Netrust Pte Ltd ("Netrust") Certificate Policy

Gold Individual (Token)

1. Introduction
Certificate Policy (CP) is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of applications with common security requirements and is further supported by the Netrust Certification Practice Statement ("CPS").

When Netrust issues a certificate, it is making a statement that the certificate is associated with the person or equipment uniquely named within that certificate. The process of issuance of any class of certificates is guided by the relevant CP and the CPS. The Relying Party should assess his own requirements when relying on a particular Netrust Certificate, taking into consideration the CP, applicable to that Netrust Certificate, together with the CPS.

This CP is applicable to the class of Netrust Gold Individual (Token) Certificate ("GITC").


2. Policy Object Identifier
This CP is represented in the GITC by the unique, registered Policy Object Identifier "1.2.702.0.1002.1.1".


3. Characteristics
A. Registration
Registration of the GITC will be based on the Organisation Registration Authority ("ORA") adopting a "Face- to-Face" registration process together with the relevant identification documents in accordance with Clause 4.1 of the CPS.

B. Issuance
Issuance of the GITC will be based on the ORA providing a set of unique registration information to allow the Subscriber to generate a set of unique keys and Certificate in accordance with Clause 4.2 of the CPS.

Acceptance of the GITC will be based on the ORA implicitly accepting a profile that contains the Subscriber’s private signing key and decryption key, public verification and encryption certificates and the Netrust CA public verification Certificate.

C. Storage & Escrow
The Subscriber’s private keys associated with the GITC must be stored in either of the following types of security token:

1. Gemplus MPCOS 32K-3DES Production Smart Card with Netrust Card Map 3;
2. Gemplus MPCOS 64K-3DES Production Smart Card with Netrust Card Map 3;
3. Gemplus MPCOS 32K-3DES Production Smart Card with Netrust Card Map 2.
4. Gemplus MPCOS 64K-3DES Production Smart Card with Netrust Card Map 2;

With the GITC, the Netrust PCS only has provision to perform key escrow for encryption private key.


4. Applicability and Suitability
The Relying Party may wish to consider using the GITC in applications requiring strong authentication, message integrity, digital signature and confidentiality features such as secure electronic commerce, secure bank related activities and secure government services. Netrust has also introduced additional security enhancement for the Gemplus MPCOS cards, and Netrust highly recommends that the Relying Party adopt this security enhancement. Please contact Netrust for the necessary information and details.

If the Relying Party does not implement such additional security enhancements, the Relying Party must be aware that the digital signatures may not provide the desired level of assurance.


5. Loss and Replacement
In the event of loss of the GITC token, the Subscriber must report, or authorise another person in writing, to Netrust or its Sponsor or Sponsor ORA.

The replacement process will be similar to the initial registration process.


6. Validity and Expiry
GITC will have a life span of 3 years subject to the payment of annual renewal fees.


7. Renewal
Upon expiry, the Subscriber will have to obtain a new set of keys and certificate either through an automatic or manual renewal process.


8. Obligations
The Netrust CPS sets out the obligations to be performed by Netrust, the Organisation Registration Authorities, the Sponsors, the Subscribers and the Relying Parties and all such provisions must be read and understood by all parties and shall be deemed to be incorporated herein by reference.


9. Disclaimers
9.1 Netrust shall not be liable for any loss or damage whatsoever, including but not limited to direct, compensatory, indirect, special, consequential, exemplary or incidental damages incurred by any person howsoever arising directly or indirectly, including but not limited to contract, tort and any other form of liability claims, in connection with the use or reliance on any certificates by any parties. Unless otherwise expressly stated in this CP, Netrust does not warrant that any materials, documents, software, products or any certificates supplied or provided by Netrust will be error-free and all statements, conditions or warranties, express or implied, statutory or otherwise, as to the quality, merchantability, or suitability or fitness for any particular purpose of any such materials, documents, software, products or any certificates thereto is hereby excluded.

9.2 In the event that any limitation or provision contained in this Agreement is held to be invalid for any reason and Netrust becomes liable for loss or damage that would otherwise have been excluded hereunder or excludable in law, Netrust's total liability shall be limited to the aggregate amount of its liability under any insurance policies that it subscribes to for each certificate as set out below and as may be further and/or subsequently amended By Netrust.

Certificate Class Liability Cap
GITC Singapore Dollars One Thousand (S$1,000.00)

THIS CP MUST BE READ IN CONJUNCTION WITH THE NETRUST CPS AT http://www.netrust.net