1.2
General Definitions. The following terms,
when used in this Policy or related agreements,
shall have the meanings indicated:
| Certificate |
A
computer-based record or electronic message that:
(a) identifies the Certification Authority issuing
it; (b) names or identifies a Subscriber; (c)
contains the Public Key of the Subscriber; (d)
identifies the Certificate's operational period;
and (e) is digitally signed by a Certification
Authority. A Certificate includes not only its
actual content but also all documents expressly
referenced or incorporated in it. |
| Certificate
Revocation List (CRL) |
A
database or other list of Clareon Digital Certificates
that have been revoked prior to the expiration
of their validity period.
|
| Certification
Authority (CA) |
An
entity that creates, issues, manages and revokes
Certificates. |
| Clareon
Digital Certificate |
A
Certificate issued pursuant to this Policy by
DST as instructed to do so by Clareon. |
| Digital
Signature |
The
transformation of an electronic record by one
person using a Private Key and Public Key cryptography
so that another person having the transformed
record and the corresponding Public Key can accurately
determine: (a) whether the transformation was
created using the Private Key that corresponds
to the Public Key; and (b) whether the record
has been altered since the transformation was
made. |
| Identification
and Authentication (I&A) |
To
ascertain and confirm through appropriate inquiry
and investigation the identity of a Subscriber
or other entity. |
| Key |
A
general term used throughout this Policy to encompass
any one of the defined keys mentioned in this
General Definitions section (e.g., Private Key
and Public Key). |
| Key
Pair |
Two
mathematically related Keys (a Private Key and
its corresponding Public Key), having the properties
that: (i) one Key can be used to encrypt a communication
that can only be decrypted using the other Key;
and (ii) even knowing one Key it is computationally
infeasible to discover the other Key. |
| Policy |
This
Clareon Digital Certificate Policy. |
| Private
Key |
The
Key of a Key Pair kept secret by its holder,
used to create Digital Signatures and to decrypt
messages or files that were encrypted with the
corresponding Public Key. |
| Public
Key |
The
Key of a Key Pair publicly disclosed by the holder
of the corresponding Private Key and used to
validate Digital Signatures created with the
corresponding Private Key and to encrypt messages
so that they can be decrypted only with the corresponding
Private Key. |
| Registration
Authority (RA) |
An
entity that creates, issues, manages and revokes
Certificates. Clareon, or an entity contractually
delegated by Clareon to accept and process Certificate
applications and to verify the identity of potential
Subscribers and authenticate information contained
in Certificate applications in conformity with
the provisions of this Policy and related agreements. |
| Relying
Party |
The only party
entitled to rely on a Clareon Digital Signature
Certificate is Clareon, or a person expressly
authorized by Clareon. |
| Repository |
An
online system maintained by DST for storing and
retrieving Clareon Digital Certificates and other
information relevant to Clareon Digital Certificates
and Digital Signatures, including information
relating to certificate validity or revocation. |
| Subscriber |
An
individual or entity that: (a) is named or identified
in a Clareon Digital Certificate, or is responsible
for the electronic device named, as the subject
of the Clareon Digital Certificate; and (b) holds
a Private Key that corresponds to the Public
Key listed in that Clareon Digital Certificate. |
1.3
Identification. The Object Identifier ("OID")
for this Policy, to be asserted in Clareon Digital
Certificates issued in accordance with this Policy,
is: {joint-iso-ccitt (2) country (16) USA (840)
US-company (1) DST (113839) CP (0) Clareon Digital
Certificates (5)}.
1.4
Community and Applicability. Clareon determines
and designates who is authorized to be a Registration
Authority, Subscriber or Relying Party for the
Clareon Digital Certificates issued under this
Policy.
1.5
Contact Details. Questions regarding this
Policy should be directed to Clareon; 15 Casco
Street; Portland, Maine 04101; legal@fleet.paymode.com.
2.
GENERAL LEGAL PROVISIONS
2.1
Obligations. Clareon Digital Certificates
are issued to permit Clareon to securely and
confidentially communicate with its customers and
to authenticate
customers and certain customer instructions to
Clareon and its authorized Relying Parties as
part of the PayMode service. Although it is technically
possible to use a Clareon Digital Certificate
for
other purposes, Clareon expressly disclaims all
such use, and any liability arising out of such
other uses. Certificates used for authentication
of Digital Payment Authorizations (as defined
in the Terms of Use Agreement) may not be used
for
any other purpose.
In issuing a Clareon Digital
Certificate that references this Policy, DST acts
merely as a manufacturer of Certificates and makes
no warranties or representations regarding the
Clareon Digital Certificates. DST disclaims any and
all responsibility
for: (a) performing Identification and Authentication
of applicants, (b) verifying the accuracy of information
submitted by applicants, or (c) ensuring that the
contents of a Clareon Digital Certificate are accurate,
correct or authorized.
Each applicant for a Clareon
Digital Certificate shall:
| |
1.
|
provide complete
and accurate responses to all requests for information
made by Clareon, DST or the Registration Authority
during the application, certification and authentication
of identity processes; |
| |
2.
|
agree: a) that
any document signed with his or her Digital Signature
shall be sufficient to verify that he or she
originated and signed such document; b) not to
contest the validity or enforceability of such
signed document under any provision of applicable
law that requires certain agreements to be in
writing or signed by the party to be bound; and
c) that such signed document, if introduced as
evidence in any judicial, arbitration, mediation
or administrative proceeding shall be admissible
to the same extent as though it had originated
or been maintained in a documentary form; |
| |
3.
|
generate a
Public/Private Key Pair using a reasonably trustworthy
system, and take reasonable precautions to prevent
any compromise, modification, loss, disclosure
or unauthorized use of the Private Key; |
| |
4.
|
upon issuance
of a Clareon Digital Certificate naming the applicant
as the Subscriber, review the Clareon Digital
Certificate, ensure that all information included
in it is accurate and notify Clareon immediately
if for any reason the Subscriber is dissatisfied
with the Certificate; |
| |
5.
|
use the Clareon
Digital Certificate and the corresponding Private
Key for purposes authorized by this Certificate
Policy and only in a manner consistent with this
CP and the Clareon Terms of Use Agreement; and |
| |
6.
|
instruct Clareon
to revoke the Clareon Digital Certificate promptly
upon any actual or suspected loss, disclosure,
or other compromise of the Private Key, or when
information contained in the Certificate becomes
inaccurate, false or misleading (e.g., whenever
the Subscriber is no longer affiliated with the
Organization or no longer holds a license, permit,
certification, registration or other credentials
identified in the Certificate). |
2.2
Liability. Clareon and DST disclaim any
and all liability for the information contained
in Certificates, including all claims for misappropriation
of identity and intellectual property infringement.
2.3
Financial Responsibility. Except as provided
in the Clareon Terms of Use Agreement, Clareon
will not be liable, in contract, tort or otherwise
to any applicant, Subscriber, Relying Party or
any other party with respect to the application
for or issuance, management or use of any Clareon
Digital Certificate. Except as provided in its
agreements with Clareon, DST will not be liable,
in contract, tort or otherwise to any applicant,
Subscriber, Relying Party or any other party
with respect to the application for or issuance,
management
or use of any Clareon Digital Certificate.
Clareon
clients agree that they will not pursue any
claim against DST, as DST acts
solely at the instructions of Clareon. Clareon
clients indemnify and hold Clareon and DST harmless
from
and against any damages arising out of use of Clareon
Digital Certificates for any purpose other than
communication with Clareon.
2.4
Interpretation and Enforcement. The law
of the State of Maine shall govern the enforceability,
construction, interpretation and validity of
this Policy, without regard to its conflicts of
law
principles.
2.5
Privacy and Data Protections. Clareon Digital
Certificates and CRLs, and personal or corporate
information appearing on them and in public directories,
are not considered confidential. Information
contained on a single Clareon Digital Certificate
or related
status information will not be considered confidential,
when the information is used in accordance with
the purposes of providing Certification Authority
or Repository services and carrying out the provisions
of this Policy. However, such information may
not be used by any unauthorized party or for any
unauthorized
purpose (e.g., mass, unsolicited e-mailings,
junk e-mail, spam, etc.), and any information pertaining
to the management of Clareon Digital Certificates,
such as compilations of certificate information,
shall be treated as proprietary.
3.
IDENTIFICATION AND AUTHENTICATION
DST does not perform, and assumes no liability for, the Identification and
Authentication of applicants, Subscribers of Clareon Digital Certificates
or Relying Parties.
4.
CERTIFICATE LIFE CYCLE OPERATIONAL REQUIREMENTS
Policies and procedures concerning the issuance,
validity periods, management and revocation of
Clareon Digital Certificates are determined by
agreement
between Clareon and DST.
5.
CERTIFICATION AUTHORITY FACILITY AND MANAGEMENT
CONTROLS
All policies and procedures concerning DST's and Clareon's physical, procedural,
personnel and other operational standards are determined by agreement between
Clareon and DST.
6.
TECHNICAL SECURITY CONTROLS
DST maintains a reliable system to ensure the
security of its Private Keys. All policies and
procedures concerning DST's and Clareon's technical
security
controls, including without limitations, Key generation, Key length, Key
validity period, Private Key protection, and computer and network security,
are determined by agreement between Clareon and DST.
7.
CERTIFICATE AND CRL PROFILES
All policies and procedures concerning Clareon
Digital Certificate profiles and CRL profiles
are determined by agreement between Clareon and
DST
8.
SPECIFICATION ADMINISTRATION
DST maintains a reliable system to ensure the
security of its Private Keys. All policies
and procedures concerning DST's and Clareon's
technical
security
controls, including without limitations, Key generation, Key length,
Key validity period, Private Key protection,
and computer and network security,
are determined by agreement between Clareon and DST.
8.1
Policy Changes. Clareon and DST may correct
errors, update, modify or amend this Policy from
time to time. Clareon and DST will notify all
Clareon Digital Certificate Subscribers of any
correction,
updates, modifications or amendments in accordance
with the Clareon Terms of Use Agreement.
8.2
General. All other policies and procedures
concerning maintenance and changes to this Policy
are under the direction and control of DST and
Clareon as determined by agreement between Clareon
and DST.
Version 2.3 (09-24-03)
