CERTIFICATE POLICY Citizen

Similar documents
SPECIFIC DOCUMENTATION FOR WEBSITE CERTIFICATES

CERTIFICATION PRACTICE STATEMENT UPDATE

SPECIFIC DOCUMENTATION FOR CORPORATE CERTIFICATES

Certum QCA PKI Disclosure Statement

CERTIFICATE POLICIES (CP) Legal Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

CERTIFICATE POLICIES (CP) Natural Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP

CERTIFICATE POLICIES (CP) Public Functionary Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP

Class 3 Registration Authority Charter

Eskom Registration Authority Charter

Neutralus Certification Practices Statement

Transnet Registration Authority Charter

esign Online Digital Signature Service

CERTIMETIERSARTISANAT and ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

ComSign Ltd. Certification Practice Statement (CPS)

National Register of Associations. Number CIF G

CERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

TELSTRA RSS CA Subscriber Agreement (SA)

Danske Bank Group Certificate Policy

3.Practices and procedures. v

FREQUENTLY ASKED QUESTIONS

CLASS - III Digital Signature Certificate Application Check List (To be filled by applicant)

Certification Service Provider of the Ministry of Employment and Social Securityp. Profile for Electronic seal certificate

HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

User Manual Internet Access. for the public key. certification service

SecureStore I.CA. User manual. Version 2.16 and higher

ORDINANCE ON THE ELECTRONIC SIGNATURE CERTIFICATES IN THE. Chapter One GENERAL PROVISIONS

Hempfield Township Board of Supervisors

Future directions of the AusCERT Certificate Service

Business Card Application Form

Procedure for How to Enroll for Digital Signature

Land Registry. Version /09/2009. Certificate Policy

Certification Practice Statement

Simple Guide to Digital Signatures

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

Ericsson Group Certificate Value Statement

Certificate Policy for VoIP

Citizen CA Certification Practice statement

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June Version: 1.0

GENERAL CONTRACTING CONDITIONS

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certification Practice Statement (ANZ PKI)

ING Public Key Infrastructure Technical Certificate Policy

TATA CONSULTANCY SERVICES LIMITED CERTIFYING AUTHORITY REQUEST FORM FOR CLASS-3 CERTIFICATE SERVER / DEVICE CERTIFICATE

***** Please find attached the relevant articles of the preliminary bill.

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

ORC ACES Subscriber Instructions. M o b i l e C o d e C e r t i f i c a t e s

Requirements set for account holders and representatives of emissions trading accounts

Guidelines for the use of electronic signature

Vodafone Group CA Web Server Certificate Policy

General Terms and Conditions of Use of Fina s e-invoice Internet Service

Certification Service Provider of the Ministry of Employment and Social Security. Profile for Public Employee certificates

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

Forms Packet Copyright 2013

Equivalency Process Required Documents

ISSUANCE AND MANAGEMENT POLICY FOR. Spektar Org Universal Certificate

HKUST CA. Certification Practice Statement

The Mobile Phone Signature in edemocracy and egovernment Applications.

SPECIFIC CERTIFICATION POLICIES AND PRACTICES APPLICABLE TO

ENROLMENT GUIDE FOR MCACert

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

DigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011

DOH 329 Registry Physician Initiated Application

CA/Browser Forum. Guidelines For The Issuance And Management Of Extended Validation Code Signing Certificates

INFORMATION TECHNOLOGY CERES DEPARTMENT

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Application for a Child Performer Permit

PKI Disclosure Statement

Trouble Shooting on e-filing

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

All you need to know about the electronic residence permit (eat)

PEXA Public Key Infrastructure (PKI) PEXA Digital Signing Certificate Policy

SSLPost Electronic Document Signing

Securing Adobe PDFs. Adobe - Certified Document Services Registration Authority (RA) Training. Enterprise Security. ID Verification Services

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

How to set up your NMC Online account. How to set up your NMC Online account

Certification Practice Statement

Type of Certificate: SSL Certificate

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE

RELEASE DATE: January 31, 2013

DECREE 132 of the National Security Authority. dated from 26 March 2009

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

Real Casa de la Moneda. Fábrica Nacional de Moneda y Timbre

Type of Certificate: Secure Certificate

Subscriber Application Form User Type: Government / Organization / Banking Sector

Type of Certificate: Secure Certificate

APPLICATION FOR DOMESTIC RECIPROCITY LICENSE. The State Board of Cosmetology may grant license by reciprocity, without examination, if:

Trustis FPS PKI Glossary of Terms

TC TrustCenter Certificate Policy Definitions for EV Certificates

READY RECKONER FOR SAFE EXIM VALIDATION

Domain Name Act (228/2003; amendments up to 397/2009 included)

Estate Planning and the Provision of Electronic Certification Services

Transcription:

CERTIFICATE POLICY Citizen Reference: Citizen certification policy Version no: 1.0 Date: 11 of janury, 2016 IZENPE 2016 This document is the property of Izenpe. It may only be reproduced in its entirety.

TABLE OF CONTENTS 1 DESCRIPTION OF THE CERTIFICATE... 3 1.1 DEFINITION... 3 1.2 SCOPE OF USE... 3 1.3 CERTIFICATE IDENTIFICATION... 3 1.4 GENERAL PROVISIONS... 4 2 CERTIFICATE LIFE CYCLE... 5 2.1 CERTIFICATE REQUEST AND DOCUMENTATION ACCREDITATION... 5 2.2 ISSUANCE AND DELIVERY PROCEDURE... 5 2.3 VERIFICATION OF CERTIFICATE... 7 2.4 CERTIFICATE REVOCATION... 7 2.5 RENEWAL OF CERTIFICATES... 8 3 FEE... 8 4 MANAGEMENT OF CHANGE... 9 5 CERTIFICATE PROFILE... 9 2 / 9 Version 1.0

1 DESCRIPTION OF THE CERTIFICATE This document includes the Certification Policy for the Citizen certificate issued by Ziurtapen eta Zerbitzu Enpresa-Empresa de Certificación y Servicios, Izenpe, S.A. (henceforth, Izenpe). The purpose of this document is to detail and complete the information provided in a more generic form in the Izenpe Certification Practice Statement. 1.1 Definition Both certificates are electronic signature certificates with the legal effect of a recognized certificate, in accordance with the Electronic Signature Law 59/2003 dated 19 December (henceforth LFE), and a qualified certificate under Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, - Signatory, the natural person identified in the certificate. - Subscriber, the natural person identified in the certificate. - Key owner, the natural person who owns or is responsible for safeguarding the digital signature keys. In the Citizen certificate the subscriber is the signer and the key owner. The application requires future certificate subscribers to be aged over 16 years old. With regards to the storage medium, this certificate can be issued: - Card / USB token: on a cryptographic chip - Browser: in the browser certificate container. - Mobile device: in the application certificate container (hereafter, app) of the mobile. - Egoitz@ (HSM + Virtual Card): in a secure central repository (HSM), which the user can access via a small piece of software (Virtual Card) installed in the computer. This software manages users' requests to use certificates, connecting with the central repository and requesting the necessary cryptographic operations. 1.2 Scope of use This certificate will be used by subscribers in their transactions with User Entities and Public and Private Institutions in general that have accepted its use. 1.3 Certificate identification In order to identify the Citizen certificate, Izenpe has assigned it the following object identifier (OID). CERTIFICATE OID Citizen Certificate 1.3.6.1.4.1.14777.2.6 As this is a qualified certificate, it also includes the following object identifier (OID) defined by TS 119 412-2 and TS 119 412-5 of the European Telecommunications Standards Institute (ETSI), on profiles of qualified certificates: 0.4.0.1862.1.1. 3 / 9 Version 1.0

1.4 General provisions Identification obligations Izenpe, either directly or through the User Entities with which it has signed the corresponding agreement, checks the corresponding registries to verify the identity and any other personal information concerning applicants, subscribers, and key holders of certificates relevant for this purpose. Certificate subscriber obligations The subscriber's obligations are defined in the Certificate Practice Statement: Certificate subscriber obligations. 4 / 9 Version 1.0

2 CERTIFICATE LIFE CYCLE 2.1 Certificate request and documentation accreditation The applicant shall complete and sign the Issue Application and accept the Subscriber Contract. The Application can be signed using the following options, Electronically. By accessing www.izenpe.com and using the edni or Izenpe Citizen certificate to sign the Application. Note. If Izenpe has not identified the applicant face-to-face in the past 5 years, he/she should schedule and appointment with the Registration Authority. Or in paper format. Access www.izenpe.com, complete the Issue application and schedule an appointment to present the required identification documentation to the Registration Authority, Note. For Spanish citizens: DNI, passport or a valid driver's license. For citizens of a EU member state: valid passport or national identity document in their country and certificate issued by the EU Member State registry. For non-eu citizens: Residence Card or valid passport If the applicant cannot be identified by one of the above methods, Izenpe will determine the documentation needed for identification purposes on a case-by-case basis. The applicant shall either provide a photocopy of the identification documents or authorize Izenpe to verify the information with the appropriate administrative body via the application form. Face-to-face identification before the Registration Authority is not necessary if Izenpe has identified the applicant in person within the past 5 years. In this case, the signed Issue application can be sent to Izenpe. Once this has been done correctly, Izenpe shall issue the certificate according to the storage media selected by the applicant. 2.2 Issuance and delivery procedure Once the application has been duly completed and the appliacant authenticated, Izenpe will issue the certificate according to: The selected storage media. The method of delivery: 5 / 9 Version 1.0

Not in person, delivery to the street/email address indicated, in the case of, Electronic signature of application Or Issue Application on paper format signed by the applicant and notarized by a notary public. In person, appearance before the Registration Authority by. The applicant Or a third party authorized by the Applicant, who shall submit to Izenpe, Issue Application in paper format signed by the Applicant and notarized. And a document authorizing the third party to collect the certificate / Unique Registration Number (URN) signed and duly notarized. Card / USB token Delivery not in person. Izenpe will send the certificate and the keys separately to the street address provided in the Issue Application. The Applicant must sign the Delivery and Acceptance Sheet published at www.izenpe.com and deliver it to Izenpe if signed by hand or to services@.izenpe.net if signed electronically. Delivery in person, Izenpe will deliver to the applicant or the authorized third party the certificate, PIN and the unlock code (PUK), who will sign a confirmation of delivery form. BROWSER Delivery not in person. Izenpe will send to the email adress indicated on the Issue Application, The online address to access the Certificate Issuance Portal from the Browser. And a Unique Registration Number (URN) to generate the certificate. The Applicant must sign the Delivery and Acceptance Sheet published at www.izenpe.com and deliver it to Izenpe if signed by hand or to servicios@colaboradores.izenpe.net if signed electronically. Delivery in person. Izenpe will deliver to the applicant of the authorized third party the online address to access the Certificate Issuance Portal from the Browser and a Unique Registration Number (URN). The Applicant must sign the Delivery and Acceptance Sheet published at www.izenpe.com and deliver it to Izenpe if signed by hand or to servicios colaboradores izenpe.net if signed electronically. MOBILE DEVICE The Applicant shall download the Izenpe Mobile application. 6 / 9 Version 1.0

Delivery not in person. Izenpe will send the Unique Registration Number (URN) to the email indicated in the Issue Application. After generating the certificate, the Applicant must return the digitally signed Delivery and Acceptance Sheet published on www.izenpe.com to servicios@colaboradores.izenpe.net. Delivery in person. Izenpe will deliver a Unique Registration Number (URN) to the applicant or authorized third party for the generation of the certificate. Una vez generado el certificado el solicitante deberá firmar la Hoja de Entrega y Aceptación publicada en www.izenpe.com y entregarla en Izenpe en caso de firma manuscrita o enviarla a la dirección servicios@colaboradores.izenpe.net en caso de firmarla de manera electrónica EGOITZ@ (HSM + VIRTUAL CARD) Izenpe shall: 1. Generate the certificate on the Izenpe HSM. 2. Generate a username and password, which will be sent in an SMS to the mobile phone indicated on the application. 3. Once the process has been completed, Izenpe will send the software and instruction manual by certified email to the address indicated on the Issue Application. The Applicant must sign the Delivery and Acceptance Sheet published at www.izenpe.com. and deliver it to Izenpe if signed by hand or to servicios@colaboradores.izenpe.net if signed electronically. 2.3 Verification of certificate The signatory will have 15 working days from the date of issuance to make sure the certificate works properly; if operational defects are detected, Izenpe must be notified. Only if operating defects are due to technical reasons (such as: the certificate media does not work properly, technical error in the certificate, etc.) or to data errors made by Izenpe, will Izenpe revoke the certificate and issue a new one at its own expense. 2.4 Certificate revocation Revocation request The revocation of a certificate can be requested by: The subscriber in whose name the certificate will be issued. Izenpe, the Izenpe administrators and Registration Authorities are authorized to request the revocation of end-entity subscriber certificates only in the cases described in the CPS. Revocation procedure The person requesting revocation will process the Revocation Application through Izenpe. 7 / 9 Version 1.0

The certificate can be revoked at any time and in all cases involving loss or theft, through the following channels: In person, after scheduling an appointment with Izenpe at www.izenpe.com. By post, submitting the certificate Revocation Application duly signed and notarized. By phone, at 902542542. Online, at www.izenpe.com. En los casos de revocación telefónica y online se requerirá para la identificación: Telephone identification password. DNI/NIE. Subscriber's date of birth. Storage media. Causes for revocation Causes can be found in the Certification Practice Statement available at www.izenpe.com 2.5 Renewal of certificates Certificates can be renewed within sixty days before the expiration date as follows: Online: the certificate must be valid and the Applicant must know the keys. After performing the required verifications, Izenpe will send the certificate and the keys separately to the street address provided in the Issue Application. The Applicant must sign the Delivery and Acceptance Sheet published at www.izenpe.com. and deliver it to Izenpe if signed by hand or to services@.izenpe if signed electronically. In person: Izenpe will process the certificate renewal according to the determined issuance and delivery procedure. 3 FEE At this time the public administrations cover the cost of citizen certificates for use in public service transactions requiring authentication or a digital signature. The applicant shall pay the cost of issuing a new certificate in the following cases: Improper use of the certificate. Loss of the certificate and/or keys. Keys are blocked prior to expiry date. For certificates issued at Egoitz@, applicants shall pay the cost of the Virtual Card license. Payment options: Online using the payment gateway. Direct debit with proof of payment. Credit card payment in person at an Izenpe Registration Authority. 8 / 9 Version 1.0

Applicable fees are posted at www.izenpe.com. 4 MANAGEMENT OF CHANGE The modifications made to this document will be approved by the IZENPE Security Committee. These modifications will be included in a Specific Documentation Update Document per certificate. Its maintenance is guaranteed by Izenpe. The updated versions of the specific documentation can be consulted at www.izenpe.com 5 CERTIFICATE PROFILE Available at www.izenpe.com 9 / 9 Version 1.0

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information