Certification Practice Statement (CPS) - NSDL e Certification Practice Statement (CPS) By NSDL e-Governance

  • View
    0

  • Download
    0

Embed Size (px)

Text of Certification Practice Statement (CPS) - NSDL e Certification Practice Statement (CPS) By NSDL...

  • Certification Practice Statement

    (CPS)

    By NSDL e-Governance Infrastructure Limited (NSDL e-Gov)

    Version 1.1

  • NSDL e-Gov - Public Page 2 of 47

    Contents

    Definitions ............................................................................................................................... 7

    1. Introduction ................................................................................................................... 11

    1.1. Overview ................................................................................................................. 11

    1.2. Identification .......................................................................................................... 13

    1.3. Community and Applicability ............................................................................... 13

    1.3.1 NSDL e-Gov Certifying Authority (CA) .......................................................... 13

    1.3.2 End Entity .......................................................................................................... 13

    1.3.3 End-user Aadhaar ............................................................................................. 13

    1.3.4 Application Service Provider ........................................................................... 14

    1.4. Applicability ........................................................................................................... 14

    1.5. Contact Information .............................................................................................. 14

    2. General Provisions ........................................................................................................ 15

    2.1 Obligations ............................................................................................................. 15

    2.1.1 CA Obligations .................................................................................................. 15

    2.1.2 Obligations of Subscriber / End-User............................................................. 15

    2.1.3 Obligation of Registration Authority ............................................................. 16

    2.1.4 Obligation of Relying Party............................................................................. 16

    2.1.5 Obligation of Application Service Provider ................................................... 17

    2.1.6 Obligation of Repository ................................................................................. 17

    2.2 Liabilities ................................................................................................................. 17

    2.2.1 Liability of CA ................................................................................................... 17

    2.2.2 Liability of Subscriber ...................................................................................... 18

    2.2.3 Liability of Relying Party ................................................................................. 19

    2.2.4 Liability of Application Service Provider ....................................................... 19

    2.3 Financial Responsibility ......................................................................................... 20

    2.3.1 Financial Responsibility of NSDL e-Gov CA ................................................... 20

    2.3.2 Independent Parties ......................................................................................... 21

    2.3.3 Administrative Processes ................................................................................. 21

    2.3.4 Interpretation and Enforcement ..................................................................... 21

    2.3.5 Governing Laws ................................................................................................ 21

    2.3.6 Severability of Provisions, Survival, Merger and Notices ............................ 21

    2.3.7 Dispute Resolution ........................................................................................... 22

  • NSDL e-Gov - Public Page 3 of 47

    2.4 Fees .......................................................................................................................... 23

    2.4.1 Certificate Issuance .......................................................................................... 23

    2.4.2 Revocation or Status Information Access Fees ............................................. 23

    2.4.3 Fees for Other Services such as Policy Information ...................................... 23

    2.4.4 Refund Policy .................................................................................................... 23

    2.5 Publication and Repositories ................................................................................ 24

    2.5.1 Publication of CA Information ........................................................................ 24

    2.5.2 Frequency of Publication ................................................................................. 24

    2.5.3 Access Control .................................................................................................. 24

    2.6 Compliance Audit .................................................................................................. 24

    2.6.1 Frequency of Compliance Audit ..................................................................... 25

    2.6.2 Identity/ Qualifications of Auditor ................................................................. 25

    2.6.3 Auditor’s Relationship to Audited Party........................................................ 25

    2.6.4 Topics covered by Audit .................................................................................. 25

    2.6.5 Actions taken as Result of Deficiency ............................................................ 25

    2.6.6 Communication of Audit Results .................................................................... 25

    2.7 Confidentiality ........................................................................................................ 26

    2.7.1 Types of Information to be kept Confidential.............................................. 26

    2.7.2 Types of Information not Considered Confidential ..................................... 26

    2.7.3 Disclosure of Certificate Revocation Information ........................................ 26

    2.7.4 Release to Law Enforcement Officials ........................................................... 26

    2.7.5 Release as Part of Civil Discovery .................................................................. 27

    2.7.6 Disclosure upon end-user / Subscriber's Request ....................................... 27

    2.7.7 Other Information Release Circumstances.................................................... 27

    2.7.8 Intellectual Property Rights ............................................................................ 27

    3 Identification & Authentication .................................................................................. 28

    3.1 Initial Registration ................................................................................................. 28

    3.1.1 Type of Names ................................................................................................. 28

    3.1.2 Need for names to be Meaningful ................................................................. 28

    3.1.3 Rules for Interpreting Various Name Forms ................................................. 28

    3.1.4 Routine Rekey and renewal process .............................................................. 28

    4 Operational Requirements ........................................................................................... 29

    4.1 Certificate Application........................................................................................... 29

  • NSDL e-Gov - Public Page 4 of 47

    4.1.1 Classes of Certificate ........................................................................................ 29

    4.1.2 Certificate Application Process ....................................................................... 29

    4.2 Certificate Issuance ................................................................................................ 30

    4.2.1 Certificate issuance process ............................................................................ 30

    4.2.2 Approval / Rejection of Certificate Application ............................................ 31

    4.2.3 CA’s representations to Subscriber ................................................................ 31

    4.2.4 CA’s representations to Relying Parties ......................................................... 32

    4.2.5 Limitations on NSDL e-Gov CA Representations .......................................... 32

    4.2.6 Right to Investigate Compromises ................................................................. 32

    4.3 Certificate Download and Acceptance ................................................................. 33

    4.4 Certificate Revocation List (CRL) .......................................................................... 33

    4.5 System Security Audit Procedures ........................................................................ 33

    4.5.1 Types of Event Recorded (Audit) .