Transnet Registration Authority Charter



Similar documents
Class 3 Registration Authority Charter

Eskom Registration Authority Charter

TELSTRA RSS CA Subscriber Agreement (SA)

ING Public Key Infrastructure Technical Certificate Policy

Neutralus Certification Practices Statement

Certification Practice Statement

Certification Practice Statement (ANZ PKI)

Equens Certificate Policy

Danske Bank Group Certificate Policy

Vodafone Group CA Web Server Certificate Policy

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

Ericsson Group Certificate Value Statement

Ford Motor Company CA Certification Practice Statement

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

HKUST CA. Certification Practice Statement

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

Comodo Certification Practice Statement

StartCom Certification Authority

LET S ENCRYPT SUBSCRIBER AGREEMENT

Land Registry. Version /09/2009. Certificate Policy

Gandi CA Certification Practice Statement

APPLICATION FOR DIGITAL CERTIFICATE

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

CERTIMETIERSARTISANAT and ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

Vodafone Group Certification Authority Test House Subscriber Agreement

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

Certification services for electronic security certificates

STATUTORY INSTRUMENTS 2012 No. _

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

CERTIFICATION PRACTICE STATEMENT UPDATE

Symantec Managed PKI Service for Windows Service Description

LET S ENCRYPT SUBSCRIBER AGREEMENT

KIBS Certification Practice Statement for non-qualified Certificates

Policies of the University of North Texas Health Science Center. Chapter 14 UNT Health Credentialing and Privileging Licensed Practitioners

Symantec Trust Network (STN) Certificate Policy

ENTRUST CERTIFICATE SERVICES

GlobalSign CA Certificate Policy

VeriSign Trust Network Certificate Policies

Advantage Security Certification Practice Statement

Authorized Subscribers

Certification Practice Statement

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE "DECLINE" BUTTON BELOW.

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

EuropeanSSL Secure Certification Practice Statement

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

Service Description. 3SKey. Connectivity

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June Version: 1.0

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

Certificate Policy. SWIFT Qualified Certificates SWIFT

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright , The Walt Disney Company

SSL.com Certification Practice Statement

CMS Illinois Department of Central Management Services

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

Committee on National Security Systems

Government CA Government AA. Certification Practice Statement

User Manual Internet Access. for the public key. certification service

Trustis FPS PKI Glossary of Terms

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates

Statoil Policy Disclosure Statement

Post.Trust Certificate Authority

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

Controller of Certification Authorities of Mauritius

Certum QCA PKI Disclosure Statement

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

No. S ELECTRONIC TRANSACTIONS ACT 2010 (ACT 16 OF 2010) ELECTRONIC TRANSACTIONS (CERTIFICATION AUTHORITY) REGULATIONS 2010

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

PKI Disclosure Statement

HBF ANCILLARY PROVIDER REQUIREMENTS

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: version 1.2

ARTL PKI. Certificate Policy PKI Disclosure Statement

PostSignum CA Certification Policy applicable to qualified personal certificates

EBIZID CPS Certification Practice Statement

SMKI Recovery Procedure

ComSign Ltd. Certification Practice Statement (CPS)

Internet Banking Internal Control Questionnaire

Certificate Policy and Certification Practice Statement

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

Citizen CA Certification Practice statement

Rules for the certification of event sustainability management system

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Transcription:

Registration Authority Charter Version 3.0 is applicable from Effective Date Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 544 9368 Fax +27 (0)11 544 9599 Website: http://www.transnet.co.za/ Page 1 of 10

Table of Contents Introduction... 3 Scope... 3 Appointment... 3 Document Name and Publication... 4 Applicant and Subscriber... 4 Domain of Use (Eligibility for Certification)... 4 Purpose of Certification... 5 Ownership of Charter... 5 Private Key Infrastructure Hierarchy... 5 Certificate Content... 6 Application for a Certificate... 6 Process of Enrolment and Request Verification... 7 Advising on the Outcome of the Application... 8 Certificate Use Verification... 8 Acceptance of Certificate... 8 Revocation of Certificates... 8 Revocation Processes... 9 Certificate Suspension... 9 Certificate Renewal... 10 T-SYSTEMS-RA Annual Audit... 10 References... 10 Page 2 of 10

Introduction is the largest and most crucial part of the freight logistics chain that delivers goods to each and every South African. Every day delivers thousands of tons of goods around South Africa, through its pipelines and both to and from its ports. It moves that cargo on to ships for export while it unloads goods for overseas. s vision and mission is to be a focused freight transport company, delivering integrated, efficient, safe, reliable and cost-effective services to promote economic growth in South Africa. aims to achieve this goal by increasing their market share, improving productivity and profitability and by providing appropriate capacity to their customers ahead of demand. In order to fulfill this vision and mission, will make increasing use of the Internet and information Systems., therefore, needs a strong, trusted identity credential used, for example to secure e-mail and provide document signing capability in order for there to be secure and trusted communications between employees, contractors, suppliers and clients anywhere in the world. In order to preserve high levels of confidentiality and integrity in this public medium, has chosen to use an international established standard in secure communications, namely, the managed Digital Certificate services. The terms contained in this Charter are subject to the terms and conditions contained in the Certification Practice Statement (CPS). Combined, this Charter and the CPS specify the digital certification process and provide the required trust in as a digital certificate issuer. All persons are required to adhere to the terms and conditions contained in the CPS as well as any other requirements imposed by that do not conflict with the CPS. Scope This document is part of the Information Security Policies and is applicable to as well as to all parties taking part in the digital certification process. s Information Security Manager is the final authority on all Risk Management related security within the sphere of operations. Appointment appoints T-Systems as a Registration Authority (T-SYSTEMS-RA), acting on behalf of, to: 1. Accept applications for Certificates. Page 3 of 10

2. Perform authentication of identities and verification of information submitted by applicants when applying for the issuance of a digital certificate by the LAWtrust CA in terms of the provisions of this Charter, which has been approved by the Policy Authority. 3. Where such authentication and verification is successful, submit the request to the LAWtrust CA, in accordance with the provisions of this Charter and the CPS. The T-SYSTEMS-RA is appointed exclusively for the purposes of authenticating the identity and verifying supporting and ancillary information of applicants using the services provided by T-Systems. Document Name and Publication This document is called the Registration Authority Charter. The latest version of the Charter may be accessed on the Intranet website http://intra.spoornet.co.za, the Document Management System or at the website https://www.lawtrust.co.za/repository. Applicant and Subscriber In this Charter a natural person applying for a Certificate shall be described as an applicant until the application for the Certificate has been granted. Once a Certificate has been issued the natural person to whom it has been issued shall be referred to as a subscriber. Domain of Use (Eligibility for Certification) Formal employees or an approved business partner of the group can be digitally certified under the following conditions: 1. The subscriber has an existing or potential business relationship with. 2. The subscriber has a valid (Freight Rail or Capital Project) e-mail account. 3. The subscriber has a cellular phone number. 4. The subscriber is in good standing with. 5. The subscriber is fully aware of the responsibilities regarding the care and use of digital certificates and keys (as contained in the CPS, this Charter and any other governance policies). Page 4 of 10

Purpose of Certification Digital certification is to be used to provide the subscribers with trusted identity credentials for, amongst other uses: 1. Secure e-mail. 2. Digital signature capability to send and receive secure e-mail to and from the Internet. 3. Authentication to business systems. 4. File and folder encryption. 5. Digitally sign documents or transactions. The above will ensure authentication, authorisation, privacy, message integrity and non-repudiation. The subscriber may only use the digital certificate for legitimate business purposes. Ownership of Charter The Freight Rail Security Manager is responsible for the upkeep of this Charter. Changes to this Charter are to be made by freight Rail Security Manager, authorised by the T-Systems CSS-TSS Information Security Manager and approved by the Policy Authority. The T-System CSS-TSS Information Security Manager takes full responsibility for the upkeep and content of this Charter, but limits its liability to the use of this Charter as described in the CPS, this Charter and any other governance policies. The day to day business operations related to certificate lifecycle would be executed by T-Systems CSS- TSS Information Security Department. The technical operations related to certificate lifecycle would be executed by T-Systems CSS-TSS Information Security Department. Private Key Infrastructure Hierarchy The trust hierarchy is as follows: ۰ Entrust.net Secure Server Certification Authority Root Certification Authority (RCA) ۰ LAWtrust CA Local Certification and Issuing Authority (IA) ۰ T-SYSTEMS-RA Local Registration Authority (LRA) Page 5 of 10

The root key hierarchy is as follows: ۰ Entrust.net Secure Server Certification Authority ROOT CA ۰ LAWtrust CA ( Certificates to be signed by this CA) ISSUING CA Certificate Content ۰ Common Name (First Name & Surname) ۰ E-mail address ۰ Issuing Authority: LAWtrust CA ۰ Organisation: ۰ Additional 1: Company Name ۰ Additional 2: Freight Rail/Capital Projects Business Reference Number ۰ Additional 3: Individual Unique ID Number ۰ Additional 4: URL linked to Disclaimer Application for a Certificate The T-SYSTEMS-RA shall be entitled to accept and process applications for natural persons for the issue of a Certificate. As a minimum the T-SYSTEMS-RA shall require from the natural person applicant: ۰ To log a call with the Service Desk. ۰ A duly completed and signed Certificate Issuance Authorisation Form approved by Senior Management. ۰ A duly completed and signed Subscriber Agreement. ۰ Copy of the applicant s ID, Passport or Driver s License. The T-SYSTEMS-RA shall retain the application together with all of the documentation relevant to the authentication of the identity of the applicant as well as the verification of supporting information securely, in conformance with the requirements of the Policy Authority, for a period of 3 (three) years after the expiry or revocation of the Certificate. Page 6 of 10

Process of Enrolment and Request Verification Online electronic enrolment will be done and the following enrolment fields/selections are compulsory: 1. First Name (CN) 2. Surname (CN) 3. E-mail address (Email) 4. Company Name (OU: Freight Rail or Capital Projects) 5. Freight Rail/Capital Projects Business Reference Number (Serial number) 6. National ID Number (Telephone number) The T-SYSTEMS-RA appointed Certificate Administrator, who falls under the authority of T-Systems CSS- TSS, will perform the following steps to issue a certificate: 1. Receive a request, which has been authorised by Senior Management or falls within the guidelines set by the Security Manager. 2. Register the subscriber and create the One Time Certificate Reference Number and Authorisation Code on the Certificate Management System. 3. Store the Authorisation Code on a secure system referencing the Certificate Reference Number. 4. E-mail the Certificate Reference Number to the applicant at the e-mail address provided in the Certificate Issuance Authorisation Form - this will be provided to the T-Systems Systems Engineer or qualified representative on his/her visit to the applicant. 5. The T-Systems Systems Engineer or qualified representative needs to verify the applicant s identity with face-to-face verification against the applicant s National ID, Passport or Driver s License and obtain a physical signature on the Implementation quality control document. 6. The T-Systems Systems Engineer or qualified representative will physically phone the Certificate Administrator to request the Authorisation Code referenced by the Certificate Reference Number. 7. The Certificate Administrator will verbally hand over the Authorisation Code to the T-Systems System Engineer Systems Engineer or qualified representative telephonically to enable the download of the subscriber s certificate. 8. The Certificate will then be downloaded directly into a token. Page 7 of 10

Advising on the Outcome of the Application If the application is refused the T-SYSTEMS-RA shall give the applicant notice of the refusal by the T- SYSTEMS-RA. The notice shall be addressed to the e-mail address provided in the application, failing which in the manner deemed most expedient by the T-SYSTEMS-RA and shall provide the reasons for the refusal. If the application is granted the T-SYSTEMS-RA within 10 (ten) days of the receipt of the application by the T-SYSTEMS-RA, will advice the applicant and by notice addressed to the e-mail address provided in the application. Certificate Use Verification ۰ The certificate validity can be verified in the CRL [website: http://crl.lawtrust.co.za/lawtrust.crl]. ۰ The certificate is valid for a maximum period of one year from date of issue. Acceptance of Certificate After the issuance of the Certificate and notification addressed to the subscriber, the subscriber shall check that the content of the Certificate is correct. Unless notified to the contrary by the subscriber of any inaccuracies in the Certificate, the Certificate shall be deemed to have been accepted by the subscriber and the information contained in the Certificate deemed to be accurate. Revocation of Certificates Certificates may be revoked under authority from the Security Manager under the following circumstances: 1. can revoke a certificate without explanation when, in s sole discretion, such is deemed to be necessary. 2. Abuse of the digital certificate by the subscriber. 3. Subscriber s request. 4. Subscriber s formal relationship with ends. Page 8 of 10

5. Subscriber certificate content not valid. 6. Subscriber suspected of fraudulent activity. 7. Loss, compromise, or suspected compromise, of a subscriber s private key or workstation. 8. Issue or use of the certificate not in accordance with the CPS. 9. The LAWtrust CA or Entrust CA expires. 10. Any other reason that the LAWtrust CA or the T-SYSTEMS-RA reasonably believes may affect the integrity, security or trustworthiness of a Certificate. Revocation Processes A Certificate Revocation Request may be submitted by a subscriber, the T-SYSTEMS-RA or the LAWtrust CA if any of the above occurs. The T-SYSTEMS-RA shall authenticate a request for revocation of a Certificate using a sub-set of the information provided by the subscriber with the certificate application and upon verification send a revocation request to the LAWtrust CA The LAWtrust CA shall within 24 hours of receiving a revocation request, post the serial number of the revoked Certificate to the CRL in the repository. The T-SYSTEMS-RA shall make a commercially reasonable effort to notify the subscriber by e-mail if the subscriber s Certificate is revoked. Revocation of a Certificate shall not affect any of the subscriber s contractual obligations under the CPS or the Subscriber Agreement entered into by the subscriber or any Relying Party Agreements. Certificate Suspension The T-SYSTEMS-RA may suspend a Certificate if: 1. The subscriber is not in good standing with the, T-SYSTEMS-RA or LAWtrust CA; 2. The subscriber fails to adhere to the provisions of the CPS or the RA Charter; 3. Temporary suspension of the subscriber s role that requires the use of a Certificate. Page 9 of 10

The T-SYSTEMS-RA may request the LAWtrust CA to suspend a Certificate without prior notice to the subscriber. The T-SYSTEMS-RA shall make a commercially reasonable effort to notify the subscriber of the suspension by sending an e-mail to the e-mail address provided in the certificate application. Certificate Renewal The Information Security Policy dictates that a renewal process will be followed. T-SYSTEMS-RA Annual Audit The T-SYSTEMS-RA shall be audited once per calendar year for compliance with the practices and procedures set out in this Charter and the CPS. If the results of an audit report recommend remedial action, the T-SYSTEMS-RA shall initiate corrective action within 30 (thirty) days of receipt of such audit report. References 1. All Related Legislation 2. Certificate Issuance Authorisation 3. /T-Systems Implementation Quality Control Document 4. Subscriber Agreement 5. Certificate Practices Statement (https://www.lawtrust.co.za/repository) Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information