Page de signatures électroniques / Electronic Signatures Page

Transcription

1 Page de signatures électroniques / Electronic Signatures Page Information Documentaire / Document Information Titre / Title : Auteur / Author : Reference : This document has been digitally signed and timestamped. To verify signatures validity, please refer to procedure and tools available on web site By default, signatures validity is unknown. The? icon is present on each signature. After verification, the? icon disappears if signature is valid. Last product update: july Tous droits réservés Thales Alenia Space All rights reserved

2 Page laissée blanche intentionnellement Blank page intentionally left Tous droits réservés Thales Alenia Space All rights reserved

3 01/07/2006 ISSUE : 02 PAGE : 1 Total Pages : 52 THALES ALENIA SPACE CENTRALIZED SIGNATURE: CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Rédigé par/written by E. GENOTELLE Approbation/Approved TAS PKI Manager Responsabilité-Service-Société Responsibility-Office-Company E. BOURDEAU IS/ES R. ROSSIGNOL IS/IT Security PL. NAUT IS/ES/PS G. MAIONE Quality Entité Emettrice : DSI / SI/P (détentrice de l original) : GED LA TRACE DE VALIDATION EST DONNEE PAR LE WORKFLOW GED

4 ISSUE : 02 PAGE : 2 ENREGISTREMENT DES EVOLUTIONS / CHANGE RECORDS ISSUE DATE : DESCRIPTION DES EVOLUTIONS : CHANGE RECORD REDACTEUR AUTHOR 01 10/12/2004 First issue Genotelle 02 01/07/2006 Taking into account Thales Alenia Space organization Genotelle Certificate hash algorithm is now SHA-1 03 Thales Alenia Space H. DERREY

5 ISSUE : 02 PAGE : 3 TABLE DES MATIERES / TABLE OF CONTENTS 1. OBJET / OBJECT DOMAINE D'APPLICATION / APPLICABILITY TERMINOLOGIE ET DOCUMENTATION / TERMINOLOGY AND DOCUMENTATION DOCUMENTS APPLICABLES / APPLICABLE DOCUMENTS DOCUMENTS DE REFERENCE / REFERENCE DOCUMENTS TERMINOLOGIE / TERMINOLOGY ABREVIATIONS / ABBREVIATIONS CONVENTIONS INTRODUCTION OVERVIEW NEEDS AND CONSTRAINTS OVERVIEW TASCS PRINCIPLES ET ARCHITECTURE OVERVIEW IDENTIFICATION COMMUNITY AND APPLICABILITY Certification authorities Registration authorities End entities Applicability CONTACT DETAILS Specification administration organization Contact person Person determining CPS suitability for the policy GENERAL PROVISIONS [PROV] OBLIGATIONS CA obligations RA obligations Subscriber obligations Relying party obligations Repository obligations TASCS Service obligations LIABILITY CA liability RA liability FINANCIAL RESPONSIBILITY INTERPRETATION AND ENFORCEMENT Governing law Severability, survival, merger, notice Dispute resolution procedures FEES Certificate issuance or renewal fees Certificate access fees Revocation or status information access fees Fees for other services such as policy information Refund policy PUBLICATION AND REPOSITORY Publication of CA information Frequency of publication... 21

6 ISSUE : 02 PAGE : Access controls Repositories COMPLIANCE AUDIT Frequency of entity compliance audit Identity/qualifications of auditor Auditor's relationship to audited party Topics covered by audit Actions taken as a result of deficiency Communication of results CONFIDENTIALITY Types of information to be kept confidential Types of information not considered confidential Disclosure of certificate revocation/suspension information Release to law enforcement officials Release as part of civil discovery Disclosure upon owner's request Other information release circumstances INTELLECTUAL PROPERTY RIGHTS IDENTIFICATION AND AUTHENTICATION [AUTH] INITIAL REGISTRATION Types of names Need for names to be meaningful Rules for interpreting various name forms Uniqueness of names Name claim dispute resolution procedure Recognition, authentication and role of trademarks Method to prove possession of private key Authentication of organization identity Authentication of individual identity AUTHENTICATION FOR RENEWAL AFTER PERIOD OF VALIDITY (ROUTINE REKEY) REKEY AFTER REVOCATION REVOCATION REQUEST OPERATIONAL REQUIREMENTS [OPER] CERTIFICATE APPLICATION CERTIFICATE ISSUANCE CERTIFICATE ACCEPTANCE CERTIFICATE SUSPENSION AND REVOCATION Circumstances for revocation Who can request revocation Procedure for revocation request Revocation request grace period Circumstances for suspension Who can request suspension Procedure for suspension request Limits on suspension period CRL issuance frequency CRL checking requirements On-line revocation/status checking availability On-line revocation checking requirements Other forms of revocation advertisements available Checking requirements for other forms of revocation Advertisements... 31

7 ISSUE : 02 PAGE : Special requirements rekey compromise SECURITY AUDIT PROCEDURES Types of event recorded Frequency of processing log Retention period for audit log Protection of audit log Audit log backup procedures Audit collection system (internal vs external) Notification to event-causing subject Vulnerability assessments RECORDS ARCHIVAL Types of event recorded Retention period for archive Protection of archives Archive backup procedures Requirements for time-stamping of records Archive collection system (internal or external) Procedures to obtain and verify archive information KEY CHANGEOVER COMPROMISE AND DISASTER RECOVERY Computing resources, software, and/or data are corrupted Entity public key is revoked Entity key is compromised Secure facility after a natural or other type of disaster CA TERMINATION PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS [PSEC] PHYSICAL CONTROLS Site location and construction Physical access Power and air conditioning Water exposures Fire prevention and protection Media storage Waste disposal Off-site backup PROCEDURAL CONTROLS Trusted roles Number of persons required per task Identification and authentication for each role PERSONNEL CONTROLS Background, qualifications, experience, and clearance requirements Background check procedures Training requirements Retraining frequency and requirements Job rotation frequency and sequence Sanctions for unauthorized actions Contracting personnel requirements Documentation supplied to personnel TECHNICAL SECURITY CONTROLS [TSEC] KEY PAIR GENERATION AND INSTALLATION Key pair generation Private key delivery to entity... 41

8 ISSUE : 02 PAGE : Public key delivery to certificate issuer CA public key delivery to users Key sizes Public key parameters generation Parameter quality checking Hardware/software key generation Key usage purposes PRIVATE KEY PROTECTION Standards for cryptographic module Private key (n out of m) multi-person control Private key escrow Private key backup Private key archival Private key entry into cryptographic module Method of activating private key Method of deactivating private key Method of destroying private key OTHER ASPECTS OF KEY PAIR MANAGEMENT Public key archival Usage periods for the public and private keys ACTIVATION DATA Activation data generation and installation Activation data protection Other aspects of activation data COMPUTER SECURITY CONTROLS Specific computer security technical requirements Computer security rating LIFE CYCLE TECHNICAL CONTROLS System development controls Security management controls Life cycle security ratings NETWORK SECURITY CONTROLS CRYPTOGRAPHIC MODULE ENGINEERING CONTROLS CERTIFICATE AND CRL PROFILES [PROF] CERTIFICATE PROFILE Version Certificate extensions Algorithm object identifiers Name forms no stipulation Name constraints Certificate policy Object Identifier Usage of Policy Constraints extension Policy qualifiers syntax and semantics Processing semantics for the critical certificate policy extension CRL PROFILE Version number(s) CRL and CRL entry extensions SPECIFICATION ADMINISTRATION [SPEC] SPECIFICATION CHANGE PROCEDURES Items That Can Change Without Notification Changes With Notification PUBLICATION AND NOTIFICATION POLICIES...52

9 ISSUE : 02 PAGE : CPS APPROVAL PROCEDURES...52 LISTE DES FIGURES / LIST OF FIGURES Figure 1: TASCS architecture overview Figure 2 Method of activating private key... 45

10 ISSUE : 02 PAGE : 8 1. OBJET / OBJECT In order to provide a digital signature system integrated to its document management systems, Thales Alenia Space has decided to deploy a Public Key Infrastructure. The deployment of any public key infrastructure requires the definition of a certificate policy and a certification policy statement. This document describes the principles of the Thales Alenia Space signature Certification Policy in order to highlight the rights, duties, commitments and responsibilities of each members involved in PKI. This document is based on RFC 2527 document model. 2. DOMAINE D'APPLICATION / APPLICABILITY Tous sites Cannes Kourou Nanterre Toulouse Valence 3. TERMINOLOGIE ET DOCUMENTATION / TERMINOLOGY AND DOCUMENTATION 3.1 DOCUMENTS APPLICABLES / APPLICABLE DOCUMENTS Id Référence Issue Titre TI1 REF-ASPI-TI-1-F 2/- DIRECTIVE RELATIVE AU PROCESSUS TRAITEMENT DE L'INFORMATION TI2 REF-ASPI-TI-2-F 2/- LE PROCESSUS TRAITEMENT DE L'INFORMATION GEDSIG-SP TIGED-ASP-SP-16 1/- GEDSIG SPECIFICATIONS GEDPKI-SP GED-ASP-SP-979 1/- GEDPKI SPECIFICATIONS 3.2 DOCUMENTS DE REFERENCE / REFERENCE DOCUMENTS Id Référence Issue Titre RFC1321 RFC 1321 The MD5 Message-Digest Algorithm RFC2459 RFC 2459 Internet X.509 Public Key Infrastructure RFC2527 RFC2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework X501 X.501 ITU-T Recommendation X.501: Information Technology - Open Systems Interconnection - The Directory: Models, X509 X.509 ITU-T Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, June 1997.

11 ISSUE : 02 PAGE : TERMINOLOGIE / TERMINOLOGY Activation Data Private data, other than keys, that are required to access cryptographic modules. Authority A list of revoked sub-cas and CAs Certificates published by the current Revocation List Thales Alenia Space Root CA. (ARL) Certificate A digital certificate is a signed data structure that binds one or more attributes of an entity with its corresponding public key. By being signed by a recognized and trusted authority (i.e. the Certification Authority) a digital certificate provides assurance that a particular public key belongs to a specific entity (and that the entity possesses the corresponding private key). The certificate format is in accordance with ITU Recommendation X.509. Certificate are documents that define the rules, procedures and practices to be Policies (CP) and employed in the use, administration and management of certificates within Certification a PKI environment. The CP contains rules and obligations to be fulfilled. Practice The CPS describes the concrete processes implemented to respect these Statements (CPS) rules. Certificate Revocation List (CRL) Certification Authority (CA) Certification Authorization Certificate repository Cross-Certificate Data Integrity Department Digital Signature A list maintained by a Certification Authority of the certificates which it has issued that have been revoked before their natural expiry time. Certification Authorities are the people, processes and tools responsible for the creation, issue and management of public-key certificates used within a PKI. Authorization for a Subscriber to request an Thales Alenia Space Certificate. A database or other storage component, which is accessible to all users of a PKI, within which public-key certificates, certificate revocation information and policy information can be held. A certificate used to establish a trust relationship between two Certification Authorities. Each CA certifies the public key of the other CA and trusts the certificates that have been issued by the other CA as its own issued certificates. Assurance that the data are unchanged from creation to reception. A department is a subset of any organization identified by Thales Alenia Space HQ. The result of a transformation of a message by means of a cryptographic system using keys such that a person who has the initial message can determine: - Whether the transformation was created using the key that corresponds to the signer s key and

12 ISSUE : 02 PAGE : 10 - Whether the message has been altered since the transformation was made Employee End-Entity Entity FIPS Issuing CA ITSEC Key Pair MD5 Object Identifier (OID) Organization PIN Policy Policy (PA) Private Key Public Key Authority Public Key Infrastructure (PKI) PKI client software PKI-enabled applications An employee is any person employed by an Thales Alenia Space unit. An Entity that uses the keys and Certificates created within the PKI for purposes other than the management of these keys and Certificates. An End-Entity may be a Subscriber or a Relying-Party. Any autonomous element within the Public Key Infrastructure. This may be a CA, an RA or an End-Entity. Federal Information Processing Standards. In the context of a particular certificate, the issuing CA is the CA that signed and issued the certificate. Information Security Technology Evaluation Criteria a Public Key and the corresponding Private Key One of the message digest algorithms developed by RSA Data Security, Inc. The unique alphanumeric/numeric identifier registered according to the ISO registration standard to reference a specific object or object class. In the Thales Alenia Space PKI it is used to identify uniquely each of the 2 policies and cryptographic algorithms supported. An Thales Alenia Space organization identified by Thales Alenia Space HQ. Personal Identity Number a secret code that can be used as activation data Certificate Policies and Certification Practice Statements are policy documents that define the procedures and practices to be applied in the use, the administration and the management of certificates within a PKI. An Thales Alenia Space body responsible for setting, implementing, and administering policy decisions regarding CP and CPS throughout the Thales Alenia Space PKI. The key kept secret by its owner. Associated with the corresponding Public Key within a Key Pair. The key is included in the Certificate and is published. Matching with its Private Key to form a Key Pair. A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and keys. Client-side software required to ensure that PKI-entities are able to make full use of the key and digital certificate management services of a PKI (e.g. key creation, automatic key update and refreshment) Software applications which have been modified to enable their use within a PKI. Typically this involves modifying an application so that it becomes compatible with the use of digital certificates (e.g. to authenticate a remote user and authenticate itself to a remote user)

13 ISSUE : 02 PAGE : 11 PKI Operator System A person with the following roles: - Configuration and maintenance of the CA system hardware and software, - Configuration of CA Security policies, - Commencement and cessation of CA services PKI Administrator with the following roles : - Management of the Subscriber initialization process - Creation, renewal or revocation of certificates - Distribution of tokens (where applicable) Registration Authority (RA) Relying Party Root CA Routine Rekey SHA-1 Sponsor Sub CA Subscriber Trusted CA Registration Authorities are the people, the processes and the tools that are responsible for authenticating the identity of new entities (users or computing devices) requiring certificates from CAs. They act as agents of CAs (and can carry out some of the functions of a CA if required). Entity trusting the Certificates signed by the Thales Alenia Space Internal CA to, but not limited to, authenticate Digital Signatures, to check documents integrity or to encrypt communications to the Certificate subject. The self signed CA signing the sub CAs (for instance the Internal or B to B CA) Certificates. Procedure which is used to generate a new key-pair for an entity as the previous key-pair is about to expire.. One of the message digest algorithms In the Thales Alenia Space PKI, a sponsor is a department or an employee s manager that has nominated a specific individual or organization to be issued with a certificate. A CA, which Certificate is signed by the Root CA Private Key. Individual or application to whom the CA has issued a signature A CA recognized by the Thales Alenia Space Internal CA as issuing Certificates respecting satisfying standards of quality and security. 3.4 ABREVIATIONS / ABBREVIATIONS ARL CA CMA CPS CRL DMS DN DSA I&A LDAP ISO OID PKI Authority Revocation List Certification Authority Certificate Manufacturing Authority Certification Practice Statement Certificate Revocation List Document Management System Distinguished Name Digital signature algorithm Identification and Authentication Lightweight Directory Access Protocol International Standards Organization Object Identifier Public Key Infrastructure

14 ISSUE : 02 PAGE : 12 PMA Policy Management Authority RA Registration Authority X.500 The ITU-T (International Telecommunication Union-T) standard that establishes a distributed, hierarchical directory protocol organized by country, region, Organization, etc. 3.5 CONVENTIONS Paragraphs preceded by symbol "F" gives information of how to satisfy requirements specified just above. 4. INTRODUCTION 4.1 OVERVIEW This document contains the rules governing the use of Thales Alenia Space centralized signature certificates among those parties involved in the Public Key Infrastructure described by this policy, namely PKI service provider and end entities. PKI Service Provider is consisted of : Policy Management Authority, Issuing Certification Authorities, Registration Authorities and Repositories End Entities are consisted of : Certificate Holders and Authorized Relying Parties This document describes the roles, responsibilities, and relationships of the PKI Service Providers and End Entities (collectively Participants ), and the rules and requirements for the issuance, acquisition, management, and use of TASCS Certificates to verify Digital Signatures. This document also describes the practices TASCS follows in issuing and managing certificate, and to inform potential users of TASCS certificates about what they need to know prior to relying on TASCS-issued certificates. 4.2 NEEDS AND CONSTRAINTS OVERVIEW Thales Alenia Space provides to all its employees a service allowing to digitally sign very easily electronic documents. This signature service, called Thales Alenia Space Centralized Signature (TASCS) service shall be integrated to Thales Alenia Space business tools, such as its document management system.

15 ISSUE : 02 PAGE : 13 This signature service must be very simple to deploy, to maintain, to administrate and to use, taking into account the large employees number. The TASCS must be implemented with the international norms representing state of the art. 4.3 TASCS PRINCIPLES ET ARCHITECTURE OVERVIEW Digital signature relies on X.509 certificates delivered by a PKI. Because classical certificate enrollment process may be tedious for this purpose and not satisfy Thales Alenia Space requirements, TASCS service relies on a PKI called TASCS PKI, issuing automatically and centralizing certificates for all Thales Alenia Space users according to TAS common directory (SIPRO). Thales Alenia Space SIPRO users SIPRO Thales Alenia Space Centralized Signature CA Thales Alenia Space Centralized Signature Service Secure Certificate Store Thales Alenia Space DMS users DMS Figure 1: TASCS architecture overview When signing, users do not have to request a certificate, nor have a specific signature tool. The TASCS service relies on a dedicated PKI, named TASCS (Thales Alenia Space Centralized Signature) PKI, automatically creating and renewing certificates and keys for all Thales Alenia Space internal users. When creating certificates, TASCS CA gets information on users (name, address, status, ) from the TAS common directory (SIPRO). SIPRO is updated by human resource team. It is supposed to contain the most up-to-date and reliable information.

16 ISSUE : 02 PAGE : 14 TASCS CA stores users certificates and keys in a secure certificate store. This store is only accessed by TASCS service that uses keys only when signing a document after authenticating the users for each signature apposition. 4.4 IDENTIFICATION An Object IDentifier (OID) will be included upon identification by the Policy Authority. 4.5 COMMUNITY AND APPLICABILITY This certificate policy has satisfied the general public key certificate needs and constraints of Thales Alenia Space for digital signature Certification authorities A CA operating under this policy is responsible for: Creating and Signing certificates binding Subscribers with their digital signature keys, Promulgating certificate status through CRLs, Ensuring adherence with this certificate policy. A CA ensures that there is at least one Certificate and CRL repository associated with this policy Registration authorities As far as certificates are automatically created for users (cf. 4.3), there is no RA. This section is not applicable End entities Subscribers within TASCS PKI are issued to Thales Alenia Space users referenced and activated in Thales Alenia Space Common directory (SIPRO). TASCS service is available from Thales Alenia Space site Applicability This CPS applies to all TASCS PKI participants, including Thales Alenia Space users, customers, resellers and relying parties involved in document signature process.

17 ISSUE : 02 PAGE : 15 TASCS certificates are only used for digital signature. Applications using these certificates are: TASCS service for signature apposition signature verification tools 4.6 CONTACT DETAILS Specification administration organization The Thales Alenia Space Corporate Information System Security Officer (ISSO) is responsible for this document and for applying this CP and CPS Contact person The contact person for this policy is the Thales Alenia Space ISSO Person determining CPS suitability for the policy The Thales Alenia Space ISSO is responsible for determining CPS suitability for this policy. 5. GENERAL PROVISIONS [PROV] 5.1 OBLIGATIONS CA obligations Reference PKI-SP0007-PROV-001 : A CA will operate in accordance with its Certificate Practice Statement (CPS), with this Certificate Policy (CP), and with Thales Alenia Space standards when issuing and managing the keys. Reference PKI-SP0007-PROV-002 : The CA will ensure that the RA operating on its behalf will comply with the relevant provisions of this CP concerning the operation of RA. Reference PKI-SP0007-PROV-003 : A CA shall take all reasonable measures to ensure that Subscribers are aware of their respective rights and obligations regarding the operation and management of any keys, certificates, or End- Entity hardware and software used in connection with the PKI. Reference PKI-SP0007-PROV-004 : A CA must:

18 ISSUE : 02 PAGE : 16 Publish this document, Have in place mechanisms and procedures to ensure subscribers are aware of and agree to abide by the stipulations in this document Ensure that its certification services are in accordance with this document Notification of revocation of certificates Reference PKI-SP0007-PROV-005 : A CA must make CRLs available to a Subscriber or Relying Party in accordance with Section Accuracy of representations Reference PKI-SP0007-PROV-006 : A CA will provide to each Subscriber notice of the Subscriber s rights and obligations under this Certificate Policy. Such notice will include a description of the permitted uses of certificates issued under this CP, the Subscriber s obligations concerning key protection, and procedures for communication between the Subscriber and the RA, including communication of changes in service delivery or changes to this policy. Such notice will also indicate procedures to address suspected key compromise, certificate or key renewal, service cancellation, and resolution of disputes. F At certificate generation time, the CA takes information from TAS common directory (SIPRO) which contains the most reliable information on Subscribers (first name, last name, address, status). SIPRO is updated every day with information coming from Human Resource management tool. The CA checks every day the validity of the Subscriber information. It compares information from TAS common directory and the generated certificates. The checked information are information in certificate subject of the subscriber (cf. 10.1). If there is a difference, CA automatically renews the certificate for this user. Reference PKI-SP0007-PROV-007 : A CA will ensure that any notice includes a description of a Relying Party s obligations with respect of use, verification, and validation of certificates Time between request for a certificate and the issue thereof Not applicable.

19 ISSUE : 02 PAGE : Revocation and renewal of certificates Reference PKI-SP0007-PROV-008 : A CA will ensure that procedures concerning the expiry, revocation, or re-issue of a certificate will be compliant with the relevant provisions of this CP and will be expressly stated in its CPS, the Subscriber Agreement, or any other applicable document outlining the terms and conditions of the certificate use. Reference PKI-SP0007-PROV-009 : A CA will also ensure that notice of revocation of a certificate will be posted to the CRL within the time limits stated in and The address of the CRL must be defined in the certificate Protection of private keys Reference PKI-SP0007-PROV-010 : A CA will ensure that its private keys and its activation data are protected in accordance with Sections 4 and 9. Reference PKI-SP0007-PROV-011 : A CA will ensure that the private keys that it holds or stores, and the activation data are protected in accordance with Sections 7 and 9. Reference PKI-SP0007-PROV-012 : A CA will ensure that any private keys for the confidentiality of a Subscriber that have been backed-up or archived are protected in accordance with Section Restrictions on the use of an issuing CA's private key Reference PKI-SP0007-PROV-013 : A CA will ensure that its certificate signing private key is used only to sign certificates and CRLs. A CA may issue certificates to Subscribers. A CA may also recognize other CAs when expressly authorized by the Thales PA RA obligations Not applicable.

20 ISSUE : 02 PAGE : Subscriber obligations Reference PKI-SP0007-PROV-014 : The Subscriber is obliged to enter into an agreement or abide by an acceptable use policy which outlines the terms and conditions of use of the certificates and keys, including permitted applications and purposes. This agreement may be read during signature process Accuracy of representations Not applicable Protection of subscriber private key and key token Not applicable Restrictions on use of private keys by subscribers Reference PKI-SP0007-PROV-015 : The Subscriber will use the keys and certificates only for the purposes authorized by this policy. F This requirement is conformed in so far as only TASCS service accesses subscriber private keys Notification if private keys are compromised Reference PKI-SP0007-PROV-016 : If a Subscriber suspects that a private key has been compromised, he or she must immediately notify the CA in the manner Relying party obligations The rights and the obligations of a Relying Party who is a member of this PKI are covered by this policy Use of certificates for appropriate purpose Reference PKI-SP0007-PROV-017 : Before using a Subscriber s certificate, a Relying Party must ensure that it is appropriate for the intended use.

21 ISSUE : 02 PAGE : Verification responsibilities Reference PKI-SP0007-PROV-018 : A Relying Party must use certificates only in accordance with the certification path validation procedure specified in X.509 and Internet X.509 Public Key Infrastructure (PKIX) Responsibility for checking certificate status Reference PKI-SP0007-PROV-019 : Before using a certificate, a Relying Party must check the status of the certificate against the appropriate and current CRL in accordance with the requirements stated in section of this document. Reference PKI-SP0007-PROV-020 : As part of this verification process, the digital signature of the CRL must also be validated Repository obligations Reference PKI-SP0007-PROV-021 : Certificates and CRLs must be available to Relying Parties in accordance with the requirements stated in Section of this document TASCS Service obligations Reference PKI-SP0007-PROV-022 : TASCS service only must use subscriber certificates for signature purpose. Reference PKI-SP0007-PROV-023 : When signing, TASCS service refers to the certificate of the subscriber who is signing. 5.2 LIABILITY Reference PKI-SP0007-PROV-024 : Thales Alenia Space gives guarantee whatsoever in relation to the use of Thales Alenia Space GED PKI certificates or associated public/private key pairs for only digital signature use. F The field "KeyUsage" in the certificate refers to digital signature operation only (cf )

22 ISSUE : 02 PAGE : CA liability Reference PKI-SP0007-PROV-025 : CA liability shall be governed by Laws and Regulations in each country RA liability Not applicable. 5.3 FINANCIAL RESPONSIBILITY 5.4 INTERPRETATION AND ENFORCEMENT Governing law Reference PKI-SP0007-PROV-026 : This policy and national rules and regulations shall govern the enforceability, construction, interpretation and validity of this CP Severability, survival, merger, notice Reference PKI-SP0007-PROV-027 : A CA shall ensure that any agreement that it enters into will contain appropriate provisions governing severability, survival, merger, or notice. Reference PKI-SP0007-PROV-028 : Severance or merger may result in changes to the scope, management, and/or operation of a CA. In such an event, this policy may also require modification. Any change in the operation of a CA will be consistent with the administrative requirements stipulated in Section 8 of this document Dispute resolution procedures Reference PKI-SP0007-PROV-029 : A dispute related to key and certificate management within Thales will be resolved by the CA if possible. A dispute not settled by negotiation should be resolved by the Thales PA.

23 ISSUE : 02 PAGE : FEES Certificate issuance or renewal fees Certificate access fees Revocation or status information access fees Fees for other services such as policy information Refund policy 5.6 PUBLICATION AND REPOSITORY Publication of CA information Reference PKI-SP0007-PROV-030 : TASCS CA will: Publish and maintain this document on the ASP Intranet. This must be in accordance with Section 8.2 (Specification Administration Section, Publication & Notification policies part). Publish to TASCS users its public key certificate Provide relying parties with access to the CRL of user public key certificates it has revoked, This document is published: on Thales Alenia Space Intranet ( on Internet Web sites ( TASCS CA certificate is published: on Internet Web site ( Frequency of publication Reference PKI-SP0007-PROV-031 : CRL publication will be in accordance with Section 7 of this document.

24 ISSUE : 02 PAGE : Access controls Reference PKI-SP0007-PROV-032 : A CA will ensure, directly or through agreement with a repository, that repository access controls will be configured so that only authorized personnel can write or modify the online version of this document. Reference PKI-SP0007-PROV-033 : Subscribers and relying Parties will have read only access to this document Repositories Reference PKI-SP0007-PROV-034 : Because signature certificates are embedded in each document (cf. [GEDSIG-SP]), it is not necessary to setup a directory publishing these certificates. 5.7 COMPLIANCE AUDIT Frequency of entity compliance audit Reference PKI-SP0007-PROV-035 : An audit will be performed annually on the operators of the CA in accordance with this policy. Reference PKI-SP0007-PROV-036 : At any time, the PA may order a compliance audit by an auditor at its discretion Identity/qualifications of auditor Reference PKI-SP0007-PROV-037 : The PA must approve any person or entity who will perform a compliance Audit Auditor's relationship to audited party

25 ISSUE : 02 PAGE : Topics covered by audit Reference PKI-SP0007-PROV-038 : The topics to be covered by an audit will be defined by the PA at the beginning of the mission Actions taken as a result of deficiency Reference PKI-SP0007-PROV-039 : Any discrepancy between a CA s operation, and the stipulations of this document must be reported to the PA. A remedy shall be determined, including a time for completion. Reference PKI-SP0007-PROV-040 : A solution may include any of the following actions: Highlighting the irregularities, but allowing the CA to continue operations until the next programmed audit, Allowing the CA a maximum of 60 days in which to correct problems failing which the operation of the CA will be suspended. Suspending operation of the CA. Reference PKI-SP0007-PROV-041 : Any action taken will be based on the severity of the irregularities, the risks incurred, and the disruption to the certificate using community Communication of results Reference PKI-SP0007-PROV-042 : Results of an audit will be communicated to the CA and to the PA, in accordance with this policy, and as defined by the CA s CPS. Reference PKI-SP0007-PROV-043 : Communication to end users or other Thales personnel will depend on the discrepancies discovered and the remedies to be taken. Reference PKI-SP0007-PROV-044 : When a CA does not comply with the CP/CPS, the results of the audit will be notified immediately to the PA at the completion of the audit. To limit the risks, required solutions will be defined and communicated to the CA as soon as possible. The implementation of solutions will be

26 ISSUE : 02 PAGE : 24 communicated to the PA. A special audit may be required to confirm the implementation and effectiveness of the remedy. Reference PKI-SP0007-PROV-045 : The procedure for notification of audit results to other recognized CAs will be defined within an agreement between the two parties. Unless specified in an agreement there will be no communication of the audit results to parties outside Thales. 5.8 CONFIDENTIALITY Reference PKI-SP0007-PROV-046 : All information that is not considered by the Thales PA to be : public domain information or already known by the receiving party without restriction prior to receipt or was received from a third party without similar restrictions and without breach of these or other confidentiality undertakings, is to be kept confidential. Specification of confidential information is addressed in the following subsections Types of information to be kept confidential Reference PKI-SP0007-PROV-047 : The subscriber's private signing key must be kept confidential by the CA and TASCS service. Reference PKI-SP0007-PROV-048 : Personal and Corporate information held by a CA, other than that which is explicitly published as part of a certificate, CRL, CP/CPS, is considered confidential and shall not be released unless required by law. Reference PKI-SP0007-PROV-049 : Information held in audit trails shall be considered confidential and shall not be released outside the company, unless required by law. Reference PKI-SP0007-PROV-050 : Generally, the results of audits shall be kept confidential, with exceptions as outlined in Section 5.7. Reference PKI-SP0007-PROV-051 :

27 ISSUE : 02 PAGE : 25 Any keys held by a CA shall be released only to an organizational authority, in accordance with this document, or a law enforcement official, in accordance with national law and this policy (see Section 5.8.4) Types of information not considered confidential Reference PKI-SP0007-PROV-051 : Information included in public certificates, CRLs, and ARLs issued by a CA are not considered confidential. Reference PKI-SP0007-PROV-052 : Information in this policy is not considered confidential Disclosure of certificate revocation/suspension information Release to law enforcement officials Reference PKI-SP0007-PROV-053 : A CA will not disclose certificate or certificate-related information to any third party, except when: Authorized by the CP/CPS, Required to do so by national law, Required by Thales Alenia Space to release information to national law enforcement officials. Authorized by the user when necessary to effect an appropriate use of the certificate. The CA may choose to further define or restrict the user s authority to disclose certificate or certificate-related information. Reference PKI-SP0007-PROV-054 : Any requests for the disclosure of information must be signed and delivered to the CA Release as part of civil discovery Reference PKI-SP0007-PROV-055 : The Thales Alenia Space CA will comply with requirements stipulated by the Thales Alenia Space Security Department to release information.

28 ISSUE : 02 PAGE : Disclosure upon owner's request Reference PKI-SP0007-PROV-056 : Any disclosure of information upon the owner s request shall be processed in accordance with national privacy laws and regulations Other information release circumstances 5.9 INTELLECTUAL PROPERTY RIGHTS Reference PKI-SP0007-PROV-057 : This policy and all Certificates and CRLs issued by an TASCS CA are the property of Thales Alenia Space. The Distinguished Names (DNs) that are used to represent entities within the TASCS PKI in the repository and in certificates issued to end users within the PKI, all include a Relative Distinguished Name (RDN) for Thales Alenia Space and as such are the property of Thales Alenia Space. 6. IDENTIFICATION AND AUTHENTICATION [AUTH] 6.1 INITIAL REGISTRATION Types of names Reference PKI-SP0007-AUTH-001 : Names for certificate issuers and certificate subjects are based on the X.501 Distinguished Name (DN) form. Reference PKI-SP0007-AUTH-002 : The naming conventions are the following: For a certificate issuer: the name of the CA. For a certificate subject: the name must contain : o The last name, o The first name, o The SMTP address

29 ISSUE : 02 PAGE : 27 Please refer to 10.1 for more details Need for names to be meaningful Reference PKI-SP0007-AUTH-003 : The contents of each certificate Subject and Issuer name field must have an association with the authenticated name of the Entity Rules for interpreting various name forms Uniqueness of names Reference PKI-SP0007-AUTH-004 : Distinguished names must be unique for all End-entities of a CA. F The address field differentiates Subscribers Name claim dispute resolution procedure The CA reserves the right to make all decisions regarding Entity names in all assigned certificates. Reference PKI-SP0007-AUTH-005 : Where there is a dispute about a name in a repository not under its control, a CA must ensure that there is a procedure to resolve name disputes in its agreement with that repository Recognition, authentication and role of trademarks Not applicable Method to prove possession of private key Not applicable Authentication of organization identity Authentication of individual identity Reference PKI-SP0007-AUTH-006 :

30 ISSUE : 02 PAGE : 28 There is no need to authenticate the Subscribers when this one is requesting for a certificate request time, because this operation is performed automatically by the CA. A CA must take information from TAS common directory which contains the most reliable information on Subscribers (first name, last name, address, status). 6.2 AUTHENTICATION FOR RENEWAL AFTER PERIOD OF VALIDITY (ROUTINE REKEY) Reference PKI-SP0007-AUTH-007 : The certificates and keys are automatically renewed by the CA for all Subscribers. 6.3 REKEY AFTER REVOCATION Reference PKI-SP0007-AUTH-008 : If there is a know or a suspected compromise of the private key, the CA revokes the certificate and performs a new certificate generation in the same manner as for the certificate creation. If the information contained in a certificate has changed the CA performs a new certificate generation in the same manner as for the certificate creation. F Every day and for all generated certificates, the CA compares the information stored in the certificate to the information stored in the TAS common directory (first name, last name, address). If there is any difference, the certificate is automatically renewed. 6.4 REVOCATION REQUEST Reference PKI-SP0007-AUTH-009 : The CA authenticates a request for revocation of a certificate. Reference PKI-SP0007-AUTH-010 : The CA must establish and publish the revocation process and the means by which the request will be validated. Reference PKI-SP0007-AUTH-011 : Requests for revocation must be logged.

31 ISSUE : 02 PAGE : OPERATIONAL REQUIREMENTS [OPER] 7.1 CERTIFICATE APPLICATION Reference PKI-SP0007-OPER-001 : Certificates are attributed to all present Thales Alenia Space users referenced in TAS common directory. 7.2 CERTIFICATE ISSUANCE Reference PKI-SP0007-OPER-002 : TASCS accessibility to subscriber indicates the complete and final approval of the application by the CA. 7.3 CERTIFICATE ACCEPTANCE The subscriber does not need to be notified by the CA when the certificate expires, because CA automatically renews certificates when Certificate expiration date is soon. 7.4 CERTIFICATE SUSPENSION AND REVOCATION Circumstances for revocation Reference PKI-SP0007-OPER-003 : A certificate shall be revoked: When any of the information in the certificate changes, Upon suspected or known compromise of the private key, Upon suspected or known compromise of the media holding the private key, Upon loss or compromise of the activation data, When an individual terminates his/her employment or contract with Thales Alenia Space, Reference PKI-SP0007-OPER-004 : At its discretion the CA may revoke a certificate when an Entity fails to comply with obligations set out in this document, any relevant agreement or any applicable law Who can request revocation Reference PKI-SP0007-OPER-005 : The revocation of a certificate may only be requested by: The subscriber in whose name the certificate was issued, Personnel of the issuing CA,

32 ISSUE : 02 PAGE : Procedure for revocation request Reference PKI-SP0007-OPER-006 : The subscriber requesting revocation is required to communicate the request to TASCS personnel who will initiate revocation of the certificate. F Communication of such revocation request shall be in accordance with 6.4. It may be performed by phone or by mail Revocation request grace period Reference PKI-SP0007-OPER-007 : Action to revoke a certificate must be initiated immediately on receipt of the request and completed within one working day (24 hours) Circumstances for suspension TASCS PKI does not offer suspension services Who can request suspension No stipulation Procedure for suspension request No stipulation Limits on suspension period No stipulation CRL issuance frequency Reference PKI-SP0007-OPER-008 : A CA must ensure that it issues an up to date CRL at least every twenty-four (24) hours excluding weekends and holidays. Reference PKI-SP0007-OPER-009 : A CA must also ensure that any CRL directory is also updated to ensure the accessibility of the most recent CRL to Relying Parties. Reference PKI-SP0007-OPER-010 : When a certificate is revoked due to key compromise the updated CRL must be issued immediately.

33 ISSUE : 02 PAGE : CRL checking requirements Reference PKI-SP0007-OPER-011 : Before using any certificate a Relying Party may check its status in the certificate validation chain against the current CRLs On-line revocation/status checking availability On-line revocation checking requirements Other forms of revocation advertisements available Checking requirements for other forms of revocation Advertisements Special requirements rekey compromise Reference PKI-SP0007-OPER-012 : In the event of the compromise, or suspected compromise, of a CA signing key, the CA must immediately notify the PA. Reference PKI-SP0007-OPER-013 : In the event of the compromise, or suspected compromise, of any other Entity s signing key or decryption private key, an Entity must notify the Issuing CA immediately. Reference PKI-SP0007-OPER-014 : In addition to and 0, Thales Alenia Space will make reasonable efforts to notify potential Relying Parties if Thales Alenia Space discovers, or has a reason to believe that there has been a Compromise of the private key of TASCS CA.

34 ISSUE : 02 PAGE : SECURITY AUDIT PROCEDURES Types of event recorded Reference PKI-SP0007-OPER-015 : The CA records in audit log files all events relating to the security of the CA system such as: CA application start-up and shutdown Attempts to create, remove, set passwords or change the system privileges of the PKI Master operators. Changes to CA configuration and/or keys. Changes to certificate creation policies e.g.: validity period Generation of own and subordinate Entity keys Creation and revocation of certificates Reference PKI-SP0007-OPER-016 : All logs, whether electronic or manual, contain the date and time of the event, and the identity of the entity that caused the event. Reference PKI-SP0007-OPER-017 : The CA should also collect and consolidate, either electronically or manually, security information not CA-system generated such as: Physical access logs Personnel changes Records of the destruction of media containing key material, activation data, or personal Subscriber information. Reference PKI-SP0007-OPER-018 : To facilitate decision-making, all agreements and correspondence relating to CA services shall be collected and consolidated, either electronically or manually, in a single location. Reference PKI-SP0007-OPER-019 : In addition to this log, TASCS service records in event log each signature apposition. Each signature record contains: signer name signed document reference signature date siganture reason signature location which is the DNS name of the signer PC

35 ISSUE : 02 PAGE : Frequency of processing log Reference PKI-SP0007-OPER-020 : Audit logs are examined periodically for significant security and operational events. Reference PKI-SP0007-OPER-021 : In addition, Thales Alenia Space reviews its audit logs for suspicious or unusual activity in response to alerts generated based on irregularities and incidents within TASCS CA systems Retention period for audit log Reference PKI-SP0007-OPER-022 : A CA shall retain its audit logs onsite for at least two months and subsequently retain them in the manner described in Protection of audit log Reference PKI-SP0007-OPER-023 : The electronic audit log file system must include mechanisms to protect the log files from unauthorized viewing, modification and deletion. Reference PKI-SP0007-OPER-024 : Manual audit information must be protected from unauthorized viewing, modification and destruction Audit log backup procedures Reference PKI-SP0007-OPER-025 : Audit logs and audit summaries must be backed up or copied if in manual form Audit collection system (internal vs external) Notification to event-causing subject Reference PKI-SP0007-OPER-026 : Where an event is logged by the audit collection system, no notification need be given to the individual which caused the event.

36 ISSUE : 02 PAGE : Vulnerability assessments Reference PKI-SP0007-OPER-027 : Events in the audit process are logged, in part, to monitor system vulnerabilities. Reference PKI-SP0007-OPER-028 : The CA shall ensure that a vulnerability assessment is performed, reviewed and revised. 7.6 RECORDS ARCHIVAL Types of event recorded Reference PKI-SP0007-OPER-029 : Material recorded include: Digital Signature certificates Confidentiality private keys stored by the CA CRLs generated by the CA Audit information as in Retention period for archive Reference PKI-SP0007-OPER-030 : Digital Signature certificates stored by the CA, must be retained for at least two years following the date the Certificate expires or is revoked. Reference PKI-SP0007-OPER-031 : If necessary, Thales Alenia Space may implement longer retention periods in order to comply with applicable laws. Reference PKI-SP0007-OPER-032 : CRLs generated by the CA and Audit information must be retained for at least two years Protection of archives Reference PKI-SP0007-OPER-033 : Protection of archive are accordance with Thales Alenia Space standards Archive backup procedures Reference PKI-SP0007-OPER-034 :

37 ISSUE : 02 PAGE : 35 Archive backup procedures are in accordance with Thales Alenia Space standards Requirements for time-stamping of records Reference PKI-SP0007-OPER-035 : Records must be stamped with the date and the hour and the time zone of the CA Archive collection system (internal or external) Procedures to obtain and verify archive information 7.7 KEY CHANGEOVER Reference PKI-SP0007-OPER-036 : The certificate may be renew within one week prior to the expiration of certificate. Reference PKI-SP0007-OPER-037 : The previous certificate must be revoked as soon as the new certificate is issued. 7.8 COMPROMISE AND DISASTER RECOVERY Computing resources, software, and/or data are corrupted Reference PKI-SP0007-OPER-038 : Thales Alenia Space has established business continuity procedures that outline the steps to be taken in the event of corruption of or loss of computing resources, software and/or data Entity public key is revoked Reference PKI-SP0007-OPER-039 : If the TASCS CA certificate needs to be revoked, the CA must immediately notify: The PA, All Subscribers, Reference PKI-SP0007-OPER-040 : The Root CA must also publish TASCS certificate on its CRL, after addressing the factors that led to revocation, the CA may: Generate a new signing key pair,

38 ISSUE : 02 PAGE : 36 Re-issue certificates to all Entities and ensure that all CRLs are signed using the new key Entity key is compromised Reference PKI-SP0007-OPER-041 : In the event of the compromise of TASCS Digital Signature key, prior to re-certification within the Thales Alenia Space PKI, the CA must: Revoke all certificates using that key, Provide appropriate notice of the revocation to relying parties, Reference PKI-SP0007-OPER-042 : After addressing the factors that led to key compromise, the CA may: Generate a new CA signing key pair, Re-issue certificates to all Entities and ensure all CRLs are signed using the new key. Reference PKI-SP0007-OPER-043 : In the event of the compromise, or suspected compromise, of any other Entity s Digital Signature key, the Entity must notify the Issuing CA immediately. Reference PKI-SP0007-OPER-044 : In the event of the compromise, or suspected compromise, of a CA decryption private key, the CA must notify the PA immediately. Reference PKI-SP0007-OPER-045 : In the event of the compromise, or suspected compromise, of any other Entity s decryption private key, the Entity must notify the Issuing CA immediately Secure facility after a natural or other type of disaster Backup an archive allow to restore the service. 7.9 CA TERMINATION Reference PKI-SP0007-OPER-046 : In the event that a CA ceases operation, it must notify its Subscribers immediately upon the termination of operations and arrange for the continued retention of the CA s keys and information.

39 ISSUE : 02 PAGE : 37 Reference PKI-SP0007-OPER-047 : In the event of a change in management of a CA s operations, the CA must notify all Entities for which it has issued certificates. Reference PKI-SP0007-OPER-048 : The CA archives should be retained in the manner and for the time indicated in PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS [PSEC] 8.1 PHYSICAL CONTROLS Site location and construction Reference PKI-SP0007-PSEC-001 : The CA site must satisfy at least the requirements for an Operations Zone and be manually or electronically monitored for unauthorized intrusion. Reference PKI-SP0007-PSEC-002 : Where a PIN or password is recorded, it must be stored in a locked filing cabinet or container accessible only to designated personnel Physical access Reference PKI-SP0007-PSEC-003 : The CA site must ensure that unescorted access to the CA server is limited to those personnel identified on an access list and ensure that personnel not on the access list are properly escorted and supervised. Reference PKI-SP0007-PSEC-004 : The CA site must ensure that a site access log is maintained and inspected periodically and ensure that all removable media and paper containing sensitive plaintext information are stored in containers offering proper security. F Personnel may access the CA site thanks to personal badge. CA site access is limited to few people. Each access is logged. Access authorization is validated by the security officer.

40 ISSUE : 02 PAGE : Power and air conditioning Reference PKI-SP0007-PSEC-005 : Power and air conditioning of CA equipment shall be supplied in accordance with requirements defined in Thales Alenia Space physical security standards Water exposures Reference PKI-SP0007-PSEC-006 : Prevention of exposure of CA equipment to water is in accordance with the requirements defined in Thales Alenia Space physical security standards Fire prevention and protection Reference PKI-SP0007-PSEC-007 : The risk of exposure to fire of CA equipment is insured in accordance with the requirements defined in Thales Alenia Space physical security standards Media storage Reference PKI-SP0007-PSEC-008 : A CA must ensure that storage media used by a CA system are protected from environmental threats such as temperature, humidity, and magnetism in accordance with the requirements defined in Thales Alenia Space physical security standards Waste disposal Reference PKI-SP0007-PSEC-009 : Media used for the storage of information such as keys, activation data, or CA files are to be sanitized or destroyed before disposal. Reference PKI-SP0007-PSEC-010 : Normal office waste shall be removed or destroyed in accordance with the requirements defined in Thales physical security standards Off-site backup Reference PKI-SP0007-PSEC-011 :

41 ISSUE : 02 PAGE : 39 A CA must ensure that facilities used for off-site backup have the same level of security and controls as the primary CA site i.e. as stipulated in this policy and in accordance with the requirements defined in Thales physical security standards. 8.2 PROCEDURAL CONTROLS Trusted roles Reference PKI-SP0007-PSEC-012 : Trusted Persons include all Thales Alenia Space employees, contractors, and consultants that have access to or control authentication or cryptographic operations that may materially affect: the validation of information in Certificate Applications; the acceptance, rejection, or other processing of Certificate Applications, revocation requests, or renewal requests, or enrollment information; the issuance, or revocation of Certificates, including personnel having access to restricted portions of its repository; or the handling of Subscriber information or requests. Reference PKI-SP0007-PSEC-013 : Trusted Persons include, but are not limited to: customer service personnel, cryptographic business operations personnel, security personnel, system administration personnel, designated engineering personnel, and executives that are designated to manage infrastructural trustworthiness. Reference PKI-SP0007-PSEC-014 : Thales Alenia Space considers the categories of personnel identified in this section as Trusted Persons having a Trusted Position. Persons seeking to become Trusted Persons by obtaining a Trusted Position must successfully complete the screening requirements of Number of persons required per task Identification and authentication for each role

42 ISSUE : 02 PAGE : PERSONNEL CONTROLS Background, qualifications, experience, and clearance requirements Reference PKI-SP0007-PSEC-015 : Personnel seeking to become Trusted Persons must present proof of the requisite background, qualifications, and experience needed to perform their prospective job responsibilities competently and satisfactorily, as well as proof of any government clearances, if any, necessary to perform certification services under government contracts Background check procedures Reference PKI-SP0007-PSEC-016 : All background checks must be performed in accordance with national laws Training requirements Reference PKI-SP0007-PSEC-017 : Personnel performing duties with respect to the operation of a CA receives training in: The CA security principles, mechanisms, and stipulations of this document, The operation of the software and/or hardware used in the CA system, The duties they are expected to perform, Retraining frequency and requirements Reference PKI-SP0007-PSEC-018 : Thales Alenia Space provides refresher training and updates to its personnel to the extent required to ensure that such personnel maintain the required level of proficiency to perform their job responsibilities competently and satisfactorily Job rotation frequency and sequence Sanctions for unauthorized actions Reference PKI-SP0007-PSEC-019 : Appropriate disciplinary actions are taken for unauthorized actions or other violations of Thales Alenia Space policies and procedures. Reference PKI-SP0007-PSEC-020 : Disciplinary actions may include measures up to and including termination and are commensurate with the frequency and severity of the unauthorized actions.

43 ISSUE : 02 PAGE : Contracting personnel requirements Reference PKI-SP0007-PSEC-021 : Contract personnel employed to operate any part of a CA is subject to professional secrecy Documentation supplied to personnel Reference PKI-SP0007-PSEC-022 : Thales Alenia Space personnel involved in the operation of TASCS PKI services are required to read this document. Reference PKI-SP0007-PSEC-023 : Thales Alenia Space provides its employees the requisite training and other documentation needed to perform their job responsibilities competently and satisfactorily. 9. TECHNICAL SECURITY CONTROLS [TSEC] 9.1 KEY PAIR GENERATION AND INSTALLATION Key pair generation Reference PKI-SP0007-TSEC-001 : The digital signature key pair is generated by TASCS CA. Reference PKI-SP0007-TSEC-002 : The algorithm is approved by PA Private key delivery to entity Reference PKI-SP0007-TSEC-003 : The private key is generated by TASCS CA. It is never delivered to Subscriber. F The private key, public key, Subscriber certificate and chain CA certificates are stored in a PKCS#12 file. F The PKCS#12 file is ciphered with 3DES and protected by passphrase.

44 ISSUE : 02 PAGE : 42 F The protecting passphrase is generated through a random function. It is the same for all PKCS#12 file. It changes at each massive certificates renewal time. It is only known by the TASCS CA and the TASCS service. F The PKCS#12 file is stored in a secured and centralized certificate store. They re only accessed by the TASCS CA and the TASCS service Public key delivery to certificate issuer F The public key is generated by TASCS CA. As a result, public key delivery to certificate issuer is not applicable. F Nevertheless, TASCS CA creates a temporary PKCS#10 Certificate Signing Request (CSR) containing the public key and Subscriber name, in order to perform the certificate generation. The CSR file is deleted after the certificate generation CA public key delivery to users F The CA certificate containing the CA public key is deposed on an Intranet and an Internet Web server. It may downloaded through HTTPS by end entities, in order to verify certification chain F Thales Alenia Space internal users automatically have the CA certificate installed on their personal computer thanks to centralized deployment Key sizes F Key pairs for subscriber is 1024 bit RSA. F The asymmetric key size used by a CA for signing is at least 1024 bit RSA Public key parameters generation Parameter quality checking Not applicable Hardware/software key generation Reference PKI-SP0007-TSEC-004 : Key pairs of CA is generated in a software or hardware cryptographic module. Reference PKI-SP0007-TSEC-005 : Key pairs of Subscriber is generated in a software or hardware cryptographic module.

45 ISSUE : 02 PAGE : Key usage purposes Reference PKI-SP0007-TSEC-006 : TASCS CA utilizes the Key Usage extension as specified in PRIVATE KEY PROTECTION Cf Standards for cryptographic module Cf Private key (n out of m) multi-person control Private key escrow Reference PKI-SP0007-TSEC-007 : Subscriber Private keys is escrowed according to the procedure defined in Private key backup Reference PKI-SP0007-TSEC-008 : The certificate store containing private keys is backup every day Private key archival Reference PKI-SP0007-TSEC-009 : The archival follows Thales Alenia Space archival standards Private key entry into cryptographic module Reference PKI-SP0007-TSEC-010 : Private key is stored in PKCS#12 file according to the procedure defined in Method of activating private key F Subscriber private key is activated by TASCS service at signature time.

46 ISSUE : 02 PAGE : 44 F When the subscriber requests for signing a document, he is authenticated by TASCS service. F The identification is performed for each signature, even if he has been already authenticated to the DMS application and/or to TASCS service. F At signature time, the Subscriber has to provide his NT credentials (login/password). TASCS service will perform authentication in delegating it to NT authentication system. This system satisfies Thales Alenia Space secured policy. F The NT authentication base is synchronized to TAS common directory (SIPRO). F At that time, the Thales Alenia Space policy on NT password contains the following rules: the NT password is valid only for 2 months the NT password may be consecutively different for at least 10 times. There is a control on password length (min 8 characters) The NT user account is locked if the password is wrongly and consecutively provided 3 times. F To detect NT account usurpation, an is sent by TASCS service to the Subscriber at each signature. This contains: The signer name The signature date The reference of the signed document The signature reason The host name of the computer from which the signature has been performed. F If the Subscriber authentication succeeds, TASCS service opens PKCS#12 file related to the Subscriber, get his private keys and perform the signature.

47 ISSUE : 02 PAGE : 45 Thales Alenia Space Subscriber 1 Request for document signature Thales Alenia Space Centralized Signature Service TASCS CA 2 Send authentication form 3 Submit user + password 4- Check authentication Authentication Server 5- If OK, get Subscriber PKCS#12 file and retrieve private key Secure Certificate Store 6- Document signature Authentication DMS server 7 Signature OK Figure 2 Method of activating private key Method of deactivating private key F The Subscriber private key is automatically deactivated after each utilization (corresponding to a signature). F Keys are cleared from the memory and disk space Method of destroying private key F The Subscriber PKCS#12 containing private key is cleared from the disk space of the certificate store. 9.3 OTHER ASPECTS OF KEY PAIR MANAGEMENT Public key archival F The public key is archived as part of the certificate archival Usage periods for the public and private keys F Subscribers keys: 2 months F CA keys: 15 years

48 ISSUE : 02 PAGE : ACTIVATION DATA Activation data generation and installation Cf Activation data protection Cf Other aspects of activation data 9.5 COMPUTER SECURITY CONTROLS Specific computer security technical requirements Reference PKI-SP0007-TSEC-011 : A CA server includes the following functionality: Access control to CA services, Identification of PKI roles and associated identities, Archival of CA and End-Entity history and audit data, Audit of security related events, Recovery mechanisms for keys and the CA system. Reference PKI-SP0007-TSEC-012 : This functionality may be provided by the operating system, or through a combination of operating system, CA software and physical safeguards Computer security rating 9.6 LIFE CYCLE TECHNICAL CONTROLS System development controls Security management controls Reference PKI-SP0007-TSEC-013 :

49 ISSUE : 02 PAGE : 47 The CA equipment updates shall be installed by trusted and trained personnel according to standard Thales Alenia Space installation procedure Life cycle security ratings 9.7 NETWORK SECURITY CONTROLS Reference PKI-SP0007-TSEC-014 : TASCS system is only accessed by Thales Alenia Space authorized internal users. It is not opened to other Thales entities nor Internet community. 9.8 CRYPTOGRAPHIC MODULE ENGINEERING CONTROLS Reference PKI-SP0007-TSEC-015 : Cryptographic modules used by Thales Alenia Space meet the requirements specified in CERTIFICATE AND CRL PROFILES [PROF] 10.1 CERTIFICATE PROFILE TASCS PKI issues X.509 v3 certificates that contain the standard fields specified in the table below Version TASCS CA certificate Field Value or Value Constraint Version v3 Serial Number unique value Signature algorithm Sha1RSA Key length 2048 Issuer Distinguished E = [email protected] Name CN = Thales Alenia Space RootCA O = Thales Alenia Space C = FR Valid From Universal Coordinate Time base. Synchronized a time server thanks to NTP synchronized to a GPS box.

50 ISSUE : 02 PAGE : 48 Before this date, the certificate is not valid. Valid To Universal Coordinate Time base. Synchronized a time server thanks to NTP synchronized to a GPS box. After this date, the certificate is not valid. Subject Distinguished Name The validity period is 20 years. E = [email protected] CN = TAS Signature Service CA O = Thales Alenia Space C = FR Signature Generated and encoded in accordance with RFC 2459 b5 15 7f a da d6 7b a1 59 b4 54 a7 d2 33 6e 1a f TASCS user certificate Field Value or Value Constraint Version v3 Serial Number unique value Signature algorithm Sha1RSA Key length 2048 Issuer Distinguished E = [email protected] Name CN = TAS Signature Service CA O = Thales Alenia Space C = FR Valid From Universal Coordinate Time base. Synchronized a time server thanks to NTP synchronized to a GPS box. Valid To Universal Coordinate Time base. Synchronized a time server thanks to NTP synchronized to a GPS box The validity period is 2 months. Subject CN (Common Name) = <last user name> <first user name> Distinguished Name E ( Address) = < user SMTP > O (Organization) = Thales Alenia Space C (Country) = FR Signature Generated and encoded in accordance with RFC Certificate extensions TASCS CA certificate Field Key usage Basic constraints Value or Value Constraint Certificate Signing CRL Signing Subject type = CA

51 ISSUE : 02 PAGE : 49 Path Length Constraint = TASCS User certificate Field Key usage crldistributionpoints Value or Value Constraint Digital Signature Non repudiation URL to CRL Contains Intranet URL and Internet URL Algorithm object identifiers Reference PKI-SP0007-PROF-001 : Certificates are signed with sha1rsa in accordance with RFC Name forms no stipulation no stipulation Name constraints no stipulation Certificate policy Object Identifier no stipulation Usage of Policy Constraints extension no stipulation Policy qualifiers syntax and semantics no stipulation Processing semantics for the critical certificate policy extension no stipulation 10.2 CRL PROFILE Field Value or Value Constraint

52 ISSUE : 02 PAGE : 50 Version cf Signature algorithm Sha1RSA Issuer Entity who has issued and signed the CRL Effective date issue date of the CRL Next update 1 month Revoked certificates Listing of revoked certificates, including the Serial Number of the revoked certificate and the revocation date Version number(s) TASCS currently issues X.509 version 1 CRLs CRL and CRL entry extensions No stipulation 11. SPECIFICATION ADMINISTRATION [SPEC] 11.1 SPECIFICATION CHANGE PROCEDURES Reference PKI-SP0007-SPEC-001 : Amendments to this document shall be made by the Thales Alenia Space. Reference PKI-SP0007-SPEC-002 : Amendments shall either be in the form of a document containing an amended form of the document or an update. Reference PKI-SP0007-SPEC-003 : Amended versions or updates shall be linked to this document Reference PKI-SP0007-SPEC-004 : Updates supersede any designated or conflicting provisions of the referenced version of the document Items That Can Change Without Notification F Thales Alenia Space reserves the right to amend the document without notification for amendments that are not material, including without limitation corrections of typographical errors, changes to URLs, and changes to contact information. Thales Alenia Space s decision to designate amendments as material or non-material shall be within Thales Alenia Space sole discretion.

53 ISSUE : 02 PAGE : Changes With Notification Reference PKI-SP0007-SPEC-005 : Thales Alenia Space shall make material amendments to the document in accordance with List of Items Reference PKI-SP0007-SPEC-006 : Any items in this certificate policy may be subject to the notification requirement as identified in Sections 0 and Notification Mechanism F Thirty days before major changes to this policy, a notification will be posted on an Thales Alenia Space Intranet Web site. Reference PKI-SP0007-SPEC-007 : The notification shall contain a statement of the proposed changes; the final date for receipt of comments; and the proposed effective date of change. The PA may request CAs to notify their Subscribers of the proposed changes Comment Period Reference PKI-SP0007-SPEC-008 : The comment period will be 30 days unless otherwise specified. The comment period will be defined in the notification Mechanism To Handle Comments Reference PKI-SP0007-SPEC-009 : Comments on proposed changes must be directed to the PA. F Any amendment to the proposed change includes a description of and justification for the amendment as well as contact information for and the signature of the person requesting the amendment. Reference PKI-SP0007-SPEC-010 : The PA shall accept with modifications, or reject the proposed amendment after completion of the comment period.

54 ISSUE : 02 PAGE : 52 F Decisions with respect to the proposed amendments will be at the sole discretion of the PA Period For Final Change Notice Reference PKI-SP0007-SPEC-011 : The PA will determine the period for final change notice Items Whose Change Requires A New Policy Reference PKI-SP0007-SPEC-012 : If a policy change is determined by the PA to warrant the issuance of a new policy, the PA may assign a new Object IDentifier (OID) for the modified policy PUBLICATION AND NOTIFICATION POLICIES cf CPS APPROVAL PROCEDURES Cf FIN DE DOCUMENT END OF DOCUMENT