Certificados Empleado Público
|
|
- Gertrude Potter
- 5 years ago
- Views:
Transcription
1 Registro Nacional de Asociaciones. Número CIF G ANF Autoridad de Certificación Gran vía de les Corts Catalanes Barcelona (Spain) Telephone: Fax: Web:
2 Security Level Public Document Important Notice This document is property of ANF Autoridad de Certificación Distribution and reproduction prohibited without authorization by ANF Autoridad de Certificación Copyright ANF Autoridad de Certificación 2013 Address: Gran vía de les Corts Catalanes Barcelona (Spain) Telephone: Fax: Web: 2
3 Index 1 Introduction Certificates description Identification Users community Certification Authorities Registration Authorities Recognized Registration Authority Collaborating Registration Authority Issuance Reports Manager End entities Certificate subscriber Certificate applicant Certificate responsible Relying third parties Certificate usage Allowed use Limits of certificate uses Prohibited uses Certification Entity contact details Definitions and acronyms Information publication and repositories Repositories Information publication Updates frequency Repositories access controls Identification and Authentication Name registration Types of names Specific fields completion guide Need for names to be meaningful Anonymous or pseudonyms Rules for interpreting various name forms
4 3.1.6 Uniqueness of names Conflicts related to names and brands resolution Identity initial validation Method to prove possession of private key Authentication of applicant identity Re-key Revocation requests Operational Requirements Certificate application Processing procedure Identity authentication Applicant Certificate subscriber Certificate responsible Approval or rejection of certificate applications Time to process certificate issuance Certificate issuance Certification Entity actions during certificate issuance process Notification to subscriber Certificate acceptance Acceptance Return Tracing Certificate publication Notification of certificate issuance to third parties Rejection Certificate renewal Valid certificates Authorized persons to request the renewal Routine renewal requests authentication and identification Approval or rejection of applications for renewal Notification of certificate renewal Acceptance of the certificate renewal
5 4.6.7 Publication of the renewed certificate Notification to other entities Identification and authentication of key renewal applications after revocation (uncommitted key) Certificate modification Certificate revocation and suspension Circumstances for revocation Revocation requests identification and authentication Procedure for revocation request Revocation request grace period Time within the revocation request must be processed CRL lists checking requirements CRL lists issuance frequency Revocation On-line checking availability Revocation On-line checking requirements Certificate suspension Suspension requests authentication and identification Keys storage and recovery Facilities, management, physical security and operational controls Physical security controls Procedural controls Personnel controls Technical security controls Key pair generation and installation Private Key Protection Other aspects of key pair management Activation data Computer security controls Life cycle technical controls Network security controls Time-stamping Cryptographic Module Security Controls Certificate profiles, CRL lists and OCSP Certificates profiles
6 7.1.1 Common fields and extensions Specific fields according to the signature algorithm Specific fields according to key length Specific Fields by type of certificate Certificado Empleado Público (Autenticación) High Level Certificado Empleado Público (Autenticación) Medium Level Certificado Empleado Público (Firma) High Level Certificado Empleado Público (Cifrado) High Level CRL profile OCSP profile Compliance audit Each entity compliance controls frequency Identification of the personnel in charge of the audit Auditor relationship to audited entity Topics covered by audit Actions to be taken as a result of compliance deficiency Treatment of audit reports General regulations Fees Financial responsibility Confidentiality of information Privacy of personal information Intellectual property rights Obligations and guarantees Disclaimers of guarantees Limitations of liability Interpretation and execution CP administration...48 Appendix I Electronic Certificate Application Form -Public Employee Appendix II Contract for the Provision of Electronic Certification Services...54 Appendix III Certificate Renewal Application...61 Appendix IV Certificate Revocation Application Form...62 Appendix V Act of Certificate Reception and Acceptance
7 Appendix VI Identity Statement
8 1 Introduction ANF Certification Authority (henceforth, ANF AC) is a corporate entity, constituted under Basic Law 1/2002 March 22nd, and written in the Ministry of the Interior with national number and company tax code G The Public Key Infrastructure (PKI) of ANF AC has been designed and managed in accordance with the legal framework of the European Parliament [UE] 910/2014 Regulation, and with the 59/2003 Law on Electronic Signature of Spain. The ANF AC PKI is in accordance with the ETSI TS (Policy requirements for certification Authorities issuing qualified certificates), ETSI TS (Qualified Certificate Profile), RFC 3739 (Internet X.509 Public Key Infrastructure: Qualified Certificates Profile) and in process of adaptation to the ETSI EN (Certificate Profiles) rule. ANF AC uses OID s in accordance with the standard ITU-T Rec. X.660 and the standard ISO/IEC :2005 Procedures for the Operation of OSI Registration Authorities: General Procedures and ASN.1 Object Identifier tree top arcs. ANF AC has been assigned the SMI Network Management Private Enterprise Code by the international organisation IANA - Internet Assigned Numbers Authority - under the branch iso.org.dod.internet.private.enterprise ( IANA Registered Private Enterprise-). This document is the Certification Policy (CP) corresponding to certificates of the type "Empleado Público" issued by ANF AC, in which the signatory works for the Public Administration (henceforth AA.PP.), being he/she public servant, labour, sporadic or temporary personnel, and the certificate principal subscriber is an AA.PP. To develop its content the IETF RFC 3647 PKIX structure has been followed, including those sections that are specific to this type of certificate. This document contains the regulations to which the uses of certificates defined in this policy are subjected, and defines the directives that ANF AC uses to their issuance, management, renovation, revocation and any other process that affects their life cycle. The roles, responsibilities and relationships between the end-user and ANF AC are described, along with regulations for application, renovation and revocation of certificates. This document is only one of the several documents governing the PKI of ANF AC, it details and supplements the definitions in the Certification Practice Statement and its addendum. ANF AC oversees and supervises that this PC is compatible and consistent with the other documents produced. All documentation is freely available to users and relying parties at This Certification Policy assumes that the reader knows and understands PKI, certificate and electronic signature concepts. If this is not the case, the reader is recommended to be trained in those concepts before continuing to read this document. 8
9 1.1 Certificates description ANF AC, in the framework of its Electronic Certification Service, issues identity certificates of the type: Certificado Empleado Público The purpose of this certificate is to allow its subscribers to authenticate in online services and to generate electronic signatures. This is a certificate in which the subscriber will be an AA.PP. and the certificate responsible, that is in possesion of the signature creation device and acts on behalf of the subscriber, is personnel from the AA.PP., being he/she public servant, labour, sporadic or temporary personnel. In accordance with the provisions of Article 6, point 2 of Law 59/2003 of December 19th, on electronic signature (as Final Provision 4.2 of Law 25/2015, of July 28th). "the signer is the person who owns a signature creation device and acts on its own behalf or on behalf of a natural or legal person he/she represents." Available supports: Cryptographic software token. Token HSM (hardware security module). Certified with ISO Common Criteria EAL 4+ or higher. These certificates will be issued with different use modes: Electronic Signature. Authentication. Encryption. Regarding their consideration, only the "firma electrónica" certificate is issued as qualified. To have this legal consideration, the certificate must incorporate the "qualified" extension as specified in this document in accordance with the ETSI EN rule. All certificates issued under this policy are in accordance with standard X.509 Version 3. The maximum validity of these certificates is 5 years. Identity verification will be done in person before a Registration Authority (RA), and based on original documentation in force. The RA is responsible for processing the application in accordance with the provisions to that effect in the ANF AC Certification Practice Statement. The appearance in person of the applicant may be waived only in cases expressly contemplated and authorized by law. The verification of the information obtained by a Registration Authority, or any other provided by the subscriber, will be conducted by ANF AC or associates classified for the purposes of this document as Issuance Reports Managers (IRM), with which ANF AC subscribe the applicable legal instrument. This policy, in terms of the certificates of the type " Empleado Público", follows the definitions set by the Information Technology and Communications Management in its document "Electronic certificates Profiles" of April Two levels of assurance are defined: 9
10 a. Medium level/substantial: This level corresponds to a configuration of security mechanisms suitable for most applications. The expected risk for this leve is appropriate to access qualified applications in accordance with the ENS in the levels of Integrity and Authenticity as medium and low risk. Also, the expected risk in this level corresponds to the low and substantial security levels of electronic identification systems of the EU regulation 910/2014. Safety levels of the eidas regulations apply only to electronic identification systems. Acceptable security mechanisms include X.509 software certificates. In the case of certificates issued to people, they correspond with a "qualified certificate as defined in EU Regulation 910/2014 on advanced electronic signature, without signature creation qualified device. In the case of certificates issued to legal persons, it corresponds with the "certificado sello cualificado", as defined in the EU regulation 910/2014 on advanced electronic seal, without seal creation qualified device. The use of signature hardware devices (HSM or signature creation qualified device) is also permitted. The maximum validity of these certificates is 5 years. The expected risk for this level corresponds to level 3 guarantee provided in IDABC Authentication Basic Policy * 1. * 1 The IDABC (Interoperable Delivery of Pan-European egovernment Services to Public Administrations, Business and Citizens - Interoperable Delivery of pan- European electronic Administration services to public administrations, businesses and citizens) program. Decision 2004/387 / EC of the European Parliament and of the Council of 21 April 2004 on the Interoperable Delivery of European electronic Administration Services to public administration, businesses and citizens (IDABC) [Official Journal L 144, ] b. High level: This level corresponds to a configuration of security mechanisms suitable for applications that require additional measures, according to the risk analysis performed. The expected risk for this leve is appropriate to access qualified applications in accordance with the ENS in the levels of Integrity and Authenticity as high risk. Also, the expected risk in this level corresponds to the low and substantial security levels of electronic identification systems of the EU regulation 910/2014. Safety levels of the eidas regulations apply only to electronic identification systems. Acceptable security mechanisms include X.509 hardware certificates. In the case of certificates issued to people, they correspond with a "qualified certificate, as defined in EU Regulation 910/2014. The expected risk for this level corresponds to level 4 guarantee provided in IDABC Authentication Basic Policy. The maximum validity of these certificates is 5 years. 10
11 1.2 Identification Document name Certificados Empleado Público Version 1.2 Policy status APPROVED Document reference / Publication date July 31st, 2013 Expiration date Related CPS Location Not applicable Certification Practice Statement (CPS) of ANF AC In order to identify the certificates, ANF AC has assigned the following object identifiers (OID). Certificate Certificado Empleado Público High Level (AUTENTICACIÓN) with SHA-256 algorithm and 2048 bits length Certificado Empleado Público Medium Level with SHA- 256 algorithm and 2048 bits length Certificado Empleado Público High Level (FIRMA) with SHA-256 algorithm and 2048 bits length Certificado Empleado Público High Level (CIFRADO) with SHA-256 algorithm and 2048 bits length OID In the case of Certificado Empleado Público Nivel Alto, the extension CertificatePolicies ( ) will include the OID: In the case of Certificado Empleado Público Nivel Medio, the extension CertificatePolicies ( ) will include the OID: When the certificate is issued with the qualification of qualified, in the extension CertificatePolicies ( ), will include at least one of the following PolicyInformation: qcp-natural ( ). Certificate in software token 11
12 qcp-natural-qscd ( ). When the signature qualified certificate, is stored in qualified device according to Regulation UE 910/ Users Community Certification Authorities As defined in the Certification Practice Statement (CPS) of ANF AC. These are the entities which issue electronic certificates which link a public key with the subscriber identity. They act as a trusted third party between the subscriber and relying third parties Registration Authorities These are entities that perform registration procedures of applicants for end entity certificates. They perform the identification and authentication of individuals involved in the application, and they have the ability to initiate or assist in the procedures for revocation and renewal of certificates. These entities may belong to the organization of the certification, or may be external partners, in which case ANF AC defines two types: Recognized Registration Authority Collaborating Registration Authority Issuance Reports Manager For the purposes of this policy only the President of the PKI Governing Board can intervene as Issuance Reports Manager End entities Certificate subscriber These are entities belonging to the Public Administration and certificates principals. 12
13 Certificate applicant The certificate must be requested by a natural adult person and with legal capacity to assume the representation of the subscriber. Its identity will be included in the certificate as legal representative Certificate Responsible The certificate responsible must have express authorization from the applicant, and his/her identity shall be included in the certificate. This must be an adult with full capacity to act and registering their consent for this responsibility Relying third parties 1.4 Certificate usage Allowed usage Generally, as defined in the CPS of ANF AC, and specifically: Certificado Empleado Público of the type Autenticación, indicated to authenticate against information systems and computer applications in general. The certificate incorporates key usage extension, enabling secure access to computer information systems and computer applications in general. Certificado Empleado Público of the type Firma, particularly suitable for signature operations that do not require repudiation. Certificado Empleado Público of the type Cifrado, particularly suitable for asymmetric encryption operations Limits of certificate uses The subscriber can only use the private key and the certificate for uses authorized on this PC, according to the role and security level granted in accordance with the provisions of the 'KeyUsage' and 'ExtendedKeyUsage' certificate fields. Its use and acceptance must be in compliance with the usage limitations stated in the certificate, assuming the limitation of liability contained in the OID and / or in QcLimitValue OID The subscriber may only use the key pair and the certificate after accepting the conditions of use established in the CPS Prohibited uses 13
14 1.5 Certification Entity contact details 1.6 Definitions and acronyms 14
15 2 Information publication and repositories 2.1 Repositories 2.2 Information publication 2.3 Updates frequency 2.4 Repositories access controls 15
16 3 Identification and Authentication 3.1 Names registration Types of names ETSI has developed European standards pursuant to the Mandate M/460 of the European Commission to streamline standards around electronic signatures. The family ETSI EN specifies the contents of certificates issued to natural persons. Specifically, the part 2 of this document, ETSI EN v2.1.1 (Part 2: Certificate profile for certificates issued to natural persons) defines the requirements for the content of certificates issued to natural persons. The profile is based on the recommendations IETF RFC 5280 and the standard ITU-T X.509. All certificates contain a Distinguished Name (DN) of the owner of the certificate, defined in accordance with the provisions of Recommendation ITUT X.501 and contained in the Subject field, including a Common Name (CN) component. CN (Common Name) field composition criteria is made under the following criteria: Includes the NAME, according to what is indicated in the DNI / NIE, and in capital letters. Blank space Includes FIRST AND SECOND SURNAME, separated only by a blank space, according to what is indicated in the DNI / NIE. In case there is no the second surname, leave it blank (no character). Blank space A dash that separates the name of the number of DNI / NIE, no space between the values nor punctuation marks. Blank space Includes the tax identification number, according to what is indicated in the DNI / NIE. No space between the number and letter of control, control letter in capital letters. E.g. GARCIA ABALOS JUAN ANTONIO G Personal circumstances and attributes of the persons and organizations identified in the certificates are included in predefined attributes in regulations and technical specifications for general recognition. 16
17 3.1.2 Specific fields completion guide According to RFC 5280, which uses UTF-8 * 1 string, since encoding international character sets including Latin alphabet characters with diacritics ( Ñ, ñ, Ç, ç, Ü, ü, etc.). For example, the character eñe (ñ), which is represented in Unicode as 0x00F1. For all variables literal: All literals are entered in capital letters, with the exceptions of the domain name / subdomain and that will be in lowercase. Do not include accent marks in the alphabetic literals Do not include more than one space between alphanumeric strings. Do not include blank characters at the beginning or end of alphanumeric strings. the inclusion of abbreviations based on a simplification is admitted, provided they do not difficulty in the interpretation of information. *1 For more information see RFC 2279 improved in 3629 (UTF-8, a transformation format of ISO 10646) Tax identification numbers (NIF) and personal (PIN, NRP,...) The tax identification number, shall be in accordance with current regulations. Examples: Entities: include the letter and numbers. E.g.: S Persons: include numbers and letter at the end, without dash separation. E.g.: G The Personal Identification Number (PIN) in the Personnel Central Registry is composed by eight numerical positions and a alphanumeric control position. The PIN is the key that identifies people in the Personnel Central Registry Information System. The PIN is built depending on: 1. The kind of document that provided the person in his first relationship with the State General Administration (SGA). 2. The date of incorporation in its first relationship with the SGA. Number (8 positions) PIN Control (1 position) Document presented at the first Service Relationship with the SGA Examples DNI without letter Blank, 1, 2 DNI Sequential generated by the system N From 01/01/ N Built on the basis of the document presented Other document 3, 4, 5, 6, 7, 8, 9 Before 01/01/
18 3.1.3 Need for names to be meaningful In all cases the distinctive names should make sense Anonymous or pseudonyms Not allowed Rules for interpreting various name forms Uniqueness of names Conflicts related to trademarks and trade names resolution Applicants for certificates shall not include names in applications that may involve breach of third party trademark rights by the subscriber. ANF AC reserves the right to refuse a certificate request because of name conflict. 3.2 Identity initial validation Method to prove possession of private key Authentication of applicant identity Certificates issued under this Certification Policy will identify the subscriber under whose name the certificate issuance is request, and the certificate applicant. The Issuance Reports Manager will use appropriate means to ensure the accuracy of the information contained in the certificate. These means include external registry databases and the ability to require information or documents to the subscriber. The fiscal identification of the applicant and subscriber and will be incorporated into the certificate. The documentation, processing, authentication and validation forms and procedures are specified in the following sections. 18
19 3.3 Re-key In the course of re-key, ANF AC shall inform the subscriber about the changes that have occurred in the terms and conditions with respect to the previous issue. A new certificate may be issued to maintain the previous public key, as long as it is considered cryptographically secure. 3.4 Revocation requests All revocation requests must be authenticated. ANF AC checks the applicant's ability to process this requirement. 19
20 4 Operational Requirements 4.1 Certificate application ANF AC only accepts requests with a proper name or third party name, completed by adults with the capacity to work by their own free will. Applicants must complete the Application Form of the certificate by taking responsibility for the accuracy of the information listed, and submit it to ANF AC using any of the following means: a) Electronically: the website includes an application form that should be filled and electronically signed with a qualified certificate, according to Electronic Signature Law 59/2003. The certificate used must have been issued by a Registration Authority recognized by ANF AC. b) In person: the applicant may appear before a Recognized Registration Authority, and shall duly complete and sign the application form. c) By mail: the applicant may submit the application form to the offices of ANF AC certificate, having duly completed and authenticated his signature before a Collaborating Registration Authority. ANF AC does not generate the keys of its users. The applicant must generate his/her own key pair and the request certificate in PKCS#10 / CSR format, providing it to ANF AC along with the certificate Application Form. 4.2 Processing procedure Identity authentication Applicant The applicant identification will be done in person before a Recognized Registration Authority. In that act proves their legal capacity to represent the AA.PP. subscriber of the certificate in the application process. a) Physical Address and other contact data. If deemed necessary by the Registration Authority or the Issuance Reports Manager, additional documents may be included to check the reliability of the information, such as recent utility bills or bank statements. In case the RRA or the IRM know the applicant personally, they should personally issue and sign a Declaration of Identity * 1. b) The RRA, as proof of attendance and in order to preclude the repudiation of the procedure done, can get a set of biometric evidence: photography and / or fingerprints. c) ID card or Passport in case of nationals, whose photograph allows verifying the identity of the person. In case of low sharpness of the picture, another official document with picture may be requested (e.g. driver s license). d) In case of foreign nationals, the following will be required: I. To European Union members or European Economic Area members: 20
21 National Identity Card (or local equivalent) or passport with photograph that allows to verify the identity of the person appearing. In case of low sharpness of the picture, another official document with picture may be requested (e.g. driver s license). Certificate issued by the Register of the Union Member Citizens. II. To non-eu citizens: Passport, residence permit and work permit with photograph that allows comparing the identity of the person appearing. In case of low sharpness of the picture, another official document with picture may be requested (e.g. driver s license). e) The representative must have sufficient power of attorney. f) In the case that the applicant requires to include other personal circumstances, they should be checked by official documents proving that in accordance with its specific regulations. The applicant may be waived of appearing before the Registration Authority in any of the following cases: 1. If the appropriate forms have been properly completed, and the subscriber s signature has been legitimized in the presence of attorney, by attaching certified copies of identity, authorization and legal representation documents. 2. Electronic processing. The website includes an application form that should be filled and electronically sign with a qualified certificate, according to Electronic Signature Law 59/2003, December 19th. The certificate used must has been issued by a CA accepted by ANF AC. * 1 Identity Statement It consists of a sworn formal statement in which the declarant states that he knows personally and directly to a particular individual or a legal entity form. Moreover, notes, to the extent of their direct knowledge, who has verified the data of filiation outlined in the Application Form: address, phone and , and are true. The Identity Statement incorporates the identity of the declarant, his identity card, the information that has been validated, the date and time of verification, the signature of the declarant and the corresponding legal warnings in case of perjury Certificate subscriber The application of certificates defined in this Certification Policy is limited to public authorities or entities with which it has been established a certification agreement, contract or some other formula that implements the service provision by ANF AC. The identification of the administration or public institution is made in the registration process of the Entity, to be signed by a natural person with the capacity to represent the Administration or Entity Certificate Responsible In the application form, the applicant must identify and expressly authorize the certificate Responsible. This authorization shall be perfected with a voluntary and express acceptance by the natural person who assumes the Certificate Responsible qualification. 21
22 The Certificate Responsible must appear before the Registration Authority, prove its identity and present in force, original or certified copy of the following documents: a) Physical address and other data to contact him. If the ARR or RDE deemed necessary, they may request additional documents for checking the reliability of information, such as, e.g., recent utility bills and bank statements. If the ARR or RDE personally know the applicant, they should issue and sign a Declaration of Identity *1. b) The RRA, as proof of attendance and in order to preclude the repudiation of the procedure done, can get a set of biometric evidence: photography and / or fingerprints. c) ID card or Passport in case of nationals, whose photograph allows verifying the identity of the person. In case of low sharpness of the picture, another official document with picture may be requested (e.g. driver s license). d) In case of foreign nationals, the following will be required: I. To European Union members or European Economic Area members: National Identity Card (or local equivalent) or passport with photograph that allows to verify the identity of the person appearing. In case of low sharpness of the picture, another official document with picture may be requested (e.g. driver s license). Certificate issued by the Register of the Union Member Citizens. II. To non-eu citizens: Passport, residence permit and work permit with photograph that allows comparing the identity of the person appearing. In case of low sharpness of the picture, another official document with picture may be requested (e.g. driver s license). * 1 Identity Statement It consists of a sworn formal statement in which the declarant states that he knows personally and directly to a particular individual or a legal entity form. Moreover, notes, to the extent of their direct knowledge, who has verified the data of filiation outlined in the Application Form: address, phone and , and are true. The Identity Statement incorporates the identity of the declarant, his identity card, the information that has been validated, the date and time of verification, the signature of the declarant and the corresponding legal warnings in case of perjury Approval or rejection of certificate applications The Issuance Reports Manager (IRM) assumes the final response assumes the ultimate responsibility to verify the information contained in the Application Form, and to assess the adequacy of the documents provided and of the application, in accordance with the provisions of this Certification Policy. In particular, he/she will check the existence of the subscriber, the applicant, the existence of domain and membership the subscriber to it. Moreover, he/she will determine: That the subscriber has access to the terms and conditions relating to the use of the certificate, as well as to the issuance fees. 22
23 That the subscriber has had access and has permanent access to all documents relating to the duties and responsibilities of the CA, the subscriber, applicant, those responsible for the certificate and relying parties, especially the CPS and Certification Policies. Besides, he/she shall monitor compliance with any requirements imposed by the legislation on data protection, as established in the security document included in the CPS, the purpose of the Data Protection Act as provided in Article 19.3 of Spanish Electronic Signature Law 59/2003, December 19th. The process of issuing the certificate shall not start as long as the Issuance Reports Manager has not issued the corresponding compliance report. The deadline set for the issuance of the report is 15 days. After that period without issuing the mandatory report, the applicant may immediately cancel the order and receive the fees paid. The IRM may require additional information or documentation from the applicant, which will have 15 days to deliver it. After this period, without having completed the requirement, the IRM will issue a report denying the issuance. Should the applicant meet the requirement, the IRM will have 7 days to issue the final report. In case the IRM verifies that the information provided by the applicant is not true, he/she will deny the issuance of the certificate, and will generate an incident report to the Security Coordinator, to determine whether or not to include the applicant in the blacklist of individuals and entities with OID Time to process certificate issuance The issuance of a certificate means the complete and final approval of an application by the Issuance Reports Manager. The issuance of certificate must be made within 72 hours, once issued the report of the IRM, as defined in the CPS of ANF AC. 4.3 Certificate issuance ANF AC will avoid generating certificates that expire after the certificates of the CA that issued them Certification Entity actions during certificate issuance process Once an electronic certificate is issued, its delivery is always done electronically. It must use the same encryption device that the subscriber or his legal representative used to generate the cryptographic key pair and PKCS#10 certificate request. The cryptographic device provides secure connection to the trusted servers of ANF AC. The system automatically performs the appropriate security checks, and in case of confirmation the certificate is automatically downloaded and installed Notification to subscriber ANF AC notifies the subscriber via the certificate issuance and publication. 23
24 4.4 Certificate acceptance Acceptance After the delivery of the certificate, the subscriber shall have a period of seven calendar days to verify the certificate and to determine whether it is appropriate and whether the data are consistent with the required information. The subscriber has a period of 15 days to sign the Act of Reception and Acceptance of the Certificate Return The subscriber has a period of 7 days from the delivery of the certificate, to verify its proper operation. In case of malfunction or due to technical errors in the data contained in the certificate, the applicant or those responsible for the certificate can send an electronically signed to ANF AC, reporting the reason for the return. ANF AC shall verify the causes of return, will revoke the certificate issued and issue a new certificate within 72 hours Tracing ANF AC is not responsible for the monitoring, investigation or confirmation of the accuracy of the information contained in the certificate after issuance. For information on the inaccuracy or no current applicability of the information contained in the certificate, it can be revoked Certificate publication The certificate is published in the repositories of ANF AC, within a maximum period of 24 hours since its emission has occurred Notification of certificate issuance to third parties No notification is made to third parties. 4.5 Rejection 4.6 Certificate renewal Generally as defined in the CPS of ANF AC Valid certificates ANF AC notifies the subscriber and the certificate expiration applicant by , submitting the application form, in order to proceed with its renovation. These notifications are sent at 90, 30 and 15 24
25 days prior to the expiration date of the certificate. Only valid certificates can be renewed Authorized persons to request the renewal The renewal application form must be signed by the same applicant, whether that is the actual subscriber or the legal representative who processed the certificate request. The personal circumstances of the applicant should not have changed, especially its capacity for legal representation and public employee qualification Routine renewal requests authentication and identification Identification and authentication for certificate renewal can be done in person using one of the methods described in this section, or processed electronically by completing this form and signing it with a current certificate electronically issued as qualified, and stating that the holder of the certificate subscriber renewal is requested. In accordance with the provisions of article 13.4 b) of Law 59/2003, of December 19, on Electronic Signature, certificate renewal by digitally signed applications requires expiration of a period less than five years from the personal identification. To ensure the compliance with art B) of the Electronic signature Law and not exceed the period of 5 years from the initial identification, ANF AC applies the following procedures and technical security measures: Certificates of ANF AC shall be always generated using a token to be used also to perform any renewal process. This token is unique to any other provided by ANF AC. And is programmed so that the user may be able to make a single renewal. This technical procedure prevents an automatic processing with period from first identification to 5 years. ANF AC follows a system of registration of applications, distinguishing date of request, which coincides with the identification - and of issuance of the certificate. This control allows a second renewal if you have not reached the period of 5 years from the initial identification. The technical system requires a specific request of the user, the direct intervention of an operator ANF AC which in turn requires validating the application by applying security check of coherence. If exceeded 5 years, the application itself blocks the process, otherwise makes it easier for the operator the process until the certificate renewal Approval or rejection of applications for renewal Same procedure as that performed in the issuance process specified herein Notification of certificate renewal Same procedure as that performed in the issuance process specified herein. 25
26 4.6.6 Acceptance of the certificate renewal Same procedure as that performed in the issuance process specified herein Publication of the renewed certificate Same procedure as that performed in the issuance process specified herein Notification to other entities As specified in paragraph "Notification of the certificate issuance to third parties." Identification and authentication of key renewal applications after revocation (uncommitted key) The renewal of expired or revoked certificates is not authorized. 4.7 Certificate modification Not applicable. 4.8 Certificate revocation and suspension Generally as defined in the CPS of ANF AC Circumstances for revocation Besides those defined in the CPS, ANF AC shall: Provide instructions and legal support for reporting complaints or suspected compromise of the private key, of certificate misuse or about any type of fraud or misconduct. Investigate incidents of which it has knowledge, within twenty four hours of receipt. The Security Manager, based on inquiries and verifications, shall issue a report to the Issuance Reports Manager, which will determine if the corresponding revocation founded by Act, which shall include: - Nature of the incident. - Received information. - Legal rules and regulation on which the revocation order is based. 26
27 4.8.2 Revocation requests authentication and identification Revocation of a certificate can be requested by: The subscriber of the certificate. A legal representative of the subscriber. A duly authorized representative. ANF AC. The Recognized Registration Authority involved in the processing of the certificate issuance application. The identification policy for revocation requests accepts the following methods of identification: Electronically: by electronic signature of the revocation request by the applicant of the certificate or of the operator at the time of the revocation request. By telephone: by replying to questions from the telephone support service available at the number (calls from Spain) International In person: appearing the subscriber or the legal representative of the certificate holder in any of the offices of ANF AC published at the web address Proving their identity through original documentation, and manually signing the appropriate form. ANF AC, or any of the Recognized Registration Authorities that compose its Proximity National Network, may request revocation of a certificate if they knew or suspected compromise of the private key associated with the certificate, or any other fact to recommend take such action. ANF AC must authenticate requests and reports relating to revocation of a certificate, verifying that they come from an authorized person. Such requests and reports will be confirmed following the procedures set out in the Certification Practices Statement Procedure for revocation request Any entity which needs to revoke a certificate must apply to ANF AC or the Registration Authority which issued the certificate. Any revocation application must contain at least the following information: Revocation request date. Identity of subscriber. Detailed reason given for the revocation request. Name and title of the person requesting revocation. Contact information of the person requesting revocation. The revocation application will be processed upon receipt. 27
28 The request must be authenticated in agreement with the requirements established in the corresponding section of this policy before proceeding with the revocation. Once the request is authenticated, ANF AC may directly revoke the certificate and inform the subscriber and, where appropriate, those responsible for the certificate on the certificate's change of status Revocation request grace period Revocation requests shall be processed immediately when reasonably aware of the cause of revocation and the applicant has been authenticated and verified its capacity to act Time within the revocation request must be processed The revocation request will be processed in the shortest possible time, always following the procedure of verification and authentication of the presented request, which is the Issuance Reports Manager s responsibility CRL lists checking requirements The relying parties must check the status of certificates which will rely. For this intent, they can check the latest CRL issued within the period of validity of the certificate of interest CRL lists issuance frequency Revocation On-line checking availability ANF AC offers relying third parties an on-line revocation checking service, which is available 24 hours a day, 7 days a week Revocation On-line checking requirements Trusted third parties must check the status of those certificates they wish to be entrusted to through website. The consultation system requires prior knowledge of some parameters of the certificate of interest, as this procedure prevents massive data collection. This service meets the requirements in terms of protection of personal data and only copies of these certificates provided to third parties duly authorized. Access to this system is free Certificate suspension Not applicable. 28
29 Suspension requests authentication and identification Certificate suspension is not allowed. 4.9 Key storage and recovery ANF AC does not store or has the ability to store the private key of the subscribers, and therefore offers no key recovery service. 29
30 5 Facilities, management, physical security and operational controls ANF AC maintains the following criteria in relation to the information available for audit and analysis of incidents relative to certificates. a) Incident Control and Detection Anyone interested can communicate their complaints or suggestions through the following means: By telephone: (calls from Spain) International By Completing the electronic form available on the website In person at one of the offices of the Recognized Registration Authorities. In person at one of the offices of ANF AC. The annual internal audit protocol specifically requires the completion of a review of the operation of certificates issuance, with a sample of 3% of the issued certificates. b) Incident Registry ANF AC has an Incident Registry entering any incident that has occurred with the certificates issued, and the evidence obtained. These incidents are recorded, analyzed and resolved according to the procedures of the Management System of Information Security ANF AC. The Security Manager determines the severity of the incident and identified as responsible and, in case of significant security incidents, reports to the PKI Governing Board. 5.1 Physical security controls 5.2 Procedural controls 5.3 Personnel controls 30
31 6 Technical security controls 6.1 Key pair generation and installation 6.2 Private Key Protection 6.3 Other aspects of key pair management 6.4 Activation data 6.5 Computer security controls 6.6 Life cycle technical controls 6.7 Network security controls 6.8 Time-stamping As defined in the CPS of ANF TSA CA. 6.9 Cryptographic Module Security Controls 31
32 7 Certificate profiles, CRL lists and OCSP 7.1 Certificate profiles The certificate incorporates information structured in agreement with standard IETF's X.509 v3 as specified in regulations RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Certificates issued as "Qualified" comply with the rules: ETSI TS v.1.2: Qualified Certificate Profile. RFC 3739 Internet X.509 Public Key Infrastructure: Qualified Certificates Profile. and in the process of adaptation to the ETSI EN standard (Certificate Profiles). The certificate validity period is outlined in Universal Coordinated Time, and coded according to RFC The subject public key is encoded according to RFC 5280, and the signature is generated and encoded also in accordance with RFC Within the certificates, besides the standardized common fields, there are also a group of "proprietary" fields which store information relating to the subscriber, or other information of interest. Proprietary fields Internationally unambiguous identifiers have been assigned. Specifically: Fields referenced with OID x.x are ANF AC proprietary extensions. The complete list of associated OID codes can be consulted in Section "proprietary fields" of the Certification Practice Statement of ANF AC. Fields with ISO/IANA of MPR x.x, are proprietary extensions required and identified in the Electronic Signature and Identification Scheme v published by the High Council of Electronic Administration. Fields with OID are proprietary extensions of the Spanish Tax Agency (Agencia Estatal de Administración Tributaria AEAT ). QCStatements Certificates issued by ANF AC follow what is defined in ETSI EN (Certificate Profiles- QcStatements) QcCompliance refers to a declaration of the issuer in which notes the qualification with which the certificate is issued, and the legal framework to which it is submitted. Specifically the certificates submitted to this policy, issued with the qualification of qualified, describe: 32
33 This certificate is issued with the qualification of qualified in accordance with Annex I of Regulation (EU) 910/2014 of the European Parliament ". QcEuRetentionPeriod determines the conservation period of all information relevant to the use of the certificate after it has expired. In the case of ANF AC, this is 15 years. QcSSCD determines that the private key associated to the public key contained in the electronic certificate, is in a signature creation safe device as defined in the as defined in Directive 1999/93 / EC [I.3], or in accordance with Regulation (EU) 910/2014 [I.8]. QcLimitValue informs about the monetary limit which the CA assumes as a responsibility in the attributable loss of transactions. This OID contains the values sequence: coin (encrypted in accordance to the ISO 4217), quantity and exponent. E.g. EUROS 100x10 raised to 1, which presupposes monetary limit of 1000 EUROS. Furthermore, in order to facilitate the consultation of this information, the liability limit is included in the proprietary extension of the OID , absolutely outlining directly. E.g euros. In case of doubt or dispute must always give preference to reading value outlined in the OID QcType, when the certificate is issued with the profile (FIRMA), QcType 1 is described QcPDS, The URL that allows access to all english ANF AC PKI policies is provided. In accordance with ETSI the https protocol will be used Subject Alternative Name The IETF RFC 5280 specification provides for the use of the following data types: Identity based on . Identity based on distinguished name (DN), which is often used to build an alternative name based on owners attributes, that are not ambiguous in any case. Identity based on Internet domain name (DNS). Identitybased on IP direction. Identity based on universal resource identifier (URI). 33
Servidor Seguro SSL, Servidor Seguro SSL con Validación Extendida (SSL EV), Sede Electrónica, and Sede Electrónica con Validación Extendida (Sede EV)
National Register of Associations. Number 171.443. CIF G-63287510. Servidor Seguro SSL, Servidor Seguro SSL con Validación Extendida (SSL EV), Sede Electrónica, and Sede Electrónica con Validación Extendida
More informationServidor Seguro SSL, Servidor Seguro SSL con Validación Extendida (SSL EV), Sede Electrónica, and Sede Electrónica con Validación Extendida (Sede EV)
National Register of Associations. Number 171.443. CIF G-63287510. Servidor Seguro SSL, Servidor Seguro SSL con Validación Extendida (SSL EV), Sede Electrónica, and Sede Electrónica con Validación Extendida
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationCORPME TRUST SERVICE PROVIDER
CORPME TRUST SERVICE PROVIDER QUALIFIED CERTIFICATE OF ADMINISTRATIVE POSITION USE LICENSE In..,.. 20... Mr/Mrs/Ms/Miss.........., with DNI/NIF/National Passport nº., e-mail........., phone number....,
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationSSL Certificates Certificate Policy (CP)
SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full
More informationACGISS Public Employee Certificates
ACGISS Public Employee Certificates Certification policy V 2.0.1 (February 2017) Social Security IT Department c/ Doctor Tolosa Latour s/n 28041 Madrid Change control Version Observations Date 1.0 Original
More informationDigital Signatures Act 1
Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,
More informationRegistro Nacional de Asociaciones. Número CIF G
Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 Certificate for Secure Server (OV), Secure Server (DV), Secure Server (EV), Electronic Headquarters and Extended Validation Electronic
More informationCertification Policy for Legal Representatives of Sole and Joint and Several Directors Certificates. Certificate Profile
Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 and Joint and Several Directors Certificates. Certificate Profile ANF Autoridad de Certificación Paseo de la Castellana, 79 28046 - Madrid
More informationING Corporate PKI G3 Internal Certificate Policy
ING Corporate PKI G3 Internal Certificate Policy Version 1.0 March 2018 ING Corporate PKI Service Centre Final Version 1.0 Document information Commissioned by Additional copies of this document ING Corporate
More informationSigne Certification Authority. Certification Policy Degree Certificates
Signe Certification Authority Certification Policy Degree Certificates Versión 1.0 Fecha: 2/11/2010 Table of contents 1 FOREWORD 1.1 GENERAL DESCRIPTION 1.2 DOCUMENT NAME AND IDENTIFICATION 2 PARTICIPATING
More informationCertification Policy for Electronic Seal and Public Administration Electronic Seal. Certificate Profile
Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 Administration. ANF Autoridad de Certificación Paseo de la Castellana, 79 28046 - Madrid (Spain) Telephone: 902 902 172 (Calls from Spain)
More informationCertification Practice Statement. esfirma
Certification Practice Statement esfirma General information Documentary checks Security classification: Public Target entity: ESFIRMA Version: 1.1 Date of Edition: 02/06/2016 File: esfirma DPC v1r1.docx
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationCertification Policy of Issuance Reports Manager and PKI Operator Certificates. Certificate Profile
Maltese Registrar of Companies Number C75870 and VAT number MT 23399415 and PKI Operator Certificates. Certificate Profile ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356)
More informationCertification Practice Statement
SWIFT SWIFT Qualified Certificates Certification Practice Statement This document applies to SWIFT Qualified Certificates issued by SWIFT. This document is effective from 1 July 2016. 17 June 2016 SWIFT
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document
More informationCertDigital Certification Services Policy
CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES
More informationACCV Certification Practice Statement (CPS)
(CPS) Date: 20/05/2017 Version: 4.0.1 Estado: APPROVED No. of pages: 56 OID: 1.3.6.1.4.1.8149.2.4.0 Classification: PUBLIC File: ACCV-CPS-V4.0-EN-2017.doc Prepared by: Agencia de Tecnología y Certificación
More informationElectronic signature framework
R E P U B L I C O F S E R B I A Negotation Team for the Accession of Republic of Serbia to the European Union Working Group for Chapter 10 Information society and media Electronic signature framework Contents
More informationQUICKSIGN Registration Policy
QUICKSIGN Registration Policy Amendment to DOCUSIGN FRANCE s Certificate Policy for using the QUICKSIGN platform as a registration service to identify Subscribers September 27, 2016 QUICKSIGN_Registration_Policy_V1.0
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationAddress: B2, Industry Street, Qormi, QRM 3000 (Malta) Telephone: (+356) Fax: (+356) Web: ANF AC MALTA, LTD
Maltese Registrar of Companies Number C75870 and VAT number MT Certificate for Secure Server (OV), Secure Server (DV), Secure Server (EV), Electronic s and Extended Validation Electronic s Certificates
More informationSPECIFIC CERTIFICATION PRACTICES AND POLICY OF
SPECIFIC CERTIFICATION PRACTICES AND POLICY OF CERTIFICATES OF REPRESENTATIVES OF LEGAL ENTITIES AND OF INSTITUTIONS WITH NO LEGAL ENTITY FROM THE AC REPRESENTACIÓN NAME DATE Prepared by: FNMT-RCM / v1.5
More informationTeliaSonera Gateway Certificate Policy and Certification Practice Statement
TeliaSonera Gateway Certificate Policy and Certification Practice Statement v. 1.2 TeliaSonera Gateway Certificate Policy and Certification Practice Statement TeliaSonera Gateway CA v1 OID 1.3.6.1.4.1.271.2.3.1.1.16
More informationPostSignum CA Certification Policy applicable to qualified certificates for electronic signature
PostSignum CA Certification Policy applicable to qualified certificates for electronic signature Version 1.1 7565 Page 1/61 TABLE OF CONTENTS 1 Introduction... 5 1.1 Overview... 5 1.2 Document Name and
More informationValidation Policy r tra is g e R ANF AC MALTA, LTD
Maltese Registrar of Companies Number C75870 and VAT number MT ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) 2299 3100 Fax:(+356) 2299 3101 Web: www.anfacmalta.com Security
More informationCertification Policy for Legal Representatives of Legal Persons Certificate. Certificate Profile
Certificate. Certificate Profile Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 ANF AC MALTA, LTD Address: B2, Industry Street, Qormi, QRM 3000 (Malta) Telephone: (+356) 2299 3100 Fax:
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationCertification Policy for Legal Representatives of Entities without Legal Personality. Certificate Profile
Maltese Registrar of Companies Number C75870 and VAT number MT 23399415 Entities without Legal Personality. ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) 2299 3100 Fax:(+356)
More informationZETES TSP QUALIFIED CA
ZETES TSP QUALIFIED CA Certification Practice Statement for the ZETES TSP Qualified CA Publication date : 17/05/2017 Effective date : 22/05/2017 Document OID : 1.3.6.1.4.1.47718.2.1.1.2 Version : 1.2 21/04/2017
More informationCertification Policy for Electronic Seal and Public Administration Electronic Seal. Certificate Profile
Administration Electronic Seal. Certificate Profile Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 ANF Autoridad de Certificación Paseo de la Castellana, 79 28046 - Madrid (Spain) Telephone:
More informationX.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)
X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance) Version 0.7 Mar-17 Notice to all parties seeking to rely Reliance on a Certificate
More informationOpenADR Alliance Certificate Policy. OpenADR-CP-I
Notice This document is a cooperative effort undertaken at the direction of the OpenADR Alliance and NetworkFX, Inc. for the benefit of the OpenADR Alliance. Neither party is responsible for any liability
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationCERTIFICATION ENTITY DOCUMENTS LIST OID s Structure Version control
CERTIFICATION ENTITY DOCUMENTS LIST OID s Version control This specification has been prepared by ANF AC to release to third parties. SECURITY LEVEL PUBLIC DOCUMENT This document is the property of ANF
More informationVeriSign Trust Network European Directive Supplemental Policies
VeriSign Trust Network European Directive Supplemental Policies Version 1.0 Effective Date: September 19, 2001 VeriSign, Inc. 487 East Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com
More informationEUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements
EN 319 412-5 V2.1.1 (2016-02) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 5: QCStatements 2 EN 319 412-5 V2.1.1 (2016-02) Reference REN/ESI-0019412-5v211
More informationCertification Policy for Electronic Seal and Public Administration Electronic Seal. Certificate Profile
Public Administration Electronic Seal. Profile Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 ANF AC MALTA, LTD Address: B2, Industry Street, Qormi, QRM 3000 (Malta) Telephone: (+356)
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationPOLICY ON THE PROVISION OF QUALIFIED CERTIFICATES FOR ADVANCED ELECTRONIC SIGNATURE/SEAL BY BORICA AD. (B-Trust QCP-eIDAS АES/АESeal) Version 1.
POLICY ON THE PROVISION OF QUALIFIED CERTIFICATES BY BORICA AD (B-Trust QCP-eIDAS АES/АESeal) Version 1.0 Effective: July 1, 2018 Document history Version Author(s) Date Status Comment 1.0 Dimitar Nikolov
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.18 Effective Date: August 16, 2017 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationDigi-Sign Certification Services Limited Certification Practice Statement (OID: )
Digi-Sign Certification Services Limited Certification Practice Statement (OID: 1.3.6.1.4.1.8420.1.3.6) In support of Digi-Sign CA as a Recognized Certification Authority December 2015 Copyright and Patent
More informationEIDAS-2016 CHAMBERS OF COMMERCE ROOT and GLOBAL CHAMBERSIGN ROOT Version 1.2.3
CERTIFICATION PRACTICES STATEMENT DIGITAL CERTIFICATES AC CAMERFIRMA SA EIDAS-2016 CHAMBERS OF COMMERCE ROOT - 2016 and GLOBAL CHAMBERSIGN ROOT - 2016. Version 1.2.3 Author: Juan Ángel Martín: PKI Area.
More informationTrust Services Practice Statement
Trust Services Practice Statement TrustWeaver AB V. 1.2 PUBLIC Page 1 IMPORTANT LEGAL NOTICE Copyright 2016, TrustWeaver AB. All rights reserved. This document contains TrustWeaver AB proprietary information,
More informationPolicy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación
Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 Policy for electronic signature based on certificates issued by the hierarchies of Paseo de la Castellana,79-28046 - Madrid (Spain) Telephone:
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Table of Contents 1. Introduction... 5 1.1. Trademarks... 5
More informationTELIA MOBILE ID CERTIFICATE
Telia Mobile ID Certificate CPS v2.3 1 (56) TELIA MOBILE ID CERTIFICATE CERTIFICATION PRACTICE STATEMENT (Translation from official Finnish version) Version 2.3 Valid from June 30, 2017 Telia Mobile ID
More informationApple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents
More informationCERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES
Krajowa Izba Rozliczeniowa S.A. CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES Version 1.6 Document history Version number Status Date of issue 1.0 Document approved by
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationCertificate Policy (ETSI EN ) Version 1.1
Certificate Policy (ETSI EN 319 411-2) Version 1.1 IDnow GmbH Auenstr. 100 80469 Munich 09.06.2017 IDnow Certificate Policy (ETSI EN 319 411-2) Version 1.1 Date 09.06.2017 Author Armin Bauer, IDnow GmbH
More informationETSI TR V1.1.1 ( )
TR 119 400 V1.1.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for trust service providers supporting digital signatures and related services
More informationON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD
POLICY ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD (B-Trust QCP-eIDAS Web SSL) Version 1.0 Effective date: July 1, 2018 Document history Version Author (s) Date Status Comment
More informationBelgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA
Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA OID: 2.16.56.1.1.1.7 2.16.56.9.1.1.7 2.16.56.10.1.1.7 2.16.56.12.1.1.7 Company: Certipost Version: 3.0 Status : FINAL
More informationCertipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011
Certipost E-Trust Services Version 1.1 Effective date 12 January 2011 Object Identification Number (OID) 0.3.2062.7.1.1.200.1 Certipost NV ALL RIGHTS RESERVED. 2 17 for Normalised E-Trust Certificates
More informationRaytheon Company Public Key Infrastructure (PKI) Certificate Policy
Raytheon Company Public Key Infrastructure (PKI) Certificate Policy Version 1.17 April 7, 2017 1 03/08/2016 Signature Page Jeffrey C. Brown Digitally signed by Jeffrey C. Brown DN: dc=com, dc=raytheon,
More informationCertification Practice Statement certsign SSL EV CA Class 3. for SSL EV Certificates. Version 1.0. Date: 31 January 2018
Certification Practice Statement certsign SSL EV CA Class 3 for SSL EV Certificates Version 1.0 Date: 31 January 2018 1 Important Notice This document is property of CERTSIGN SA Distribution and reproduction
More informationSONERA MOBILE ID CERTIFICATE
Sonera Mobile ID Certificate CPS v2.1 1 (56) SONERA MOBILE ID CERTIFICATE CERTIFICATION PRACTICE STATEMENT (Translation from official Finnish version) Version 2.1 Valid from, domicile: Helsinki, Teollisuuskatu
More informationRules for LNE Certification of Management Systems
Rules for LNE Certification of Management Systems Application date: March 10 th, 2017 Rev. 040716 RULES FOR LNE CERTIFICATION OF MANAGEMENT SYSTEMS CONTENTS 1. PURPOSE... 3 2. SCOPE... 3 3. DEFINITION
More informationOISTE-WISeKey Global Trust Model
OISTE-WISeKey Global Trust Model Certification Practices Statement (CPS) Date: 18/04/2018 Version: 2.10 Status: FINAL No. of Pages: 103 OID: 2.16.756.5.14.7.1 Classification: PUBLIC File: WKPKI.DE001 -
More informationNorthrop Grumman Enterprise Public Key Infrastructure Certificate Policy
Northrop Grumman Enterprise Public Key Infrastructure Certificate Policy Version 1.9 March 6, 2017 Copyright, Northrop Grumman, 2006 1-1 Document Change History NG PKI Certificate Policy VER DATE INFORMATION
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationPAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1
PAA PKI Mutual Recognition Framework Copyright PAA, 2009. All Rights Reserved 1 Agenda Overview of the Framework Components of the Framework How It Works Other Considerations Questions and Answers Copyright
More informationX.509 Certificate Policy. For The Federal Bridge Certification Authority (FBCA)
X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) September 10, 2002 Signature Page Chair, Federal Public Key Infrastructure Policy Authority DATE Table of Contents 1. INTRODUCTION...
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY November 2015 Version 4.0 Copyright 2006-2015, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More information(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and
SUB-LRA AGREEMENT BETWEEN: (1) Jisc (Company Registration Number 05747339) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and (2) You, the Organisation using the Jisc
More informationSeptember OID: Public Document
THE UNITED KINGDOM S NATIONAL CERTIFICATE POLICY for Extended Access Control Infrastructure for machine readable travel documents and biometric residence permits issued and read within the UK September
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationHF Markets SA (Pty) Ltd Protection of Personal Information Policy
Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and
More informationSmart Meters Programme Schedule 2.1
Smart Meters Programme Schedule 2.1 (DCC Requirements) (SMKI version) V1.2 1 Schedule 2.1 (DCC Requirements) This Schedule 2.1 (DCC Requirements) is formed of the following parts: Part A Introduction...3
More informationPERSONAL DATA PROCESSING POLICY FOR SUPPLIER
PERSONAL DATA PROCESSING POLICY FOR SUPPLIER 1. Definitions. In accordance with current legislation on the subject definitions are: a) Authorization: Expressed and informed prior consent of the Data Subject
More informationLockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP)
Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP) Version 8.12 May 2017 Copyright, Lockheed Martin, 2017 Questions or comments regarding the Lockheed Martin epki Certification
More informationCertification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid
Certification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid Unizeto Technologies S.A. CERTUM Powszechne Centrum Certyfikacji Królowej Korony
More informationSAFE-BioPharma RAS Privacy Policy
SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationTIME STAMP POLICY (TSA)
TIME STAMP POLICY (TSA) Reference: IZENPE-DPTSA Version Num.: v 1.1 Date: 20 Feb 2018 IZENPE This document is owned by IZENPE. It may only be wholly reproduced Table of Contents Content 1 Introduction
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationTaiwan-CA Inc Global Certification Authority Certification Practices Statement (CPS) (Version1.3) Effective Date:2017/09/26
Taiwan-CA Inc Global Certification Authority Certification Practices Statement (CPS) (Version1.3) Effective Date:2017/09/26 Revision Record: Version Effective Released Remarks 1.0 102/01/22 TWCA First
More informationEmsi Privacy Shield Policy
Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (
More informationAlphaSSL Certification Practice Statement
AlphaSSL Certification Practice Statement Date: December 16th 2008 Version: v1.2 Table of Contents DOCUMENT HISTORY... 3 ACKNOWLEDGMENTS... 3 1.0 INTRODUCTION... 4 1.1 OVERVIEW... 4 1.2 ALPHASSL CERTIFICATE
More informationILNAS/PSCQ/Pr004 Qualification of technical assessors
Version 1.1 21.6.2016 Page 1 of 6 ILNAS/PSCQ/Pr004 Qualification of technical assessors Modifications: review of the document 1, avenue du Swing L-4367 Belvaux Tél.: (+352) 247 743-53 Fax: (+352) 247 943-50
More informationIT Security Evaluation and Certification Scheme Document
IT Security Evaluation and Certification Scheme Document June 2015 CCS-01 Information-technology Promotion Agency, Japan (IPA) IT Security Evaluation and Certification Scheme (CCS-01) i / ii Table of Contents
More informationIdentity Documents Personalisation Centre. Conformity Assessment Report: Conformity Certificate and Summary. T-Systems
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0258.05.2017 Trust Service Provider: Identity Documents Personalisation Centre Conformity Certificate T-Systems.031.0258.05.2017
More informationFOR QTSPs BASED ON STANDARDS
THE EU CYBER SECURITY AGENCY FOR QTSPs BASED ON STANDARDS Technical guidelines on trust services DECEMBER 2017 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre
More informationPRIVACY POLICY OF.LT DOMAIN
PRIVACY POLICY OF.LT DOMAIN Status Up-to-date version Date 2018-05-25 CHAPTER I GENERAL PROVISIONS 1. Privacy policy of.lt domain (hereinafter Privacy Policy) stipulates conditions of processing, legal
More informationCERN. CERN Certification Authority Certificate Policy and Certificate Practice Statement DRAFT. Emmanuel Ormancey, Paolo Tedesco, Alexey Tselishchev
CERN European Organization for Nuclear Research Category: CP/CPS Status: published Document: CERN Certification Authority CP- CPS.docxpdf Editors: Emmanuel Ormancey, Paolo Tedesco, Alexey Tselishchev Date
More informationCERTIFICATE POLICY ENTITY STAMP
CERTIFICATE POLICY ENTITY STAMP Reference: Entity Stamp certificate policy Version no.: v 1.1 Date: 1 July, 2016 IZENPE 2016 This document is the property of IZENPE. This document may only be wholly reproduced
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationPKI Disclosure Statement Digidentity Certificates
PKI Disclosure Statement Digidentity Certificates Title PKI Disclosure Statement Digidentity Certificates Date 25 March 2019 Author Digidentity Version 2019-v1 Classification Public Digidentity 2019 Revisions
More informationSWAMID Person-Proofed Multi-Factor Profile
Document SWAMID Person-Proofed Multi-Factor Profile Identifier http://www.swamid.se/policy/assurance/al2mfa Version V1.0 Last modified 2018-09-12 Pages 10 Status FINAL License Creative Commons BY-SA 3.0
More informationCERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA
CERTIFICATE OF CONFORMITY The certification body LSTI declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA Provides trust electronic services 1 that comply with Regulation (EU) No.
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationLAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)
INFORMATION SECURITY POLICY ISSUE SPECIFIC POLICY VERSION: V003 2017-05-11 EFFECTIVE DATE: 2017-05-11 LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS) Law Trusted Third Party
More informationOperational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.
Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary Version 3.3.2 May 30, 2007 Copyright 2007, Operational Research Consultants,
More informationElectronic Seal Administrator Guide Published:December 27, 2017
Electronic Seal Administrator Guide Published:December 27, 2017 Copyright Version 4.25.2.3 Copyright 2003-2018 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1159 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY
More information