Land Registry. Version /09/2009. Certificate Policy
|
|
- Isabel Wheeler
- 8 years ago
- Views:
Transcription
1 Land Registry Version /09/2009 Certificate Policy
2
3 Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities Background Certificate Policy and Certification Practice Statement Purpose Level of specificity Approach 10 6 Introduction to the Certificate Policies for Land Registry Overview Identification Policy changes Conformance Contact details 11 7 Obligations and liability Certification Authority obligations Subscriber obligations Relying Party obligations Certification Authority liability 13 8 Annex A Registered Land Registry Certificate Policies 14 9 Annex B Requirements on Certification Authority Practice for Land Registry Local Signing Certificate Policy Subscriber obligations Key usage Certification Practice Statement Key Management Life Cycle Generation of Certification Authority Keys Certification Authority Key storage, backup and recovery Certification Authority Public Key distribution Key Escrow Certification Authority Key usage End of Certification Authority Key life cycle Life cycle management of cryptographic hardware used to sign Certificates CA provided Subject Key management services Hardware Key storage device preparation Certificate Management life cycle Subject registration Certificate renewal, re-key and update Certificate generation Dissemination of terms and conditions Certificate dissemination Certificate revocation and suspension Management and operation Security management Asset classification and management Personnel security Physical and environmental security Operations management System access management Trustworthy systems deployment and maintenance Business continuity management and incident handling Certification Authority termination 27 3
4 Compliance with legal requirements and Land Registry s policies and practices Recording of information concerning Certificates Organisational Annex C Requirements on Certification Authority Practice for Land Registry Central Signing Certificate Policy Deviation from the original policy Key Escrow Certificate Authority Provided Subject Key Management Services Annex D Requirements on Certification Authority Practice for Land Registry Individual Authentication Certificate Policy Deviation from the original policy Subscriber obligations Key usage Annex E Requirements on Certification Authority Practice for Land Registry Device Authentication Certificate Policy Deviation from the original policy Subscriber obligations Key usage CA Provided Subscriber Key Management Services Hardware Key Storage Device Preparation Subject registration 35
5 1. Background Public Key Infrastructure (PKI) has been widely accepted by the market and governments worldwide as an important electronic business enabler. PKI can ensure, in a cost-effective manner, the confidentiality and integrity of digital data, as well as guarantee the identities of communicating or transacting entities or persons. Confidentiality is achieved through encryption, whereas identification and integrity are achieved through digital signatures. These critical internet trust techniques are supported by Certificates issued by a Certification Authority. Such Certificates bind a person or legal entity to a cryptographic key that is published within a relevant community. This Public Key corresponds in a unique manner to another key, which for PKI to work must be kept strictly confidential (the Private Key). Digital signatures are created by using the Private Key of the sender, while confidentiality is achieved by use of the Public Key of the receiver. For users of PKI to have confidence in the Certificates that identify their counterparts in for example web transactions, they need to have confidence that the Certification Authority has properly established procedures and protective measures in order to minimise the operational and financial threats and risks associated with PKI. This document specifies the policy requirements on the operation and management of Land Registry and their customers to give users this confidence in relation to the Land Registry E-services. 5
6 2. Scope This document specifies policy requirements relating to Land Registry Certification Authority. It defines policy requirements on the operation and management of its Certification Authority issuing Certificates such that Subjects certified by the Certification Authority and Relying Parties may have confidence in the reliability of the Certificate. Subscribers and Relying Parties should consult the Land Registry Certification Practice Statement to obtain further details of precisely how this Certificate Policy is implemented by Land Registry for a particular class of Certificate. 3. References The following documents contain provisions which, through references in this text indicated by [n], constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etcetera) or non specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. 1. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 2. ETSI TS : Policy requirements for issuing qualified certificates. 3. IETF RFC 3739: Internet X.509 Public Key Infrastructure: Qualified certificate profile. (Also ETSI TS ). 4. IETF RFC 3647 (2003): Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. 5. Data Protection Act ISO/IEC 9000: 2000 Quality Management Systems. 7. ISO/IEC 17799:2005: Information Technology Security Techniques Code of Practice for Information Security Management. 8. ISO/IEC 15408:2005 (parts 1 3): Information Technology Security Techniques Evaluation Criteria for IT Security. 9. FIPS PUB (2001): Security Requirements for Cryptographic Modules. 10. CEN Workshop Agreement : Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures Part 2: Cryptographic Module for CSP signing operations with backup Protection Profile (CMCSOB-PP). 6
7 11. CEN Workshop Agreement : Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures Part 3: Cryptographic Module for CSP key generation services Protection Profile (CMCKG-PP). 12. CEN Workshop Agreement : Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures Part 2: Cryptographic Module for CSP signing operations Protection Profile (CMCSO-PP). 13. IETF RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. 4. Definitions Administrator: A person who controls the service operation of the CA. Central Signing Service: Private Key storage and use under the End User s sole control within a secure service operated by Land Registry. Certificate Policy: A named set of rules that indicates the applicability of a Certificate to a particular community and/or class of application with common security requirements. Certificate: The Public Key of an End User or Device, together with verifiable identity information, rendered unforgeable by encoding with the Private Key of the Certification Authority which issued it. Certification Authority (CA): An entity trusted by one or more users to create and assign Certificates. Certification Practice Statement: A statement of the practices that a Certification Authority uses in issuing Certificates. Conveyancer: Any member, employee, officer or agent of a subscriber authorised under a current full Network Access Agreement. Device: In these policies is used to include an internet server, software or equipment used to initiate a virtual private network and functions in organisations authorised to sign software code. Electronic Signature: Data in electronic form in, affixed to, or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and indicate the signatory s approval of the information contained in the data message. End User: The person or legal entity having its Public Key and name certified by a Certification Authority in a Public Key Certificate. Know Your Customer (KYC): The process of establishing a client s identity using appropriate documentary evidence (eg passport or utility bill) to ensure compliance with the Proceeds of Crime Act 2002 and the Terrorism Act 2000 and the Money Laundering Regulations Guidance is provided by the FSA and the Law Society. 7
8 Key Pairs: Encryption keys used for signature purposes comprise a pair of large prime numbers that have a specific mathematical relationship such that if one is used to encrypt data only the other half of the pair can be used to decrypt the data. Network: The electronic communications network provided in accordance with section 92 of the Land Registration Act 2002 and any components of it and the services provided by way of that network from time to time. Private Key: One part of the Key Pair that is kept private to by the Subject. Used for creating the Electronic Signature. Public Key: The other part of the Key Pair made public to any Relying Party in order to validate the Electronic Signature. Registration Authority: The organisational entity responsible for the enrolment of subjects into the Certification Authority. It may be a different organisation to the Certification Authority, but is obliged to comply with the Certificate Policy. Relying Party: The party in a transaction or communication which acts or may act in reliance on a Certificate and/or digital signatures verified using that Certificate. Representative: The individual who accepts the Certificate associated with computer applications and Devices 1 in the control of Subscribers, and is responsible for the correct protection and use of the Private Key. Subject: Entity identified in a Certificate as the rightful holder of the Private Key associated with the Public Key given in the Certificate. The Subject may be an End User or Device. Subscriber: Entity which subscribes with a Certification Authority on behalf of an End User or End Users to have one or more Public Keys and associated entities certified in the same number of Public Key Certificates. A Subscriber may also be the Subject or Representative. Technical Manual: The document, including parts 1 and 2, which details the system and security requirements and other technical aspects of the Network and published from time to time by the Registrar. References to the Technical Manual mean the version as updated from time to time. 1 Eg firewalls, routers, in-line network encryptors, trusted servers, and other infrastructure components. 8
9 5. General approach policy and contract responsibilities 5.1 Background The authority trusted by the users of the certification services to create and sign Certificates is called the Certification Authority. The Certification Authority has overall responsibility for the provision of these services and is identified in the Certificate as the issuer. When a Certification Authority issues a Certificate it attests that it has established the name of the Subject by using defined processes based on the examination of defined external evidence. This evidence concerns the certified entity s name and its association with other information in the Certificate to achieve a targeted level of reliability and trust, and represents information and facts that the Certification Authority chooses to rely upon to make a correct attestation. The evidence collected and the method of examination may vary between different types of certification services, but all services must in the end rely on information that is outside the scope of the Certification Authority to challenge. The responsibility of the Certification Authority is limited to the correct execution of its defined procedures which will include evidence collection and examination procedures that are defined to be part of its service. If an error is caused by false external evidence (such as a false ID-card) that was correctly collected and processed according to defined procedures, the Certification Authority has fulfilled its obligations and is not responsible for the error. However, the Certification Authority always maintains responsibility for processes defined to be part of its service for ensuring that the policy requirements imposed on the Certification Authority in this document are met; and for liability issues arising out of the issue and management of certificates. The Certification Authority may use other parties to provide services, and the distribution of responsibilities among these parties is contractually agreed between the Certification Authority and its subcontractors. In these cases it is also the responsibility of the Certification Authority to provide adequate instructions to Subscribers and Relying Parties and to provide the details required for the Subscribers or the Relying Parties to meet their obligations. 5.2 Certificate Policy and Certification Practice Statement Purpose In general, the purpose of the Certificate Policy (these are referenced by a policy identifier in a Certificate) states the rules on how the Certificate is to be issued, used and when it may be relied upon. The Certification Practice Statement is a summary of the processes and procedures the Certification Authority will use in creating and maintaining the Certificate. The relationship between the Certificate Policy and Certification Practice Statement is similar in nature to the relationship of other business policies that state the requirements of the business, while operational units define the practices and procedures of how these policies are to be carried out. If a Certification Authority is issuing Certificates against a number of Certificate Policies, then the Certification Authority s Certification Practice Statement (only one is necessary) will state how the Certification Authority implements the controls. 9
10 5.2.2 Level of specificity A Certificate Policy is a less specific document than a Certification Practice Statement. A Certification Practice Statement is a more detailed description of business and operational practices of a Certification Authority in issuing and otherwise managing Certificates. The Certification Practice Statement of a Certification Authority enforces the rules established by entities prescribing a specific Certificate Policy. A Certification Practice Statement defines how a specific Certification Authority meets the technical, organisational and procedural requirements identified in a Certificate Policy Approach The approach of a Certificate Policy is significantly different from that of a Certification Practice Statement. A Certificate Policy is defined independently of the details of the specific operating environment of a Certification Authority, whereas a Certification Practice Statement is tailored to the organisational structure, operating procedures, facilities, and computing environment of a Certification Authority. A Certificate Policy may be defined by the user of certification services, whereas the Certification Practice Statement is always defined by the provider. The Certification Practice Statement relevant to the Land Registry Certification Authority will be incorporated into the Technical Manual. 6. Introduction to the Certificate Policies for Land Registry 6.1 Overview Certificates issued by the Land Registry Certification Authority (hereafter referred to as the CA) in accordance with the current document include a Certificate Policy identifier that can be used by Relying Parties in determining the Certificate s suitability and trustworthiness for a particular application. Certificates for four types of use are defined by these policies. 1. Where End Users apply Electronic Signatures locally. 2. Where End Users apply Electronic Signatures centrally. 3. Where End Users have authentication needs. 4. Devices with software key storage. The main body of this document describes the general requirements for issuing and managing Certificates. Annex B covers more specific details for issuing and managing Certificates for use where End Users are in possession of their cryptographic token and apply Electronic Signatures locally. Annex C describes the requirements for issuing and managing Certificates for use where End Users apply Electronic Signatures centrally under sole control. Annex D describes the requirements for issuing and managing Certificates for use by End Users with cryptographic tokens for authentication purposes. Annex E describes the requirements for issuing and managing Certificates for use by Devices. Sections 1 to 7 are common to all four policies, whereas the requirements on the CA will differ according to the Certificate issued, as defined in Annexes B to E. 10
11 6.2 Identification The identifiers for the Certificate Policies specified in the current document are at Annex A. 6.3 Policy changes Change procedures The following aspects of these Certificate Policies can change without notification and without requiring a new object identifier to be allocated: a. formatting and b. correction of minor typographic errors. The following aspects of this Certificate Policy can change with notification, but without requiring a new object identifier to be allocated: c. any aspect that does not lower, and cannot be perceived to lower, the fundamental trust that can be placed in the Certificate. The following aspects of this Certificate Policy cannot be changed unless a new object identifier is created: d. any aspect that lowers, or could be perceived to lower, the fundamental trust that can be placed in the Certificate Publication and notification An electronic copy of this document, duly signed by an authorised representative of the CA, is to be made available: a. at the Land Registry website b. via an request to certificate.policies@landregistry.gsi.gov.uk 6.4 Conformance The CA shall only use the identifier for the appropriate Certificate Policy as provided in 6.2 if: the CA claims conformance to the identified Certificate Policy and makes available on request the evidence to support the claim of conformance; or the CA has been certified to be conformant to the identified Certificate Policy. 6.5 Contact details These Certificate Policies are published by: Business Development Board HM Land Registry Head Office Lincoln s Inn Fields London WC2A 3PH Contact: certificate.policies@landregistry.gsi.gov.uk 11
12 7. Obligations and liability 7.1 Certification Authority obligations The CA shall ensure that all requirements, as detailed in the relevant sections applicable to the policy issued, are implemented. The CA has the responsibility for conformance with the procedures prescribed in the policy, regardless of its operational responsibilities in performing its functions. The CA shall also fulfil any additional obligations that are indicated in the Certificates either directly or incorporated by reference. 7.2 Subscriber obligations The terms and conditions agreed with the Subscriber (see 9.4.4) shall include an obligation upon the Subscriber to address all the following obligations. If the Subject and Subscriber are different parties, the Subscriber shall make the Subject aware of those applicable obligations as listed below: a. only use the Key Pairs for the purposes defined in Section 9, 10, 11 or 12 and in accordance with any other limitations that may be notified to the Subscriber b. submit accurate and complete information to the CA during Subject registration in accordance with the requirements of the policy c. exercise reasonable care to avoid unauthorised use of the Subject s Private Key d. notify the CA, without any unreasonable delay, if any of the following occur up to the end of the validity period indicated in the Certificate the Subject s Private Key has been potentially or actually lost, stolen or compromised control over the Subject s Private Key has been lost due to potential or actual compromise of activation data (eg PIN code) or other reasons and/or inaccuracy or changes to the Certificate content, as notified to the Subscriber. e. ensure that if the Subscriber or Subject generates the Subject s Key Pair, only the Subject holds the Private Key f. ensure that Private Keys are generated within the hardware key storage device. 7.3 Relying Party obligations The obligations of the Relying Party if it is to reasonably rely on a Certificate are to: a. verify the validity, suspension or revocation status of the Certificate using current revocation status information as indicated to the Relying Party (see 9.4.6) b. take account of any limitations on the usage of the Certificate indicated to the Relying Party, either in the Certificate, or in the terms and conditions supplied as required in and and c. take any other precautions prescribed in the Certification Practice Statement. 12
13 7.4 Certification Authority liability Certificates issued by the CA will be used primarily for signing electronic dispositionary documents relating to registered land when permitted by law such as transfers or mortgages. Certificates can also be used to sign electronic contracts relating to registered land when permitted by law. Additional Certificates will be issued for End User and Device authentication purposes and for enabling secure communication channels. The liability taken by the CA, however, is limited to the correct application of procedures as declared in the Certification Practice Statement (as incorporated into the Technical Manual); these procedures relate to the issue and management of digital Certificates. Therefore any failure of transaction that utilises the digital Certificate is out of scope. In essence the liability will include the correct identification of Subjects according to the declared practices. If a transaction is found to be in error through the incorrect identification of the Subject through failing to follow the declared practices, then the CA is liable. If however the Subject is incorrectly identified, but the error was within the documents used to support the Subject s claim to an identity, then the CA shall not be liable. The CA shall include any limitation of liability within the Certificate, providing the relevant information within an easily accessible statement both on its website and within the Certification Practice Statement. The information above shall be available through a durable (ie with integrity and availability over time) means of communication, which may be transmitted electronically, and in readily understandable language. 13
14 8. Annex A Registered Land Registry Certificate Policies The following Certificate Policies are defined within the Land Registry e-security service. Service Policy name Object identifier 2 Description Land Registry Local Signing. {iso(1) memberbody(2) GB(826) UK National registration (0) Land Registry(1359) policy (1) certificatepolicy(1) 2} Where End Users apply Electronic Signatures locally. Land Registry Central Signing. {iso(1) memberbody(2) GB(826) UK National registration (0) Land Registry(1359) policy (1) certificatepolicy(1) 3} Where End Users apply Electronic Signatures centrally. e-security Land Registry Individual Authentication. {iso(1) memberbody(2) GB(826) UK National registration (0) Land Registry(1359) policy (1) certificatepolicy(1) 4} Electronic identity-based Authentication. 2 See ISO/IEC 8824:1988 CCITT X.208 Specification of Abstract Syntax Notation One (ASN.1), Annexes B to D for a definition. Land Registry Device Authentication. {iso(1) memberbody(2) GB(826) UK National registration (0) Land Registry(1359) policy (1) certificatepolicy(1) 5} Device authentication Certificate Policy. 14
15 9. Annex B Requirements on Certification Authority Practice for Land Registry Local Signing Certificate Policy This Certificate Policy applies to all Conveyancers and their customers who wish to sign electronic dispositionary documents relating to registered land such as transfers or mortgages, and who wish to keep their Private Keys in their possession. It includes Land Registry signing acknowledgement of any data presented to the Network and authenticating documents and information issued by Land Registry. The identifier for the Land Registry Local Signing Certificate Policy is: Policy Identifier = By including this object identifier in a Certificate, the CA claims conformance to the identified Land Registry Local Signing Certificate Policy. The Certificates issued under this policy may be used to support Electronic Signatures which meet the requirements of the Directive [1] and English law, in connection with information services, transactions, agreements, exchange of valuable information and contracting for property and land transactions. The decision to accept the Certificate, however, is at the discretion of the Relying Party. Certificates issued under this policy are primarily focused on the following main classes of security services: identification of originator creation of an Electronic Signature integrity of data. The Certificate Authority shall implement the controls that meet the requirements set out in this annex. This Certificate Policy incorporates Sections 5, 6 and 7 of this document with the amendments and changes defined in this Annex. 9.1 Subscriber obligations The terms and conditions agreed with the Subscriber (see 9.4.4) shall include an obligation upon the Subscriber to address all the following obligations. If the Subject and Subscriber are different parties, the Subscriber shall make the Subject aware of those applicable obligations as listed below: a. only use the Key Pairs for Electronic Signatures and in accordance with any other limitations that may be notified to the Subscriber and b. sub-paragraphs b. to f. contained in 7.2 above. 15
16 9.1.1 Key usage Certificates issued under this policy shall be used: a. by Conveyancers and their customers who wish to sign dispositionary documents for registration at Land Registry, for example for transfer or mortgage of title between parties, to enable Electronic Signatures b. by Land Registry for signing acknowledgement of data presented to the Network and/or c. by Land Registry to authenticate documents and other such information issued by Land Registry. The constraint is that the policy shall not cover any key usage other than non-repudiation as defined in [13] Certification Practice Statement The CA shall ensure that it has a Certification Practice Statement 3 that identifies the practices and procedures used to address all the requirements identified in this policy, as considered necessary through its risk analysis. a. its Certification Practice Statement identifies the obligations of all external organisations supporting the relevant Land Registry services including the applicable policies and practices b. details are made available of its Certification Practice Statement as necessary to assess conformance to the Certificate Policy c. the terms and conditions regarding use of the Certificate as specified in are disclosed to all Subscribers and potential Relying Parties d. it has a management body with final authority and responsibility for approving the Certification Practice Statement e. it has a defined review and maintenance process for its Certification Practice Statement f. revisions to the Certification Practice Statement are made available to the auditors and to all appropriate Subscribers and Relying Parties as in b. 9.3 Key Management Life Cycle Generation of Certification Authority Keys The CA shall ensure that CA keys are generated in accordance with industry standards. 3 This policy makes no requirement as to the structure of the Certification Practice Statement. 4 As defined by the Electronic Signatures Regulations a. generation of CA keys is undertaken in a physically secure environment (see 9.5.3) under, at least, dual control, and no greater number of personnel shall be authorised to carry out this function than required under the CA s practices b. generation of CA keys is carried out within a hardware key storage device which: meets the requirements identified in FIPS 140-2[9] Level3 or higher or meets the requirements identified in one of the following CEN Workshop Agreement [10], CWA [11] or CWA [12] or is a trustworthy system which is assured to EAL 4 or higher in accordance to ISO/IEC [8], or equivalent security criteria c. the selected key length and algorithm for CA signing key shall be one which is recognised as being fit for purposes of qualified 4 Certificates as issued by the CA. 16
17 9.3.2 Certification Authority Key storage, backup and recovery The CA shall ensure that CA Private Keys remain confidential and maintain their integrity. a. its private signing key is held and used within a hardware key storage device which: meets the requirements identified in FIPS 140-2[9] Level3 or higher meets the requirements identified in one of the following CEN Workshop Agreement [10], CWA [11] or CWA [12] or is a trustworthy system which is assured to EAL 4 or higher in accordance to ISO/IEC [8], or equivalent security criteria b. its private signing key is backed up, stored and recovered only by personnel in trusted roles using, at least, dual control in a physically secured environment (see 9.5.4). No more personnel shall be authorised to carry out this function than required under the CA s practices c. backup copies of the CA private signing keys are subject to the same or greater level of security controls as keys currently in use d. where the keys are stored in a dedicated key processing hardware module, access controls are in place to ensure that the keys are not accessible outside the hardware module Certification Authority Public Key distribution The CA shall ensure that the integrity of the CA Public Key and any associated parameters is maintained during its distribution to Relying Parties. In particular, the CA shall ensure that its Public Key is made available to Relying Parties in a manner that assures the integrity of the CA Public Key and authenticates its origin Key Escrow The CA shall not keep copies of Subject Private Keys Certification Authority Key usage The CA shall ensure that CA signing keys are used only for appropriate activities related to the CA operation such as signing Certificates (as defined in 9.4.3) and signing Certificate Revocation Lists (CRL), within physically secure premises End of Certification Authority Key life cycle The CA shall ensure that, at the end of their life cycle, all copies of the CA Private Keys are either: a. destroyed such that the Private Keys cannot be retrieved or archived in a manner such that they are protected against being put back into use. 17
18 9.3.7 Life cycle management of cryptographic hardware used to sign Certificates The CA shall ensure that: a. cryptographic hardware used for Certificate signing is shipped in such a manner that is tamper-evident b. cryptographic hardware used for Certificate signing is stored in such a way that is tamper-evident c. the installation, activation, back-up and recovery of cryptographic hardware used for Certificate signing requires a minimum of two trusted employees d. Certificate signing cryptographic hardware is functioning correctly e. CA Private Keys stored on CA cryptographic hardware are destroyed on device retirement CA provided Subject Key management services The CA shall ensure that any Subject keys that it generates are generated securely and the privacy of the Subject s Private Key is assured. If the CA generates the Subject s keys: a. CA-generated Subject keys shall be generated using an algorithm recognised as being fit for purpose for this policy b. CA-generated Subject keys shall be of a key length and for use with a Public Key algorithm which is recognised as being fit for the purposes of this policy c. CA-generated Subject keys shall be generated and stored securely before delivery to the Subject d. the Subject s Private Key shall be delivered to the Subscriber in a manner such that the privacy of the key is not compromised and on delivery only the Subject has access to its Private Key Hardware Key storage device preparation The CA shall ensure that if it issues to the Subject a hardware key storage device, this is carried out securely. In particular, if the CA issues hardware key storage devices: a. hardware key storage device preparation shall be securely controlled by the CA b. hardware key storage devices shall be securely stored and distributed c. hardware key storage deactivation and reactivation shall be securely controlled d. where the hardware key storage device has associated user activation data (eg PIN code), the activation data shall be securely prepared and distributed separately from the hardware key storage device 5. 5 Separation may be achieved by ensuring distribution and delivery at different times, or via a different route. 18
19 19 6 An example of evidence checked indirectly against a physical person is documentation presented for registration which was acquired as the result of an application requiring physical presence and shall be certified evidence such as a national ID card or passport. 7 The Certification Authority is liable as regards the accuracy of all information contained in the Certificate. 8 The place should be given in accordance to national conventions for registering births. 9 Copies of documents, appropriately countersigned (including by Electronic Signature), are suitable. The records should be securely stored as close as practicable to the location where the evidence is checked. Hence the use of an attestation in d. if the location where the evidence is checked differs from the place of registration. 9.4 Certificate Management life cycle Subject registration The CA shall ensure that evidence of Subjects identification and accuracy of their names and associated data are either properly examined as part of the defined service or, where applicable, concluded through examination of attestations from appropriate and authorised sources, and that Subscriber Certificate requests are accurate, authorised and complete according to the collected evidence or attestation. a. before entering into a relationship with a Subscriber, the Subscriber is adequately informed through a formal agreement of the precise terms and conditions regarding use of the Certificate as given in b. if the End User is not the same as the Subscriber, the End User shall be informed of his/her obligations c. the agreement at a above is communicated through a durable (ie with integrity and availability over time) means of communication, which may be transmitted electronically, and in readily understandable language d. it has collected either by direct evidence or by an attestation from an appropriate and authorised source that the name and, if applicable, any specific attributes of the person to which a Certificate is issued, has been verified by appropriate means in accordance with Know Your Customer procedures, and that evidence of the name has been checked against a physical person either directly or indirectly using means providing assurance equivalent to physical presence, and that evidence may be in the form of either paper or electronic documentation 6,7 e. where the Subject is a person acting on behalf of an organisation, an attestation according to d has been collected from the organisation, which constitutes a declaration that evidence has been provided of the following: full name (including surname and given names) of the person attributes of the Subject which may be used, to the extent possible, to distinguish the person from others with the same name, such as date and place 8 of birth or a nationally recognised identity number full name and legal status of the associated legal person or other organisational entity any relevant existing registration information (eg company registration) of the associated legal person or other organisational entity evidence that the Subject is associated with the legal person or other organisational entity a physical address, or other attributes, provided by the Subject, which describe how the Subject may be contacted. f. where the Subject is a person acting on their own behalf, evidence is provided of: full name (including surname and given names) attributes which may be used, to the extent possible, to distinguish the person from others with the same name, such as date and place of birth, or a nationally recognised identity number g. all the information used to verify the Subject s name, including any reference number on the documentation used for verification, and any limitations on its validity, is recorded 9
20 h. the signed agreement with the Subscriber is recorded, including: Subscriber s agreement to the Subscriber s obligations as defined in Section ,11,12 consent to the keeping of a record by the CA of information used in registration (see h and i) and any subsequent revocation (see j), and passing of this information to third parties under the same conditions as required by this policy in the case of the CA terminating its service whether, and under what conditions, the Subscriber requires and consents to the publication of its Certificate that the information held in the Certificate is correct i. the records of evidence identified in d e and f above are retained for the period of time as indicated to the Subscriber within the precise terms and conditions (see a above) and as necessary for the purposes for providing evidence of certification in legal proceedings j. the Certificate request process ensures that the Subject has possession of the Private Key associated with the Public Key presented for certification k. the requirements of data protection legislation are complied with (including the use of pseudonyms if applicable) within its registration process. 10 The End User may agree to different aspects of this agreement during different stages of registration. For example, agreement that the information held in the Certificate is correct may be carried out subsequent to other aspects of the agreement. 11 Other parties (eg the associated legal person) may be involved in establishing this agreement. 12 This agreement may be in electronic form. 13 The End User may, if the Certification Authority offers this service, request a Certificate renewal for example where relevant attributes presented to the Certification Authority for the Certificate have changed or when the Certificate lifetime is running out Certificate renewal, re-key and update The CA shall ensure that requests for Certificate renewal, re-key following revocation or prior to expiration, or update due to change to the Subject s attributes are complete, accurate and duly authorised. 13 a. the information used to verify the name and attributes of the Subject is still valid b. if any of the CA terms and conditions have changed, these are communicated to the Subscriber and agreed to in accordance with a, b and g c. if any certified names or attributes have changed, or the previous Certificate has been revoked, the registration information is verified, recorded and agreed to by the Subscriber in accordance with d to h d. it only issues a new Certificate using the Subject s previously certified Public Key if its cryptographic security is still sufficient for the new Certificate s intended lifetime and no indications exist that the Subject s Private Key has been compromised Certificate generation The CA shall ensure that new, renewed and re-keyed Certificates are issued securely. a. the procedure of issuing the Certificate is securely linked to the associated registration, Certificate renewal or re-key, including the provision of any Subject generated Public Key b. if it generates the Subject s key, the procedure of issuing the Certificate is securely linked to the generation of the key pair by the CA c. over time the uniqueness of the distinguished name assigned to the Subject within the domain of the CA is ensured (ie over the lifetime of the CA a distinguished name which has been used in an issued Certificate shall never be re-assigned to another entity)
21 d. the confidentiality and integrity of registration data are protected especially when exchanged with the Subject or between distributed CA system components Dissemination of terms and conditions The CA shall ensure that the terms and conditions are made available to Subscribers, Subjects and Relying Parties. a. the terms and conditions regarding the use of the Certificate are made available to Subscribers, Subjects and Relying Parties, including: any limitations on Certificate use the Subscriber s obligations as defined in 7.2 information on how to verify the Certificate, including requirements to check the revocation status of the Certificate, such that the Relying Party is considered to reasonably rely on the Certificate (see 7.3) limitations of liability the period of time registration information (see 9.4.1) is retained express consent for the use of personal data if present in the Certificate the period of time CA event logs (see ) are retained procedures for complaints and dispute settlement the applicable legal system the information identified in a above is available through a durable (ie with integrity and availability over time) means of communication, which may be transmitted electronically, and in readily understandable language Certificate dissemination The CA shall ensure that Certificates are made available as necessary to Subjects and Relying Parties. a. upon generation, the complete and accurate Certificate is available to the Subject for whom the Certificate is being issued b. Certificates are available for retrieval from the CA system in only those cases for which the Subject s consent has been obtained c. the terms and conditions regarding the use of the Certificate are made available to Relying Parties (see 9.4.4) d. the applicable terms and conditions are readily identifiable for a given Certificate e. the information identified in c above is available for a minimum of 21 hours per day, seven days per week, and in case of failure, the CA shall make best endeavours to ensure that any unavailability of this information service is less than the maximum period of time as denoted in the Certification Practice Statement f. the information identified in c above is publicly and internationally available. 21
22 14 Support for Certificate suspension is optional. 15 This may be done electronically. 16 Revocation status information may be provided, for example, using on-line Certificate status service or through distribution of CRLs through a repository Certificate revocation and suspension The CA shall ensure that Certificates are revoked in a timely manner based on authorised and validated Certificate revocation requests. a. as part of its Certification Practice Statement (see 9.2), the procedures for revocation of Certificates are documented, including: who may submit revocation reports and requests how they may be submitted any requirements for confirmation of revocation reports and requests whether and for what reasons Certificates may be suspended the mechanism used for distributing revocation status information the maximum delay between receipt of a revocation request or report and the change to revocation status information being available to all Relying Parties, and this shall be at most one day b. requests and reports relating to revocation (eg due to compromise of Subject s Private Key, death of the Subject, violation of contractual obligations) are processed on receipt c. requests and reports relating to revocation are authenticated and checked to be from an authorised source, if possible, and the method is to be documented in the CA s practices d. a Certificate s revocation status is set to suspended whilst the revocation is being confirmed, and the CA shall ensure that a Certificate is not kept suspended for longer than is necessary to confirm its status 14 e. the Subscriber agrees to inform the Subject (or Representative where the Subject is a Device) of a revoked or suspended Certificate within a reasonable time and to their best effort of the change of status of its Certificate 15 f. once a Certificate is definitively revoked (ie not suspended) it is not reinstated g. where CRLs, including any variants (eg Delta CRLs), are used, these are published at least daily and every CRL shall state a time for next scheduled CRL issue a new CRL may be published before the stated time of the next CRL issue and the CRL shall be signed by the CA h. revocation management services for processing of revocation requests from authorised revocation personnel are available 21 hours per day, seven days per week (hours as published on and in case of failure, the CA shall make best endeavours to ensure that any unavailability of this information service is less than a maximum period of time as denoted in the Certification Practice Statement i. revocation status information is available 21 hours per day, seven days per week (hours as published on gov.uk), and in case of failure, the CA shall make best endeavours to ensure that any unavailability of this information service is less than a maximum period of time as denoted in the Certification Practice Statement 16 j. the integrity and authenticity of the status information are protected k. revocation status information is publicly and internationally available l. revocation status information shall include information on the status of revoked Certificates at least until the Certificate expires. 22
23 9.5 Management and operation The CA shall ensure that a risk assessment is carried out to evaluate operational risks and determine the necessary security requirements and operational procedures. The risk analysis shall be regularly reviewed and revised if necessary Security management The CA shall ensure that administrative and management procedures are applied which are adequate and correspond to recognised standards. a. it retains liability towards Relying Parties for all aspects of the provision of certification services, even if some functions are outsourced, except liability for accuracy of underlying evidence and attestations according to on which the CA reasonably relies as part of the service provision. Responsibilities of third parties shall be clearly defined by the CA and appropriate arrangements made to ensure that third parties are obliged to implement any controls required by the CA. The CA shall retain responsibility for the disclosure of relevant practices of all parties b. it provides, through its management, direction on information security through Land Registry s IT Security Committee (ITSC) that is responsible for defining the CA s information security policy and for ensuring publication and communication of the policy to all employees of the CA who are affected by the policy c. it maintains a system (or systems) for quality and information security management appropriate for the certification services it is providing d. it maintains at all times the information security infrastructure necessary to manage the security within the CA. Any changes that will affect the level of security provided shall be approved by the ITSC 17 e. it documents, implements and maintains the security controls and operating procedures for CA facilities, systems and information assets providing the certification services 18 f. the security of information is maintained when the responsibility for CA functions has been outsourced to another organisation or entity. 17 See ISO/IEC for guidance on information security management including information security infrastructure, management information security forum and information security policies. 18 This documentation (commonly called a system security policy) should identify all relevant targets, objects and potential threats related to the services provided and the safeguards required to avoid or limit the effects of those threats. It should describe the rules, directives and procedures regarding how the specified services and the associated security assurance are granted in addition to stating policy on incidents and disasters Asset classification and management The CA shall ensure that assets and information related to Land Registry E-Security services receive an appropriate level of protection. In particular the CA shall maintain an inventory of all information assets and shall assign a classification of their protection requirements consistent with the risk analysis (9.2) Personnel security The CA shall ensure that personnel and hiring practices support the trustworthiness of the operation of Land Registry E-security services. a. it only employs or contracts personnel possessing the expert knowledge, experience and qualifications necessary for the offered services and which are appropriate to the job function b. security roles and responsibilities, as specified in the CA s security policy, are documented in job descriptions. Trusted roles, on which the security of the CA s operation is dependent, shall be clearly identified 23
Danske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationHow To Understand And Understand The Certificate Authority (Ca)
TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,
More informationPKI Disclosure Statement
Land Registry Version 2.0 23/07/2008 PKI Disclosure Statement 1. Introduction Land Registry has created an e-security platform for its customers to facilitate role-based access, authentication and electronic
More informationETSI TS 101 456 V1.4.3 (2007-05)
TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3
More informationINDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN
Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationCertipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012
Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationQualified Electronic Signatures Act (SFS 2000:832)
Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions
More informationTC TrustCenter GmbH Time-Stamp Practice and Disclosure Statement
GmbH NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This document may not be copied, distributed, used, stored or transmitted in any form or by any means, whether
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationBUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013
CERTIFICATE POLICY BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013 PUBLIC Version: 2.0 Document date: 11.05.2013 Buypass AS Nydalsveien 30A, PO Box 4364 Nydalen Tel.: +47 23 14 59 00 E-mail:
More informationETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification
TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security
More informationETSI TR 103 123 V1.1.1 (2012-11)
TR 103 123 V1.1.1 (2012-11) Technical Report Electronic Signatures and Infrastructures (ESI); Guidance for Auditors and CSPs on TS 102 042 for Issuing Publicly-Trusted TLS/SSL Certificates 2 TR 103 123
More informationCERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS
CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING
More informationDraft ETSI EN 319 401 V1.1.1 (2012-03)
Draft EN 319 401 V1.1.1 (2012-03) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 Draft EN
More informationETSI EN 319 401 V1.1.1 (2013-01)
EN 319 401 V1.1.1 (2013-01) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 EN 319 401 V1.1.1
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationL@Wtrust Class 3 Registration Authority Charter
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
More informationTransnet Registration Authority Charter
Registration Authority Charter Version 3.0 is applicable from Effective Date Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 544 9368 Fax +27 (0)11 544 9599 Website: http://www.transnet.co.za/
More informationapple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.
More informationStatoil Policy Disclosure Statement
Title: Statoil Policy Disclosure Statement Document no. : Contract no.: Project: Classification: Distribution: Open Anyone Expiry date: Status 2019-06-11 Final Distribution date: : Copy no.: Author(s)/Source(s):
More informationE-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)
E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) QUALIFIED CERTIFICATE POLICY AND PRACTICE STATEMENT (CP-CPS) VERSION 1.0 DATE OF ENTRY INTO FORCE : JUNE, 2008 OID 2.16.792.3.0.4.1.1.2 E-TUGRA
More informationARTL PKI. Certificate Policy PKI Disclosure Statement
ARTL PKI Certificate Policy PKI Disclosure Statement Important Notice: This document (PKI Disclosure Statement, PDS) does not by itself constitute the Certificate Policy under which Certificates governed
More informationTHE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.
THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by
More informationETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification
TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More informationGandi CA Certification Practice Statement
Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10
More informationTC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates
GmbH Certification Practice Statement and Certificate Policy Version 1.0 of June 11 th, 2007 NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification
More informationTeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB
2007-10-18 1 (46) TeliaSonera Root CA v1 Certificate Practice Statement Published by: TeliaSonera AB Company Information Created Modified Approved Valid from 2007-10-12 Reg. office: Printed Coverage Business
More informationETSI TS 102 042 V2.4.1 (2013-02)
TS 102 042 V2.4.1 (2013-02) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V2.4.1
More informationUser Manual Internet Access. for the public key. certification service
User Manual Internet Access for the public key certification service Version 1.2 / October 2014 1 Content TABLE OF CONTENTS 1 GENERAL INFORMATION... 3 1.1 INTRODUCTION... 3 2 IDENTIFICATION DATA... 3 2.1
More informationSECOM Trust.net Root1 CA
CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese
More informationESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
More informationCertum QCA PKI Disclosure Statement
CERTUM QCA PKI Disclosure Statement v1.1 1 Certum QCA PKI Disclosure Statement Version 1.1 Effective date: 1 st of April, 2016 Status: valid Asseco Data Systems S.A. ul. Żwirki i Wigury 15 81-387 Gdynia
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationFord Motor Company CA Certification Practice Statement
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informatione-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013
e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013 Ceyhun Atıf Kansu Cad. 130/58 Balgat / ANKARA TURKEY
More informationPKI NBP Certification Policy for ESCB Signature Certificates. OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5
PKI NBP Certification Policy for ESCB Signature Certificates OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document
More informationGlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)
GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU
More informationTERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE
TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information
More informationSTATUTORY INSTRUMENTS 2012 No. _
STATUTORY INSTRUMENTS 2012 No. _ THE ELECTRONIC SIGNATURES REGULATIONS 2012 ARRANGEMENT OF REGULATIONS Regulation PART I-PRELIMINARY 1. Title. 2. Interpretation PART II - LICENSING AND RECOGNITION OF CERTIFICATION
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationTR-GRID CERTIFICATION AUTHORITY
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT
More informationEquens Certificate Policy
Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)
More informationCA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT
CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original
More informationSYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION
SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized
More informationCERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE. 2015 Notarius Inc.
CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE 2015 Notarius Inc. Document Version: 4.5 OID: 2.16.124.113550 Effective Date: July 17, 2015 TABLE OF CONTENTS 1. GENERAL PROVISIONS...8 1.1 PURPOSE...8
More informationTR-GRID CERTIFICATION AUTHORITY
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT
More informationSecurity framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013
Security framework Guidelines for trust services providers Part 1 Version 1.0 December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Security framework Guidelines
More informationPKI NBP Certification Policy for ESCB Encryption Certificates. OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2
PKI NBP Certification Policy for ESCB Encryption Certificates OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document
More informationComodo Certification Practice Statement
Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the
More informationAmerican International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2
American International Group, Inc. DNS Practice Statement for the AIG Zone Version 0.2 1 Table of contents 1 INTRODUCTION... 6 1.1 Overview...6 1.2 Document Name and Identification...6 1.3 Community and
More informationLAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)
LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,
More informationCOMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
More informationCMS Illinois Department of Central Management Services
CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF
More informationTC TrustCenter GmbH Time-Stamp Policy
GmbH Time-Stamp Policy NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This document may not be copied, distributed, used, stored or transmitted in any form or
More informationEskom Registration Authority Charter
REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationTERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE
TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained
More informationPost.Trust Certificate Authority
Post.Trust Certificate Authority Certification Practice Statement CA Policy and Procedures Document Issue date: 03 April 2014 Version: 2.7.2.1 Release Contents DEFINITIONS... 6 LIST OF ABBREVIATIONS...
More informationGlobalSign CA Certificate Policy
GlobalSign CA Certificate Policy Date: December 17 th 2007 Version: v.3.0 Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...4 1.1.1 GlobalSign Rootsign...5 1.1.2
More informationItalian Tachograph MSA Policy v.1.1
Italian Tachograph MSA Policy v.1.1 Italian Tachograph MSA Policy v. 1.1 Page1 of 34 Amendment History Version Control Issue Date Status Version 1.0 May 2004 Approved by the European Authority Version
More informationCitizen CA Certification Practice statement
Citizen CA Certification Practice statement OID: 2.16.56.1.1.1.2.2 OID: 2.16.56.1.1.1.2.1 VERSION: 1.1 1/56 Table of Contents 1 INTRODUCTION 5 1.1 PRELIMINARY WARNING 5 1.1.1 Trusted Entities ruled by
More informationING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015
ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document
More informationCertification Practice Statement (ANZ PKI)
Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority
More informationGlobe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States
Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationCERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)
(CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More information2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002
STATUTORY INSTRUMENTS 2002 No. 318 ELECTRONIC COMMUNICATIONS The Electronic Signatures Regulations 2002 Made - - - - - 13th February 2002 Laid before Parliament 14th February 2002 Coming into force - -
More informationSAUDI NATIONAL ROOT-CA CERTIFICATE POLICY
SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally
More informationGovernment CA Government AA. Certification Practice Statement
PKI Belgium Government CA Government AA Certification Practice Statement 2.16.56.1.1.1.3 2.16.56.1.1.1.3.2 2.16.56.1.1.1.3.3 2.16.56.1.1.1.3.4 2.16.56.1.1.1.6 2.16.56.1.1.1.6.2 2.16.56.9.1.1.3 2.16.56.9.1.1.3.2
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007, amend. SG.
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationGatekeeper Compliance Audit Program
Gatekeeper Compliance Audit Program V2.0 DECEMBER 2014 Gatekeeper Compliance Audit Program V 2.0 DECEMBER 2014 Contents Contents 2 1. Guide Management 4 1.1. Change Log 5 1.2. Review Date 5 1.3. Conventions
More informationTrustis FPS PKI Glossary of Terms
Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate
More informationVodafone Group CA Web Server Certificate Policy
Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name
More informationepki Root Certification Authority Certification Practice Statement Version 1.2
epki Root Certification Authority Certification Practice Statement Version 1.2 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1 1.1.1 Certification Practice Statement...
More informationEuropeanSSL Secure Certification Practice Statement
EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE
More informationGuidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister
Guidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister Central Information Management Unit Office of the Prime Minister
More informationTERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION
TERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION Prior to the verification of the electronic certificate, or to access or use the certificate status information and other
More informationThe name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.
Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007 Chapter one.
More informationCertificate Policy. SWIFT Qualified Certificates SWIFT
SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities
More informationEstonian National CA Policy
Estonian National CA Policy for the Digital Tachograph System Eesti Riiklik Autoregistrikeskus (ARK) Estonian Motor Vehicle Registration Centre Digital Tachograph System EST NCA Policy Version Draft Version
More informationEBIZID CPS Certification Practice Statement
EBIZID EBIZID CPS Certification Practice Statement Version 1.02 Contents 1 General 7 1.1 EBIZID 7 1.2 Digital Certificates 7 1.3 User Interaction for Selecting a Certification Service 7 1.4 EBIZID Registration
More informationVeriSign Trust Network Certificate Policies
VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-
More informationSSL.com Certification Practice Statement
SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com
More informationETSI TS 102 573 V1.1.1 (2007-07)
TS 102 573 V1.1.1 (2007-07) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for trust service providers signing and/or storing data for digital accounting 2
More informationCertificate Policy for OCES personal certificates (Public Certificates for Electronic Services)
Certificate Policy for OCES personal certificates (Public Certificates for Electronic Services) - 2 - Contents Rights...4 Preface...5 Introduction...6 1 Overview and scope...7 2 References...8 3 Definitions
More informationRegistration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00
Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1
More informationSymantec Trust Network (STN) Certificate Policy
Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com
More information