© 2001 Digital Signature Trust Co. All rights reserved.

Certification Practices Statement

Digital Signature Trust Co.
Certification Practices Statement For Access Certificates for Electronic Services (ACES)

Version 3.2

Copyright 2001 Digital Signature Trust Co. All rights reserved. This document is subject to change without notice.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

Table of Contents
1 INTRODUCTION .................................................................................................... 1 1.1 CPS OVERVIEW .....................................................................................................1 1.2 POLICY IDENTIFICATION .........................................................................................1 1.3 COMMUNITY AND APPLICABILITY ..........................................................................2 1.3.1 Approved Applications...................................................................................3 1.3.2 Prohibited Applications..................................................................................3 1.4 CONTACT DETAILS ................................................................................................3 2 GENERAL PROVISIONS ....................................................................................... 4 2.1 RIGHTS AND OBLIGATIONS .....................................................................................4 2.1.1 CA Rights and Obligations.............................................................................4 2.1.2 CA Right to Subcontract ................................................................................4 2.1.3 RA Obligations ...............................................................................................5 2.1.4 Subscriber Contractual Obligations...............................................................5 2.1.5 Applicant (Person Authorized to Receive Certificate for Qualified Relying Party Application) .....................................................................................................29 AUTHORIZING OFFICIAL OF QUALIFIED RELYING PARTY.............................29 2.1.6 Relying Party Rights and Obligations ..........................................................31 2.1.6 Repository Obligations ....................................................................................31 2.2 LIABILITY.............................................................................................................31 2.2.1 CA Liability..................................................................................................32 2.2.2 RA Liability...................................................................................................32 2.2.3 Repository Liability ......................................................................................32 2.3 FINANCIAL RESPONSIBILITY .................................................................................32 2.4 INTERPRETATION AND ENFORCEMENT ..................................................................32 2.4.1 Governing Law ............................................................................................32 2.4.2 Severability, Survival, Merger, and Notice..................................................32 2.4.3 Dispute Resolution Procedures ....................................................................33 2.5 FEES .....................................................................................................................33 2.5.1 Certificate Issuance or Renewal Fees ..........................................................33 2.5.2 Certificate Access Fees ................................................................................33 2.5.3 Revocation or Status Information Access Fees............................................33 2.5.4 Fees for Other Services Such as Policy Information ...................................33 2.5.5 Refund Policy ...............................................................................................33 2.6 PUBLICATION AND REPOSITORY ...........................................................................34 2.6.1 Publication of CA Information ....................................................................34 2.6.2 Frequency of Publication.............................................................................34 2.6.3 Access Controls............................................................................................34 2.6.4 Repositories ..................................................................................................34 2.7 COMPLIANCE AUDIT ............................................................................................34 2.8 CONFIDENTIALITY AND PRIVACY..........................................................................35
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement ii

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

2.9 3

INTELLECTUAL PROPERTY RIGHTS ........................................................................36

IDENTIFICATION AND AUTHENTICATION.................................................. 37 3.1 INITIAL REGISTRATION .........................................................................................37 3.1.1 Types of Names ............................................................................................37 3.1.2 Need for Names to be Meaningful ...............................................................37 3.1.3 Rules for Interpreting Various Name Forms................................................38 3.1.4 Uniqueness of Names...................................................................................38 3.1.5 Name Claim Dispute Resolution Procedure.................................................38 3.1.6 Recognition, Authentication, and Role of Trademarks................................38 3.1.7 Verification of Possession of Key Pair.........................................................38 3.1.8 Authentication of Organizational Identity ...................................................39 3.1.9 Authentication of Individual Identity...........................................................39 3.2 ROUTINE REKEY AND CERTIFICATE RENEWAL......................................................39 3.3 REKEY AFTER REVOCATION ..................................................................................39 3.4 REVOCATION REQUEST .........................................................................................39

4

OPERATIONAL REQUIREMENTS.................................................................... 40 4.1 CERTIFICATE APPLICATION ..................................................................................40 4.2 CERTIFICATE ISSUANCE........................................................................................42 4.3 CERTIFICATE ACCEPTANCE ..................................................................................42 4.4 CERTIFICATE SUSPENSION AND REVOCATION .......................................................43 4.4.1 Circumstances for Revocation .....................................................................43 4.4.2 Who Can Request Revocation ......................................................................44 4.4.3 Procedure for Revocation Request...............................................................45 4.4.4 Circumstances for Suspension .....................................................................45 4.4.5 Who Can Request Suspension ......................................................................45 4.4.6 Procedure for Suspension Request ...............................................................46 4.4.7 Limits on Suspension Period ........................................................................46 4.4.8 CRL Issuance Frequency (If Applicable)......................................................46 4.4.9 Online Revocation/Status Checking Availability .........................................46 4.4.10 Online Revocation Checking Requirements.................................................47 4.4.11 Other Forms of Revocation Advertisements Available................................47 4.4.12 Checking Requirements for Other Forms of Revocation Advertisements...47 4.4.13 Special Requirements Rekey Compromise ...................................................47 4.5 SECURITY AUDIT PROCEDURES .............................................................................47 4.6 RECORDS ARCHIVAL.............................................................................................48 4.6.1 Types of Events Recorded ............................................................................48 4.6.2 Retention Period for Archive .......................................................................51 4.6.3 Protection of Archive...................................................................................51 4.6.4 Archive Backup Procedures.........................................................................52 4.6.5 Archive Collection System (Internal or External)........................................52
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement iii

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4.6.6 Procedures to Obtain and Verify Archive Information................................52 4.7 KEY CHANGEOVER ...............................................................................................52 4.8 COMPROMISE AND DISASTER RECOVERY..............................................................52 4.9 CA TERMINATION................................................................................................53 5 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS . 53 5.1 PHYSICAL CONTROLS ...........................................................................................53 5.2 PROCEDURAL CONTROLS......................................................................................55 5.2.1 Operating System Administrators ................................................................55 5.2.2 CA Operators ...............................................................................................56 5.2.3 Directory/Repository Administrators ...........................................................56 5.2.4 Help Desk Infrastructure Personnel.............................................................57 5.2.5 Network Infrastructure Personnel ...............................................................57 5.2.6 Backup Operators ........................................................................................57 5.2.7 DST Management Group .............................................................................58 5.3 PERSONNEL CONTROLS.........................................................................................58 5.3.1 Background, Qualifications, Experience, and Clearance Requirements .....58 5.3.2 Background Check Procedures....................................................................59 5.3.3 Training Requirements.................................................................................59 5.3.4 Retraining Frequency and Requirements.....................................................60 5.3.5 Job Rotation Frequency and Sequence ........................................................60 5.3.6 Sanctions for Unauthorized Actions ............................................................60 5.3.7 Contracting Personnel Requirements ..........................................................60 5.3.8 Documentation Supplied to Personnel.........................................................60 6 TECHNICAL SECURITY CONTROLS ............................................................... 61 6.1 KEY PAIR GENERATION AND INSTALLATION ........................................................61 6.1.1 Key pair generation......................................................................................61 6.1.2 Private Key Delivery to Entity.....................................................................61 6.1.3 Public Key Delivery to Certificate Issuer.....................................................62 6.1.4 CA Public Key Delivery to Users.................................................................62 6.1.5 Key Sizes.......................................................................................................63 6.1.6 Public Key Parameters Generation .............................................................63 6.1.7 Parameter Quality Checking .......................................................................63 6.1.8 Hardware/Software Key Generation ...........................................................63 6.1.9 Key Usage Purposes (As Per X.509 v3 Key-Usage Field)...........................63 6.2 PRIVATE KEY PROTECTION ...................................................................................64 6.2.1 Standards for Cryptographic Module ..........................................................64 6.2.2 Private Key (n out of m) Multiperson Control.............................................64 6.2.3 Private Key Escrow .....................................................................................64 6.2.4 Private Key Backup .....................................................................................64 6.2.5 Private Key Archival....................................................................................64 6.2.6 Private Key Entry into Cryptographic Module............................................64
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement iv

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

6.2.7 Method of Activating Private Key ...............................................................64 6.2.8 Method of Deactivating Private Key ...........................................................65 6.2.9 Method of Destroying Private Key ..............................................................65 6.3 OTHER ASPECTS OF KEY PAIR MANAGEMENT ......................................................65 6.3.1 Public Key Archival .....................................................................................65 6.3.2 Usage Periods for the Public and Private Keys ..........................................65 6.4 ACTIVATION DATA ..............................................................................................65 6.4.1 Activation Data Generation and Installation ..............................................66 6.4.2 Activation Data Protection..........................................................................66 6.4.3 Other Aspects of Activation Data................................................................66 6.5 COMPUTER SECURITY CONTROLS .........................................................................66 6.6 LIFE-CYCLE TECHNICAL CONTROLS......................................................................66 6.6.1 System Development Controls .....................................................................66 6.6.2 Security Management Controls....................................................................67 6.6.3 Life-Cycle Security Ratings ..........................................................................67 6.7 NETWORK SECURITY CONTROLS ..........................................................................67 6.8 CRYPTOGRAPHIC MODULE ENGINEERING CONTROLS.............................................67 7 CERTIFICATE AND CRL PROFILES ................................................................ 67 7.1 CERTIFICATE PROFILE ..........................................................................................67 7.1.1 Version Number(s) .......................................................................................68 7.1.2 Certificate Extensions..................................................................................68 7.1.3 Algorithm Object Identifiers ........................................................................69 7.1.4 Name Forms.................................................................................................69 7.1.5 Name Constraints ........................................................................................69 7.1.6 Certificate Policy Object Identifier..............................................................69 7.1.7 Usage of Policy Constraints Extension .......................................................69 7.1.8 Policy Qualifiers Syntax and Semantics.......................................................70 7.1.9 Processing Semantics for the Critical Certificate Policy Extension............70 7.2 CRL PROFILE .......................................................................................................70 7.2.1 Version Number(s) .......................................................................................70 7.2.2 CRL and CRL Entry Extensions...................................................................70 8 SPECIFICATION ADMINISTRATION .............................................................. 71 8.1 8.2 8.3 9 SPECIFICATION CHANGE PROCEDURES..................................................................71 PUBLICATION AND NOTIFICATION POLICIES .........................................................71 CPS APPROVAL PROCEDURES ..............................................................................71

APPENDIX: ACES PRIVACY POLICY AND PROCEDURES........................... 1 9.1 ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS ................................1 9.1.1 Handling of Information ................................................................................2 9.1.2 Information Provided to Certificate Applicant..............................................3 9.1.3 Limitations on Collection, Maintenance and Dissemination of Data............3
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement v

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

9.1.4 9.1.5 9.1.6 9.1.7 9.1.8 9.1.9

Notice of Existence of Records ......................................................................4 Access to Records by Covered Individual ......................................................6 Amendment of Records ..................................................................................8 Disclosure Accounting..................................................................................13 Reports .........................................................................................................14 Certificate Issuance Warrants......................................................................14

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement vi

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

1

INTRODUCTION

1.1

CPS Overview

This Certification Practices Statement (CPS) documents the internal practices and procedures used by Digital Signature Trust Co. (DST). It covers the operation of systems and management of facilities used to provide public key infrastructure (PKI) services described in the DST Concept of Operations, which include Certification Authority (CA), Registration Authority (RA), and repository functionality.

As with every CPS, a Certificate Policy (CP) provides additional specification of policies and procedures applicable to a particular project, to a contract or set of contracts or contract forms, or to a class of certificates issued. DST has multiple CPs under which certificates are issued, and this CPS provides practices that are common to many of these CPs.

1.2

Policy Identification

This CPS is referred to as the DST ACES CPS. This CPS alone is not intended to provide the basis for any contractual obligations.

DST has registered an Object Identifier (OID) under which it assigns CPS OIDs. This OID is {joint-iso-ccitt (2) country (16) USA (840) US-company (1) DST (113839) certificationpractices (1)}. The DST ACES Certification Practices Statement Version 3.2 is assigned a

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement 1

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

separate OID under this arc of {joint-iso-ccitt (2) country (16) USA (840) US-company (1) DST (113839) certification-practices (1) ACES (2)}.

1.3

Community and Applicability

The community of clients served by DST includes the following:

§

Clients of the DST CA service bureau requesting certificates issued under specific certificate policies

§ §

Clients for SSL certificates requesting Web server certificates Clients for repository services requesting certificates, certificate revocation lists (CRLs), and other items from the DST directories.

People become clients of DST by signing contracts with DST that cover a set of services and terms to be provided. For ACES, the ACES CP specifies three types of certificate holders: Unaffiliated Individuals, Business Representatives and Qualified Relying Party Applications. Thus, for each of the preceding communities, a subscriber contract exists (see 2.1.4), and, if necessary, CAs, RAs, end entities, and repositories are created and run as desired by the client. Many clients ask DST to run multiple CAs, RAs, and repositories on their behalf, while others ask DST to only provide a repository and will perform CA and RA services themselves.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

2

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

1.3.1

Approved Applications

Since individual DST clients define their own requirements for their requested services, the list of approved applications is determined differently for each type of certificate according to each certificate policy. There is no general set of applications for which DST approves use of certificates.

1.3.2

Prohibited Applications

Since individual DST clients define their own requirements for their requested services, the list of prohibited applications is determined differently for each type of certificate. There are no applications of certificate or repository services that DST strictly prohibits for certificates.

1.4

Contact Details

DST's Customer Service Center is available between 7 a.m. and 6 p.m. Mountain Standard Time (MST), Monday through Friday, excluding Federal holidays. DST's Customer Service Center assists subscribers with certificate- and key-related issues. Such issues include, but are not limited to, problems with key generation and certificate installation. Problems and inquiries received that are not certificate-related are directed to the relevant government agency for resolution with the subscriber. Those concerns can include, but are not limited to, problems with accessing information and inquiries of a general nature. For questions concerning ACES certificates, DST operations or the DST ACES CPS please contact: Digital Signature Trust Co. 255 North Admiral Byrd Road Salt Lake City, Utah 84116-3703 Helpdesk@trustdst.com www.trustdst.com
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

3

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

Tel: 1-888-248-4447 Tel: 1-801-326-5400 Fax: 1-801-326-5448 Otherwise, assistance is available at the Web site above, 24 hours per day, including Federal holidays, to individual subscribers, business representatives, and individuals authorized to act on behalf of agency applications.

2

GENERAL PROVISIONS

2.1

Rights and Obligations

2.1.1

CA Rights and Obligations

The CA’s rights and obligations are determined primarily by contracts with subscribers, relying parties, registrars, and others (see 2.1.4). Statutes include the Federal Privacy Act, Appendices I and III of OMB Circular A-130, the Utah Digital Signature Act, regulations, and general common or civil law. DST has standard forms for contracts with different classes of subscribers and relying parties.

2.1.1.1 CAs Authorized to Issue Certificates under this Policy Additional policies and procedures in this category are determined by client and by CP.

2.1.1.2 Subscribers Authorized to Receive Certificates Additional policies and procedures in this category are determined by client and by CP.

2.1.2

CA Right to Subcontract

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement to any person without your prior consent, unless otherwise required by law, or except as may be necessary for the performance of DST services under its contract with GSA and for auditing requirements. DST also agrees to protect your personal information in a manner designed to ensure its integrity and to make available to you, following an appropriate request and for correction if necessary, any information collected. However, information contained in your ACES certificate and related status information are not private. (That would defeat the purpose of an ACES certificate, which is to establish your identity with Qualified Relying Parties.) DST may disclose such certificate-related identification information to Qualified Relying Parties in accordance with DST's contract with the GSA. Disclosure of system records to consumer reporting systems is not permitted. 4. DST's Obligations as an ACES CA. In performing its duties as a government contractor under ACES, DST warrants that: (a) it has issued, and will manage, your ACES certificate in accordance with the requirements of the CP; (b) it has complied with all requirements of the CP when identifying You and issuing You an ACES certificate; (c) it knows of no misrepresentations of fact in the ACES certificate and that it has verified the information in the ACES certificate; (d) it has accurately transcribed information provided by You into the ACES certificate; and (e) the ACES certificate meets the material requirements of the CP. 5. Your Obligations

5.1 Submit Correct Information. You represent and warrant to DST that all of the information You submit in your application is accurate, current and complete and that You have provided DST with all Material Facts (as defined in 10.4 below) necessary to confirm your identity and the reliability of the ACES certificate to be issued. You further agree that for purposes of certificate issuance, certificate renewal and certificate replacement, You will immediately inform DST if any Material Facts submitted by You change (e.g., You have a change of address or a change in your legal name). 5.2. Binding Effect of Signed Message. For each electronic message that is digitally signed using your Private Key corresponding to the Public Key listed in your ACES Certificate that was valid at the time of such signing (“Message”), You represent and warrant, only to Qualified Relying Parties, that: (a) for purposes of complying with any applicable law that requires a “writing,” such Message shall be considered to be "in writing" or "written" to an extent no less than if it were in paper form; (b) where Yo u intended the Digital Signature as a signature, such Message shall be considered to be "signed" to an extent no less than if it were undertaken using pen and paper; (c) if introduced as evidence in any judicial, arbitration, mediation, or administrative proceedings, such Message shall be admissible to the same extent and under the same conditions as Messages originated and maintained in paper form; and (d) You will not contest the admissibility of the Message under either the business records exception to the hearsay rule, the best evidence rule, or a comparable evidentiary rule on the basis that the Message was not originated or maintained in paper form. 5.3. Protect Your Private Key. DST issues You an ACES Certificate based on a Public Key that You send to DST. In Public Key Cryptography, a Key Pair of two mathematically related keys is generated by computer software whereby a Public Key has a corresponding Private Key. The Key Pair is stored on a computer, smart card, or some other cryptographic hardware device. To obtain an ACES Certificate, You will need to submit a certificate request to DST containing your Public Key. (In most cases, a Key Pair and certificate request will be generated by your Internet browser after You "Accept" this © 2001 Digital Signature Trust Co. All rights reserved. 8 Certification Practices Statement

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement may have been lost or otherwise compromised; (c) your ACES certificate has become unreliable; (d) a Material Fact in your Certificate has changed or is no longer true; (e) You have violated any provision of this Agreement or the CP; (f) You request revocation; (g) a governmental authority has lawfully ordered DST to revoke your ACES certificate; (h) this Agreement terminates; or (i) there are any other grounds for suspension or revocation. Your right to use your ACES certificate ceases immediately upon revocation of your ACES certificate. If your certificate is revoked, DST will send you prompt notice of revocation. Once your ACES certificate has been revoked, it cannot be used or reinstated. 5.6. Cease Using Your Certificate. You agree to immediately cease using your ACES certificate, after notifying DST, in the following circumstances: (a) when You suspect or discover that the private key corresponding to your ACES certificate has been or may be compromised; (b) when a Material Fact in your ACES certificate has changed or is no longer true, (c) upon the revocation or expiration of your ACES certificate, or (d) upon termination of this Agreement. 5.7. Indemnification. You agree to indemnify and hold DST and its affiliates harmless from any and all liabilities, costs and expenses, including reasonable attorneys' fees, related to: any misrepresentation or omission of Material Fact, whether intentional or not, made by You to DST; any violation of this Agreement or the CP by You or authorized users of your Certificate; or any misuse of your ACES certificate. 6. DISCLAIMER OF WARRANTIES. DST DISCLAIMS ANY AND ALL WARRANTIES OF ANY TYPE, WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN OR ITS CONTRACT WITH THE GSA, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT WITH REGARD TO DST SERVICES OR ANY CERTIFICATE ISSUED HEREUNDER. 7. LIMITATION OF LIABILITY. DST SHALL NOT BE LIABLE FOR CONSEQUENTIAL, INDIRECT, SPECIAL, OR INCIDENTAL DAMAGES, EVEN IF DST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 8. Dispute Resolution Provisions. This Agreement shall be governed by, and interpreted and construed under, the laws of the United States, and the parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. If any provision of this Agreement is found to be invalid or unenforceable, then such documents shall be deemed amended by modifying such provision to the extent necessary to make it valid and enforceable while preserving its intent or, if that is not possible, by striking the provision and enforcing the remainder of this Agreement. Except for a controversy, claim, or dispute involving the federal government of the United States, or where the federal government may ultimately be responsible for satisfaction of a judgment or claim, or a "Core Proceeding" under the United States Bankruptcy Code, the parties agree to submit any controversy, claim, or dispute, whether in tort, contract, or otherwise (and their respective employees, officers, directors, attorneys, and other agents) arising out of or related in any way to this Agreement that cannot be resolved by communications among the parties, for resolution by binding arbitration by a single arbitrator and judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction over the parties. The arbitrator shall have no authority to impose penalties or award punitive damages. Binding arbitration will be governed by the Federal Arbitration Act (Title 9 of the United States Code) and be conducted in accordance with the Commercial Arbitration Rules of the American Arbitration Association ("AAA"). Each party shall bear its costs for the arbitration; however, upon award of any judgment or conclusion of arbitration, the arbitrator shall award the prevailing party the costs it expended in such arbitration. Unless the arbitrator otherwise directs, the parties, their representatives, other participants, and the arbitrator shall hold the existence, content, and result of the arbitration in confidence. This arbitration © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

10

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement requirement does not limit the right of either party to obtain provisional ancillary remedies such as injunctive relief or the appointment of a receiver, before during or after the pendency or any arbitration proceeding. This exclusion does not constitute a waiver of the right or obligation of either party to submit any dispute to arbitration. 9. Survival. Sections 3, 4, 5, 6, 7 and 8 shall survive any termination or expiration of this Agreement.

10. Definitions 10.1 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it. 10.2 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography so that a person having the communication and the Subscriber's Public Key can accurately determine (1) whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was made. It does not involve a handwritten signature. 10.3 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key. 10.4 Material Fact: The phrase, "Material Fact," shall have the following meanings for the following circumstances as used in this Agreement: For Certificate Issuance (¶ ¶ 1 & 5.1): Material Facts are all facts requested by DST as part of the enrollment, certificate issuance, certificate replacement and certificate renewal processes, which are relied upon by DST to confirm a Subscriber's identity and to bind the Subscriber's identity to the Public/Private Key Pair certified. For Facts Contained in the Certificate and giving rise to the Subscriber's Duty to Request Revocation of the Certificate (¶¶ 5.4 – 5.6): Material Facts are the Subscriber's Legal Name and Public/Private Key Pair. For misrepresentations or omissions of Material Fact giving rise to the Subscriber's duty to idemnify DST (¶5.7): "Material Fact" means all of the above. 10.5 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private Key is used to create a Digital Signature. 10.6 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages corresponding to the Private Key. The Public Key is used to verify a Digital Signature. 10.7 Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair. Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt the message.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

11

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement However, information contained in your ACES certificate and related status information are not private. (That would defeat the purpose of an ACES certificate, which is to establish your identity with Qualified Relying Parties.) DST may disclose such certificate-related identification information to Qualified Relying Parties in accordance with DST's contract with the GSA. Disclosure of system records to consumer reporting systems is not permitted. 4. DST's Obligations as an ACES CA. In performing its duties as a government contractor under ACES, DST warrants that: (a) it has issued, and will manage, your ACES Certificate in accordance with the requirements of the CP; (b) it has complied with all requirements of the CP when identifying You and issuing You an ACES Certificate; (c) it knows of no misrepresentations of fact in the ACES Certificate and that it has verified the information in the ACES Certificate; (d) it has accurately transcribed information provided by You into the ACES Certificate; and (e) the ACES Certificate meets the material requirements of the CP. 5. Your Obligations

5.1. Submit Correct Information. You represent and warrant to DST that all of the information You submit in your application form – including but not limited to Your Organization name – is accurate, current and complete and that You have provided DST with all Material Facts (as defined in 10.4 below) necessary to confirm your identity and to the reliability of the Certificate to be issued. You further agree that for purposes of certificate issuance, certificate renewal and certificate replacement, You will immediately inform DST if any Material Facts submitted by You change (e.g., You have a change of employment, change of address or a change in your legal name).You also represent and warrant that You are authorized to use Your Organization’s name that You designated in your application form. You also agree to inform Your Organization that You have applied for a Certificate. 5.2. Binding Effect of Signed Message. For each electronic message that is digitally signed using your Private Key corresponding to the Public Key listed in your Certificate that was valid at the time of such signing (“Message”), You represent and warrant, only to Qualified Relying Parties, that: (a) for purposes of complying with any applicable law that requires a “writi considered to be "in writing" or "written" to an extent no less than if it were in paper form; (b) where You intended the Digital Signature as a signature, such Message shall be considered to be "signed" to an extent no less than if it were undertaken using pen and paper; (c) if introduced as evidence in any judicial, arbitration, mediation, or administrative proceedings, such Message shall be admissible to the same extent and under the same conditions as messages originated and maintained in paper form; and (d) You will not contest the admissibility of the Message under either the business records exception to the hearsay rule, the best evidence rule, or a comparable evidentiary rule on the basis that the Message was not originated or maintained in paper form. 5.3. Protect Your Private Key. DST issues You a Certificate based on a Public Key that You send to DST. In Public Key Cryptography, a Key Pair of two mathematically related keys is generated by computer software whereby a Public Key has a corresponding Private Key. The Key Pair is stored on a computer, smart card, or some other cryptographic hardware device. To obtain a Certificate, You will need to submit a certificate request to DST containing your Public Key. (In most cases, a Key Pair and certificate request will be generated by your Web browser after You "Accept" this Agreement and click "Continue" on © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

15

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement discretion, determines that: (a) the Certificate was not properly issued or was obtained by fraud; (b) the security of the Private Key corresponding to the Certificate has or may have been lost or otherwise compromised; (c) the Certificate has become unreliable; (d) Material Facts in the Certificate have changed or become untrue (e.g., You are no longer affiliated with Your Organization); (e) You or Your Organization have violated any applicable agreement or obligation; (f) You or Your Organization requests revocation; (g) a governmental authority has lawfully ordered DST to revoke your Certificate; (h) this Agreement terminates; or (j) there are any other grounds for revocation. Your right to use your Certificate ceases immediately upon revocation of your Certificate. Once Your Certificate has been revoked, it cannot be used or reinstated. 5.6. Cease Using Your ACES Business Representative Certificate. You agree to immediately cease using your Certificate in the following circumstances: (a) when You suspect or discover that the Private Key corresponding to your Certificate has been or may be compromised or subjected to unauthorized use in any way; (b) when a Material Fact in the Certificate has changed or is no longer true, (c) upon the revocation or expiration of your Certificate, or (d) upon termination of this Agreement. 5.7. Indemnification. You agree to indemnify and hold DST and its affiliates harmless from any and all liabilities, costs, and expenses, including reasonable attorneys' fees, related to: any misrepresentation or omission of Material Fact, whether intentional or not, made by You or Your Organization to DST; any violation of this Agreement or the CP by You or authorized users of your Certificate; or any misuse of your ACES certificate.

6. DISCLAIMER OF WARRANTIES. DST DISCLAIMS ANY AND ALL WARRANTIES OF ANY TYPE, WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN OR ITS CONTRACT WITH THE GSA, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT WITH REGARD TO DST SERVICES OR ANY ACES BUSINESS REPRESENTATIVE CERTIFICATE ISSUED HEREUNDER. 7. Limitation of Liability. DST shall not be liable for any consequential, indirect, special, or incidental damages, and in no event shall DST be liable to You or Your Organization for damages in excess of amounts paid to DST by You or Your Organization under this Agreement, including, without limitation, damages arising from loss of use or business interruption, even if DST has been advised of the possibility of such loss. 8. Dispute Resolution Provisions. This Agreement shall be governed by, interpreted and construed under the laws of the United States and the Parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. If any provision of this Agreement is found to be invalid or unenforceable, then such document shall be deemed amended by modifying such provision to the extent necessary to make it valid and enforceable while preserving its intent or, if that is not possible, by striking the provision and enforcing the remainder of this Agreement. Except for a controversy, claim, or dispute involving the federal government of the United States, or where the federal government may ultimately be responsible for satisfaction of a judgment or claim, or a "Core Proceeding" under the United States Bankruptcy Code, the parties agree to submit any controversy, claim, or dispute, whether in tort, contract, or otherwise (and their respective employees, officers, directors, attorneys, and other agents) arising out of or related in any way to this Agreement, that cannot be resolved by communications among the parties, for resolution by binding arbitration by a single arbitrator and judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction over the parties. The arbitrator shall have no authority to impose penalties or award punitive damages. Binding arbitration will be governed by the Federal Arbitration Act (Title 9 of the United States Code) and be conducted in accordance with the Commercial Arbitration Rules of the American Arbitration Association ("AAA"). Each party shall bear its costs for the arbitration; however, upon award of any judgment or © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

17

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement conclusion of arbitration, the arbitrator shall award the prevailing party the costs it expended in such arbitration. Unless the arbitrator otherwise directs, the parties, their representatives, other participants, and the arbitrator shall hold the existence, content, and result of the arbitration in confidence. This arbitration requirement does not limit the right of either party to obtain provisional ancillary remedies such as injunctive relief or the appointment of a receiver, before during or after the pendency or any arbitration proceeding. This exclusion does not constitute a waiver of the right or obligation of either party to submit any dispute to arbitration. 9. Survival. Sections 4, 5, 6, 7, 8 and the Authorization Form provisions of this Agreement shall survive any termination or expiration of this Agreement. 10. Definitions

10.1 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it. 10.2 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography so that a person having the communication and the Subscriber's Public Key can accurately determine (1) whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was made. It does not involve a handwritten signature. 10.3 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key. 10.4 Material Fact: The phrase, "Material Fact," shall have the following meanings for the following circumstances as used in this Agreement: For Certificate Issuance (¶ ¶ 1 & 5.1): Material Facts are all facts requested by DST as part of the enrollment, certificate issuance, certificate replacement and certificate renewal processes, which are relied upon by DST to confirm a Subscriber's identity and to bind the Subscriber's identity to the Public/Private Key Pair certified. For Facts Contained in the Certificate and giving rise to the Subscriber's Duty to Request Revocation of the Certificate (¶¶ 5.4 – 5.6): Material Facts are the Subscriber's Legal Name, Organizational Affiliation and Public/Private Key Pair. For misrepresentations or omissions of Material Fact giving rise to the Subscriber's duty to idemnify DST (¶5.7): "Material Fact" means all of the above. 10.5 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private Key is used to create a Digital Signature. 10.6 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages corresponding to the Private Key. The Public Key is used to verify a Digital Signature. 10.7 Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications to keep them secure) in which two keys are used. One key encrypts a message, and the © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

18

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair. Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt the message. 10.8 Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the General Services Administration to participate in the ACES Program to verify the digital signature on the message. 10.9 Repository: A database containing information and data relating to ACES Certificates, including information relating to ACES Certificate status as valid or revoked. 10.10 Subscriber: A person that (a) is named or identified in a certificate as the "subject" of the Certificate, and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.

___________________________________________________ BY CLICKING ON THE “ACCEPT” BUTTON BELOW, YOU ARE AGREEING TO BE LEGALLY BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT AS IF YOU HAD SIGNED IT. IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, CLICK THE “DECLINE” BUTTON BELOW, IN WHICH CASE YOU MAY NOT APPLY FOR AN ACES BUSINESS REPRESENTATIVE CERTIFICATE. BY CLICKING ON THE "ACCEPT" BUTTON BELOW, YOU REPRESENT AND WARRANT THAT (1) YOU ARE AUTHORIZED TO HOLD A CERTIFICATE ASSOCIATING YOU WITH THE ORGANIZATION IDENTIFIED IN YOUR APPLICATION, (2) YOUR ORGANIZATION IS THE ENTITY THAT IT IS REPRESENTED TO BE IN THE APPLICATION, AND (3) YOU ARE AUTHORIZED TO ENTER INTO THIS AGREEMENT WITH DST. [ACCEPT] [DECLINE] INSTRUCTIONS FOR ACES BUSINESS REPRESENTATIVE AUTHORIZATION FORM Thank you for choosing Digital Signature Trust Co. ("DST") to issue you an ACES business representative certificate. ACES business representative certificates are issued to individuals, such as employees, officers, and agents (“Business Representatives”) who are authorized to act on behalf of business entities ("Sponsoring Organizations") that have been validated by DST. To complete your enrollment as an ACES Business Representative, you must complete the following steps: Please take the following ACES Business Representative Authorization Form ("Authorization Form") – Part I to an officer in your Organization who can sign on behalf of your Organization and represent to DST that You are a duly-authorized representative, have them sign it and return it to you for submission to DST (a Glossary of Terms is included at page 4 of this document to define some of the terms used in this Form); Take Part II of the Authorization Form to a licensed Notary employed by your Organization or a financial institution (most banks have notaries on staff);

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

19

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement Present the Notary with Part II of the Authorization Form and a current, valid driver's license or state-issued ID card; Sign the Form in the presence of the Notary; Have the Notary verify your identity by reviewing and recording the information on the photo ID card; Make sure the Notary has properly notarized your signature and affixed his or her raised seal or colored ink stamp; Record the name and place where you had the Form notarized; and Make and keep a copy of both Part I and II of the Form and send the signed originals by courier or mail to: ACES Digital Signature Trust Co. 255 Admiral Byrd Road Salt Lake City UT 84116

ACES Business Representative Authorization Form – Part I THIS AUTHORIZATION is given by a Sponsoring Organization ("Organization"), identified below, to Digital Signature Trust Co. ("DST"), a Utah corporation with its principal place of business at 255 Admiral Byrd Road, Salt Lake City, Utah 84116 U.S.A (www.trustdst.com) and a Certification Authority ("CA") under contract with the federal government for the Access Certificates for Electronic Services ("ACES") program. Capitalized terms are defined in Part III of this Authorization Form. WHEREAS Organization desires to authorize, and DST desires to perform (free of charge under its contract with the General Services Administration), the issuance of an ACES Business Representative Certificate ("Certificate") that will identify "Subscriber," identified below, as being employed, associated, affiliated with or authorized by Organization and will certify Subscriber's Public Key (in "Public Key Infrastructures" like ACES, a Public/Private Key Pair is held by the Subscriber, the Private Key is kept secure and used to create Digital Signatures, and the Public Key is held openly, certified by a CA, and used to authenticate network access and Digital Signatures), 1. DST and Organization agree that: (a) DST or Organization, in its sole discretion, may terminate this Authorization and revoke the Certificate at any time and for any reason; (b) DST will revoke the Certificate promptly upon confirming that the person making the revocation request is authorized to do so or upon otherwise determining that the Certificate should be revoked; and (c) Irrespective of the place of performance, this Authorization shall be construed, interpreted, and enforced in accordance with the substantive laws of the State of Utah, without regard to its conflicts of law rules. 2. Organization warrants, represents and agrees that: (a) Organization is duly-organized and validly-existing under the laws of its state of organization and has full right and authority to use the Organization's name, given below, to grant this authorization, and to perform all obligations required of it hereunder; © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

20

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement (b) Subscriber is a duly-authorized representative of the Organization as an employee, partner, member, agent, or other associate, and DST is hereby authorized to issue a Certificate to Subscriber that identifies Subscriber as being employed, associated, affiliated with and/or authorized by Organization; (c) Federal agencies, and other government-authorized recipients of messages signed with Subscriber's Private Key, may rely on such messages to the same extent as though they were manually signed by the Subscriber listed in a valid, unrevoked and unexpired Certificate issued by DST (Certificates have a twoyear lifetime); (d) All information provided to DST by Organization will be accurate, current and complete and that Organization will immediately notify DST and request that the Certificate be revoked if: (1) Organization suspects any loss, disclosure, or other compromise of the Subscriber's Private Key; (2) information contained in the Certificate is no longer accurate or current (e.g., the Subscriber changes his or her name); or (3) Subscriber is no longer employed by, associated with, authorized by or affiliated with Organization; and (e) DST does not assume, nor should it be exposed to, the business and operational risks associated with Organization's business, and Organization will hold DST, its subcontractors, affiliates, and employees harmless from any and all liabilities, costs, and expenses, including reasonable attorneys' fees, related to the services provided to Subscriber or in connection with any performance under this Authorization. The undersigned personally warrants and represents that he or she has authority to accept the terms and conditions of this Authorization and to bind the Organization by his or her signature.

_____________________________________ Print Subscriber Name _____________________________________ Print Sponsoring Organization Name _____________________________________ Address _____________________________________

___________________________________ Organization Officer Signs Here By: ________________________________ Print Name Here Its: ________________________________ Print Officer's Title Here Date: ___________________________________

ACES Business Representative Authorization Form – Part II INSTRUCTIONS FOR NOTARY FOR THE PURPOSES OF THIS DOCUMENT, PERSONAL ACQUAINTANCE WITH THE INDIVIDUAL IS INSUFFICIENT. You must: 1) review a current government-issued ID containing the individual's name and photograph, 2) verify that such photo ID information is protected against forgery, modification, or substitution, and 3) record below the serial number and type of government-issued ID presented by the applicant. You should also record in your “notary’s journal” the ID serial number of the identification that was presented to you. The undersigned applicant warrants, represents, and attests that all facts and information provided are accurate, current and complete and that he or she: a) is authorized to receive, and has applied electronically for, a digital certificate to be issued by DST; b) has read and accepts the personal identifying information to be contained in the certificate; c) is who he or she represents himself or herself to be; and d) has read, understood, and agrees to the responsibilities associated with being a certificate subscriber, including the terms and conditions found in the on-line ACES Business Representative Certificate Agreement. The applicant agrees to: 1) accurately represent him or herself in all communications with DST and Qualified Relying Parties; 2) protect his or her private key at all times; 3) immediately notify DST if he or she suspects his or her private key to have been compromised, stolen or lost; and 4) use his or her key only for authorized © 2001 Digital Signature Trust Co. All rights reserved. 21 Certification Practices Statement

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement business as allowed by the ACES Program. Signed By: ______________________________________ (Sign Only In The Presence Of Notary) Print ___________________________________ E-mail Address ________________________________ First Name, Middle Initial, Last Name ACKNOWLEDGEMENT State of ______________________ County of ____________________ I hereby certify that on this ___ day of ____________________, _______, personally appeared before me the signer and subject of the above form, who signed or attested the same in my presence, and presented the following government-issued photo ID card as proof of their identity:

________________________ Exact Name Listed on Photo ID

___________________ ______ ___________ Serial Number of Photo ID Expiration ID Type

Notary Public___________________________ Residing in: ___________________________ My Commission Expires: _______________ ______________________________________ Street Address of Branch or Office Space Reserved for Notary Seal _________________________________ Name of Organization Employing Notary PART III - TERMS USED IN THE BUSINESS REPRESENTATIVE AUTHORIZATION FORM

Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory, or when authorized by law or regulation, a state, local, or tribal government. Application: A computer program or web-based interface used by an Agency to interact with Subscribers. Business Representative: The Subscriber of a Certificate that identifies the Subscriber as being employed, associated, affiliated with or authorized by a Sponsoring Organization. Certificate: A computer-based record or electronic message issued by DST that: (a) identifies DST as the Certification Authority issuing it; (b) names or identifies a Subscriber and the Subscriber's Organization; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it. Certification Authority. A Certification Authority is an entity that is responsible for authorizing and causing the issuance of a Certificate. © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

22

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

Certification Practice Statement. A “Certification Practice Statement” is a statement of the practices that a Certification Authority employs in issuing, suspending, revoking, and renewing Certificates and providing access to same, in accordance with the requirements of a contract for certificate services. Digital Signature: A Digital Signature is a transformation of an electronic message using Public Key Cryptography so that a person having the communication and the Subscriber's Public Key can accurately determine (1) whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was made. It does not involve a handwritten signature. Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key. Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private Key is used to create a Digital Signature. Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages corresponding to the Private Key. The Public Key is used to verify a Digital Signature. Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically-related numbers that form a unique pair. Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt the message. Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the General Services Administration to participate in the ACES Program to verify the Digital Signature on the message. Responsible Individual. A trustworthy person designated by a Sponsoring Organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the Sponsoring Organization. Sponsoring Organization. A business entity, government agency, or other organization with which a Business Representative is affiliated (e.g., as an employee, agent, member, user of a service, business partner, customer, etc.). Subscriber: A person (e.g., a Business Representative) that (a) is named or identified in a Certificate as its subject, and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.

2.1.4.3 Qualified Relying Party Applications
ACES QUALIFIED RELYING PARTY CERTIFICATE AGREEMENT IMPORTANT NOTICE: Digital Signature Trust Co. ("DST," "Us," "We," or “Our”) provides Certificate Services under the Access Certificates for Electronic Services ("ACES") program under Contract #GS00T99ALD0006 with the General Services Administration ("the GSA Contract"). This ACES Qualified © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

23

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement confirmed that the person making the revocation request is authorized to do so. DST may also revoke the Certificate without advance notice if DST, in its sole discretion, determines that: (a) the Certificate was not properly issued or was obtained by fraud; (b) the security of the Private Key corresponding to the Certificate has or may have been lost or otherwise compromised; (c) the Certificate has become unreliable; (d) material information in the Certificate has changed (i.e., the name of the Application changes or the Key Pair is no longer used with the Application); (e) You or Your Organization have violated any applicable agreement or obligation; (f) You or Your Organization requests revocation; (g) a governmental authority has lawfully ordered DST to revoke the Certificate; (h) this Agreement terminates; or (j) there are any other grounds for revocation. Your Organization's right to use the Certificate ceases immediately upon revocation of the Certificate. Once a Certificate has been revoked, it cannot be used or reinstated. 3.6. Cease Using the ACES Certificate. You agree to immediately cease using the Certificate in the following circumstances: (a) when You suspect or discover that the Private Key corresponding to the Certificate has been or may be compromised or subjected to unauthorized use in any way; (b) when information contained in the Certificate is no longer accurate, current, or complete, (c) upon the revocation or expiration of the Certificate, or (d) upon termination of this Agreement. 4. Other Agreements. Unless otherwise provided herein, DST's warranties and liabilities shall be limited as provided in the GSA Contract, and any amendments or modifications thereto. 5. Definitions 5.1 Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory, or when authorized by law or regulation, a state, local, or tribal government. 5.2 Application: A computer program or web-based interface used by an Agency to interact with Subscribers. 5.3 Authorized Certification Authority: A Certification Authority that meets the qualifications of Section 1.3.1 of the CP. 5.4 Business Representative: The Subscriber of a Certificate that identifies the Subscriber as being employed, associated, affiliated with or authorized by a Sponsoring Organization. 5.5 Certificate (ACES Certificate): A computer-based record or electronic message issued by DST pursuant to its role as a Certification Authority that: (a) identifies DST as the Certification Authority issuing it; (b) names or identifies a Subscriber; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it. 5.6 Digital Signature: A Digital Signature is a transformation of a Message using Public Key Cryptography so that a person having the communication and the Subscriber's Public Key can accurately determine (1) whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was made. It does not involve a handwritten signature. 5.7 Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

26

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement 5.8 Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private Key is used to create a Digital Signature. 5.9 Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages corresponding to the Private Key. The Public Key is used to verify a Digital Signature. 5.10 Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair. Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt the message. 5.11 Qualified Relying Party: An Agency or other recipient of a digitally signed message authorized by the CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the General Services Administration to participate in the ACES Program to verify the digital signature on the message. 5.12 Repository: A database containing information and data relating to ACES Certificates, including information relating to ACES Certificate status as valid or revoked. 5.13 Sponsoring Organization. A business entity, government agency, or other organization with which a Business Representative is affiliated (e.g., as an employee, agent, member, user of a service, business partner, customer, etc.). 5.14 Subscriber: An Agency (or person) or an Application (software program or electronic device) that (a) is named or identified in a certificate as the "subject" of the Certificate, and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate. 5.15 Unaffiliated Individuals: A class of Subscribers consisting of members of the general public (who are not Business Representative Subscribers).

[ACCEPT]

[DECLINE]

INSTRUCTIONS TO THE APPLICANT FOR AN ACES QUALIFIED RELYING PARTY Thank you for choosing Digital Signature Trust Co. ("DST") to issue your organization a Qualified Relying Party Application ACES certificate ("ACES QRP certificate"). ACES QRP certificates are issued to "Qualified Relying Parties" (i.e., federal agencies, authorized federal contractors, agency-sponsored universities and laboratories, and, when authorized by law or regulation, state, local, and tribal governments) that choose to use ACES, the U.S. General Services Administration's ("GSA's") "Access Certificates for Electronic Services" ("ACES") program. Please note that a Qualified Relying Party must first enter into an ACES Agreement with GSA to accept ACES Certificates and agree to be bound by the terms of the ACES Certificate Policy. An ACES QRP certificate is issued after DST has received an Authorization Form (this "Form") from the Qualified Relying Party that indicates that you, "the Applicant," are authorized to manage the "Agency Application" and describes your association or relationship with the Agency Application. © 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

27

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

To complete your enrollment for an ACES QRP certificate, you must complete the following steps. A Glossary of Terms is included below that explains some of the terms used in this Form. After completing the informational sections, please take this Form to your supervisor or some other official who can sign on behalf of the Qualified Relying Party and represent to DST that You are duly-authorized to manage the Agency Application, and have them sign this Form. Make and keep a copy of this Form and send the signed original by courier or mail to: ACES Digital Signature Trust Co. 255 Admiral Byrd Road Salt Lake City UT 84116-3703

ACES Qualified Relying Party Authorization Form THIS AUTHORIZATION is given by "Qualified Relying Party" and "Applicant," identified below, to Digital Signature Trust Co. ("DST"), a Utah corporation and Certification Authority with its principal place of business at 255 Admiral Byrd Road, Salt Lake City, Utah 84116-3703 (http://www.trustdst.com). Qualified Relying Party authorizes DST to issue an ACES Qualified Relying Party Application Certificate ("Certificate") and deliver it to "Applicant," who has been authorized by Qualified Relying Party to manage Qualified Relying Party's Agency Application. 1. Qualified Relying Party and Applicant warrant, represent and agree that: (a) Applicant is duly-authorized by Qualified Relying Party to act on behalf of Qualified Relying Party and to manage and control (1) Qualified Relying Party's Agency Application, (2) the Application's Private/Public Key Pair, (3) the Certificate to be issued by DST and (4) communications between DST and Qualified Relying Party's Application; (b) Applicant has the association or relationship with Qualified Relying Party's Application identified below; (c) Qualified Relying Party and Applicant have read, understood, and agree to the responsibilities associated with subscribing to Certificate, including the terms and conditions found in the online ACES Qualified Relying Party Certificate Agreement; (d) The Application's Private/Public Key Pair will only be used for purposes authorized by the GSA's ACES Certificate Policy/the GSA Contract; (e) Qualified Relying Party and Applicant will protect the Private Key at all times; (f) Applicant shall ensure that any and all individuals who may have access to the Private Key are advised of the responsibilities of Private Key safekeeping, along with the consequences that can accompany the improper use or disclosure of a Private Key. (g) All facts and information provided to DST by Qualified Relying Party and Applicant have been and will be accurate, current and complete and that Qualified Relying Party and Applicant will immediately notify DST and request that the Certificate be revoked if: (1) Qualified Relying Party or Applicant suspects any loss, disclosure, or other compromise of the Application's Private Key; (2) information contained in the Certificate is no longer accurate or current; or (3) the Private Key is no longer used by, associated with, authorized by or affiliated with Qualified Relying Party or the Qualified Relying Party's Application; and © 2001 Digital Signature Trust Co. All rights reserved. 28 Certification Practices Statement

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement (h) DST is hereby authorized to issue a Certificate and deliver it to Applicant for use with Qualified Relying Party's Application.

Applicant (Person Authorized to Receive Certificate for Qualified Relying Party Application)

PRINT NAME___________________________________ SIGN HERE _______________________ LAST FIRST MI AGENCY APPLICATION NAME __________________________________________________________________________________

APPLICANT'S RELATIONSHIP TO APPLICATION ___________________________________________________________________________

QUALIFIED RELYING PARTY NAME___________________________________________________________________________

IF AGENCY OR BUREAU, DEPT. NAME _______________________________________________________________________________

MAILING ADDRESS________________________________________________________________________ STREET ADDRESS SUITE/MAILSTOP _________________________________________________________________________________ CITY STATE ZIP COUNTRY TELEPHONE_____________________ FAX__________________________ E-MAIL________________

AUTHORIZING OFFICIAL OF QUALIFIED RELYING PARTY

PRINT NAME_________________________________ SIGN HERE ____________________________ LAST FIRST MI

MAILING ADDRESS (If different than above)_____________________________________________________________________________ MAILING ADDRESS __________________________________________________________________________________ ___ CITY STATE ZIP COUNTRY

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

29

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement TELEPHONE__________________________FAX______________________ E-MAIL_______________________ GLOSSARY OF TERMS USED IN THE AUTHORIZATION Agency: A federal agency, authorized federal contractor, agency-sponsored university or laboratory, or when authorized by law or regulation, a state, local, or tribal government. Application: A computer program or web-based interface used by an Agency to interact with Subscribers. Certificate: A computer-based record or electronic message issued by DST that: (a) identifies DST as the Certification Authority issuing it; (b) names or identifies a Subscriber and the Subscriber's Organization; (c) contains the Public Key of the Subscriber; (d) identifies the Certificate’s operational period; (e) is digitally signed by DST; and (f) has the meaning ascribed to it in accordance with applicable standards. A Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it. Certification Authority. A Certification Authority is an entity that is responsible for authorizing and causing the issuance of a Certificate. Digital Signature: A Digital Signature is a transformation of an electronic message using Public Key Cryptography so that a person having the communication and the Subscriber's Public Key can accurately determine (1) whether the transformation was created using the Private Key corresponding to the Subscriber's Public Key, and (2) whether the communication has been altered since the transformation was made. It does not involve a handwritten signature. Key Pair: In Public Key Cryptography, a Key Pair is two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key. Private Key: In Public Key Cryptography, a Private Key is the key of a Key Pair kept secret by its holder and can be used by its holder to encrypt or decrypt messages corresponding to the Public Key. The Private Key is used to create a Digital Signature. Public Key: In Public Key Cryptography, a Public Key is the key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and is used by the recipient to encrypt or decrypt messages corresponding to the Private Key. The Public Key is used to verify a Digital Signature. Public Key Cryptography: A form of cryptography (a process of creating and deciphering communications to keep them secure) in which two keys are used. One key encrypts a message, and the other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically-related numbers that form a unique pair. Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt the message. Qualified Relying Party: A federal agency or other recipient of a digitally signed message authorized by the CP to rely on an ACES Certificate and that has entered into a Memorandum of Understanding with the General Services Administration to participate in the ACES Program to verify the Digital Signature on the message. Responsible Individual. A trustworthy person designated by a Sponsoring Organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the Sponsoring Organization.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

30

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement Subscriber: An Agency (or person) or an Application (software program or electronic device) that (a) is named or identified in a Certificate as its subject, and (b) holds a Private Key that corresponds to a Public Key listed in that Certificate.

2.1.5

Relying Party Rights and Obligations

Typically, DST will provide a limited level of assurance for each certificate. A relying party will be required to sign appropriate contracts that detail any relying party rights and obligations. Relying party rights and obligations may include the following:

§

Rely reasonably and in good faith in light of all the circumstances known to the relying party at the time of reliance

§ § §

Rely within the validity limits stated in the certificate Check the authenticity of the certificate before relying Check the status of the certificate prior to reliance.

2.1.6 Repository Obligations The DST Repositories make obligations to subscribers to provide certain continuity of service and availability of up-to-date certificates and CRLs. However, the level of service and the remedies available to clients are described in the contracts signed by each client and DST.

2.2

Liability

Except as expressly provided in contracts with clients, and according to specific certificate policies, DST disclaims all warranties and obligations of any type, including any warranty of

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

31

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

merchantability, any warranty of fitness for a particular purpose, and any warranty of accuracy of information provided.

2.2.1

CA Liability

See the Subscriber Agreements set forth in 2.1.4.

2.2.2

RA Liability

Additional policies and procedures in this category are determined by client and by CP.

2.2.3

Repository Liability

Additional policies and procedures in this category are determined by client and by CP.

2.3

Financial Responsibility

Additional policies and procedures in this category are determined by client and by CP.

2.4

Interpretation and Enforcement

2.4.1

Governing Law

The governing law for this CPS shall be the law of the State of Utah.

2.4.2

Severability, Survival, Merger, and Notice

If a particular provision of this CPS is terminated or determined to be invalid, illegal, or unenforceable, the remaining provisions of this CPS shall remain in full force and effect. Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

32

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

2.4.3

Dispute Resolution Procedures

See the Subscriber Agreements set forth in 2.1.4.

2.5

Fees

There shall be no access controls or fees on the reading of this policy or authorized CA's CPS. DST shall assess fees or impose access controls on certificates, certificate status, or CRLs at its sole discretion, subject to agreement between DST and its clients, and in accordance with fee schedules negotiated and detailed in contracts with the clients.

2.5.1

Certificate Issuance or Renewal Fees

Additional policies and procedures in this category are determined by client and by CP.

2.5.2

Certificate Access Fees

Additional policies and procedures in this category are determined by client and by CP.

2.5.3

Revocation or Status Information Access Fees

Additional policies and procedures in this category are determined by client and by CP.

2.5.4

Fees for Other Services Such as Policy Information

Additional policies and procedures in this category are determined by client and by CP.

2.5.5

Refund Policy

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

33

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

2.6

Publication and Repository

2.6.1

Publication of CA Information

Unless otherwise agreed by the subscriber and DST, DST shall publish each certificate issued promptly upon acceptance of the certificate by the subscriber, in DST’s or another acceptable repository. DST will not publish, or cause to be published, any certificate that has not been expressly accepted by the subscriber. DST shall also publish information regarding certificate revocation for every certificate that DST issues and for every certificate processed for a CA that has a contract for this service.

2.6.2

Frequency of Publication

Additional policies and procedures in this category are determined by client and by CP.

2.6.3

Access Controls

Additional policies and procedures in this category are determined by client and by CP.

2.6.4

Repositories

Additional policies and procedures in this category are determined by client and by CP.

2.7

Compliance Audit

DST operations are overseen at two levels: examination and regulation by the Office of the Comptroller of the Currency (OCC), part of the U.S. Treasury Department, and audits performed by independent auditors for compliance with DST policies and procedures.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

34

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

DST is subject to OCC examination and supervision and has received OCC approval for operations. As part of the examination process, OCC examiners evaluate and assess DST’s activities and have defined OCC supervision over those activities. In addition to supervision by the OCC, DST engages outside auditors to perform full functionality and security reviews of DST operations and systems under a variety of standards established by the accounting and information security professions. The results of these audits are submitted to the OCC and other licensing authorities and made available to interested clients under nondisclosure agreements. DST notifies all clients in writing of the OCC’s examination and regulatory authority c). If irregularities are found during compliance audits, the OCC may require appropriate remedial action or terminate DST operations after appropriate notice to existing clients. The results of compliance audits will not otherwise be made public.

2.8

Confidentiality and Privacy

DST will acquire information through CA, RA, and repository functions regarding subscribers, their identity and case history, and transactions that subscribers are conducting using digital signatures. This is possible to the extent that relying parties verify those signatures through the repository or check for current validity and other information. DST will protect all customer information acquired through such means as confidential. While DST operations will automatically maintain audit trails of all CA, RA, and repository services, DST has no intention of compiling this information in a manner that associates particular relying parties with particular subscribers unless required to do so by warrant,
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

35

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

subpoena, or court order. DST will not sell subscriber or relying party information, but may conduct and market statistical analysis, provided such analysis does not compromise the confidentiality or privacy of subscribers or relying parties. No confidential consumer information will be released in any manner with the following exception: DST will release consumer information to Federal, state, and local law enforcement authorities upon receipt of a relevant search warrant or subpoena, and will respond similarly to a relevant discovery order or subpoena in a civil litigation setting. More restrictive privacy and confidentiality requirements may be followed for certificates issued to subscribers under specific CPs. CAs, RAs, and repository service agents shall not have access to the private keys of any of the entities they certify or register. For specific U.S. Federal Government customers with defined certificate policies, DST follows additional privacy policies and procedures described in Section 9 of this CPS.

2.9

Intellectual Property Rights

Any intellectual property rights DST shall treat as follows: § Private and public keys shall be considered the property of the applicable rightful private key holder. § Certificates shall be the property of the CA.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

36

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

3

IDENTIFICATION AND AUTHENTICATION

DST negotiates specific Identification and Authentication (I&A) requirements with each type of certificate issued. Any certificate issued by DST under a particular CP will follow the I&A procedures specified in that CP. NOTE: Topics in this chapter (Section 3) are not specified by general DST practices. Instead, I&A is specified in the CPs under which certificates are issued, or client agreements, where a CP is not specified in a certificate.

3.1

Initial Registration

3.1.1

Subscriber registration is initiated through a Web interface on DST's World Wide Web site. The applicant for a certificate completes a registration form and acknowledges acceptance of the terms and conditions of one of the online subscriber agreements outlined in 2.1.4. This information is verified through database checks and other means and placed in a customer information file used to track the applicant through the certificate enrollment process. Types of Names

The subject name used for ACES Certificate applicants shall be the Subscriber’s authenticated common name.

3.1.2

Need for Names to be Meaningful

In the case of Unaffiliated Individuals, the authenticated common name is a combination of first name and/or initials and surname. In the case of Business Representatives, the authenticated common name is a combination of first name and/or initials and surname and reflects the legal
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

37

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

name of the organization and/or unit. In the case of Qualified Relying Parties, the common name is the authenticated name of the Qualified Relying Party application.

3.1.3

Rules for Interpreting Various Name Forms

Additional policies and procedures in this category are determined by client and by CP.

3.1.4

Uniqueness of Names

Additional policies and procedures in this category are determined by client and by CP.

3.1.5

Name Claim Dispute Resolution Procedure

Additional policies and procedures in this category are determined by client and by CP.

3.1.6

Recognition, Authentication, and Role of Trademarks

Additional policies and procedure in this category are determined by client and by CP.

3.1.7

Verification of Possession of Key Pair

DST verifies that a certificate applicant possesses the private key corresponding to the public key submitted with the application in accordance with secure protocols generally-accepted by the CA industry, such as that described in the IETF PKIX Certificate Management Protocol (e.g., by verifying that the request for certificate issuance was signed by the prospective subscriber using his or her private key).

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

38

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

3.1.8

Authentication of Organizational Identity

DST verifies a Sponsoring Organization's validity, i.e., that the Organization exists and conducts business at a particular location. In conducting its review and investigation, DST investigates legal company name, type of entity, year of formation, names of directors and officers, address (number and street, city, ZIP code), and telephone number.

3.1.9

Authentication of Individual Identity

DST authenticates a subscriber's identity by following the procedures of 3.1.9 in the ACES CP. DST verifies an applicant's relationship to an Organization, in accordance with 3.1.9.2 and 3.1.9.3 of the ACES CP, by reviewing the information provided by the applicant on the printed forms identified in 2.1.4.

3.2

Routine Rekey and Certificate Renewal

DST provides replacement certificates when a subscriber’s private key has not been compromised and there are no changes to the certificate. However, in the event that there is a suspected compromise of the key, or if subscriber information or key pair change DST, will require subscribers to request a new certificate.

3.3

Rekey After Revocation

If a certificate is revoked or becomes invalid a new key must be generated, i.e., a subscriber must "rekey after revocation."

3.4

Revocation Request

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

39

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

See 4.4.3, Procedure for Revocation Request.

4

OPERATIONAL REQUIREMENTS

4.1

Certificate Application

DST accepts certificate applications from subscribers in several instances: 4.1.1 Personal Appearance before DST or one of its Representatives (Employees) If an individual appears in-person to an employee of DST, then the DST employee may conduct an in-person registration of the individual after a verification of the individual's identity based on a review of the individual's photo ID. This process requires the completion of a form, signed by the DST employee conducting the in-person authentication. In accordance with section 3.1.9 of the ACES CP, the DST employee reviews at least three separate forms of identification, one consisting of information obtained by an antecedent in-person appearance (e.g., a photo ID), and verifies the information through a multiple database cross-check performed by a commercial service. The in-person identification process performed by an employee of DST does not require the notarization of an application form. 4.1.2 Completion of a Registration Form Online with DST If the individual registers online, DST will authenticate itself to the applicant using the American Bankers Association (ABA) SiteCertain Seal. Once the individual has established the securesite, SSL session, he or she will enter personal identification information in the application form and provide DST with a certificate request. In accordance with 3.1.9 of the ACES CP, DST

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

40

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

verifies the information through multiple database cross-checking performed by a commercial service provider. 4.1.3 Submission of Registration Form via U.S. Postal System or Other Carrier An individual may submit the registration form and certificate request to DST via the U.S. postal system or other carrier. In accordance with 3.1.9 of the ACES CP, DST verifies the information through multiple database cross-checking performed by a commercial service provider. 4.1.4 Submission via a Qualified RA, i.e., Banks and licensed Notaries DST may conduct the registration process through Registration Authorities (RAs) by contractual arrangements with banks and other financial institutions or through the use of notaries ("Qualified RAs"). In the case of an application submitted through the use of a qualified RA, the RA is responsible for performing adequate identification and authentication of the information to be listed in the certificate. Similar to in-person registration performed by DST employees, the Qualified RA reviews at least three separate forms of identification, one consisting of information obtained by an antecedent in-person appearance (e.g., a bank signature card, other bank account information or photo ID), and cross-checks the identifying information through a multiple database cross-check provided by a commercial service. This identification process performed by a bank employee does not require notarization. Once DST has received a complete certificate application, it will determine whether the information provided is sufficiently accurate to approve certificate issuance. If DST determines that the information provided by the applicant is insufficient to issue a certificate, DST will

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

41

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

suspend the registration process for the individual and inform him or her of the steps to take in order to resume processing of the application.

4.2

Certificate Issuance

Once a certificate application is accepted and successfully verified, a certificate will be created and digitally signed by the CA. The applicant will be given instructions on how and where to retrieve the certificate. Unless otherwise agreed, the CA will then publish the certificate in DST’s or another appropriate repository. This repository may be an X.500 directory, a Lightweight Directory Access Protocol (LDAP) capable directory, or a proprietary database. However, what is done with the certificate after the CA has issued it is specified in individual subscriber agreements. In some situations, the certificate may be e-mailed or mailed back to the subscriber or an address specified by the subscriber. Additional policies and procedures in this category are determined by client and by CP.

4.3

Certificate Acceptance

In accordance with 4.3 of the ACES CP, Subscriber agreements establish requirements for communicating certificate acceptance or rejection to DST. (See 2.1.4). Subscribers are advised that they may reject the certificate by promptly notifying DST. Subscribers agree that by downloading or using the ACES certificate (and failing to notify DST of any errors, defects or problems) they expressly accept the certificate and its contents. Furthermore, prior to actually downloading the certificate, a subscriber is given the opportunity to review the information to be contained in the certificate in human-readable form and is advised that by

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

42

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

clicking to proceed he or she is accepting the certificate's contents. DST records the act of certificate downloading. Additional policies and procedures in this category are determined by client and by CP.

4.4

Certificate Suspension and Revocation

4.4.1

Circumstances for Revocation

A subscriber may revoke his, her, or its certificate at any time for any reason. A sponsoring organization (where applicable) may revoke the certificate of any affiliated individual at any time for any reason. DST may also revoke a certificate upon failure of the subscriber (or the sponsoring organization, where applicable) to meet its obligations under the applicable CP; this CPS; or any other agreement, regulation, or law applicable to the certificate that may be in force, including but not limited to circumstances in which DST, in its sole discretion, determines that: (a) the certificate was not properly issued or was obtained by fraud; (b) the security of the private key corresponding to the certificate has or may have been lost or otherwise compromised; (c) the certificate has become unreliable; (d) material information in the application for a certificate or in the certificate itself has changed or has become false or misleading (e.g., the subscriber changes his or her name); (e) a governmental authority has lawfully ordered DST to revoke the certificate; or (f) there are any other grounds for revocation. The agreement with the sponsoring organization may limit or extend these circumstances for revocation.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

43

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4.4.2

Who Can Request Revocation

The following entities may request the CA to revoke a certificate issued: § § § The subscriber An authorized agent of the subscriber (or sponsoring organization) The issuing CA.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

44

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4.4.3

Procedure for Revocation Request

4.4.4

Upon receiving a revocation request, DST places the certificate on suspended status and notifies the subscriber of the request. DST assists the requester in identifying the specific certificate(s) to be revoked by supplying a list of all certificates issued to the requester, as appropriate. DST then verifies the revocation request through procedures similar to those originally used for certificate issuance. If DST is able to adequately confirm that the person making the revocation request is authorized to do so, the certificate is revoked and the repository is updated. The subscriber is notified of the certificate's status using an out-of-band notification process linked to the subscriber’s physical postal mail address. In the case of suspected fraud or compromise of a certificate, DST includes information regarding the possibility of unauthorized use of the certificate and instructions for the applicant to receive a new certificate. Incidents of suspected fraud are also submitted to the GSA in a Waste, Fraud and Abuse Report.Circumstances for Suspension

Immediately upon receiving a revocation request, DST places the certificate on suspended status pending verification of the request per section 4.4.3.

4.4.5

Who Can Request Suspension

If any person suspects that (a) a certificate was not properly issued or was obtained by fraud; (b) the security of the private key corresponding to the certificate has or may have been lost or otherwise compromised; (c) the certificate has become unreliable; (d) material information in a

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

45

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

certificate has changed or become false or misleading, he or she may contact DST and provide with the information forming the basis of the suspicion.

4.4.6

Procedure for Suspension Request

DST will process a Suspension Request in accordance with the procedures of 4.4.3.

4.4.7

Limits on Suspension Period

Additional policies and procedures in this category are determined by client and by CP.

4.4.8

CRL Issuance Frequency (If Applicable)

Additional policies and procedures in this category are determined by client and by CP.

4.4.9

Online Revocation/Status Checking Availability

DST provides on-line, near-real-time certificate status in response to Certificate Validation Request messages. Upon receipt of a signed Certificate Validation Request message from an agency application, DST: (a) Verifies the signature on the Certificate Validation Request, (b) Generates and returns a signed Certificate Status Response message, and (c) Indicates the certificate status as one of the following: (1) (2) Valid. Indicates that the certificate is usable Invalid. Indicates that the certificate either has been revoked or is beyond its operational period (3) Suspended. Indicates that the certificate has been placed in a temporary,
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

46

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

unusable state

4.4.10 Online Revocation Checking Requirements Qualified Relying Parties are required to validate every ACES Certificate they receive in connection with a transaction.

4.4.11 Other Forms of Revocation Advertisements Available Additional policies and procedures in this category are determined by client and by CP.

4.4.12 Checking Requirements for Other Forms of Revocation Advertisements Additional policies and procedures in this category are determined by client and by CP.

4.4.13 Special Requirements Rekey Compromise Additional policies and procedures in this category are determined by client and by CP.

4.5

Security Audit Procedures

All significant security events on the CA system are automatically recorded in audit log files. The backup operators back up all relevant system files and the audit logs at regular intervals daily, weekly, and monthly and deliver copies of the audit logs to DST management.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

47

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4.6

Records Archival

4.6.1

Types of Events Recorded

Audit information will be recorded as it is available from the commercial certificate authority software that is being used. All audit information available is recorded for archive. Audit information includes records of issuance, acceptance, and any suspension or revocation of a certificate. Network information at the packet level coming in and going out of the DST network segment containing the CA may be recorded for routine or non-routine purposes. The following data is recorded for the following types of transactions:

4.6.1.1 Certificate Issuance (a) Applicant’s name as it appears in the certificate’s “Common Name” field (b) Method of application (i.e., on-line, in-person) (c) For each data element accepted for proofing, including electronic forms: (1) Name of document presented for identity proofing (2) Issuing authority (3) Date of issuance (4) Date of expiration (5) All fields verified (6) Source of verification (i.e., which databases used for cross-checks) (7) Method of verification (i.e., on-line, in-person)

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

48

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(8) Date/time of verification (d) Names of the ACES contractor, including subcontractors, if any (e) All associated error messages and codes (f) Date/time of process completion (g) Names (IDs) of ACES contractor’s processes, including subcontractors’ processes, if any

4.6.1.2 Certificate Replacement (a) Certificate serial number (b)Certificate common name (c) Certificate policy OID (d)Date/time of completion of replacement process (e) Name (ID) of ACES contractor process(es) (f) All associated replacement data

4.6.1.3 Certificate Validation (a) Certificate serial number (b) Certificate status with reason code (c) Requesting agency application certificate serial number (d) All validation data

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

49

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(e) All associated error messages and codes (f) Date/time of all certificate validation requests (g) Date/time of transmission of certificate status request responses (h) Name (ID) of ACES contractor’s process(es)

4.6.1.4 Certificate Suspension and Revocation (a) Date/time (b) Names of ACES contractor and RA, if any (c) Subscriber’s common name (d) Certificate policy Object Identifier (OID) (e) Status of certificate at end of suspension (f) Reason code for revocation request (g) Certificate serial number (h) All associated verification request, suspension, and revocation data

4.6.1.5 Certificate Renewal (a) Certificate serial number (b) Certificate common name (c) Certificate policy OID (d) New operational period dates

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

50

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(e) Date/time of completion of renewal process (f) Name (ID) of ACES contractor process(es) (g) All associated renewal data

4.6.2

Retention Period for Archive

In accordance with Utah regulations, DST retains archive records for a minimum of ten (10) years past the expiration date of any certificate information in the records and may retain records for a much longer period. DST archives its records on the current de facto standard backup medium using a best practices approach. As the digital storage medium evolves, DST will commit to upgrading all of its existing archives to the next generation medium. In
accordance with section 4.9(c) of the ACES CP (7/15/99), all current and archived ACES identity proofing, certificate, validation, revocation/suspension, renewal, policy and practices, billing, and audit data shall be transferred to GSA within 24 hours of DST's cessation of business. Transferred data will not include any non-ACES data.

4.6.3

Protection of Archive

The DST management group maintains responsibility of all off-site backups of archive data. The archive data is sealed in tamper evident containers and stored off site away from the CA. It is the DST management group’s responsibility to maintain the archives in a secure and protected manner. No other group has access to the archives, and only the DST management group has the authority to request an archive from the remote site.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

51

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4.6.4

Archive Backup Procedures

The backup group is responsible for making sure that all archive files are backed up and transferred to the bonded courier in a secure manner. All archive files are sealed in a tamperevident container, placed in a double locked box, and given to a bonded courier for transportation to the off-site archive. The courier then reports the transfer of the archives to the management group.

4.6.5

Archive Collection System (Internal or External)

Archives are produced by DST backup operators on a periodic basis (daily, weekly, and monthly) and given to an external courier service for secure delivery to management. Hence archive collection is external to some trusted roles, but internal to DST as a whole.

4.6.6

Procedures to Obtain and Verify Archive Information

Only the management group has the authority to request archives from the off-site storage, which will be delivered via bonded courier to an officer of DST.

4.7

Key Changeover

Additional policies and procedures in this category are determined by client and by CP. 4.8 Compromise and Disaster Recovery

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

52

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4.9

CA Termination

DST will notify all current certificate holders in the event of termination of the CA. Notification will be made via U.S. postal mail, e-mail, Web postings, or other methods as appropriate. If possible, all certificates will be revoked prior to termination of CA operations.

5

PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS
Physical Controls

5.1

All DST production CAs are located in secure, cement/masonry hardened buildings. The building(s)' exterior and interior rooms housing equipment are equipped with cipher locks on the doors. The facility is designed to provide top of the line data security and continuity services and has been designed to provide a high level of physical and operational security for mission-critical applications. The building is enclosed by an 8-foot-high steel fence with sharp edges at the top. An 8-foot iron gate at the front of the facility, with access controlled through a keycard, is within 30 yards of a security kiosk and is visible at all times. In addition, the perimeter of the building is secured with surveillance cameras 24 hours a day, 7 days a week. To enter the building, personnel must first pass through a mantrap. The first door in the trap requires keycard access; the second door requires both a keycard and a PIN number to gain access to the building. The lobby of the building is also monitored with surveillance cameras. To gain access to the offices and work area, a keycard is required. All keycard accesses in the facility are logged.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

53

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

In addition to the four layers of security implemented in the facility, a fifth layer of security protects the room containing the CA equipment. Limited to authorized personnel, access to this room is gained by two individuals simultaneously with a PIN and a biometric device. This secure computer room is monitored at all times with surveillance cameras. Finally, all CA and repository equipment is stored in secure locked cabinets that require physical or electronic keys for access. The building has been designed to augment the security and safety of the facility. To withstand a 7.5 magnitude earthquake, the building is constructed on top of nine large springs. In addition, the building is equipped with an Inergen fire detection and suppression system. The computer room is built like a vault with some modifications for fire prevention and ventilation requirements, and for enhanced security. The ceiling is secured with a 2-inch by 2inch steel grid that allows ventilation and fire prevention chemicals to flow throughout the room. In addition, chain link fencing has been laid to prevent under-floor access to the room. Air conditioning is provided in a fully redundant fashion around the perimeter of the computer room. A 4-inch concrete moat, equipped with water sensors, isolates the air conditioning water pipes from the rest of the computer room and signals an operator console that is staffed 24 hours a day, 7 days a week. Communications are provided through dual conduit access points on opposite sides of the building backed up through a microwave system. The facility maintains its own UPS and backup diesel generator that are tested weekly. Flood exposure is minimal to non-existent at the site.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

54

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

5.2

Procedural Controls

There are seven trusted roles identified by DST in this CPS: § § § § § § § Operating system administrators CA operators Directory/repository administrators Help desk infrastructure personnel Network infrastructure personnel (hubs, routers, firewalls, and network wiring) Backup operators DST Management Group.

Each of these roles is outlined below.

5.2.1

Operating System Administrators

Operating system administrators are responsible for the maintenance and operation of the machines used to run the CA, RA, and repository software. They perform all tasks required to keep the hardware and operating system functional and are expected to maintain Windows NT, UNIX, and Sun Solaris operating systems and hardware. To accomplish this task, the system administrators will possess system passwords to the operating system and will have keycard or biometric access to the computer rooms. Their role includes allowing CA operators physical access to the CA, RA, and repository systems. The system administrators are never in possession of the CA private key and password or hardware token that enables operation of a CA software system.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

55

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

5.2.2

CA Operators

The CA operator responsibilities encompass operation of CA and RA software and protection of critical CA and RA private keys. To perform these tasks, CA operators possess the CA and RA passwords and/or private key PINs (if applicable). CA operators do not have keycard access to the computer rooms and are required to be with an operating system administrator to gain access to the machine. CA operators do not have root operating system passwords. All CA and RA functions can only be performed on the console of the system that is running the CA or RA.

5.2.3

Directory/Repository Administrators

The role of repository administrator encompasses responsibility for the operation of the X.500 directory and associated database software needed by any of the CA software packages. To perform these tasks the repository administrator possesses the passwords and/or private key PINs (if applicable) needed for configuration and maintenance of the directory/repository. Repository administrators do not have keycard access to the computer rooms and are required to be with an operating system administrator to gain access to the machine. Repository administrators do not have root operating system passwords or CA passwords. All directory/repository functions can only be performed on the console of the system that is running the directory/repository.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

56

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

5.2.4

Help Desk Infrastructure Personnel

Help desk infrastructure personnel answer user questions and troubleshoot user problems either in-person, or by telephone or e-mail. They have user-level access to the OS on CA machines but do not have physical access to the machines or computer rooms. They are able to assist users with information regarding certificate issuance, account information, and other administrative functions. Help desk personnel are also able to assist users with problems they are experiencing with their certificates that have been issued. Infrastructure personnel are also responsible for maintaining the firewalls and routers that provide network security and access to the CA.

5.2.5

Network Infrastructure Personnel

The network infrastructure personnel will install, configure, maintain, and troubleshoot the network infrastructure including the network hubs, routers, switches, and firewalls. They will have system or root-level access to these devices but will not have any operating system, CA, or directory password access.

5.2.6

Backup Operators

Backup operators are responsible for backing up the CAs and associated software. They receive the minimum level of system access required to fulfill this role. In addition, backup operators are responsible for sealing the backup tapes in sequentially numbered tamper-proof containers, and for sealing the containers with nylon ties. These containers are then placed in a dual-locking carrying case and given to the bonded courier. This courier then transports the

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

57

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

sealed backup tapes to an off-site storage facility with the only point of access being the Management Group.

5.2.7

DST Management Group

The Management Group is responsible for providing independent oversight and supervision of the other roles. This role is accomplished by allowing the Management Group to have sole control of surveillance tapes (24 hours a day, 7 days a week surveillance camera video tapes of DST operations), maintenance of backup tapes (sequentially numbered and tamper-proof sealed and delivered), and audit logs (archived audit logs from the CA, RA, and repository systems). The Management Group also controls and archives any network flight recorder media (logs guide all network traffic coming in or out of the CA, RA, and repository-toWORM drive media).

5.3

Personnel Controls

DST CAs, RAs, and repositories will implement adequate security controls to ensure that the staff associated with the operation of these systems can be placed in a position of trust. The following sections describe how this requirement is implemented. In addition to the following measures, all DST personnel in the trusted roles submit to periodic drug testing and are required to be bonded.

5.3.1

Background, Qualifications, Experience, and Clearance Requirements

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

58

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

5.3.2

Background Check Procedures

All candidates for employment in a DST trusted role must agree to and undergo initial and periodic financial and criminal background investigation as a condition of employment. Investigations are conducted by agents chosen by DST, and the results of initial investigations are releasable only to DST, and not to the subject of investigation. Another condition of employment is if, at DST’s sole discretion, results from an initial investigation are deemed unsatisfactory, DST will not hire the personnel in question for a trusted role. In addition, if results from a periodic investigation are deemed unsatisfactory, DST will remove that employee from any trusted role, and will apply other appropriate personnel actions as allowed or required.

5.3.3

Training Requirements

All trusted personnel receive training as required to ensure they are competent to perform duties in a trusted position including the following:

§

All trusted personnel receive a copy of each CP under which DST issues certificates and the CPS.

§

All trusted personnel are instructed on the policies and procedures for operating in their specific role.

§

All CA operators are instructed in the policies and procedures for maintaining the confidentiality of private keying material.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

59

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

5.3.4

Retraining Frequency and Requirements

All trusted personnel undergo a retraining session every six months including a review of each CP under which DST is currently issuing certificates, and a full review of all DST policies and procedures.

5.3.5

Job Rotation Frequency and Sequence

Additional policies and procedures in this category are determined by client and by CP.

5.3.6

Sanctions for Unauthorized Actions

Any employees performing trusted roles who are cited by DST management for unauthorized actions, inappropriate actions, or unsatisfactory investigation results are immediately removed from their trusted role pending management review. Following further management review and discussion of actions or investigation results with employees, employees may be reassigned to their positions, transferred to non-trusted roles, or dismissed from employment, as appropriate.

5.3.7

Contracting Personnel Requirements

The personnel requirements of this CPS apply equally to DST employees, contractors, and subcontractors.

5.3.8

Documentation Supplied to Personnel

All personnel operating in a trusted position are given copies of the relevant CPs and the CPS. In addition, they have access to manuals for the operation of their components of the system.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

60

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

6

TECHNICAL SECURITY CONTROLS

6.1

Key Pair Generation and Installation

6.1.1

Key pair generation

For nearly all ACES implementations (see 6.1.2), key pairs for end users are generated in either hardware or software under the sole possession and control of the applicant / end user. The private key is never in the possession of anyone else. For all DST operations, key pairs will be generated in such a way that the private key is not known by anyone other than the authorized user of the key pair. Acceptable ways of accomplishing this include: § Requiring all users (CAs, CMAs, RAs, RSAs, and subscribers) to generate their own keys on a trustworthy system, and not reveal the private keys to anyone else. § Requiring keys to be generated in hardware tokens from which the private key cannot be extracted. DST supports this process for subscriber key pair generation. CA keys are generated in hardware tokens, unless specifically excepted by a client contract and CP. Key pairs for RAs or end-entities are generated in either hardware or software as defined by client contract and CP.

6.1.2

Private Key Delivery to Entity

If DST participates with or assists the applicant with key pair generation, the applicant’s private key shall remain only in volatile memory (only when necessary) until delivered to the applicant. DST shall not retain any copies of an applicant’s private key. If DST generates the private key

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

61

1 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

away from its ultimate user (e.g., in a hardware token at the CA or RA workstation), the key generation must be performed and the key transferred to the user in such a way that undetected compromise of the private key is precluded (e.g., the key generation event is witnessed and DST immediately delivers the key by insured, certified mail or by bonded, private courier service to the subscriber, and the events are sufficiently documented, in writing or by other means, to enable interested parties to determine afterwards in a provable manner that such did occur).

6.1.3

Public Key Delivery to Certificate Issuer

If DST generates a key pair, the public key is loaded directly into PKI management hardware and/or software. No intermediate storage subject to substitution or corruption is used. If the key pair is generated outside DST facilities (e.g., on the user’s workstation), the public key is transferred to the RA or CA in a way that ensures that: § § § It has not been changed during transit. The sender of the public key is the legitimate user claimed in the request. The sender of the public key possesses the private key that corresponds to the transferred public key. The transfer is accomplished through the inclusion of digital signatures on submissions from end users. End-entity signatures will prove possession of a private key, and will be verified in accordance with 3.1.7.

6.1.4

CA Public Key Delivery to Users

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

62

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

DST delivers CA public keys to end entities via an on-line transaction in accordance with IETF PKIX Part 3, or via other appropriate mechanisms.

6.1.5

Key Sizes

All public key technology used by DST for digital signatures is of equivalent or higher work factor to 1024-bit RSA keys. This includes 1024-bit DSA keys, and 160-bit ECDSA keys. Where software and hardware capabilities allow, DST uses public key technology with work factor equivalent to 2048-bit RSA keys for CAs, RA, and repositories. DST recognizes that existing standardized algorithms, particularly hashing algorithms, do not yet provide for this level of work factor.

6.1.6

Public Key Parameters Generation

Additional policies and procedures in this category are determined by client and by CP.

6.1.7

Parameter Quality Checking

Additional policies and procedures in this category are determined by client and by CP.

6.1.8

Hardware/Software Key Generation

Where system capabilities allow, DST uses hardware for generation of CA, RA, and repository private and public keys.

6.1.9

Key Usage Purposes (As Per X.509 v3 Key-Usage Field)

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

63

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

6.2

Private Key Protection

6.2.1 Standards for Cryptographic Module Where available, DST preferentially uses hardware cryptographic modules for key generation, and storage and signing operations that have been certified at least FIPS140-1 Level 3-compliant. When commercial products do not support FIPS140-1 validated modules, DST may use non-validated modules under certain certificate policies and client agreements.

6.2.2

Private Key (n out of m) Multiperson Control

Additional policies and procedures in this category are determined by client and by CP.

6.2.3

Private Key Escrow

Additional policies and procedures in this category are determined by client and by CP.

6.2.4

Private Key Backup

Additional policies and procedures in this category are determined by client and by CP.

6.2.5

Private Key Archival

Additional policies and procedures in this category are determined by client and by CP.

6.2.6

Private Key Entry into Cryptographic Module

Additional policies and procedures in this category are determined by client and by CP.

6.2.7

Method of Activating Private Key

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

64

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

When supported by the commercial hardware and software systems in use, private keys are activated by PIN or password entry through trusted paths by CA operators. However, subject to the procedures in specific CPs, software CA operators may employ various methods for activation of private keys (such as password-based encryption of software tokens). In all cases, activation data is controlled via multiparty control by the CA operators.

6.2.8

Method of Deactivating Private Key

Additional policies and procedures in this category are determined by client and by CP.

6.2.9

Method of Destroying Private Key

Private keys for DST CAs, RAs, and repositories are destroyed by using FIPS140-1 zeroing methods when available for cryptographic hardware, and active electronic erasure for software (and hardware when zeroing is unavailable), or incineration of the storage media.

6.3

Other Aspects of Key Pair Management

6.3.1

Public Key Archival

Additional policies and procedures in this category are determined by client and by CP.

6.3.2

Usage Periods for the Public and Private Keys

Additional policies and procedures in this category are determined by client and by CP.

6.4

Activation Data

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

65

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

6.4.1

Activation Data Generation and Installation

Additional policies and procedures in this category are determined by client and by CP.

6.4.2

Activation Data Protection

Additional policies and procedures in this category are determined by client and by CP.

6.4.3

Other Aspects of Activation Data

Additional policies and procedures in this category are determined by client and by CP.

6.5

Computer Security Controls

DST operates a variety of commercial software and hardware systems to provide CA, RA, and repository services. DST operates these software systems on Sun Solaris, UNIX, and Windows NT platforms. These systems are regularly scanned for potential security compromises and software is run locally to prevent such compromises. Systems that require a Windows NT platform are not operated in the TCSEC C2 evaluated configuration.

Passwords for these systems are changed every 35 days. In addition, password crackers are run weekly against these systems to test for weak or obvious passwords.

6.6

Life-Cycle Technical Controls

6.6.1

System Development Controls

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

66

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

6.6.2

Security Management Controls

Additional policies and procedures in this category are determined by client and by CP.

6.6.3

Life-Cycle Security Ratings

Additional policies and procedures in this category are determined by client and by CP.

6.7

Network Security Controls

All DST production CAs, RAs, and repositories are protected by firewalls. Separate ports of a filtering firewall allow access to each separate system, and are configured to allow only the addresses, ports, protocols, and commands required for the PKI services provided by that system. DST has engaged an independent contractor to perform penetration analysis of these firewalls in order to harden them.

6.8

Cryptographic Module Engineering Controls

Additional policies and procedures in this category are determined by client and by CP.

7

CERTIFICATE AND CRL PROFILES

7.1

Certificate Profile

Certificates that are issued by DST operating under the CPS are used for a variety of reasons, to be defined by the customer. Possible uses are:

§

Digital signature

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

67

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

§ § §

SSL Web access Data encryption Key agreement/exchange.

It is intended that all certificates issued by DST be compliant with X.509 version 3, PKIX Part 1, and the ISO Banking—Certificate Management Part 1. However, due to the current limitations of commercially available CAs and customer application requirements, full compliance may not be feasible at this time. If a customer requests a certificate profile that differs from that specified in the CPS or divergent from the aforementioned standards, the client’s needs will be accommodated with a specific CP detailing the divergent CP.

7.1.1

Version Number(s)

All certificates that reference this CPS will be issued in the X.509 version 3 format.

7.1.2

Certificate Extensions

The CPS imposes no additional requirements for certificate extensions over and above what is contained in ISO/15782-1 Banking—Certificate Management Part 1: Public Key Certificates. However, in recognition of the fact that the customer’s needs may vary and the commercial availability of CAs and certificate-aware applications may vary, full compliance with this standard may not be achieved initially. It is intended that all certificates created will conform as closely as possible to the standard, while still meeting customer requirements.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

68

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

Specific certificate extension use and population is specified in particular CPs, under which certificates are issued, or in client agreements and contracts when a CP extension is not included in a certificate.

7.1.3

Algorithm Object Identifiers

DST supports, at a minimum, RSA in accordance with FIPS PUB 186-1, NIST, December 1998. The following signature algorithms may be supported, at DST's option: (a) DSA in accordance with FIPS PUB 186-1, DSS, NIST, December 1998 (b) ECDSA in accordance with Draft ANSI Standard X9.62 For alternate algorithms, only Government-approved signature algorithms will be used.

7.1.4

Name Forms

Additional policies and procedures in this category are determined by client and by CP.

7.1.5

Name Constraints

Additional policies and procedures in this category are determined by client and by CP.

7.1.6

Certificate Policy Object Identifier

Certificates issued by DST operating under this CPS will preferentially include a reference to the OID for a certificate policy within the certificate policies extension field.

7.1.7

Usage of Policy Constraints Extension

Additional policies and procedures in this category are determined by client and by CP.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

69

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

7.1.8

Policy Qualifiers Syntax and Semantics

Additional policies and procedures in this category are determined by client and by CP.

7.1.9

Processing Semantics for the Critical Certificate Policy Extension

Additional policies and procedures in this category are determined by client and by CP.

7.2

CRL Profile

It is intended that all certificate revocation lists issued by DST operating under this CPS be compliant with Version 2 CRLs and their recommended used as specified in X.509 version 3, PKIX Part 1, and the ISO Banking—Certificate Management Part 1. However, due to the current limitations of commercially available CAs and customer application requirements, full compliance may not be feasible at this time. If a client requests a certificate revocation list profile that differs from that specified in this CPS or divergent from the aforementioned standards, the client’s needs will be accommodated with a specific CP detailing the divergent certificate profile.

7.2.1

Version Number(s)

All CRLs will be issued in the X.509 Version 2 format.

7.2.2

CRL and CRL Entry Extensions

As with certificate extensions, the CPS imposes no additional requirements for certificate revocation list extensions or certificate revocation entry extensions over and above what is contained in ISO/15782-1 Banking—Certificate Management Part 1: Public Key Certificates.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

70

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

However, in recognition of the fact that the client’s needs may vary and the commercial availability of CAs and certificate-aware applications may vary, full compliance with this standard may not be achieved initially. It is intended that all CRLs created will conform as closely as possible to the standard, while still meeting client requirements.

8

SPECIFICATION ADMINISTRATION

8.1

Specification Change Procedures

All proposed changes to the CPS that may materially impact DST clients (other than editorial or typographical corrections, or changes to the contact details) will be posted to the DST Web site. DST will allow clients a minimum of 45 days to provide comments on proposed changes. If the proposed changes are modified as a result of such comments, a new notice of the modified proposed change will be given.

8.2

Publication and Notification Policies

This CPS is copyright 2001 by Digital Signature Trust Co. For information on availability of the CPS, please contact DST through the contact information listed in Section 1.4.

8.3

CPS Approval Procedures

Approval of a changed CPS is subject to signature of the president of DST, subsequent to notification of DST clients.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

71

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

9

Appendix: ACES Privacy Policy and Procedures

DST follows the privacy policies and procedures described below for the Access Certificates for Electronic Services (ACES) contract. These policies and procedures are in addition to those described elsewhere in the CPS, and apply to all ACES certificates issued by DST.

DST handles customer information covered by the Privacy Act of 1974 in accordance with the requirements of 5 U.S.C. 552a and Appendix I to OMB Circular A-130. In addition, it is DST’s policy that all officers and employees working with ACES information read and understand the DST CPS and its privacy policies and procedures. After reading this CPS, officers and employees must sign a letter indicating that they have read and understood the CPS and its privacy policies and procedures.

9.1

Administrative, Technical, and Physical Safeguards

DST’s Privacy Policies and Procedures and CPS include provisions for the administrative, technical, and physical safeguards necessary to ensure integrity, confidentiality, and availability of records, systems of records, and reports containing data covered by the Privacy Act of 1974. The administrative, technical, and physical safeguards described elsewhere in this CPS apply equally to the ACES contract. The following additional safeguards apply specifically to the ACES contract.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement 1

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

9.1.1 Handling of Information Each officer or employee of DST to whom information may be made available or disclosed shall be notified in writing by DST that information disclosed to such officer or employee can be used only for a purpose and to the extent authorized in the ACES contract and this CPS.

Any GSA or Government information collected by DST will be used only for the purpose of carrying out the provisions of the ACES contract and will not be divulged or made known in any manner to any person except as may be necessary in the performance of the contract and in accordance with (IAW) the Privacy Act of 1974, and Appendix III to Office of Management and Budget (OMB) Circular A-130.

In performance of the ACES contract, DST assumes responsibility for protecting the confidentiality of Government records and for ensuring that all work is performed under the supervision of DST or DST’s responsible employees.

DST promulgates and maintains written Privacy Policies and Procedures designed to ensure compliance with the requirements of 5 U.S.C. 552a, and Appendix I to OMB Circular A-130, and the ACES contract. These policies and procedures have been incorporated into this CPS and contain the rules of conduct that are used to instruct DST’s officers and employees in compliance requirements and penalties for noncompliance.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

2

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

9.1.2

Information Provided to Certificate Applicant

Each applicant for an ACES certificate must first be provided, on a Government-approved form that can be retained by the individual applicant, the information set forth below: (a) The principal purposes of the ACES program (b) DST’s authority for collection of the information (c) That participation in the ACES program is strictly voluntary (d) That provision of the identity information requested is a mandatory prerequisite to being issued an ACES certificate (e) That the information provided is covered by the Privacy Act of 1974, and the protections therein provided (f) The routine uses that will be made of the information provided (g) The limitations on the uses of the information provided (h) The procedures for requesting access to the individuals’ own records (i) The possible consequences of failing to provide all or part of the requested information, or intentionally providing false information.

9.1.3

Limitations on Collection, Maintenance and Dissemination of Data

Collection, maintenance, and dissemination of data is limited as follows: (a) DST limits the collection and maintenance of data to that which is specifically authorized in the ACES contract, or otherwise approved in writing by the GSA Administrative Contracting Officer (ACO).

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

3

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(b) DST limits the dissemination of data to that which is specifically authorized in the contract, or otherwise approved in writing by the GSA ACO. (a) DST collects, to the maximum extent practicable, the required information directly from the individual to whom the record pertains, except where the purpose of the system of records is to verify the information provided by the individual (b) DST does not compile, maintain or disseminate any information describing how an individual or a group of individuals uses ACES certificates, except as specifically authorized in the contract, or otherwise approved in writing by the GSA ACO, to reasonably facilitate prevention and detection of fraud, waste, and abuse.

9.1.4

Notice of Existence of Records

An individual can be notified, in response to his/her written request, if any system of records named by the individual contains a record pertaining to him/her. Individuals must provide a signed, written request to DST as described on the DST Web site or by the DST customer service center. Except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, these privacy policies and procedures prohibit access to and/or disclosure of ACES information unless such access and/or disclosure is consistent with one of the exceptions set forth below: (a) Routine access by and disclosures to officers and employees of DST are permitted, when the officer or employee is required such access and/or disclosure in order to perform his/her assigned duties under the ACES contract

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

4

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(b) Routine accesses, disclosures, and uses are permitted when accomplished in accordance with the routine uses described in the ACES solicitation and ACES contract, or as otherwise approved in writing by the GSA Administrative Contracting Officer (c) Disclosure is permitted to any agency or instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity, if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to DST specifying the particular portion of the record desired and the law enforcement activity for which the record is sought (d) Routine access by and disclosures to third party Quality Assurance Inspectors hired by DST to provide an independent assessment of DST’s compliance with the requirements set forth in the ACES solicitation (e) Disclosure is permitted pursuant to the order of a court of competent jurisdiction.

DST will not permit an individual to access any information that has been compiled in reasonable anticipation of a civil or criminal action or proceeding, except as authorized in writing by the GSA ACO.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

5

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

DST will make reasonable efforts to serve notice to an individual when any record on such individual is made available to any person under compulsory legal process, when such process becomes a matter of public record.

In the event of any disclosure of any record occurring after the filing of a statement of disagreement by the individual that is the subject of the record, DST will clearly note any portion of the record that is in dispute, will provide copies of the statement of disagreement filed by the individual, and will provide a concise statement of its reasons for not making the amendments requested by the individual.

9.1.5

Access to Records by Covered Individual

DST provides for receipt, granting, responding to, and monitoring of requests from ACES individuals for notification of, access to, review of, and copies of their records. For purposes of notification of the existence of and granting access to records, DST permits the parent of any minor, or the legal guardian of any individual declared to be incompetent by a court of competent jurisdiction, to act on behalf of such individual. The following discusses an individual’s ability to access ACES records: (a) An ACES individual may request disclosure of the existence of any records pertaining to him/her by the following procedure. Individuals must provide a signed, written request to DST as described on the DST Web site or by the DST customer service center.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

6

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(b) The identity of the individual must be proven before notification of the existence of a record or granting access to such record through the inclusion of a notarized letter. This letter must identify the individual submitting the request to DST as described on the DST Web site or by the DST customer service center. (c) DST will maintain documentation establishing and verifying the individual's identity prior to disclosing that there is a record on that individual. (d) DST will maintain a copy of the individual’s written request for notice of any record of him or her in a system of records maintained by DST. (e) DST will maintain a copy of any notice forwarded to any individual in response to his/her request for notification of the existence of any record(s) pertaining to that individual. (f) An individual will be granted access to his/her record for the purposes of reviewing and/or copying that record after submitting a request in writing to DST as described on the DST Web site or by the DST customer service center. (g) DST will maintain a copy of the individual’s written request for access to any record(s) pertaining to him/her. (h) DST will maintain a copy of any response to the individual’s request for access to his/her record(s).

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

7

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

(i) Prior to granting an individual access to his/her record(s) the individual must prove his/her identity by providing a notarized letter as described on the DST Web site or by the DST customer service center. (j) DST will maintain documentation establishing and verifying the individual’s identity. (k) An individual does not need accompaniment while reviewing his/her record(s), and instead will be provided a copy of his/her records in a secure e-mail format, or through the U.S. mail. (l) Maintenance documentation establishing the identity of the individual accompanying the individual to whom the record pertains will not be required since record copies will be provided directly. (m) DST’s process as described above eliminates the need for monitoring individuals. (n) Fees to be charged to any individual for making copies of his/her records are described on the DST Web site and are provided upon request by the DST customer service center. These fees exclude the cost of any search for and review of the record.

9.1.6

Amendment of Records

DST has defined and maintains a process for reviewing a request from an individual concerning the amendment of any record or information pertaining to that individual, for making a determination on that request, for an appeal within the contractor’s organization of an initial

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

8

1 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

adverse contractor determination, and for an appeal to GSA of any continuing adverse contractor determination. This process includes the following provisions.

9.1.6.1 Handling of Request to Amend Record

The following discusses how to handle a request to amend an ACES record:

§

DST maintains a record of each request for amendment that it receives, including the date and time the request was received, the name of the record, and the name of the requestor.

§

DST will provide, to the requesting individual, written acknowledgment of the receipt of his/her request for amendment of his/her record, within ten (10) working days of the date of receipt of that request. A copy of this written acknowledgment will be made a part of the record of the request for amendment.

§

DST will notify the GSA ACO of the receipt of a request for amendment of a record, in writing, within ten (10) working days of the date of receipt of that request. A copy of this written notification will be made a part of the record of the request for amendment.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

9

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

§

DST will make any corrections to any record or portion thereof that are required to ensure that the record is accurate, relevant, timely, and/or complete, within twenty (20) working days of the date of receipt of a request for amendment of that record. A copy of the corrections made, if any, will be made a part of the record of the request for amendment and a copy of which will be forwarded to the GSA ACO.

§

In the event that DST makes any corrections to any record or portion thereof, it will so notify any person or agency to which that record was previously disclosed, in writing, within ten (10) working days of the date of making such corrections. A copy of such notification(s) will be made a part of the record of the request for amendment.

§

In the event that DST refuses to amend a record in accordance with the individual’s request, DST will so notify the requesting individual and the GSA ACO, in writing, within twenty (20) working days of the date of receipt of that request. This notification will include the reason for the refusal, the procedures established by the contractor for the individual to request a review of that refusal by a higher authority in DST’s organization, and the name and business address of that higher authority figure. A copy of such notification will by made a part of the record of the request for amendment.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

10

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

§

In the event that DST refuses to make the amendments requested, it will notify the GSA ACO and any person or agency to which that record was previously disclosed that there is an unresolved dispute relating to that record, in writing, within twenty (20) working days of the date of receipt of that request. A copy of such notification will be made a part of the record of the request for amendment.

9.1.6.2 Handling of Request to Review Refusal to Amend Record ACES applicants may request to review any refusal to amend records according to the following provisions and procedures. The following discusses how to handle a request to review a refusal to amend an ACES record:

§

DST maintains a record of the date and time of receipt of any request for review of a refusal to amend a record, which includes a copy of the request. This information will be made a part of the record of the original request for amendment.

§

DST will provide, to the requesting individual, written acknowledgement of the receipt of his/her request for review of a refusal to amend his/her record, in writing, within ten (10) working days of the date of receipt of that request. A copy of that acknowledgment will be made a part of the record of the original request for amendment.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

11

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

§

DST will notify the GSA ACO of the receipt of a request for review of a refusal to amend a record, in writing, within ten (10) working days of the date of receipt of that request. A copy of such notification will be made a part of the record of the original request for amendment.

§

DST will complete the requested review of a refusal to amend a record and make a final determination not later than thirty (30) working days from the date of receipt of the request for review.

§

If DST, for good cause shown, is unable to complete its review and determination relating to a request for review of its initial refusal to amend a record, it will submit a written request for extension to the GSA ACO not later than twenty-five (25) working days from the date of receipt of the request. If the request for extension is not approved by the GSA ACO and/or DST is unable to make a final determination within the time allotted, DST will process the request for review of refusal to amend as if its determination was to continue to refuse to amend the record.

§

In the event that DST’s review of its initial refusal to amend results in a determination to amend the record as requested, DST will resume processing of the amendment as set forth above.

9.1.6.3 Notification of Right to Appeal to GSA
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

12

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

In the event that DST’s review of its initial refusal to amend results in a determination to continue to refuse to amend the record, DST will so notify the requesting individual and the GSA ACO of its determination, the individual’s right to appeal directly to GSA, and the individual’s right to file a concise statement with the GSA ACO setting forth the reasons for his/her disagreement with the contractor’s continuing refusal to amend the record. This notification will be made a part of the record of the initial request for amendment.

9.1.7

Disclosure Accounting

DST maintains records of all disclosures of information covered by the Privacy Act of 1974 according to the following provisions:

§

The minimum disclosure accounting data that will be collected and maintained by DST, for each disclosure, include but are not limited to: (a) The name of the individual to whom the disclosed record pertains (b) The system of records from which the disclosure was made (c) The data disclosed (d) The date, nature, and purpose of the disclosure (e) The name, address, and telephone number of the person or agency to whom the disclosure was made.

§

DST will retain the disclosure accounting data for at least five (5) years after the date of the disclosure for which the accounting was made.
© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

13

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

§

Except for disclosures made for a civil or criminal law enforcement activity pursuant to the requirements set forth above, DST will make the disclosure accounting data available to the individual named in the record disclosed, at his/her written request.

§

DST will make reasonable efforts to serve written notice to an individual when any record on such individual is made available to any person or agency under a compulsory legal process, once such process becomes a matter of public record.

9.1.8

Reports

DST will submit a written request to the GSA ACO for approval to establish any new system of records or make a significant change in any existing system of records not less than sixty working days prior to the requested implementation date.

9.1.9

Certificate Issuance Warrants

Upon successful completion of the Subscriber identification and authentication process in accordance with the GSA ACES contract, the DST will create the requested ACES Certificate, notify the applicant thereof, and make the ACES Certificate available to the applicant. DST will use an out-of-band notification process linked to the ACES Certificate applicant’s physical U.S. postal mail address and deliver the ACES Certificate only to the Subscriber.

© 2001 Digital Signature Trust Co. All rights reserved. Certification Practices Statement

14

Sign up to vote on this title
UsefulNot useful