PKI Disclosure Statement Digidentity Certificates

Similar documents
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

SSL Certificates Certificate Policy (CP)

ING Public Key Infrastructure Technical Certificate Policy

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

CERTIFICATE POLICY CIGNA PKI Certificates

CORPME TRUST SERVICE PROVIDER

LET S ENCRYPT SUBSCRIBER AGREEMENT

ING Corporate PKI G3 Internal Certificate Policy

Entrust SSL Web Server Certificate Subscription Agreement

Apple Inc. Certification Authority Certification Practice Statement

EIDAS-2016 CHAMBERS OF COMMERCE ROOT and GLOBAL CHAMBERSIGN ROOT Version 1.2.3

Avira Certification Authority Policy

Entrust WAP Server Certificate Relying Party Agreement

Apple Inc. Certification Authority Certification Practice Statement

Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA

Certification Practice Statement certsign SSL EV CA Class 3. for SSL EV Certificates. Version 1.0. Date: 31 January 2018

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Trust Services Practice Statement

QUICKSIGN Registration Policy

AlphaSSL Certification Practice Statement

Unisys Corporation April 28, 2017

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

CertDigital Certification Services Policy

DECISION OF THE EUROPEAN CENTRAL BANK

SAFE-BioPharma RAS Privacy Policy

ZETES TSP QUALIFIED CA

Certification Practice Statement

An error will be returned by the services when invalid electronic requests are received.

Certificate Policy (ETSI EN ) Version 1.1

BEST PRACTICES IN USE OF DIGITAL SIGNATURE. Presented by, Vicky Shah

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

SCHEME OF SUPERVISION AND CONTROL OF THE USE OF THE HONG KONG GREEN MARK GENERAL REQUIREMENTS AND OBLIGATIONS APPLICABLE TO ALL CERTIFIED COMPANIES

ACGISS Public Employee Certificates

BT Managed Secure Messaging. Non-Repudiation Policy

TELIA MOBILE ID CERTIFICATE

LuxTrust Global Root CA - Certificate specifications

Schedule Identity Services

PostSignum CA Certification Policy applicable to qualified certificates for electronic signature

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

ELECTRONIC IMAGE AND TEXT DATA TRANSFER USING FILE TRANSFER PROTOCOL MEMORANDUM OF UNDERSTANDING

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

ING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES. Version November ING PKI Service

LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)

Terms of Service Agreement

AGENCE NATIONALE DE LA CERTIFICATION ELECTRONIQUE

PLAINSCAPITAL BANK SAMSUNG PAY TERMS AND CONDITIONS - PERSONAL

WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT

VeriSign Trust Network European Directive Supplemental Policies

Symantec Trust Network (STN) Certificate Policy

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares E-TUGRA

Legal notice and Privacy policy

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011

SONERA MOBILE ID CERTIFICATE

Certification Practice Statement of CERTUM s Certification Services Version 3.6 Date: 13 of September, 2013 Status: valid

EVROTRUST TECHNOLOGIES AD

The Travel Tree Terms and Conditions

Outgoing Ltd Official Ticketing Agent Terms and Conditions

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares BALTSTAMP HEADQUARTER : DARIAUS IR GIRENO STR. 40, LT VILNIUS - LITHUANIA

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Privacy Shield Policy

Certification Practices Statement (CPS) For Use With ARIN Internet Resource Registration Systems

SURGICAL REVIEW CORPORATION Privacy Policy

EVROTRUST TECHNOLOGIES JSC

thawte Certification Practice Statement Version 3.4

ABSOFT Corporation Software License Agreement. Specifically for IMSL FORTRAN 5.0 BUNDLED WITH FORTRAN COMPILERS FROM ABSOFT FOR WINDOWS OR OS X

CERTIFICATE OF CONFORMITY. The certification body LSTI. declares ALEAT HEADQUARTER : SH.P.K RRUGA: XHANFIZE KEKO - TIRANA-ALBANIA

VeriSign External Certification Authority Certification Practice Statement

Online Statements Disclosure

TERMS AND CONDITIONS - BASIC CRYPTO COURSE

Smart Meters Programme Schedule 2.1

This help covers the ordering, download and installation procedure for Odette Digital Certificates.

OpenADR Alliance Certificate Policy. OpenADR-CP-I

GDPR Compliant. Privacy Policy. Updated 24/05/2018

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company

BRITISH TELECOMMUNICATIONS PLC

OnlineNIC PRIVACY Policy

Remote Deposit Anywhere Service

First Federal Savings Bank of Mascoutah, IL Agreement and Disclosures

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Platform Privacy Policy (Tier 2)

Volvo Group Certificate Practice Statement

Domain Hosting Terms and Conditions

Medicare Enrollment Application Submission Options

Emsi Privacy Shield Policy

ELECTRONIC RECORDING MEMORANDUM OF UNDERSTANDING

R. Sabett Cooley Godward LLP C. Merrill McCarter & English, LLP S. Wu Infoliance, Inc. November 2003

Data Processing Agreement

Thanks for using Dropbox! Here we describe how we collect, use and handle your information when

OISTE-WISeKey Global Trust Model

SIMS TERMS AND CONDITIONS OF USE AGREEMENT

5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.

Audit Attestation for CERTSIGN

Terms and Conditions of Website Use

Transcription:

PKI Disclosure Statement Digidentity Certificates Title PKI Disclosure Statement Digidentity Certificates Date 25 March 2019 Author Digidentity Version 2019-v1 Classification Public Digidentity 2019

Revisions Version Date Author Changes Made 2019-v1 25 March 2019 SRC First publication Digidentity 2019 Public Page 2 of 10

Introduction This PKI Disclosure Statement (PDS) is an informational document which aims to provide information about PKI services, summarising the Certification Practice Statement (CPS) for Digidentity certificates. The PDS is not intended as a replacement for the CPS and the CPS should be read if you want to use our products and services (see paragraph CPS). Contact Information Addresses Digidentity B.V. Waldorpstraat 17p, 2521 CA, s Gravenhage (The Hague) Netherlands Digidentity B.V. Postbus 19148 2500 CC s Gravenhage (The Hague) Netherlands Telephone Numbers Reception: +31 (0)887 78 78 78 Service Desk NL: +31 (0)70 700 79 76 Service Desk UK: +44 (0)330 05 83 454 Digidentity Opening Hours Office/Reception: Monday Friday 9am until 5pm Service Desk NL: Monday Friday 8.30am until 5pm Service Desk UK: Monday Friday 8am until 10pm (GMT) Saturday and Sunday 8am until 5pm (GMT) Public Holidays The office/reception are unavailable on Dutch public holidays. The Service Desk NL are unavailable on Dutch public holidays. The Service Desk UK are unavailable on UK public holidays. Digidentity Website and Email Addresses Dutch website: English website: https://www.digidentity.eu/nl/home/ https://www.digidentity.eu/en/home/ Dutch support pages: https://helpdesk.digidentity.eu/hc/nl English support pages: https://helpdesk.digidentity.com/hc/en-us Service Desk NL: Service Desk UK: helpdesk@digidentity.eu helpdesk@digidentity.co.uk Digidentity 2019 Public Page 3 of 10

Certificate Types All certificates have a policy identifier, which identifies the use. The identifiers are as follows; Personal Qualified & Personal Advanced Authentication Certificate: can be used to reliably authenticate the identity of a subscriber. Encryption Certificate: can be used for the securing of trusted information/details which are exchanged in electronic form. This includes exchanges between people as well as people and automated systems. Non-repudiation Certificate: can be used to digitally sign documents. These certificates are issued as Advanced or Qualified certificates and are issued and stored on a Qualified Secure Signature Creation Device (QSCD). Digidentity complies to the EU regulations for electronic signatures No. 910/2014 (eidas). At Digidentity an application can be made via the Digidentity website. Applicants will need to create an account and add personal details during the registration, including an ID document via a mobile app. For products in this domain all applicants will be required to attend a physical meeting with a Digidentity agent to verify their identity during a face-to-face check. Once applicants are approved and the certificate is issued to them, they become subscribers. Seals for Organisations (Qualified) Authentication Certificate: can be used to reliably authenticate the identity of an organisation. Encryption Certificate: can be used for the securing of trusted information/details which are exchanged in electronic form. Non-repudiation Certificate: can be used to digitally sign documents on behalf of an organisation. These certificates are issued as qualified certificates for electronic seals. The certificates are issued and stored on Secure Signature Creation Device (SSCD) or Qualified Secure Signature Creation Device (QSCD). Digidentity complies to the EU regulations for electronic signatures No. 910/2014 (eidas). At Digidentity an application can be made via the Digidentity website. Applicants will need to create an account and add personal details during the registration, including an ID document via a mobile app. For products in this domain all applicants will be required to attend a physical meeting with a Digidentity agent to check identity. This is called a face-to-face check. Digidentity 2019 Public Page 4 of 10

Applicants of these products will need to add the details of their organisation. This may involve the request of authorisation from an employer who has legal representation of the company. Once applicants are approved, and the certificate is issued to them, they become subscribers. Secure Email These personal certificates can be used for encrypting and/or singing email messages. An application can be made via the Digidentity website. Applicants will need to create an account and add personal details during registration. Server Services Server Certificate: can be used for securing the connection between a specific client and server. These certificates are server certificates attached to an organisation. Server certificates are used for SSL/TLS certificates. SSL means Secure Sockets Layer. It is a protocol which creates a secure connection between a client and the server to which information is sent. The subscriber of the certificate is an organisation (and not a natural person). To request a certificate, the applicant can visit the website: https://www.digidentity.eu/en/home/ and select the SSL Certificates. In the Self Service Portal, you can make an account and fill in the required data. For all requests a Certificate Signing Request (CSR) is required. Full instructions can be obtained from the Service Desk, or the support pages NL. For the certificate the following is checked; Identity of the Certificate Manager and Legal Representative of the Organisation; + ID document; + Physical meeting with a Digidentity agent, called a face-to-face check; A valid Kamer van Koophandel (Chamber of Commerce) registration; Digidentity will also require signed Terms & Conditions and where applicable, authorisations for nonlegal representatives to carry out certificate related tasks. In all certificate requests, the use of a Fully Qualified Domain Name (FQDN) will require a validation that the domain is under the control of the subscriber or its legal representatives. Digidentity 2019 Public Page 5 of 10

Certificate Usage Digidentity issues subscriber certificates for: Server certificates (Digidentity SSL CA) OID 1.3.6.1.4.1.34471.2.1 + Domain validated (DVCP) OID 1.3.6.1.4.1.34471.2.1.7 + Organisation validated (OVCP) OID 1.3.6.1.4.1.34471.2.1.8 Email certificates (Digidentity Secure Email CA) OID 1.3.6.1.4.1.34471.2.2.2 + Secure Email (S/MIME) (LCP) OID 1.3.6.1.4.1.34471.2.2.2.6 Qualified certificates for natural persons (Personal Qualified CA) OID 1.3.6.1.4.1.34471.3.1 + Personal Authentication (NCP+) OID 1.3.6.1.4.1.34471.3.1.1 + Personal Encryption (NCP+) OID 1.3.6.1.4.1.34471.3.1.2 + Personal Non-Repudiation (QCP-n-qscd) OID 1.3.6.1.4.1.34471.3.1.3 Qualified certificates for legal persons Seals (Business Qualified CA) OID 1.3.6.1.4.1.34471.3.2 + Business Authentication (NCP+) OID 1.3.6.1.4.1.34471.3.2.1 + Business Encryption (NCP+) OID 1.3.6.1.4.1.34471.3.2.2 + Business Non-Repudiation (QCP-l-qscd) OID 1.3.6.1.4.1.34471.3.2.3 Advanced certificates for natural persons (Personal Advanced CA) OID 1.3.6.1.4.1.34471.3.3 + Personal Authentication (NCP+) OID 1.3.6.1.4.1.34471.3.3.1 + Personal Encryption (NCP+) OID 1.3.6.1.4.1.34471.3.3.2 + Personal Non-Repudiation (NCP+) OID 1.3.6.1.4.1.34471.3.3.3 Digidentity CAs issues certificates which may be used for the purposes explained in this document, in the Terms & Conditions and as identified in the Key Usage field of the certificate. Certificate Application A certificate application can be submitted by a: (1) Natural person applying for a personal qualified certificate, personal advanced certificate or secure email certificate (2) Natural person legally representing an Organisation (legal entity) and applying for a server certificate or qualified certificate for electronic seals for that Organisation. The Applicant is responsible to provide Digidentity with correct and up-to-date data required for the generation and issuance of certificates and for the correct use of the certificates. The Applicant warrants to Digidentity and Relying Parties that it will abide by the Terms & Conditions, and the CPS. The Applicant is required to accept the Terms & Conditions and Privacy Statement. If any of the information required to issue a certificate is missing/incomplete or produces a negative outcome e.g. the organisation is in bankruptcy, or the identification document is indicated not to be genuine, then Digidentity will reject the application for a certificate. For domain validated SSL certificates, a Digidentity Digidentity 2019 Public Page 6 of 10

eid High is required. Digidentity eid High requires an authorisation process during registration, where the legal status of the applicant as an organisational representative is and can be checked. Subscribers have obligations in the use of the certificate, which are set out in the Terms & Conditions. Prior to any certificate issuance the subscriber will be required to accept the Terms & Conditions. Certificate Revocation Revocation can be requested by: The subscriber A legal representative or authorised person of the organisation Digidentity Authorities/regulators who are involved in the regulation of PKI activities, e.g. Agentschap Telecom Digidentity has the mandatory requirement to revoke certificates if there is notification that the subscriber/or legal representative in the certificate is deceased. Revocation of certificates can be performed: (1) By Subscriber themselves by logging in their account and requesting the revocation of issued certificates. The subscriber is able to click Change two-factor authentication, Revoke Certificates. (2) During office hours (8.30 17.00 hours) by calling the Service Desk at +31 (0)88 78 78 78 (3) Outside of office hours by calling the emergency revocation line at +31 (0)88 778 78 00 A Subscriber logging in their account has three option to revoke their qualified or advanced certificates or Seals: (1) Revoke Certificates: Subscriber is able to log into their account and click Revoke certificates or Change two-factor authentication. The subscriber is able view their virtual smartcard which contain their certificates. By deleting a specific virtual smartcard, all three (3) associated certificates (authentication, encryption and non-repudiation) will be revoked. Revocation occurs immediately. (2) Deactivate Account: Subscriber is able to log into their account and click Deactivate my account. The subscriber will receive a notification informing that their account is deactivated for 30 days. After confirmation by the subscriber, the account is deactivated. If the subscriber logs into their account within 30 days after deactivation, the account is reactivated, and all certificates registered to the account can be used. If the subscriber does not reactivate their account, after 30 days the account is deleted, and all certificates associated with the account will be revoked immediately. (3) Delete Account: The subscriber is able to log into their account and click Delete my account. The subscriber will receive a notification informing that data will be deleted, and all certificates Digidentity 2019 Public Page 7 of 10

registered to the account will be revoked immediately. After confirmation by the subscriber, all certificates are revoked, and the account is deleted. Revocation must be performed by the subscriber. If you call Digidentity for revocation, we will support you in accessing your account and enable you to revoke your certificates yourself. Digidentity will not revoke the certificate on your behalf. For server and email certificates, the Certificate Manager will need to log in their account in the Self Service Portal using two factor authentication. From the list of certificates, you can click on Revoke certificate next to the associated certificate to revoke the certificate. The Subscriber or Certificate Manager will receive confirmation of the revocation of the certificates. Limitations of Use Certificates issued may only be used for the purposes that they were issued, as explained in corresponding CPS, in the Terms & Conditions and as identified in the key usage field of the certificate itself. Certificates are prohibited from being used for any other purpose that described, and all certificate usage must be done within the limits of applicable laws. Obligations of Subscribers The Subscriber is responsible to provide Digidentity with correct and up-to-date data required for the generation and issuance of certificates and for the correct use of the certificates. The Subscriber warrants to Digidentity and Relying Parties that it will abide by the Terms & Conditions, and the CPS. The Subscriber is required to accept the Terms & Conditions, Privacy Statement and if applicable, sign the certificate contract. If any of the information required to issue a certificate is missing/incomplete or produces a negative outcome e.g. the organisation is in bankruptcy, or the identity document is indicated not to be genuine, then Digidentity will reject the application for a certificate. Subscribers have obligations in the use of the certificate, which are set out in the Terms & Conditions and a contract where applicable. Prior to any certificate issuance the subscriber will be required to accept the Terms & Conditions and the terms stated within any contract. Acknowledge that Digidentity reserve the right to immediately revoke the certificate if the applicant has violated the terms and conditions, contractual agreements or used the certificate for other purposes than provided in the CPS; Digidentity 2019 Public Page 8 of 10

Acknowledge that Digidentity reserve the right to immediately revoke the certificate if it is discovered the certificate has been used/is being used, or will be used for any criminal activity, including phishing, fraud or for the distribution of malware/viruses. Certificate Status Checking Obligations of Relying Parties Relying parties may only use the public key of the certificate for the purposes described in the relying party agreements with Digidentity, and as described in the CPS. Relying parties are responsible for verifying: (1) certificate validity. (2) validity of the complete chain of certificates, up to the root certificate. (3) revocation status of the certificate. (4) limitations on any use of the certificate (5) authenticity of all Certificate Status information is verified by the electronic signature by which the information has been signed Relying parties that fail to check the status of the certificate cannot legitimately rely on the certificate. Limitations of Warranty and Liability Digidentity will in no case be liable for the loss of profit, loss of sales, damage to reputation, loss of contracts, loss of customers, loss of use of any software or data, loss or use of any computer or other equipment (unless directly due to breakage of this CPS), wasted time of management or other personnel, losses or liabilities relating to or related to other contracts, indirect damage or loss, consequential damage or loss, special loss or damage. Loss includes full or partial loss or decrease in value. Digidentity s liability for personal damages, when a person has acted in any way under, on behalf of, within or in relation to this CPS, Certificate holder agreement, the applicable contract or related contract, whether in contract, warranty, tort or any other legal theory, subject to what is explained below, are limited to actual damage suffered by this person. Digidentity will not be liable for indirect, consequential, incidental, special, example or punitive damages with respect to any person, even if Digidentity is pointed out on the possibility of such damage, regardless of how such damage or responsibility has occurred, whether in tort, negligence, justice, contract, statute, customary law or the other. As a condition, participation (including, without limitation, the use of or relying on Certificates) votes for every person participates irrevocably in that he/she do not want to claim, or in any other way search for, example, consequence, special, incidental or punitive damages and irrevocably confirms to Digidentity the acceptance of the foregoing as one condition and incentive to allow this person to participate. We refer to the CPS (https://cps.digidentity-pki.com/) for further detail on liability and warranties Digidentity 2019 Public Page 9 of 10

Applicable Agreements & CPS Terms & Conditions The Terms & Conditions are applicable to all services of Digidentity, and can be found on the website: Dutch: English: https://www.digidentity.eu/nl/home/#terms-and-conditions https://www.digidentity.eu/en/home/#terms-and-conditions CPS The applicable CPS, product specific terms and this document link, are available on the Digidentity website via this link: https://cps.digidentity-pki.com/ Privacy Statement The Privacy Statement is available on the Digidentity website via this link: https://www.digidentity.eu/en/home/#privacy-statement Refund Policy Digidentity does not have a refund policy. Applicable Law, Complaints and Dispute Resolution Digidentity B.V. is subject to laws of The Netherlands, EU and International Law. These laws include, but are not limited to; General Data Protection Regulation EU; eidas Regulation (EU) 910/2014; The Data Protection Act 2018 (UK); Wet op de Identificatieplicht. Our complaints procedure is available on our website at: https://www.digidentity.eu/en/home/#complaints-procedure Any information we receive about our services and products is taken seriously. Any complaints will be handled with the ultimate aim of resolving the issue. Repository Licences, Trust Marks and Audit See our website (https://www.digidentity.eu/en/home/#certifications) for all audits and certifications. Digidentity 2019 Public Page 10 of 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback