Trustis DTP Certificate Policy
PKI Disclosure Statement

Important Notice:
This document (PKI Disclosure Statement) does not substitute or replace the Certificate Policy under which digital certificates from Trustis DTP are issued.

The Certificate Policy (CP) under which digital certificates are issued is defined by two documents:

  1. PKI Disclosure Statement (this document),

  2. Certificate Policy at http://www.trustis.com/pki/dtp/index.htm

You must read the Certificate Policy. Click Here to read the Trustis DTP Certificate Policy before you apply for or rely on a certificate issued by Trustis DTP.

The purpose of this document is to:

  • Summarise the key points of the Standard Certificate Policy for the benefit of Subscribers and Relying Parties.

  • Provide additional detail and further provisions that apply to the Standard Certificate Policy and which are incorporated in it by reference.

    • Certificates issued by this Issuing Authority reference this document, and consequently the Trustis DTP Certificate Policy at http://www.trustis.com/pki/dtp/index.htm

    1. Policy Authority & Issuing Authority Contact Info:

    1.Policy Authority:
    Trustis DTP Policy Authority
    Trustis Limited
    Building 273
    New Greenham Park
    Greenham Common
    Thatcham
    RG19 6HN
    UK
    Tel:  +44 (0)870 429 4724
    Fax: +44 (0)1635 231366
    email: policy.authority@trustis.com

    2. Issuing Authority:
    Trustis DTP Issuing Authority
    Trustis Limited
    Building 273
    New Greenham Park
    Greenham Common
    Thatcham
    RG19 6HN
    UK
    Tel:  +44 (0)870 429 4724
    Fax: +44 (0)1635 231366
    email: issuing.authority@trustis.com

    3. Registration Authorities:
    Registry Administration Team
    British Chambers of Commerce
    Tel:  +44 (0)2476 472 532
    www.chambercard.co.uk
    info@chambercard.co.uk

    4. Certificate Operations:
    Trustis Limited
    Building 273
    New Greenham Park
    Greenham Common
    Thatcham
    RG19 6HN
    UK
    Tel:  +44 (0)870 429 4724
    Fax: +44 (0)1635 231366
    email: registrar@trustis.com

     

    2. Certificate Type, Validation Procedures, and Usage:

    The Digital Certification Services provided by Trustis DTP implement a closed public key infrastructure in the sense that access and participation is only open to those who both satisfy eligibility criteria and are approved by the Trustis DTP Issuing Authority.  The only trust service providers and end entities authorised and approved to issue, obtain, use, and/or rely upon certificates that reference this Policy are clearly defined conditional upon their first agreeing to be bound by the terms of this Policy.

    The Digital Certification Services provided by Trustis DTP under this Certificate Policy support secure operations for interaction with. MOD DECS secure e-business portal and associated systems. Certificates provided by this service are supported by the use of strong cryptography and highly robust registration mechanisms to provide a high level of assurance of the identity of organisations and individuals being certified. Certificates issued under this policy may only be used for authentication in support of business applications and services approved by the Trustis DTP Issuing Authority, requiring digital signatures for authentication of identities.

    Acceptable documentary evidence that can be provided in support of an application for a certificate is provided by the Approved Registration Authority and can be found here

    3. Reliance Limits:

    The Trustis DTP Issuing Authority does not set reliance limits for certificates issued under this policy. Reliance limits may be set by other policies, application controls, and applicable law or by agreement.  See Limitation of Liability, below.

    4. Obligations of Subscribers:

    It is the responsibility Subscribers to:

  • Review their issued certificate to confirm the accuracy of the subscriber information contained within it before first use

  • Use only smartcards issued by Trustis DTP as the system for generating and obtaining a key pair and certificate, and to prevent any loss, disclosure, or unauthorised use of the smartcard or private key held on the smartcard

  • Keep private keys confidential

  • Keep confidential, any passwords, pass-phrases, PINs or other personal secrets used in obtaining authenticated access to the smartcard or PKI facilities

  • Make only true and accurate representations to any Registration Authority and/or Issuing Authority as to the information required to determine eligibility for a certificate and for information contained within the certificate

  • In accordance with the Trustis DTP Certificate Policy, exclusively use their certificate for legal purposes and restricted to those authorised purposes detailed by the Trustis DTP Certificate Policy

  • Immediately notify the Registration Authority of a suspected or known key compromise in accordance with the procedures laid down in the Trustis DTP Certificate Policy

    		•

    5. Certificate Status checking obligations of Relying Parties:

    A relying party may justifiably rely upon a certificate only after:

  • Ensuring that reliance on certificates issued under the Trustis DTP Certificate Policy is restricted to appropriate uses (see "Certificate Type, Validation Procedures and Usage" above for a summary of approved usages).

  • Ensuring that the certificate remains valid and has not been revoked or suspended by accessing any and all relevant certificate status information.

  • Determining that such certificate provides adequate assurances for its intended use.

    		•

    6. Limited Warranty & Disclaimer/Limitation of Liability:

    By signing a certificate containing a policy identifier which indicates the use of this policy, the Trustis DTP Issuing Authority certifies to all who reasonably rely on the information contained in the certificate that the information in the certificate has been checked according to the procedures laid down in this Policy.

    The Trustis DTP Issuing Authority assumes no liability whatsoever in relation to the use of certificates or associated public/private key pairs issued under this policy for any use other than in accordance with this policy and any other agreements. Subscribers will immediately indemnify the Issuing Authority from and against any such liability and costs and claims arising therefrom.

    The Trustis DTP Issuing Authority shall not be liable for any consequential, indirect or incidental damages, nor for any loss of business, loss of profit or loss of management time, whether foreseeable or unforeseeable, arising out of breach of any express or implied warranty, breach of contract, tort, misrepresentation, negligence, strict liability however arising, or in any other way arising from or in relation to the use of or reliance on, any Digital Certificate except only in the case of the Issuing Authority's negligence, wilful misconduct, or where otherwise required by applicable law.

    Nothing in this Certificate Policy excludes or restricts liability for death or personal injury resulting from negligence or the negligence of its employees, agents or contractors.

    The Trustis DTP Issuing Authority excludes all liability of any kind in respect of any transaction into which an End-Entity may enter with any third party.

    The Trustis DTP Issuing Authority is not liable to End Entities either in contract, tort (including negligence) or otherwise for the acts or omissions of other providers of telecommunications or Internet services (including domain name registration authorities) or for faults in or failures of their equipment.

    Each provision of this Policy, excluding or limiting liability, operates separately. If any part is held by a court to be unreasonable or inapplicable, the other parts shall continue to apply.

    7. Applicable Agreements, Certification Practice Statement, Certificate Policy:

  • A Subscriber Agreement can be found at:

    •  
    http://www.trustis.com/pki/dtp/subscriber-agreement.pdf

  • This document (PKI Disclosure Statement) can be found at:

    •  
    http://www.trustis.com/pki/dtp/disclosure-v1.04.2.htm

  • The Trustis FPS Certificate Policy can be found at:

    •  
    http://www.trustis.com/pki/dtp/index.htm

  • The Certification Practice Statement is not normally made generally available, but under special circumstances and at the discretion of the Issuing Authority, may be obtained on application to the Issuing Authority as detailed above.

  • Guidance in the use of certificates can be found at:

    •  
    https://dtpregistration.trustis.com/onestep/userhelp/index.htm

    8. Privacy Policy:

    Trustis DTP and Trustis Ltd strongly believes in an individual's rights to privacy, and operates this Digital Certification Service according to an extensive Privacy Charter which can be found at: http://www.trustis.com/pki/dtp/privacy-charter.pdf

    9. Refund Policy:

    No refunds will be made.

    10. Applicable Law & Dispute Resolution:

    Disputes shall be handled in accordance with the Trustis complaints process. This documentation can be obtained by applying to the Issuing Authority contacts listed in section 1 of this document.

    The provision of Certification Services shall be governed by English law and all parties shall submit to the exclusive jurisdiction of the courts of England and Wales

    11. CA & Repository Licences Trust Marks & Audit:

    Certificates are manufactured under this policy through the use of a service provided by Trustis Ltd which is both accredited to ISO17799 and has attained tScheme approval for its Certificate Factory services.

    Audit shall be carried out on an annual basis.  The following Auditors have been approved under this policy:

  • Audit resources of contracted Trust Service Providers

  • A certified public accountant with demonstrated expertise in computer security or an accredited computer security professional

    		•

    12. Identification of this Certificate Policy:

    This Policy has been registered with Trustis Limited and has been assigned an Object Identifier (OID) of: 1.3.6.1.4.1.5237.115.1.1

    13. Approved Registration Authorities

    The following Registration Authorities have been approved by the Issuing Authority to register subscribers under this policy:

  • ChamberSign Limited

  • Trustis Ltd

    		•

    14. Approved Repositories

    The following Repositories have been approved by the Issuing Authority under this policy:

  • Trustis Ltd

    		•

    15. Eligible Subscribers

    The following types of subscribers are eligible to be issued with certificates under this policy:

  • Individuals who are authenticated to HM Government Authentication Framework Level 3

    •     And

  • whose organisation is authenticated to HM Government Authentication Framework Level 3

    •     And are

  • authorised users of the DECS Secure e-business Trading Portal.

    		•

    16. Eligible Relying Parties

    The following types of Relying Parties are eligible to rely on certificates issued under this policy:

  • MoD
  • Capgemini
  • DECS Secure Services and associated systems.

    		•

    17. Certificate Status Information

    Certificate Revocation Lists (CRLs) shall be published at least every 24 hours.


    Copyright © Trustis Limited 2010. All Rights Reserved
    This document is licensed for use only in conjunction with the use of Trustis Trust Services