ING Public Key Infrastructure Technical Certificate Policy

Similar documents
ING Corporate PKI G3 Internal Certificate Policy

ING PUBLIC KEY INFRASTRUCTURE CODE OF CONDUCT FOR EMPLOYEE CERTIFICATES. Version November ING PKI Service

CERTIFICATE POLICY CIGNA PKI Certificates

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

SSL Certificates Certificate Policy (CP)

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

AeroMACS Public Key Infrastructure (PKI) Users Overview

SAFE-BioPharma RAS Privacy Policy

FPKIPA CPWG Antecedent, In-Person Task Group

BT Managed Secure Messaging. Non-Repudiation Policy

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

CORPME TRUST SERVICE PROVIDER

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Entrust SSL Web Server Certificate Subscription Agreement

DECISION OF THE EUROPEAN CENTRAL BANK

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

AlphaSSL Certification Practice Statement

Schedule Identity Services

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011

Smart Meters Programme Schedule 2.1

PKI Disclosure Statement Digidentity Certificates

Avira Certification Authority Policy

Signe Certification Authority. Certification Policy Degree Certificates

X.509 Certificate Policy. For The Federal Bridge Certification Authority (FBCA)

OpenADR Alliance Certificate Policy. OpenADR-CP-I

Unisys Corporation April 28, 2017

EXBO e-signing Automated for scanned invoices

Technical Trust Policy

thawte Certification Practice Statement Version 3.4

Terms and Conditions for Remote Data Transmission

OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

ZETES TSP QUALIFIED CA

Certification Practice Statement

ROYAL MAIL GROUP ADDRESS MANAGEMENT UNIT PAF DATA END USER TERMS ( End User Terms )

ECA Trusted Agent Handbook

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Mailbox Rental Terms and Conditions

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

CertDigital Certification Services Policy

You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.

GlobalSign Certification Practice Statement

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company

LET S ENCRYPT SUBSCRIBER AGREEMENT

DATA PROCESSING AGREEMENT

Volvo Group Certificate Practice Statement

OISTE-WISeKey Global Trust Model

Belgian Certificate Policy & Practice Statement for eid PKI infrastructure Foreigner CA

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

ACGISS Public Employee Certificates

SIMS TERMS AND CONDITIONS OF USE AGREEMENT

Birmingham Midshires - Terms and Conditions Mortgage Intermediaries On-line Terms of Use (June 2017)

QUICKSIGN Registration Policy

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

IEEE Electronic Mail Policy

Digital Signatures Act 1

Mobile Banking Enrollment Terms & Conditions

Emsi Privacy Shield Policy

CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement

LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)

IFY e-signing Automated for scanned invoices

Terms and Conditions for MPF e-statement/e-advice Service ( Terms and Conditions )

VeriSign Trust Network European Directive Supplemental Policies

ACCV Certification Practice Statement (CPS)

SERVICE SCHEDULE & ADDITIONAL TERMS AND CONDITIONS FOR DIRECT WHOLESALE INTERCONNECT VOICE SERVICE

SIX Trade Repository AG

TERMS AND CONDITIONS OF USE FOR THE WEBSITE This version is valid as from 1 October 2013.

Administration of PEFC scheme

Entrust WAP Server Certificate Relying Party Agreement

REGISTRATION FORM TRANSACTION REPORTING MIFID II. Please fill in, sign and return to:

ECLIPSE FOUNDATION, INC. INDIVIDUAL COMMITTER AGREEMENT

GlobalSign Certification Practice Statement

NIC Certifying Authority National Informatics Centre Ministry of Communications and Information Technology Government of India

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

Network Security Essentials

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

User Terms of Service

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Domain Hosting Terms and Conditions

Certification Practices Statement (CPS) For Use With ARIN Internet Resource Registration Systems

RULES OF THE TENNESSEE ALCOHOLIC BEVERAGE COMMISSION CHAPTER RULES FOR PROFESSIONAL ALCOHOL SERVER TRAINING TABLE OF CONTENTS

General Terms and Conditions

United States Department of Defense External Certification Authority X.509 Certificate Policy

Operational Research Consultants, Inc. (ORC) Access Certificates For Electronic Services (ACES) Certificate Practice Statement Summary. Version 3.3.

Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS)

Enabling a World-Class National ICT Sector

Data Processing Agreement for Oracle Cloud Services

Authorised Operator TrustAssured Service Utility Certificate Policy. Version 5.2

Transcription:

ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015

Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document can be obtained via the ING PKI Internet site: www.ing.com/pki, or requested at: ING PKI Service Centre PO Box 1800 1000 BV Amsterdam the Netherlands e-mail: pki@ing.com Version 5.4 November 2015 This document is publicly available outside ING Group. 2015, ING Group N.V.. All rights reserved. Abstract This Certificate Policy (CP) for the ING PKI Customer CA contains the rules governing the issuance and use of Certificates among Customers participating in the ING Public Key Infrastructure (PKI), in accordance with the ING PKI Certification Practice Statement (CPS). Audience The information contained in this document is intended for all users of the ING Corporate PKI. References ING PKI Certificate Practice Statement ING PKI Certificate Policy Root CA ING PKI Customer Certificate Policy ING PKI Employee Certificate Policy ANSI X9.79 7.1 ETSI 102.042 2 ING CORPORATE PKI TECHNICAL CERTIFICATE POLICY VERSION 5.4 - NOVEMBER 2015

Contents 1. Introduction 4 1.1. Overview 4 1.1.1 Standard Certificates 4 1.1.2 Extended Validation SSL Certificates 4 1.2. Definition of Terms 4 1.3. Identification 5 1.4. Administration & Contact Information 5 2. Applicability 5 3. Obligations 5 3.1. CA Obligations 5 3.2. RA Obligations 5 3.3. End-User Obligations 5 3.4. Relying Party Obligations 6 3.5. Repository Obligations 6 4. Liability 6 4.1. CA Liability 6 4.2. RA Liability 6 4.3. Governing Law 6 5. Confidentiality 6 6. Identification & Authentication 6 7. Certificate Application Procedure 7 8. Certificate Issuance & Delivery 7 9. Certificate Acceptance 7 10. Administrative Procedures 7 ING CORPORATE PKI TECHNICAL CERTIFICATE POLICY VERSION 5.4 - NOVEMBER 2015 3

1. Introduction ING PKI Certificate Practice Statement : 1.1 1.1. Overview Under this Policy, ING Bank NV will act as the ING PKI Technical CA. where this Policy speaks of an End-User, this not only refers to the hardware but also refers to its representative(s). Under this Policy, ING devices can only be represented by Employees of ING or Customers of ING for certification purposes. Cross-certification with CA s operated by other parties then ING is not permitted under this Policy. The ING PKI and the associated rules, regulations and procedures are based on ETSI 102.042. The Certificates that are issued by the ING Technical CA 2005 are primarily applicable for use in electronic communications between ING devices (e.g. servers, routers, VPN hosts, etc) anddevices of Customers of ING. In addition, they are also to be used for secure electronic communications between ING and third parties, both devices and natural persons, and for secure communications between ING devices. Under this Policy, all Certificates issued by the ING Technical CA 2005 provide a validated link between the identity of an ING device and a Public Key. The ING Technical CA 2005 delivers Standard Certificates and Extended Validation SSL Certificates (no other EV type certificates, including EV Certificates for CA s are delivered). 1.1.1 Standard Certificates Private Keys associated with Certificates issued by the ING Technical CA 2005 will be stored as a Software Token. As a result, its Certificate gives a medium level (trustworthy but no optimal security) confirmation to all Relying Parties, thus conforming to ETSI 102.042 NCP (Normalized Certificate Policy). Under this Policy, Private Keys stored as Software Tokens can never result in a high level confirmation (trustworthy, optimal security). Each Standard Certificate issued by the ING Technical CA 2005 gives a medium level confirmation of: The identity of the End-User named in the Certificate The status of the End-User as a device or application owned, controlled or managed by ING, or a Customer of ING, and Where applicable, the status of the domain name included in the Certificate as being in the possession of ING or a Customer of ING. Only devices owned, managed or controlled by ING or a Customer of ING are eligible to use Standard Certificates issued by the ING Technical CA 2005. Under this Policy, no Certificates will be issued to natural persons or to any organisational or legal entities. Since the ING Technical CA 2005 restricts its certification services to non-personal devices and applications, it can only deliver such services with the participation of one or more natural persons representing the certified hardware. As a result, 1.1.2 Extended Validation SSL Certificates Private Keys associated with Extended Validation SSL Certificates issued by the ING Technical CA 2005 will primarily be generated form a Hardware Security Module by the requestor/ component owner. As a result, the Certificate gives a high level (trustworthy, optimal security) confirmation to all Relying Parties, thus conforming to ETSI 102.042 NCP (Normalized Certificate Policy). The ING Technical CA 2005 will only deliver Extended Validation Certificates for SSL purposes. For entities storing the private key in software, obtaining a EV SSL certificate will be at the discretion of the involved RAO s after receiving a formal and well-founded request for the hardware requirement to be lifted. Each Extended Validation Certificate issued by the ING Technical CA 2005 gives a high level confirmation of: The identity of the End-User named in the Certificate The status of the End-User as a device owned, controlled or managed by ING, and Where applicable, the status of the domain name included in the Certificate as being in the possession of ING. Only devices owned, managed or controlled by 100% ING Group entities are eligible to use Extended Validation Certificates issued by the ING Technical CA 2005. Under this Policy, no Certificates will be issued to natural persons or to any organisational or legal entities. Since the ING Technical CA 2005 restricts its certification services to non-personal devices, it can only deliver such services with the participation of one or more natural persons representing the certified hardware. As a result, where this Policy speaks of an End-User, this not only refers to the hardware but also refers to its representative(s). Under this Policy, ING devices can only be represented by Employees of ING for certification purposes. Cross-certification with CA s operated by other parties then ING is not permitted under this Policy. 1.2. Definition of Terms ING PKI Certificate Practice Statement : 1.2 The definitions of terms used in this Policy are determined by the ING PKI Glossary. 4 ING CORPORATE PKI TECHNICAL CERTIFICATE POLICY VERSION 5.4 - NOVEMBER 2015

1.3. Identification ING PKI Certificate Practice Statement : 1.3 Policy Name Policy Qualifier ING PKI Technical Certificate Policy ING Bank NV is the issuer of this certificate. Restrictions may apply to its use - please check the applicable CP and CPS for details. For information, contact www.ing.com/pki or pki@ing. com Policy Version 5.4 Policy Status Final Policy Ref/OID 1.3.6.1.4.1.2787.200.1.6.2 Policy Ref/OID - 1.3.6.1.4.1.2787.200.1.6.2.80 Extended Validation Certificates Date of Issue 09-11-2015 Date of Expiry Na Related CPS ING PKI Certificate Practice Statement 1.4. Administration & Contact Information ING PKI Certificate Practice Statement : 1.6 The Certificate Policy ING PKI Technical CA is managed by the ING PKI Policy Approval Authority (PAA). All questions regarding this Policy can be addressed via email: pki@ing.com 2. Applicability ING PKI Certificate Practice Statement : 1.4, 1.5 The Certificates issued under this Policy are primarily applicable to use to secure electronic communications between ING devices (e.g. servers, routers, VPN hosts, etc) and Customers of ING. In addition, they are also to be used to secure electronic communications between ING and third parties, both devices and natural persons, and to secure communications between ING servers. A Certificate issued by the ING PKI Technical CA is stored as a Software Token and is, as a result, a medium level confirmation of the End-User s identity and status as an ING device. Depending on type, it allows the End-User to, amongst others: Identify itself to, and be authenticated by, Employees and Customers of ING Create Secure Socket Layer (SSL) connections for confidentiality purposes, and Enable Virtual Private Network (VPN) applications. It is the Relying Party s sole responsibility to decide for which communications, including but not limited to transactions, it relies on a Certificate issued by the ING PKI Technical CA, based on its own perception of the trustworthiness of the procedures followed prior to Certificate issuance (as described in section 6 of this Policy) This Policy is binding on each End-User that applies for and/or obtains Certificates issued by the ING PKI Technical CA, by virtue of the Terms and Conditions ING PKI Technical CA (hereafter to be referred to as the Terms ). 3. Obligations ING PKI Certificate Practice Statement : 2.1 3.1. CA Obligations ING PKI Certificate Practice Statement : 2.1.1 The ING PKI Technical CA, including its Operators, shall be obliged to: Operate in accordance with this Policy and the ING PKI CPS, as well as with any applicable laws of the governing jurisdiction Frequently verify that all its subordinate RAs comply with the relevant provisions of this Policy and of the ING PKI CPS Only generate a Certificate upon a receipt of a valid Certificate issuance approval from an RA Securely distribute Activation Data and Private Keys to its End-Users and Publish Certificates in the ING PKI Repository and maintain Certificate information therein, including CRL s. 3.2. RA Obligations ING PKI Certificate Practice Statement : 2.1.2 Each RA, including its Operators, shall be obliged to: Validate the identity of End-Users in a manner complying with the procedures defined in this Policy and in the ING PKI CPS Take all reasonable measures to ensure that End-Users are aware of their respective rights and obligations with respect to the use of Certificates issued under this Policy Operate in accordance with this Policy and the ING PKI CPS, as well as with any applicable laws of the governing jurisdiction, and Store proof of all checks performed before Certificate issuance approval. 3.3. End-User Obligations ING PKI Certificate Practice Statement : 2.1.3 The obligations of End-Users of the ING PKI Technical CA are exclusively dealt with by the Code of Conduct for the ING PKI Technical CA, as well as by the ING PKI CPS. No additional stipulations are made by this Policy. ING CORPORATE PKI TECHNICAL CERTIFICATE POLICY VERSION 5.4 - NOVEMBER 2015 5

3.4. Relying Party Obligations ING PKI Certificate Practice Statement : 2.1.4 All persons or entities acting as Relying Parties under this Policy shall be obliged to: Verify Certificates in accordance with the certification path validation procedure specified in ITU-T Rec. X.509:1997 ISO/ IEC 9594-8 (1997), taking into consideration any critical extensions, and Trust a Certificate issued by the ING PKI Technical CA only if the Certificate has not been expired, suspended or revoked, and only if a proper chain of trust can be established to the ING PKI Root CA. 3.5. Repository Obligations ING PKI Certificate Practice Statement : 2.1.5 All obligations regarding the ING PKI Repository are exclusively dealt with by the ING PKI Certification Practice Statement. No additional stipulations are made by this Policy. Technical CA, such incidents will be covered as part of the CA liability as defined and restricted in 4.1. 4.3. Governing Law ING PKI Certificate Practice Statement : 2.4.1 The construction, validity, interpretation, enforceability and performance of this Policy are governed by the laws of The Netherlands. In case of a dispute regarding the ING PKI Technical CA or Certificates issued by it, ING Bank NV shall use its best efforts to negotiate such a dispute in good faith and to settle it amicably. If such negotiations fail to resolve the dispute within two weeks, either party shall be entitled to submit the dispute to arbitrage in accordance with the rules of The Netherlands Arbitration Institute. The language of the proceedings shall be English. Neither party shall be restricted in its right to seek immediate injunctive relief ( voorlopige voorzieningen ) in summary proceedings ( kort geding ) if it deems such necessary. 4. Liability ING PKI Certificate Practice Statement : 2.2 4.1. CA Liability ING PKI Certificate Practice Statement : 2.2.1 ING Bank NV shall not be liable for any (financial) damages as a result of the property damages ( vermogensschade ) and/or any purely financial damages ( zuivere vermogensschade ), which shall include, without limitation, damages due to late delivery, loss of or damage to data, loss of profits or income, incurred by Customers or by other parties. In no event shall the aggregate and cumulative liability of ING Bank NV exceed the amount of 1.000.000,- (one million euro s) per incident. ING Bank NV shall not be liable for the content of communication and/or transactions initiated by Customers or by other parties, nor for any damages resulting from use of the Certificate not permitted under this Policy or in the ING PKI CPS. ING accepts no liability for loss of data, including Certificates, or for the inability to use the ING PKI due to a defect in or failure to function of telecommunications or data communications facilities, regardless of the manner in which the transmission takes place. 4.2. RA Liability ING PKI Certificate Practice Statement : 2.2.2 ING Bank NV does not accept any liability for ING entities functioning as an RA subordinate to the ING PKI Technical CA. Insofar damages have been incurred by Customers or by other parties as a result of the performance of an RA of the ING PKI 5. Confidentiality ING PKI Certificate Practice Statement : 2.8 Insofar personal data is collected during the registration phase; it is kept confidential and handled in full compliance with applicable data protection legislation. The ING PKI Privacy Statement applies to all ING PKI activities, including those of the ING PKI Technical CA. 6. Identification & Authentication ING PKI Certificate Practice Statement : 3.1 Before a Certificate is being issued by the ING PKI Technical CA, the identity of the End-User is validated by a subordinate RA. The validation will require: Evidence of the status of the device to be certified as being owned, managed or controlled by ING, either through a review of credentials submitted by the End-User, or by referencing an internal or external information system such as an up to date database Evidence of the authority of the representative to request a Certificate on behalf of the End-User, and In case the Certificate is to be used in combination with a domain name, evidence of the status of that domain as being in possession of ING by referencing the InterNIC database. Derived registration is possible in that the End-User has either been pre-registered with ING or has already registered with a third party information system trusted for the purpose of identity validation in both instances of which he had the same strict registration procedure applied. 6 ING CORPORATE PKI TECHNICAL CERTIFICATE POLICY VERSION 5.4 - NOVEMBER 2015

Credentials to be supplied by the End-User and identification and authentication requirements will be described in the appropriate procedures for certificate requests. Names to be registered for certificates need to be meaningful, in so far that names are to be tracked back to the subscriber. 7. Certificate Application Procedure ING PKI Certificate Practice Statement : 4.1 Each request for a Certificate to be issued by the ING PKI Technical CA must at least contain the following procedural steps: Submitting proof of the identity and status of the End-User in accordance with section 6 of this Policy Submitting proof of Private Key possession by the End-User in case of key pair generation by the End-User Storing evidence with regard to all validation procedures performed by the RA. 8. Certificate Issuance & Delivery ING PKI Certificate Practice Statement : 4.2 Only after successful identification and authentication of an End-User, in accordance with sections 6 and 7 of this Policy, the ING PKI Technical CA will: Generate a Certificate using the contents of the Certificate Application Generate a corresponding public and Private Key in case of key pair generation by the ING PKI Technical CA, or verify the possession of a Private Key in case of key pair generation by the End-User Securely distribute the Certificate and, in case of key pair generation by the ING PKI Technical CA, the associated Private Key to the End-User Provide Activation Data and instructions for the collection and/or acceptance of a Certificate For EV SSL no wild card certificates will be allowed For EV SSL Certificate requests to be authorised, two separated RAO-groups are required. An individual RAO can only be part of one of these groups. 9. Certificate Acceptance ING PKI Certificate Practice Statement : 4.3 The End-User shall explicitly accept the Certificate requested by him. By accepting a Certificate, the End-User certifies that to his or her knowledge: No unauthorised person has ever had access to the Private Key corresponding to the Public Key contained in the Certificate No unauthorised person has ever had access to Activation Data All information contained in the Certificate is correct and up to date, and The Certificate is functioning properly with the certified device or application. 10. Administrative Procedures ING PKI Certificate Practice Statement : 8 The End-User shall be notified by the RA about: Issuance of the certificate Suspension of the certificate Revocation of the certificate Expiring of the certificate insofar the notification is not a part of the actual operation of the RA. Administrative procedures as described in the ING PKI CPS apply to this Policy as well. Certificates and/or Private Keys will be delivered directly to the End-User separate from any required Activation Data. In case of key pair generation by the ING PKI Technical CA, the Private Key will be securely distributed to the End-User in a manner separated from the distribution of Activation Data. Once the ING PKI Technical CA has issued a Certificate, it is immediately offered for publication in the ING PKI Repository. ING CORPORATE PKI TECHNICAL CERTIFICATE POLICY VERSION 5.4 - NOVEMBER 2015 7

Contact information www.ing.com/pki ING PKI Service Centre PO Box 1800 1000 BV Amsterdam the Netherlands pki@ing.com 2015, ING Group N.V. All rights reserved. PKI Service Center 005 1115 ING Bank N.V.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback