CERTIFICATE POLICY CIGNA PKI Certificates
|
|
- Eric Armstrong
- 6 years ago
- Views:
Transcription
1 CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA
2 1. Introduction Important Note for Relying Parties Policy Identification Policy Outline CP Provisions Community and Applicability Rights and Obligations Liability Statement Interpretation and Enforcement Publication and Repository Privacy/Confidentiality Identification and Authentication (Procedures) Initial Registration Operational Requirements Key Generation Key Archival Certificate Acceptance Certificate Validity Period Certificate Revocation Certificate Renewal Certificate Use
3 1. Introduction A Certificate Policy (CP) is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. This Certificate Policy (CP) governs the lifecycle and use of digital certificates issued within the CIGNA Certificate Authority (CA) hierarchy, specifically S-MIME certificates issued by the internal sub-ca to facilitate secure for CIGNA employees and agents, and also authentication of clients. "CIGNA" refers to CIGNA Corporation and/or one or more of its subsidiaries. Products and services are provided by operating subsidiaries and not by CIGNA Corporation. "CIGNA" is also a registered service mark of CIGNA Intellectual Property, Inc., licensed for use. 1.1 Important Note for Relying Parties Before using/trusting the certificate(s) related to this Certificate Policy (CP), please ensure you have read and understood the provisions described within this document. 1.2 Policy Identification Policy name CIGNA PKI Certificate Policy Policy qualifier Policy version 1.0 Policy status Policy reference/oid (Object Identifier) This Certificate Policy governs all use of certificates involved in the conduct of CIGNA business for the following: (1) encrypting for privacy, (2) digitally signing messages to intended recipients for data integrity and authorship controls, (3) identifying persons, and (4) authentication of computing resources. No other use is authorized. CIGNA CORPORATION AND ITS AFFILIATES SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM AUTHORIZED OR UNAUTHORIZED USE. Pilot and Date of issue August 7, 2001 Date of expiry Related Certificate Practice Statement (CPS) N/A Baltimore Technologies Ltd. Boston Certificate Practice Statement (Company) COE Boston v0.4 3
4 (herein the CPS ) available on request. CP Universal Resource Locator (URL) cy.htm For more information please contact: PKIAdministrator@cigna.com 2. Policy Outline This policy governs only certificates used for (1) encryption of messages for privacy/confidentiality, (2) digital signatures applied to messages for user authentication and data integrity, and (3) authentication of computing resources. In this CP, Certificate means a certificate issued under this CP and used in compliance with all relevant agreements, policies and procedures. A Certificate may be used only for CIGNA-approved purposes. In this CP, Subscriber means (1) an employee of CIGNA, (2) an individual agent or an employee of an agent of CIGNA acting with CIGNA s authorization, (3) an application or service acting as an agent of CIGNA, (4) a legal person with whom CIGNA does business (a Business Partner ) or (5) a computing resource controlled by a Business Partner. Only Subscribers may request issuance of Certificates. All persons with whom Subscribers intend to correspond for CIGNA-approved purposes via may rely on Certificates. No Subscriber agreements or relying party agreements other than agreements made in the subscription process are required to rely upon a Certificate. The registration method for a Certificate is remote and requires authentication via a CIGNA-issued user identification and password presented at the registration Web site where the transaction is logged for exception review. This CP is implemented in conjunction with, and supported by, a CPS in conformance with the Baltimore Technologies Ltd. Boston Certificate Practice Statement (Company) COE Boston v0.4, which may be obtained by request. 3. CP Provisions 3.1 Community and Applicability This CP and Certificates are valid only for (1) encryption of messages for privacy, (2) digital signatures applied to messages for Subscriber authentication and data integrity, and (3) authentication of computing resources. Certificates may only be used to provide privacy/confidentiality, user and/or computing resource authentication, and data integrity for CIGNA-approved purposes. Certificates may only be used and relied upon by (1) CIGNA or Business Partner employees and 4
5 agents, or (2) by CIGNA or Business Partner computing resources. No use of Certificates by others, or for other purposes, is permitted or supported. Key usage fields within Certificates are as follows: Key encipherment, digital signature Enhanced/Extended Key Usage fields within Certificates are as follows: Secure , client authentication 3.2 Rights and Obligations Subscriber Obligations Subscribers must: protect their private key at all times, against loss, disclosure to any other party, modification and unauthorized use, in accordance with the current CPS and this CP; utilize, at minimum, the Medium private key protection option in the Microsoft Internet Explorer Web browser (or equivalent levels of minimum protection where other key stores are used), and adhere to all CIGNA Information Protection Policy password requirements; never store the Personal Identity Number (PIN) or pass-phrase, used to protect unauthorized use of the private key in the same location as the private key itself, nor store the PIN or pass-phrase unprotected, nor fail to sufficiently protect the PIN or pass-phrase; take full responsibility for the accuracy of data given as part of a Certificate request, and for verifying that the contents of the published Certificate are correct; notify the CIGNA PKI Owner immediately of any compromise of their private keys or any change in their information included in their certificate or provided during the registration process; comply with all national and local laws regarding the use of digital signatures, cryptographic technology and electronic information in utilizing Certificates; and permit publication of the Certificate in directory services and/or through exchange of standard format files with CIGNA s business partners. Relying Party Obligations Any person or persons relying upon Certificates must: 5
6 securely obtain the certificates of the CAs they trust in the trust hierarchy, which should include verifying each CA's public key hash (thumbprint) and validity (active, revoked, or expired); verify that non-cigna employees or agents, or non-cigna computing resources, are engaged in CIGNA-approved activities; establish trust in each Certificate by verifying trust of the certificate issuer (CA), validity (active, revoked or expired), and appropriate key usage; be fully responsible, to the exclusion of CIGNA, for their reliance on any Certificatebased service; and comply with all national and local laws regarding the use of digital signatures, cryptographic technology and electronic information in utilizing Certificates. Restrict its reliance to the appropriate uses of the Certificates in accordance with this CP. CA (CIGNA) Obligations CIGNA will: issue Certificates in compliance with this CP and the CPS, subject to contractual obligations with its customers; and comply with the other requirements of this CP and the CPS. 3.3 Liability Statement CIGNA will not be liable for any damages or costs arising from the use of Certificates, whether authorized or unauthorized. 3.4 Interpretation and Enforcement This CP shall be interpreted under the laws of the Commonwealth of Pennsylvania, in the United States of America. In the event of a conflict between this CP, the CPS and, if any, the written contract between CIGNA and the Subscriber or Subscriber s agent, the order of increasing precedence shall be: this CP, the CPS, and the contract. 3.5 Publication and Repository The certificates for CIGNA s CAs will be published to CIGNA s Enterprise LDAP directory and CIGNA s Internet Web server. Publication is configured to automatically occur within five minutes after CA certificate issuance. Subscriber Certificates will be published to CIGNA s Enterprise LDAP directory server and CIGNA s mail system s Global Address List as appropriate. Publication to the 6
7 Enterprise LDAP directory server is configured to automatically occur within five minutes after the certificate s issuance. Publication to the Global Address List for the appropriate Certificates is configured to occur at that time in which the Subscriber maintaining control of the private key elects to do so using the subscription graphical user interface. Certificate Revocation Lists (CRLs) will be published to CIGNA s Enterprise LDAP directory and CIGNA s Internet Web server. Publication is configured to automatically occur on a periodic basis. In addition, CRL publication may occur on an as-needed basis. 3.6 Privacy/Confidentiality This CP and the use of Certificates must conform to applicable laws, rules and regulations pertaining to CIGNA s business. This may include, among others, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 15 U.S.C (the Gramm-Leach-Bliley (GLB) Financial Services Modernization Act) and U.S. state privacy laws. 4. Identification and Authentication (Procedures) 4.1 Initial Registration Subscribers will submit registration requests as follows: 1. Subscriber authenticates through an SSL(Secure Sockets Layer)-secured Web site connection using a CIGNA-issued and CIGNA-administered user identification and password from commercial access control facilities. 2. Subscriber provides identification and authentication information through the SSLsecured connection. Subscriber receives an alphanumeric CIGNA-issued and administered Single Sign On (SSO) ID and password and intranet access to certificate enrollment. Subscriber authenticates through an SSL-secured connection using their SSO identification and password pair. 3. Subscriber initializes the Web-based certificate enrollment process by agreeing to Terms and Conditions and this CP. This transaction is logged by the intranet application for exception review. 4. The Certificate Enrollment process verifies that the Subscriber does not already have a valid Certificate for digital signature, SSL authentication, or key encipherment purposes. 5. The Certificate enrollment process interfaces with the Subscriber s Web browser to create an asymmetric key pair for digital signature and SSL client authentication. The public key of the key pair is combined with identification information and transformed into a certificate request, which is sent by the Web browser to the certificate enrollment server process. 7
8 6. The Certificate enrollment server process continues by creating a second asymmetric key pair on behalf of the Subscriber. This key pair will be designated for key encipherment. The public key of the key pair is combined with identification information and transformed into a certificate request. 7. The Certificate enrollment server process sends both certificate requests to the appropriate CIGNA CA for certificate issuance. 8. The appropriate CIGNA CA issues the certificates corresponding to the Subscriber s two certificate requests and returns them to the Certificate enrollment server process. 9. The Certificate enrollment server process publishes both certificates, copies the key encipherment key pair and certificate to a secure archive server, and installs the key encipherment key pair and both certificates in the Subscriber s Web browser. 10. The Subscriber is required to use their new SSL authentication certificate to authenticate to an SSL-protected Web page for proof of receipt. This transaction is logged by the application for exception review. 11. The Certificate enrollment server process finishes by automatically sending an e- mail to the Subscriber, thereby confirming the certificate registration process has been completed. 5. Operational Requirements 5.1 Key Generation The Subscriber invokes the generation process from a client application. One of two 1024-bit RSA key pairs is created locally through a Microsoft Internet Explorer (IE) 5.x or higher Web browser (or through Netscape 5.X or higher if desired by non-cigna employees, agents or computing resources) for the purposes of digital signature and client authentication. The second key pair for the purpose of key encipherment is created by server-side processes. The key pairs are passed to the CA to be transformed into certificates and a copy of the key-encipherment keys and certificate are archived. The certificates are passed back to the client. 5.2 Key Archival CIGNA may keep a protected copy of the Subscriber s key-encipherment key and certificate for CIGNA business purposes. CIGNA does not keep any copies of the signing key or the authentication key. 8
9 5.3 Certificate Acceptance The Subscriber is required to use their new SSL authentication Certificate to authenticate to an SSL-protected Web page for proof of receipt. The Subscriber is also given an opportunity to refute the request by responding to the automated event. 5.4 Certificate Validity Period A Subscriber Certificate is valid for a period of up to three years. Certificates are signed by the CIGNA Root CA (which certificate is valid for a period of 12 years) and the CIGNA Internal Sub CA (which certificate is valid for a period of six years). 5.5 Certificate Revocation The process for revoking a Subscriber Certificate can be performed by the Subscriber to whom the certificate in question was issued, or by a PKI administrator. In both cases, revocation will not be communicated and available to the public until the next CRL is published. A Subscriber must authenticate using their SSO user ID and password to access the key administration application. The Subscriber then selects the Certificate(s) to revoke; then, indicates a reason for revocation and provides further authentication information. This transaction is audited for exception review. A PKI administrator must authenticate to the certificate revocation administrative interface using a digital certificate on a smart card. From there, the administrator may select the Certificate(s) to revoke and provide the reason for revocation. 5.6 Certificate Renewal The process for renewing a Subscriber Certificate will include equivalent steps to the foregoing. Subscriber will register for new Certificates upon expiration of valid Certificates. 5.7 Certificate Use A Subscriber is required to use their new SSL authentication certificate during the registration process to authenticate to an SSL-protected Web page for proof of receipt. This transaction is logged by the application for exception review. No further proof of possession of a private key is required for Certificate use. 9
SSL Certificates Certificate Policy (CP)
SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.18 Effective Date: August 16, 2017 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Table of Contents 1. Introduction... 5 1.1. Trademarks... 5
More informationApple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationING Corporate PKI G3 Internal Certificate Policy
ING Corporate PKI G3 Internal Certificate Policy Version 1.0 March 2018 ING Corporate PKI Service Centre Final Version 1.0 Document information Commissioned by Additional copies of this document ING Corporate
More informationSAFE-BioPharma RAS Privacy Policy
SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what
More informationPAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1
PAA PKI Mutual Recognition Framework Copyright PAA, 2009. All Rights Reserved 1 Agenda Overview of the Framework Components of the Framework How It Works Other Considerations Questions and Answers Copyright
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationDigi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.
Certificate Practice Statement v3.6 Certificate Practice Statement from Digi-Sign Limited. Digi-CPS Version 3.6. Produced by the Legal & Technical Departments For further information, please contact: CONTACT:
More informationVolvo Group Certificate Practice Statement
Volvo Group PKI Documentation Volvo Group Certificate Practice Statement Document name: Volvo Group Certificate Policy Statement Document Owner: Volvo Group AB Corporate Process & IT Issued by: Volvo Group
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationEmsi Privacy Shield Policy
Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationDocument Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.
Document Cloud (including Adobe Sign) Additional Terms of Use Last updated June 5, 2018. Replaces all prior versions. These Additional Terms govern your use of Document Cloud (including Adobe Sign) and
More informationthawte Certification Practice Statement Version 3.4
thawte Certification Practice Statement Version 3.4 Effective Date: July, 2007 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision
More informationOpenADR Alliance Certificate Policy. OpenADR-CP-I
Notice This document is a cooperative effort undertaken at the direction of the OpenADR Alliance and NetworkFX, Inc. for the benefit of the OpenADR Alliance. Neither party is responsible for any liability
More informationWISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT
WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT Version 1.1 Effective Date: 05 December 2008 WISeKey S.A. 2000-2008 WISeKey hereby grants non-exclusive permission
More informationElectronic Signature Policy
Electronic Signature Policy Definitions The following terms are used in this policy. Term Definition Electronic Signature An electronic signature is a paperless method used to authorize or approve documents
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationAlphaSSL Certification Practice Statement
AlphaSSL Certification Practice Statement Date: December 16th 2008 Version: v1.2 Table of Contents DOCUMENT HISTORY... 3 ACKNOWLEDGMENTS... 3 1.0 INTRODUCTION... 4 1.1 OVERVIEW... 4 1.2 ALPHASSL CERTIFICATE
More informationDigi-Sign Certification Services Limited Certification Practice Statement (OID: )
Digi-Sign Certification Services Limited Certification Practice Statement (OID: 1.3.6.1.4.1.8420.1.3.6) In support of Digi-Sign CA as a Recognized Certification Authority December 2015 Copyright and Patent
More informationBCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)
BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding) CLAUSE 13 ON-LINE BIDDING 13.1 ON-LINE BIDDING.1 Definitions: Owner means the party and/or their agent designated to receive on-line
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationAugust 2007 Intel Pro SSL Addendum to the Comodo Certification Practice Statement v.3.0
August 2007 Intel Pro SSL Addendum to the Comodo Certification Practice Statement v.3.0 Comodo CA, Ltd. August 2007 Intel Pro SSL Addendum to Version 3.0 Amendments 17 August 2007 3rd Floor, Office Village,
More informationING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES. Version November ING PKI Service
ING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES Version 5.4 - November 2015 ING PKI Service Centre @012345 Information sheet Commissioned by Additional copies ING PKI Policy Approval
More informationSmart Meters Programme Schedule 2.1
Smart Meters Programme Schedule 2.1 (DCC Requirements) (SMKI version) V1.2 1 Schedule 2.1 (DCC Requirements) This Schedule 2.1 (DCC Requirements) is formed of the following parts: Part A Introduction...3
More informationTeliaSonera Gateway Certificate Policy and Certification Practice Statement
TeliaSonera Gateway Certificate Policy and Certification Practice Statement v. 1.2 TeliaSonera Gateway Certificate Policy and Certification Practice Statement TeliaSonera Gateway CA v1 OID 1.3.6.1.4.1.271.2.3.1.1.16
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY November 2015 Version 4.0 Copyright 2006-2015, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More information(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and
SUB-LRA AGREEMENT BETWEEN: (1) Jisc (Company Registration Number 05747339) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and (2) You, the Organisation using the Jisc
More informationCertDigital Certification Services Policy
CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES
More informationSymantec Trust Network (STN) Certificate Policy
Symantec Trust Network (STN) Certificate Policy Version 2.8.24 September 8, 2017 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 www.symantec.com - i - - ii - Symantec
More information1.2 Participant means a third party who interacts with the Services as a result of that party s relationship with or connection to you.
Document Cloud (including Adobe Sign) Additional Terms of Use Last updated June 16, 2016. Replaces the prior version in its entirety. Capitalized terms used in these Document Cloud Additional Terms ( Additional
More informationVeriSign External Certification Authority Certification Practice Statement
VeriSign External Certification Authority Certification Practice Statement Version 1.2 (Portions of this document have been redacted in accordance with the ECA Certificate Policy) 21 December 2007 1 VeriSign
More informationYou are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.
Middlesex Bank Person to Person Service You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person. This Agreement
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationGOCO.IO, INC TERMS OF SERVICE
GOCO.IO, INC TERMS OF SERVICE GoCo.io, Inc. ("GoCo", the "Site", "https://www.goco.io") welcomes you! GoCo provides services to you subject of the following terms of service (the "Agreement"). The Agreement
More informationStarfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)
Starfield Technologies, LLC Certificate Policy and Certification Practice Statement (CP/CPS) Version 3.0 January 28, 2013 i Starfield CP-CPS V3.0 Table of Contents 1 Introduction...1 1.1 Overview...1 1.2
More informationEntrust SSL Web Server Certificate Subscription Agreement
Entrust SSL Web Server Certificate Subscription Agreement ATTENTION - READ CAREFULLY: THIS SUBSCRIPTION AGREEMENT (THIS "AGREEMENT") IS A LEGAL CONTRACT BETWEEN THE PERSON, ENTITY, OR ORGANIZATION NAMED
More informationAvira Certification Authority Policy
Avira Certification Authority Policy Version: 1.0 Status: Draft Updated: 2010-03-09 Copyright: Avira GmbH Author: omas Merkel Introduction is document describes the Certification Policy (CP) of Avira Certification
More informationCALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS
CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS INTRODUCTION: Before the California State Teachers Retirement System (hereinafter "CalSTRS," "We," or "Us") will provide services found at mycalstrs.com (the
More informationEntrust WAP Server Certificate Relying Party Agreement
Entrust WAP Server Certificate Relying Party Agreement The WAP/WTLS specification v1.1 does not provide a means for certificate revocation checking. The following Relying Party Agreement" provides further
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationCertification Practices Statement (CPS) For Use With ARIN Internet Resource Registration Systems
Certification Practices Statement (CPS) For Use With ARIN Internet Resource Registration Systems OID 1.3.6.1.4.1.18428.1.1.1 Published April 18, 2004 1. Introduction ARIN CPS Published April 18, 2004 OID
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationCORPME TRUST SERVICE PROVIDER
CORPME TRUST SERVICE PROVIDER QUALIFIED CERTIFICATE OF ADMINISTRATIVE POSITION USE LICENSE In..,.. 20... Mr/Mrs/Ms/Miss.........., with DNI/NIF/National Passport nº., e-mail........., phone number....,
More informationX.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)
X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance) Version 0.7 Mar-17 Notice to all parties seeking to rely Reliance on a Certificate
More informationHousecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009
Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009 Privacy Policy Intent: We recognize that privacy is an important issue, so we design and operate our services with
More informationValidation Policy r tra is g e R ANF AC MALTA, LTD
Maltese Registrar of Companies Number C75870 and VAT number MT ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) 2299 3100 Fax:(+356) 2299 3101 Web: www.anfacmalta.com Security
More informationQUICKSIGN Registration Policy
QUICKSIGN Registration Policy Amendment to DOCUSIGN FRANCE s Certificate Policy for using the QUICKSIGN platform as a registration service to identify Subscribers September 27, 2016 QUICKSIGN_Registration_Policy_V1.0
More informationACGISS Public Employee Certificates
ACGISS Public Employee Certificates Certification policy V 2.0.1 (February 2017) Social Security IT Department c/ Doctor Tolosa Latour s/n 28041 Madrid Change control Version Observations Date 1.0 Original
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationUnisys Corporation April 28, 2017
Unisys Internal PKI v1 14.docx Unisys Internal PKI Unisys Corporation April 28, 2017 Page 1 of 79 Content: Name: Version / Last Revision: Classification: Unisys Internal PKI v1 14.docx This document contains
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationOracle Insurance Policy Administration Configuration of SAML 1.1 Between OIPA and OIDC
Oracle Insurance Policy Administration Configuration of SAML 1.1 Between OIPA and OIDC Version 10.1.0.0 Documentation Part Number: E55027-01 June, 2014 Copyright 2009, 2014, Oracle and/or its affiliates.
More informationVirtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ).
myvirtua.org Terms of Use PLEASE READ THESE TERMS OF USE CAREFULLY Virtua Health, Inc. is a 501 (c) (3) non-profit corporation located in Marlton, New Jersey ( Virtua ). Virtua has partnered with a company
More informationComplete document security
DOCUMENT SECURITY Complete document security Protect your valuable data at every stage of your workflow Toshiba Security Solutions DOCUMENT SECURITY Without a doubt, security is one of the most important
More informationCertification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive
Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Asseco Data Systems S.A. Podolska Street 21 81-321 Gdynia, Poland Certum - Powszechne
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationGlobalSign Certification Practice Statement
GlobalSign Certification Practice Statement Date: May 12th 2009 Version: v.6.5 Table of Contents DOCUMENT HISTORY... 3 HISTORY... 3 ACKNOWLEDGMENTS... 4 1.0 INTRODUCTION... 5 1.1 OVERVIEW... 6 1.2 GLOBALSIGN
More informationIMPORTANT PLEASE READ THIS ENTIRE AGREEMENT CAREFULLY
IMPORTANT PLEASE READ THIS ENTIRE AGREEMENT CAREFULLY You must agree to this Electronic Transactions Terms of Service and Paperless Delivery of Communications Terms and Conditions (collectively the Agreement
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationCertification Practice Statement
SWIFT SWIFT Qualified Certificates Certification Practice Statement This document applies to SWIFT Qualified Certificates issued by SWIFT. This document is effective from 1 July 2016. 17 June 2016 SWIFT
More informationSigne Certification Authority. Certification Policy Degree Certificates
Signe Certification Authority Certification Policy Degree Certificates Versión 1.0 Fecha: 2/11/2010 Table of contents 1 FOREWORD 1.1 GENERAL DESCRIPTION 1.2 DOCUMENT NAME AND IDENTIFICATION 2 PARTICIPATING
More informationOperational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.
Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary Version 3.3.2 May 30, 2007 Copyright 2007, Operational Research Consultants,
More informationCERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES
Krajowa Izba Rozliczeniowa S.A. CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES Version 1.6 Document history Version number Status Date of issue 1.0 Document approved by
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationLAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)
INFORMATION SECURITY POLICY ISSUE SPECIFIC POLICY VERSION: V003 2017-05-11 EFFECTIVE DATE: 2017-05-11 LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS) Law Trusted Third Party
More informationPrivacy Policy: itsme APP
Privacy Policy: itsme APP This privacy policy applies to the itsme Application (hereafter the itsme App or the App) developed by Belgian Mobile ID SA/NV (the Privacy Policy). The itsme App (the App) allows
More informationGlobalSign Certification Practice Statement
GlobalSign Certification Practice Statement Date: May 12th 2010 Version: v.6.7 Table of Contents DOCUMENT HISTORY... 3 HISTORY... 3 ACKNOWLEDGMENTS... 4 1.0 INTRODUCTION... 5 1.1 OVERVIEW... 6 1.2 GLOBALSIGN
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationdataedge CA Certificate Issuance Policy
Classification of Digital Certificate Digital Certificates are classified upon the purpose for which each class is used and the verification methods underlying the issuance of the certificate. Classification
More informationPayThankYou LLC Privacy Policy
PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationBirmingham Midshires - Terms and Conditions Mortgage Intermediaries On-line Terms of Use (June 2017)
Birmingham Midshires - Terms and Conditions http://www.bmsolutions.co.uk/terms/ Mortgage Intermediaries On-line Terms of Use (June 2017) 1. General Which Terms Apply? - Directly Authorised Firms:If you
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationFACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?
FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit
More informationData Use and Reciprocal Support Agreement (DURSA) Overview
Data Use and Reciprocal Support Agreement (DURSA) Overview 1 Steve Gravely, Troutman Sanders LLP Jennifer Rosas, ehealth Exchange Director January 12, 2017 Introduction Steve Gravely Partner and Healthcare
More informationExhibit A Questionnaire
Exhibit A Questionnaire Thank you for your interest in NYSE data. This questionnaire is intended to simplify user application requirements while furnishing customers and data providers with the information
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More informationEnd User Agreement Anthem Point of Care (POC)
End User Agreement Anthem Point of Care (POC) THE SIGNATURE PAGE OF THIS AGREEMENT MUST BE COMPLETED AND SIGNED BY AN AUTHORIZED REPRESENTATIVE OF THE END USER AND SENT OR FAXED TO ANTHEM FOR ITS ACCEPTANCE
More informationPRIVACY COMMITMENT. Information We Collect and How We Use It. Effective Date: July 2, 2018
Effective Date: July 2, 2018 PRIVACY COMMITMENT Protecting your privacy is very important to Prosci and this privacy policy is our way of providing you with details about the types of information we collect
More informationAnnex 2 to the Agreement on Cooperation in the Area of Trade Finance & Cash Management Terms and Conditions for Remote Data Transmission
Annex 2 to the Agreement on Cooperation in the Area of Trade Finance & Cash Management Terms and Conditions for Remote Data Transmission 1. Scope of services (1) The Bank is available to its Customer (account
More informationBelgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA
Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA OID: 2.16.56.1.1.1.7 2.16.56.9.1.1.7 2.16.56.10.1.1.7 2.16.56.12.1.1.7 Company: Certipost Version: 3.0 Status : FINAL
More informationEDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017
This Privacy Policy (this Privacy Policy ) applies to Edenred Commuter Benefits Solutions, LLC, (the Company ) online interface (i.e., website or mobile application) and any Edenred Commuter Benefit Solutions,
More informationBT Managed Secure Messaging. Non-Repudiation Policy
BT Managed Secure Messaging Non-Repudiation Policy Contents Page 1 Introduction 4 1.1 Scope 4 1.2 Terms and Definitions 4 2 Non-Repudiation Categories 5 2.1 Non-Repudiation of Origin 5 2.2 Non-Repudiation
More informationCertipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011
Certipost E-Trust Services Version 1.1 Effective date 12 January 2011 Object Identification Number (OID) 0.3.2062.7.1.1.200.1 Certipost NV ALL RIGHTS RESERVED. 2 17 for Normalised E-Trust Certificates
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationMASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY
Effective Date: 12 September 2017 MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY Mastercard respects your privacy. This Privacy Policy describes how we process personal data, the types of personal
More informationTerms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.
Medical Privacy Version 2018.03.26 Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a Covered Entity
More information