CERTIFICATION PRACTICE STATEMENT Digital …

1 CERTIFICATION PRACTICE STATEMENT (CPS) P a g e | 1 CERTIFICATION PRACTICE STATEMENT Digital signature CERTIFICATION Services Document Name CPS Version Number Release Date Classification Public CERTIFICATION PRACTICE STATEMENT (CPS) P a g e | 2 EXECUTIVE SUMMARY Capricorn Identity Services Pvt. Ltd. Certifying Authority (hereinafter referred to as Capricorn CA ) is a Certifying Authority licensed under the Indian IT Act 2000 read with Indian IT Act, 2008 (Amendment). As a Certifying Authority, Capricorn CA is authorized to issue Digital signature Certificates to individuals, organizations, websites, devices and so on.

2 Capricorn CA is promoted by the directors of M/S Capricorn Infotech Pvt. Ltd., a company with two decades of experience in secure access and authentication solutions and e-commerce. This CPS is intended to act as a guide and control document for all the stakeholders participating in Digital signature Certificate issuance, management and usage. The primary stakeholders and users of this document are: Capricorn CA, the Subscribers, the Relying Parties, the Office of the Controller of Certifying Authorities and the Applicants.

3 The applicants after being issued the certificate are defined as the subscribers. Each of the applicants, is specifically advised to go through the provisions of the CPS to understand its rights and obligations. The CPS document defines the rights and obligations of other participating entities as well. The document captures the process of identifying an individual applicant and the detailed procedure involved in issuance of a certificate. It also describes the procedures for revocation of certificates. In accordance with the provisions of the IT Act and various rules and regulations concerning Digital signature Certificate and as per prevailing standards, Capricorn CA offers different classes of certificates based on the trust levels.

4 Accordingly, the procedures for the identification of applicants are different for the different classes of Certificates. Also these procedures conform to Identity Verification Guidelines issued by the Office of Controller of Certifying Authorities. In the case of Aadhaar e-KYC OTP and biometric Class of certificates the identification procedures are conform to e-authentication guidelines issued by CCA. Issuance of Digital Certificates being Trust business, the document describes in detail the various security measures adopted by Capricorn CA for handling the sensitive information of the subscribers as well secure issuance and distribution of keys.

5 The document also covers the various audit requirements and practices followed by the Capricorn CA for safe and reliable operations. CERTIFICATION PRACTICE STATEMENT (CPS) P a g e | 3 Table OF CONTENTS 1. INTRODUCTION .. 8 Background .. 8 Introduction .. 8 Overview .. 9 Scope .. 9 10 Contact Details .. 11 Services .. 12 2 GENERAL PROVISIONS .. 12 Obligations .. 12 Certifying Authority (CA) Obligations .. 12 Registration Authority (RA) Obligations .. 12 Subscriber Obligations .. 13 Relying Party Obligations .. 14 Repository Obligations.

6 14 Liability .. 14 CA Liability .. 14 Kinds of damages covered .. 15 Loss limitations (caps) per certificate or per transaction .. 16 Other Exclusions .. 16 Financial Responsibility .. 17 Indemnification of Certifying Authority by relying 17 Indemnification by Subscribers .. 17 Indemnification by Relying Parties .. 18 Fiduciary relationships between the various entities .. 18 Administrative processes .. 18 Interpretation and Enforcement .. 19 Governing laws .. 19 Severability, Survival, Merger and Notice .. 19 Severability .. 19 Survival.

7 19 Merger .. 19 Notice .. 19 Dispute Resolution Procedures .. 20 Fees .. 20 Certificate issuance or renewal fees .. 21 Certificate Access Fee .. 21 CERTIFICATION PRACTICE STATEMENT (CPS) P a g e | 4 Revocation or status information access fee .. 21 Fees for other services such as policy information .. 21 Refund 21 Publication and Repositories .. 22 Certifying Authority s PRACTICE information .. 22 Frequency of publication .. 22 Access control on published information .. 23 Certifying Authority s Repository .. 23 Compliance Audit .. 23 Frequency of Compliance Audits.

8 23 Identity / qualifications of the auditor .. 23 Auditor s relationship to the entity being audited .. 24 List of topics covered under the compliance audit .. 24 Actions taken for deficiency found during compliance audit .. 25 Compliance audit results .. 25 Policy of Confidentiality .. 25 Types of Confidential information .. 25 Types of information that are not confidential .. 26 Reasons for revocation and suspension of certificates .. 26 Policy on release of information to law enforcement officials .. 26 Information that can be revealed as part of civil discovery.

9 27 Conditions for Certifying Authority to disclose information .. 27 Other circumstances to disclose information .. 27 Intellectual Property Rights .. 27 Capricorn 27 Ownership Rights of Certificate .. 28 Capricorn Certifying 28 Subscriber .. 28 Ownership Rights of this CPS .. 29 Ownership Rights of Names .. 29 Ownership Rights of Keys .. 29 Capricorn Certifying 29 Subscriber .. 29 Copyrights and Trademarks .. 29 3 IDENTIFICATION AND AUTHENTICATION .. 30 Initial Registration .. 30 Type of Names .. 30 Meaningful Names .. 30 Rules for Interpreting Various Name Forms.

10 30 Resolution of Name Claim Disputes .. 30 Recognition, Authentication and Role of Trademarks .. 31 Possession of Private Key .. 31 Authentication Requirements for Organizational Identity .. 31 Authentication Requirements for an Individual .. 32 Routine Re-key .. 32 CERTIFICATION PRACTICE STATEMENT (CPS) P a g e | 5 Re-key after Revocation .. 32 Revocation Request .. 32 4 OPERATIONAL REQUIREMENTS .. 33 Certificate Application .. 33 Certificate Issuance .. 33 Certificate Acceptance .. 33 Certificate Suspension and Revocation .. 34 Security Audit Procedures.