WIXLIB

VERISIGNNON-INDIVIDUAL CERTIFICATE POLICY(VERISIGN GATEKEEPER NONINDIVIDUAL CP)Date of Publication: July 2004Proposed Effective Date: July 2004Non-Individual CP v7.9.docPage 1 of 39

Copyright 2001-2004 VeriSign Australia Pty Ltd. All rights reserved.No part of this publication may be reproduced, stored in, or introduced into a retrieval system, or transmitted, in anyform or by any means (electronic, mechanical, photocopying, recording, or otherwise), without prior writtenpermission of VeriSign Australia Pty Ltd. Notwithstanding the above, permission is granted to reproduce anddistribute this document for an individual or organisation’s own uses on a nonexclusive, royalty-free basis, providedthat (i) the foregoing copyright notice and the beginning paragraphs are prominently displayed at the beginning ofeach copy, and (ii) this document is accurately reproduced in full, complete with attribution of the document toVeriSign Australia Pty Ltd.The eSign thumbprint and logo is a trademark of VeriSign Australia Pty Ltd. eSign Gatekeeper Services is aregistered business name of VeriSign Australia Pty Ltd under which VeriSign Australia Pty Ltd provides Gatekeeperservices.VeriSign is a registered trademark of VeriSign, Inc. VeriSign Trust Network is a trademark of VeriSign, Inc. Allother trademarks and service marks are the property of their respective owners.Non-Individual CP v7.9.doc - 21 Jul 2004 16:07Page 2 of 39

TABLE OF CONTENTS1.INTRODUCTION.61.0Structure of this Certificate Policy and relationship to CPS* .61.1Overview.61.2Identification .61.3Community and applicability .61.3.1Certification Authorities (CAs).61.3.2Registration Authorities (RAs) .71.3.3End Entities .71.3.4Applicability.71.3.4.1Scope of use of Non-Individual Certificates*.71.3.4.2Restrictions on use* .71.3.5Gatekeeper Accreditation* .71.4Contact Details .71.4.1PKI Service Providers .71.4.2Specification Administration Authorities .81.4.3Contact Person.81.4.4Competent Authority .81.4.5Person determining CPS suitability for this CP.82.GENERAL PROVISIONS.82.1Obligations generally* .82.1.0RCA Obligations* .92.1.1CA obligations .92.1.1.1Certificate Issue* .92.1.1.2Key Management*.92.1.1.3Directories and Certificate Revocation*.92.1.1.4General*.92.1.1.5Obligations of Subordinate CAs* .102.1.2RA Obligations .102.1.3Subscriber Obligations* .102.1.3.1Key Holder Obligations .102.1.3.2Organisation Obligations* .112.1.4Relying Party obligations .122.1.4.1 Validating Digital Signatures* .122.1.5Repository Obligations .132.2Liability.132.2.1Liability Generally*.132.2.2Liability of the Commonwealth* .142.2.3Force majeure*.142.2.4VeriSign and Relevant RA Liability* .142.2.5Subscriber Liability*.152.2.5.1Organisation .152.2.5.2Key Holder Liability.162.2.6Relying Party Liability.162.3Financial responsibility .162.3.1Indemnification of Relying Parties .162.3.2Fiduciary relationships .162.3.3Administrative processes .162.4Interpretation and Enforcement .162.4.1Governing law .162.4.2Severability, survival, merger, 72.4.2.3Notice* .172.4.2.4Precedence* .172.4.3Dispute resolution procedures .182.5Fees .182.5.1Certificate Issuance or Renewal fees.182.5.2Certificate access fee.182.5.3Revocation or status information access fee .182.5.4Fees for other services such as policy information .182.5.5Refund Policy .182.6Publication and Repository .182.6.1Publication of CA information .182.6.2Frequency of publication.192.6.3Access controls .192.6.4Repositories.19Non-Individual CP v7.9.doc - 21 Jul 2004 16:07Page 3 of 39

2.7Compliance audit.192.8Privacy and Data Protection .192.8.1Types of information to be kept confidential.192.8.1.1Confidential Information*.192.8.1.2Personal Information*.192.8.1.3Other information which is protected*.202.8.2Types of information not considered confidential.202.8.2.1Certificate Information*.202.8.3Disclosure of Certificate Revocation/Suspension information.202.8.4Release to law enforcement officials .202.8.5Release as part of civil discovery .202.8.6Disclosure upon owner's request.202.8.7Other information release circumstances.202.9Intellectual Property Rights .213.IDENTIFICATION AND AUTHENTICATION .213.1Initial Registration.213.1.1Types of names.213.1.2Need for names to be meaningful .223.1.3Rules for interpreting various name forms .223.1.4Uniqueness of names .223.1.5Name claim dispute resolution procedure .223.1.6Recognition, authentication and role of trademarks .223.1.7Method to prove possession of Private Key.223.1.7A Verification* .223.1.8Verification of identity of Organisation.233.1.9Verification of Identity of an Individual.233.1.10 Verification of the Authority of a Subscriber*.243.2Routine ReKey (Renewal) .243.3Reissue.253.4Revocation Request.254.OPERATIONAL REQUIREMENTS .254.0Operations Manuals*.254.1Certificate Application .264.1.1Registration* .264.1.2Duties of PKI Service Providers* .264.2Certificate issuance.264.3Certificate Acceptance .264.4Certificate Suspension and Revocation .274.4.1Circumstances for Revocation.274.4.2Who can request Revocation.274.4.3Procedure for Revocation request.284.4.4Revocation request grace period.284.4.5Certificate Suspension .284.4.6Who can request Suspension.284.4.7Procedure for Suspension request .284.4.8Limits on Suspension period.284.4.9CRL issuance frequency (if applicable).284.4.10 CRL checking requirements .294.4.11 On-line revocation/status checking availability .294.4.12 On-line Revocation checking requirements .294.4.13 Other forms of Revocation advertisements available .294.4.14 Checking requirements for other forms of Revocation advertisements .294.4.15 Special requirements re Key Compromise.294.4A Certificate Expiry*.294.5Security Audit Procedures .294.6Records Archival .294.7Key changeover .294.8Compromise and Disaster Recovery.294.8.1Computing resources, software, and/or data are corrupted .304.8.2Entity Public Key is Revoked .304.8.3Entity Key is Compromised.304.8.4Secure facility after a natural or other type of disaster .304.9PKI Service Provider Termination* .305.PHYSICAL, PROCEDURAL AND PERSONNEL SECURITY CONTROLS.316.TECHNICAL SECURITY CONTROLS .32Non-Individual CP v7.9.doc - 21 Jul 2004 16:07Page 4 of 39

6.36.3.16.3.26.46.4.16.4.26.4.36.56.66.76.8Key Management*.32Key Pair Generation and Installation .32Key Pair generation.32Private Key delivery to Entity .32Public Key Delivery to Certificate Issuer .32VeriSign CA Public Key delivery to users.33Key sizes .33Public Key parameters generation .33Parameter quality checking.33Hardware/software Key generation .33Key usage purposes (as per X.509 v 3 Key Usage field) .33Private Key Protection.33Standards for Cryptographic Module.33Private key (n out of m) multi-person control .33Private Key Escrow .33Private Key backup .34Private Key archival .34Private Key entry into Cryptographic Module.34Method of activating Private Key .34Method of deactivating Private Key .34Method of destroying Private Key.34Other Aspects of Key Pair Management .34Public Key archival.34Usage periods for the Public and Private Keys.34Activation Data .34Activation Data generation and installation .34Activation Data protection .34Other aspects of Activation Data .35Computer Security Controls.35Life Cycle Technical Controls .35Network Security Controls .35Cryptographic Module Engineering Controls .357CERTIFICATE AND CRL PROFILES .367.1Certificate Profile .367.1.1Version Number(s) .387.1.2Certificate Extensions .387.1.3Algorithm object identifiers.387.1.4Name forms .387.1.5Name Constraints.387.1.6Certificate Policy Object Identifier.387.1.7Usage of Policy Constraints extension.387.1.8Policy qualifiers syntax and semantics.387.1.9Processing semantics for the critical Certificate Policy extension.387.2CRL Profile .387.2.1Version number(s).387.2.2CRL and CRL entry extensions .3888.18.28.3SPECIFICATION ADMINISTRATION .39Specification Change Procedures .39Publication and notification policies.39CP approval procedures .39Non-Individual CP v7.9.doc -

1. VeriSign Australia Pty Ltd trading as eSign Gatekeeper Services provides both Public and Private certification services using technology from VeriSign Inc. This Certificate Policy ("CP") sets out a number of policy and operational matters in relation to the Gatekeeper Type 2 Certificate ("Non-Individual Certificates"). 2.