo ID with serial number is required: Exact Name Listed on Photo ID Identification Number Expiration Date Identification Type Date of Issuance Issuing Authority