L@Wtrust Class 3 Registration Authority Charter



Similar documents
Eskom Registration Authority Charter

Transnet Registration Authority Charter

TELSTRA RSS CA Subscriber Agreement (SA)

ING Public Key Infrastructure Technical Certificate Policy

Neutralus Certification Practices Statement

Certification Practice Statement

Certification Practice Statement (ANZ PKI)

Danske Bank Group Certificate Policy

Equens Certificate Policy

Vodafone Group CA Web Server Certificate Policy

Ford Motor Company CA Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Ericsson Group Certificate Value Statement

Comodo Certification Practice Statement

Certification Practice Statement

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

CMS Illinois Department of Central Management Services

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

HKUST CA. Certification Practice Statement

CERTIFICATION PRACTICE STATEMENT UPDATE

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright , The Walt Disney Company

Government CA Government AA. Certification Practice Statement

Gandi CA Certification Practice Statement

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

Certum QCA PKI Disclosure Statement

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

APPLICATION FOR DIGITAL CERTIFICATE

Citizen CA Certification Practice statement

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Certification services for electronic security certificates

ENTRUST CERTIFICATE SERVICES

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

CERTIMETIERSARTISANAT and ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

VeriSign Trust Network Certificate Policies

Symantec Trust Network (STN) Certificate Policy

KIBS Certification Practice Statement for non-qualified Certificates

Land Registry. Version /09/2009. Certificate Policy

ARTL PKI. Certificate Policy PKI Disclosure Statement

Trustis FPS PKI Glossary of Terms

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

StartCom Certification Authority

STATUTORY INSTRUMENTS 2012 No. _

EBIZID CPS Certification Practice Statement

Certificate Policy. SWIFT Qualified Certificates SWIFT

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

Symantec Managed PKI Service for Windows Service Description

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June Version: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

GlobalSign CA Certificate Policy

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

epki Root Certification Authority Certification Practice Statement Version 1.2

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

Vodafone Group Certification Authority Test House Subscriber Agreement

EuropeanSSL Secure Certification Practice Statement

X.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA)

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Advantage Security Certification Practice Statement

SSL.com Certification Practice Statement

LET S ENCRYPT SUBSCRIBER AGREEMENT

SMKI Recovery Procedure

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

No. S ELECTRONIC TRANSACTIONS ACT 2010 (ACT 16 OF 2010) ELECTRONIC TRANSACTIONS (CERTIFICATION AUTHORITY) REGULATIONS 2010

Committee on National Security Systems

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE Notarius Inc.

PKI Disclosure Statement

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: version 1.2

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

PEXA Public Key Infrastructure (PKI) PEXA Digital Signing Certificate Policy

TR-GRID CERTIFICATION AUTHORITY

Policies of the University of North Texas Health Science Center. Chapter 14 UNT Health Credentialing and Privileging Licensed Practitioners

Internet Banking Internal Control Questionnaire

TR-GRID CERTIFICATION AUTHORITY

Fraunhofer Corporate PKI. Certification Practice Statement

ETSI TR V1.1.1 ( )

Certification Practice Statement

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

Statoil Policy Disclosure Statement

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Post.Trust Certificate Authority

InCommon Certification Practices Statement. Client Certificates

VeriSign Trust Network Certificate Policies

TeliaSonera Server Certificate Policy and Certification Practice Statement

Transcription:

Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12 665 3997 Website: https://www.lawtrust.co.za/ Class 3 RA Page 1 of 10

Table of Contents Introduction... 3 Scope... 3 Appointment... 3 Document Name and Publication... 4 Applicant and Subscriber... 4 Domain of Use (Eligibility for Certification)... 4 Purpose of Certification... 4 Ownership of Charter... 5 Private Key Infrastructure Hierarchy... 5 Certificate Content... 5 Application for a Certificate... 6 Process of Enrolment and Request Verification... 6 Advising on the Outcome of the Application... 7 Certificate Use Verification... 7 Acceptance of Certificate... 8 Revocation of Certificates... 8 Revocation Processes... 8 Certificate Suspension... 9 Certificate Renewal... 9 LTCLASS3-RA Annual Audit... 10 References... 10 Class 3 RA Page 2 of 10

Introduction specialises in application security solutions with a focus on strong authentication, non-repudiation and other cryptographic solutions. This includes SSL certificates, PKI, Card and Key Management, biometric and digital signature solutions, encryption and data security solutions. In order to deliver on the technology solutions, will make increasing use of the electronic environment including the Internet and Information Systems. needs to provide their employees, contractors, suppliers and clients with a secure electronic environment to facilitate the exchange of information and documents, electronic communications, and a secure user community. In order to preserve high levels of confidentiality and integrity in this public medium, and to align with the regulations and provisions of the Electronic Communications and Transactions Act, has partnered with an internationally established standard in secure communication, namely, the Entrust Public Certification Services, to deliver on their PKI security solutions. The terms contained in this Charter are subject to the terms and conditions contained in the Certification Practice Statement (CPS). Combined, this Charter and the CPS specify the digital certification process and provide the required trust in as a digital certificate issuer. All persons are required to adhere to the terms and conditions contained in the CPS as well as any other requirements imposed by that do not conflict with the CPS. Scope This document is part of the Information Security Policy and is applicable to as well as to all parties taking part in the digital certification process. The OA is the final authority on all IT Information Security Management related security within the sphere of IT operations. Appointment is appointed a Class 3 Registration Authority (LTCLASS3-RA) to: 1. Accept applications for Certificates. 2. Perform authentication of identities and verification of information submitted by applicants when applying for the issuance of a digital certificate by the LAWtrust2048 CA in terms of the provisions of this Charter, which has been approved by the Policy Authority. 3. Where such authentication and verification is successful, submit the request to the LAWtrust2048 CA, in accordance with the provisions of this Charter and the CPS. Class 3 RA Page 3 of 10

The LTCLASS3-RA is appointed exclusively for the purposes of authenticating the identity and verifying supporting and ancillary information of applicants using the services provided by. Document Name and Publication This document is called the Class 3 Registration Authority Charter. The latest version of the Charter may be accessed at the website https://www.lawtrust.co.za/repository. Applicant and Subscriber In this Charter a natural person or entity applying for a Certificate shall be described as an applicant until the application for the Certificate has been granted. Once a Certificate has been issued the natural person to whom it has been issued shall be referred to as a subscriber. Domain of Use (Eligibility for Certification) Third party natural persons can be digitally certified under the following conditions: 1. The subscriber has an existing or potential business relationship with. 2. The subscriber has a valid corporate e-mail account. 3. The subscriber has a cellular phone number. 4. The subscriber is in good standing with. 5. The subscriber is fully aware of the responsibilities regarding the care and use of digital certificates and keys (as contained in the CPS, this Charter, the Class 3 Subscriber Agreement and any other governance policies). Purpose of Certification Digital certification is to be used to provide the subscribers with trusted identity credentials for, amongst other uses: 1. Secure e-mail. 2. Digital signature capability documents and transactions. 3. Authentication to or 3 rd party business systems. 4. File and folder encryption. Class 3 RA Page 4 of 10

The above will ensure authentication, authorisation, privacy, message integrity and non-repudiation. The subscriber may only use the digital certificate for legitimate business purposes. Ownership of Charter The Operations Authority (OA) is responsible for the upkeep of this Charter. Changes to this Charter are to be authorised by the Chief Technology Officer and approved by the Policy Authority. The Operations Authority takes full responsibility for the upkeep and content of this Charter, but limits its liability to the use of this Charter as described in the CPS, this Charter and any other governance policies. The day to day business operations related to certificate lifecycle would be executed by Professional Services. The technical operations related to certificate lifecycle would be executed by the Professional Services. Private Key Infrastructure Hierarchy The trust hierarchy is as follows: ۰ Entrust.net Secure Server Certification Authority Root Certification Authority (RCA) ۰ LAWtrust2048 CA Local Certification and Issuing Authority (IA) ۰ LTCLASS3-RA Local Registration Authority (LRA) The root key hierarchy is as follows: ۰ Entrust.net Secure Server Certification Authority ROOT CA ۰ LAWtrust2048 CA ( Certificates to be signed by these CA s) ISSUING CA Certificate Type & Content Certificate Type: ۰ Enterprise dual key-pair user certificates Class 3 RA Page 5 of 10

۰ Enterprise two key pair single usage certificates ۰ Web dual key-pair user certificates ۰ Web two key pair single usage certificates Certificate Content: ۰ Common Name (First Name & Surname) ۰ Company User ID ۰ E-mail address ۰ Organisation: LAWtrust Class 3 RA ۰ Organisation: LAWtrust Application for a Certificate The LTCLASS3-RA shall be entitled to accept and process applications for natural persons for the issue of a Certificate. As a minimum the LTCLASS3-RA shall require from the natural person applicant: ۰ A duly completed and signed Class 3 Certificate Application Form approved by the OA. ۰ A duly completed and signed Class 3 Subscriber Agreement. ۰ Copy of the applicant s ID, Passport or Driver s License. The LTCLASS3-RA shall retain all of the documentation relevant to the authentication of the identity of the applicant as well as the verification of supporting information securely ( PKI Safe), in conformance with the requirements of the Policy Authority, for a period of 3 (three) years after the expiry or revocation of the Certificate. Process of Enrolment and Request Verification Online electronic enrolment will be done and the following enrolment fields are compulsory: 1. Common name (CN) (First Name & Surname) Class 3 RA Page 6 of 10

2. E-mail address (E) 3. Company User ID (Serial number) The LTCLASS3-RA appointed certificate administrator will perform the following steps to issue a certificate: 1. Receive a request, which has been authorized by the OA. 2. Physical verification of the applicant s identity with face-to-face verification against the user s ID, Passport or Driver s License this can be delegated to an appointed Verification Officer. 3. Register the subscriber and create the reference code and authorisation code on the Certificate Management System. 4. Deliver the reference code (via email) and authorisation code (via SMS) that will enable the download of the certificate to the applicant (delivery in person or via secure courier is acceptable). 5. LTCLASS3-RA shall, if required by the applicant, provide telephonic assistance to the applicant in the activation of the Certificate. Advising on the Outcome of the Application If the application is refused the LTCLASS3-RA shall give the applicant notice of the refusal by the LTCLASS3-RA. The notice shall be addressed to the e-mail address provided in the application, failing which in the manner deemed most expedient by the LTCLASS3-RA and shall provide the reasons for the refusal. If the application is granted the LTCLASS3-RA, within 10 (ten) days of the receipt of the application by the LTCLASS3-RA, will advice the applicant that the enrolment for a Certificate can commence. Certificate Use Verification ۰ The certificate validity can be verified in the CRL [http://2048crl.lawtrust.co.za/lawtrust_2048_ca_lawtrust_za_crlfile.crl]. ۰ The CRL profile will be a full CRL. ۰ The certificate is valid for a maximum period of up to three years from date of issue. Class 3 RA Page 7 of 10

Acceptance of Certificate After the issuance of the Certificate and notification addressed to the subscriber, the subscriber shall check that the content of the Certificate is correct. Unless notified to the contrary by the subscriber of any inaccuracies in the Certificate, the Certificate shall be deemed to have been accepted by the subscriber and the information contained in the Certificate deemed to be accurate. Revocation of Certificates Certificates may be revoked under authority from the Operations Authority under the following circumstances: 1. Abuse of the digital certificate by the subscriber. 2. Subscriber s request. 3. Subscriber s formal relationship with ends. 4. Subscriber certificate content not valid. 5. Subscriber suspected of fraudulent activity. 6. Loss, compromise, or suspected compromise, of a subscriber s private key or workstation. 7. Non-payment of fees in respect of any services provided by or LTCLASS3-RA. 8. Issue or use of the certificate not in accordance with the CPS. 9. The LAWtrust2048 CA or Entrust CA expires. 10. Any other reason that the CA or the LTCLASS3-RA reasonably believes may affect the integrity, security or trustworthiness of a Certificate. Revocation Processes A request to revoke a Certificate may be submitted by a subscriber, the LTCLASS3-RA or the LAWtrust2048 CA if any of the above occurs. The LTCLASS3-RA shall authenticate a request for revocation of a Certificate using a sub-set of the information provided by the subscriber with the certificate application. Upon verification the LTCLASS3-RA will send a revocation request to the LAWtrust2048 CA. Class 3 RA Page 8 of 10

The LAWtrust2048 CA shall within 24 hours of receiving a revocation request, post the serial number of the revoked Certificate to the CRL in the repository. The LTCLASS3-RA shall make a commercially reasonable effort to notify the subscriber Certificate is revoked. Revocation of a Certificate shall not affect any of the subscriber s contractual obligations under the CPS or the Class 3 Subscriber Agreement entered into by the subscriber or any Relying Party Agreements. Certificate Suspension The LTCLASS3-RA may suspend a Certificate if: 1. The subscriber is not in good standing with the LTCLASS3-RA or the LAWtrust2048 CA; 2. The subscriber fails to adhere to the provisions of the CPS or the Class 3 RA Charter; 3. Temporary suspension of the subscriber s role that requires the use of a Certificate. The LTCLASS3-RA may request the LAWtrust2048 CA to suspend a Certificate without prior notice to the subscriber. The LTCLASS3-RA shall make a commercially reasonable effort to notify the subscriber of the suspension. Certificate Renewal The Certificate will be renewed on the approach of the expiry date for the certificate. This renewal process will be automated in the case of enterprise certificates and will only require the subscriber to confirm the renewal process. The renewal of web certificates will be managed by the subscribers and will require informing the LTCLASS3-RA of the upcoming expiry. During the certificate renewal request the subscriber will undergo a re-key and the new public key information will be included in the new certificate. As the subscriber will be logged into the certificate profile for enterprise certificates no further verification of these subscribers details will be required. For web certificates the LTCLASS3-RA will confirm the identity of the subscriber applying for the renewal. Class 3 RA Page 9 of 10

LTCLASS3-RA Annual Audit The LTCLASS3-RA shall be audited once per calendar year for compliance with the practices and procedures set out in this Charter and the CPS. If the results of an audit report recommend remedial action, the LTCLASS3-RA shall initiate corrective action within 30 (thirty) days of receipt of such audit report. References 1. References TYPE OF REFERENCE CA Policies, Practices & Agreements: REFERENCE a. Certificate Practices Statement (https://www.lawtrust.co.za/repository). b. Class 3 Certificate Application Form (https://www.lawtrust.co.za/repository). c. Class 3 Subscriber Agreement (https://www.lawtrust.co.za/repository). d. Relying Party Agreement (https://www.lawtrust.co.za/repository). Class 3 RA Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information