Netrust Pte Ltd ("Netrust") Certificate Policy

Gold Server (Disk)

1. Introduction
Certificate Policy (CP) is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of applications with common security requirements and is further supported by the Netrust Certification Practice Statement ("CPS").

When Netrust issues a certificate, it is making a statement that the certificate is associated with the person or equipment uniquely named within that certificate. The process of issuance of any class of certificates is guided by the relevant CP and the CPS. The Relying Party should assess his own requirements when relying on a particular Netrust Certificate, taking into consideration the CP, applicable to that Netrust Certificate, together with the CPS.

This CP is applicable to the class of Netrust Gold Server (Disk) Certificate ("GSDC").

2. Policy Object Identifier
This CP is represented in the GSDC by the unique, registered Policy Object Identifier "1.2.702.0.1002.1.102".

3. Characteristics
A. Registration
Netrustís policy for GSDC is to register only business or governmental organisations. Registration of the GSDC will be based on the Organisation Registration Authority ("ORA") adopting a "Face-to-Face" registration process of the authorised representative of the Subscriber (the "Authorised Representative") together with the relevant identification documents in accordance with Clause 4.1 of the CPS.

B. Issuance
Issuance of the GSDC will be based on the ORA providing a set of unique registration information to allow the Authorised Representative to generate a set of unique keys and Certificate in accordance with Clause 4.2 of the CPS.

Acceptance of the GSDC will be based on the ORA implicitly accepting a profile that contains the Subscriberís private signing key and decryption key, public verification and encryption certificates and the Netrust CA public verification Certificate.

C. Storage & Escrow
The Subscriberís private keys associated with the GSDC will be stored by the Authorised Representative within a computer disk, either in the hardware or on a removable storage device with password protection. Netrust strongly recommends that additional security measures be taken to protect access to the private keys.

If the Subscriber does not implement such additional security measures, the GSDC shall be deemed to have a lower level of assurance.

With the GSDC, the Netrust PCS only has provision to perform key escrow for encryption private key.

4. Applicability and Suitability
The Relying Party may wish to consider using the GSDC in applications requiring strong authentication, message integrity, digital signature and confidentiality features such as secure electronic commerce, secure bank related activities and secure government services.

5. Loss and Replacement
In the event of loss of the GSDC token, the Authorised Representative must report, or authorise another person in writing, to Netrust or its Sponsor or Sponsor ORA.

The replacement process will be similar to the initial registration process.

6. Validity and Expiry
GSDC will have a life span of 1 year subject to the payment of renewal fees.

7. Renewal
Upon expiry, the Authorised Representative will have to obtain a new set of keys and certificate either through an automatic or manual renewal process.

8. Obligations
The Netrust CPS sets out the obligations to be performed by Netrust, the Organisation Registration Authorities, the Sponsors, the Subscribers and the Relying Parties and all such provisions must be read and understood by all parties and shall be deemed to be incorporated herein by reference.

9. Disclaimers
9.1 Netrust shall not be liable for any loss or damage whatsoever, including but not limited to direct, compensatory, indirect, special, consequential, exemplary or incidental damages incurred by any person howsoever arising directly or indirectly, including but not limited to contract, tort and any other form of liability claims, in connection with the use or reliance on any certificates by any parties. Unless otherwise expressly stated in this CP, Netrust does not warrant that any materials, documents, software, products or any certificates supplied or provided by Netrust will be error-free and all statements, conditions or warranties, express or implied, statutory or otherwise, as to the quality, merchantability, or suitability or fitness for any particular purpose of any such materials, documents, software, products or any certificates thereto is hereby excluded.

9.2 In the event that any limitation or provision contained in this Agreement is held to be invalid for any reason and Netrust becomes liable for loss or damage that would otherwise have been excluded hereunder or excludable in law, Netrust's total liability shall be limited to the aggregate amount of its liability under any insurance policies that it subscribes to for each certificate as set out below and as may be further and/or subsequently amended By Netrust.

Certificate Class Liability Cap
GSDC Singapore Dollars One Thousand (S$1,000.00)