IDRBT-CPS-v3

Recommendations

Info

accepting certificate applications, authenticating the identity or other credentialsof the applicant, then approving or rejecting the application. The obligations areenforced in agreement and are set out in a set of RA operating procedures.The RAs shall be officials preferably not less than the rank of a Deputy GeneralManager from Public Sector banks, Private Sector banks, Financial Institutions(FIs), and Foreign banks recognized by Reserve Bank of India in the country.Types of entities that are certified by IDRBT CA as end entities:IDRBT offers Certification Services primarily for the members of the INFINET(the membership of the INFINET is accorded by the Reserve Bank of India) andindividuals recommended by Registration Authority. Later if any change, it willbe amended in the IDRBT CA CPS accordingly on the approval of CCA.A list of PKI enabled applications for which the certificates are issued:The practices described in this CPS support a large, diverse, and widespreadcommunity of users who require PKI certificate services in support of securityfunctions like authentication, non-repudiation, integrity and confidentiality ofelectronic, financial transactions over networks.The IDRBT CA PKI user community may regard the practices described in thisCPS as:ensuring standard operating procedures and uniform quality of servicedelivery across the PKI;fostering and promoting high levels of trust and integrity across the PKI.1.3.1.1 Policy AuthoritiesIDRBT CA’s policy authorities consist of:Policy Approval CommitteeIDRBT CA Policy Approval Committee has been established tomaintain the integrity of the policy infrastructure in IDRBT CA (Ref#IDRBTCA/DOC/SPP: Security Policies and Procedures).IDRBT CA CPS Version 3.2, Copyright © IDRBT, 2002-12IDRBTCA/DOC/CPS/3.27
Review CommitteeIDRBT CA Review Committee has been established to review theoperational requirements of IDRBT CA Certification Services andsubmit new or changed polices to Policy Approval Committee forapproval (Ref# IDRBTCA/DOC/SPP: Security Policies and Procedures).1.3.1.2 Registration AuthoritiesRegistration Authorities will be nominated by the banks concerned with IDRBTand trusted with IDRBT CA, serving as a point of contact for registration of users,i.e. to have a certificate issued. The IDRBT CA will create RA Office at the requestof the bank concerned. The RAs will be appointed by IDRBT CA with set criteriaof physical verification and with the approval of IDRBT CA Office.After verification of the credentials of the RA by IDRBT CA, the RA has to appearin person (if required/ necessary) for face to face verification and will be issued aClass 3 Certificate from IDRBT CA. The RA Office will verify the credentials ofthe subscribers as mentioned in the section 4.1.2 of this CPS and will approve thecertificate request and release the request to IDRBT CA Office for the issuance ofthe certificate.Under the IT Act, all functions of RA are subsumed within the IDRBT CA. IDRBTCA is responsible for all actions of RAs including correctness of the subscriberinformation given by RA which is incorporated using contractual MasterAgreement.1.3.2. End EntitiesApplicant – An Applicant is a person, or organization that has applied for, buthas not yet been issued a Digital Certificate by IDRBT CA.Subscriber – A Subscriber is a person, or organization that has been issued aDigital Certificate by IDRBT CA.IDRBT CA CPS Version 3.2, Copyright © IDRBT, 2002-12IDRBTCA/DOC/CPS/3.28
Page 1 and 2: IDRBT CA CPSIDRBT CA CERTIFICATION
Page 3 and 4: Amendment CertificateVersion No.Des
Page 5 and 6: _DEFINITIONSThe following definitio
Page 7 and 8: "key pair", in an asymmetric crypto
Page 9 and 10: An Executive summary of CPS, the RI
Page 11 and 12: LIST OF ACRONYMS AND ABBREVIATIONSC
Page 13 and 14: 2.6. Fees .........................
Page 15 and 16: 4.7.4. Protection of audit log ....
Page 17 and 18: 8. Specification Administration ...
Page 19 and 20: Certificate SuspensionCertificate A
Page 21 and 22: IDRBT CA does not assume, and discl
Page 23: This policy is valid from the date
Page 27 and 28: 1.5. Amendment ProcedureAs new stan
Page 29 and 30: Generate its Signing key pair and p
Page 31 and 32: Submitting their public keys in the
Page 33 and 34: information at all times and provid
Page 35 and 36: Take back up of current operating s
Page 37 and 38: ClassLiability CapsClass 1 Rs. 20/-
Page 39 and 40: Deception or misrepresentation of f
Page 41 and 42: supplemented, modified, or terminat
Page 43 and 44: repositories, as determined by the
Page 45 and 46: Security Policy and PlanningTechnol
Page 47 and 48: The date, time and period of certif
Page 49 and 50: 2.10.1.2 CertificateThe IDRBT CA re
Page 51 and 52: postal address and the e-mail addre
Page 53 and 54: The Class 3 Certificate is intended
Page 55 and 56: 3Subject Alternative Name• Subjec
Page 57 and 58: 3. IDENTIFICATION AND AUTHENTICATIO
Page 59 and 60: be conducted by an authorized Regis
Page 61 and 62: E-mail id is the e-mail id of the a
Page 63 and 64: 3.3. Routine RekeyIDRBT CA Certific
Page 65 and 66: In case of Class 3 application, the
Page 67 and 68: Web Server Certificate:Same as Clas
Page 69 and 70: Organization Unit, Postal Code of t
Page 71 and 72: When advice is received that the ce
Page 73 and 74: 4.5.1. S/MIME EncryptionThe sender
Page 75 and 76:
The Subscriber has breached or fail
Page 77 and 78:
To process a suspension request ini
Page 79 and 80:
4.6.15. Key compromiseAfter Key com
Page 81 and 82:
4.8.4. Archive backup procedureIDRB
Page 83 and 84:
4.10.2. IDRBT CA key compromiseUpon
Page 85 and 86:
4.12. Cross CertificationCross Cert
Page 87 and 88:
End Entity should not leave their c
Page 89 and 90:
5.3. Personnel Controls5.3.1. Backg
Page 91 and 92:
6. TECHNICAL SECURITY CONTROLSThis
Page 93 and 94:
6.2. Private Key ProtectionIDRBT CA
Page 95 and 96:
RA and Subscriber private keys may
Page 97 and 98:
6.7. Network Security ControlsIDRBT
Page 99 and 100:
7.1.2. Certificate extensionsThe fo
Page 101 and 102:
7.1.2.7 Authority Key IdentifierIDR
Page 103 and 104:
Extended Key Usage SyntaxKey Purpos
Page 105 and 106:
8. SPECIFICATION ADMINISTRATIONThis
Page 107 and 108:
9 APPENDIXIDRBT CA CPS Version 3.2,
Page 109 and 110:
DECLARATION AND UNDERTAKING BY THE
Page 111 and 112:
9.3 Subscriber Agreement (sample)Th
Page 113 and 114:
5. to use Keys and Digital Certific
Page 115 and 116:
Inform the Registration Authority i
Page 117 and 118:
http://idrbtca.org.in/cps.html and
Page 119 and 120:
IDRBT CA or verifying the revocatio
Page 121 and 122:
10 GLOSSARYApplicantAn Applicant is
Page 123 and 124:
Certifying Authority (CA)A person w
Page 125 and 126:
IdentityA unique piece of informati
Page 127 and 128:
Public Key CryptographyA type of cr
Page 129:
Trusted PositionA role that include
show all

IDRBT-CPS-v3

Create successful ePaper yourself

Delete template?

Save as template?