Netrust Pte Ltd ("Netrust") Certificate Policy

Gold Individual (Disk)

1. Introduction
Certificate Policy (CP) is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of applications with common security requirements and is further supported by the Netrust Certification Practice Statement ("CPS").

When Netrust issues a certificate, it is making a statement that the certificate is associated with the person or equipment uniquely named within that certificate. The process of issuance of any class of certificates is guided by the relevant CP and the CPS. The Relying Party should assess his own requirements when relying on a particular Netrust Certificate, taking into consideration the CP, applicable to that Netrust Certificate, together with the CPS.

This CP is applicable to the class of Netrust Gold Individial (Disk) Certificate ("GIDC").

2. Policy Object Identifier
This CP is represented in the GIDC by the unique, registered Policy Object Identifier "1.2.702.0.1002.1.2".

3. Characteristics
A. Registration
Registration of the GIDC will be based on the Organisation Registration Authority ("ORA") adopting a "Face- to-Face" registration process together with the relevant identification documents in accordance with Clause 4.1 of the CPS.

B. Issuance
Issuance of the GIDC will be based on the ORA providing a set of unique registration information to allow the Subscriber to generate a set of unique keys and Certificate in accordance with Clause 4.2 of the CPS.

Acceptance of the GIDC will be based on the ORA implicitly accepting a profile that contains the Subscriber’s private signing key and decryption key, public verification and encryption certificates and the Netrust CA public verification Certificate.

C. Storage & Escrow
The Subscriber’s private keys associated with the GIDC will be stored within a computer disk, either in the hardware or on a removable storage device with password protection.

With the GIDC, the Netrust PCS only has provision to perform key escrow for encryption private key.

4. Applicability and Suitability
The Relying Party may wish to consider using the GIDC in applications requiring authentication, message integrity and confidentiality features such as electronic commerce. The GIDC does not provide for strong digital signatures but provides a lower level of assurance for digital signatures and as such is not suitable for any applications requiring the non-repudiation of any electronic communications or transactions.

5. Loss and Replacement
In the event of loss of the GIDC token, the Subscriber must report, or authorise another person in writing, to Netrust or its Sponsor or Sponsor ORA.

The replacement process will be similar to the initial registration process.

6. Validity and Expiry
GIDC will have a life span of 3 years subject to the payment of renewal fees.

7. Renewal
Upon expiry, the Subscriber will have to obtain a new set of keys and certificate either through an automatic or manual renewal process.

8. Obligations
The Netrust CPS sets out the obligations to be performed by Netrust, the Organisation Registration Authorities, the Sponsors, the Subscribers and the Relying Parties and all such provisions must be read and understood by all parties and shall be deemed to be incorporated herein by reference.

9. Disclaimers
9.1 Netrust shall not be liable for any loss or damage whatsoever, including but not limited to direct, compensatory, indirect, special, consequential, exemplary or incidental damages incurred by any person howsoever arising directly or indirectly, including but not limited to contract, tort and any other form of liability claims, in connection with the use or reliance on any certificates by any parties. Unless otherwise expressly stated in this CP, Netrust does not warrant that any materials, documents, software, products or any certificates supplied or provided by Netrust will be error-free and all statements, conditions or warranties, express or implied, statutory or otherwise, as to the quality, merchantability, or suitability or fitness for any particular purpose of any such materials, documents, software, products or any certificates thereto is hereby excluded.

9.2 In the event that any limitation or provision contained in this Agreement is held to be invalid for any reason and Netrust becomes liable for loss or damage that would otherwise have been excluded hereunder or excludable in law, Netrust's total liability shall be limited to the aggregate amount of its liability under any insurance policies that it subscribes to for each certificate as set out below and as may be further and/or subsequently amended By Netrust.

Certificate Class Liability Cap
GIDC Singapore Dollars One Thousand (S$1,000.00)