Certification Practice Statement (CPS) v1.1
P a g e | 1
CERTIFICATION PRACTICE STATEMENT
Digital Signature Certification Services
Document Name CPS
Version Number 1.1
Release Date
29.06.2017
Classification Public
Certification Practice Statement (CPS) v1.1
P a g e | 2
EXECUTIVE SUMMARY
Capricorn Identity Services Pvt. Ltd. Certifying Authority (hereinafter referred to as
Capricorn CA) is a Certifying Authority licensed under the Indian IT Act 2000 read with Indian
IT Act, 2008 (Amendment). As a Certifying Authority, Capricorn CA is authorized to issue
Digital Signature Certificates to individuals, organizations, websites, devices and so on.
Capricorn CA is promoted by the directors of M/S Capricorn Infotech Pvt. Ltd., a company
with two decades of experience in secure access and authentication solutions and e-
commerce.
This CPS is intended to act as a guide and control document for all the stakeholders
participating in Digital Signature Certificate issuance, management and usage. The primary
stakeholders and users of this document are: Capricorn CA, the Subscribers, the Relying
Parties, the Office of the Controller of Certifying Authorities and the Applicants. The
applicants after being issued the certificate are defined as the subscribers. Each of the
applicants, is specifically advised to go through the provisions of the CPS to understand its
rights and obligations. The CPS document defines the rights and obligations of other
participating entities as well.
The document captures the process of identifying an individual applicant and the detailed
procedure involved in issuance of a certificate. It also describes the procedures for revocation
of certificates. In accordance with the provisions of the IT Act and various rules and
regulations concerning Digital Signature Certificate and as per prevailing standards, Capricorn
CA offers different classes of certificates based on the trust levels. Accordingly, the
procedures for the identification of applicants are different for the different classes of
Certificates. Also these procedures conform to Identity Verification Guidelines issued by the
Office of Controller of Certifying Authorities. In the case of Aadhaar e-KYC OTP and biometric
Class of certificates the identification procedures are conform to e-authentication guidelines
issued by CCA.
Issuance of Digital Certificates being Trust business, the document describes in detail the
various security measures adopted by Capricorn CA for handling the sensitive information of
the subscribers as well secure issuance and distribution of keys. The document also covers
the various audit requirements and practices followed by the Capricorn CA for safe and
reliable operations.
Certification Practice Statement (CPS) v1.1
P a g e | 3
Table OF CONTENTS
1. INTRODUCTION ................................................................................................................... 8
1.1 Background ......................................................................................................................................... 8 1.1.1 Introduction .......................................................................................................................................... 8 1.1.2 Overview ............................................................................................................................................... 9
1.2 Scope .................................................................................................................................................. 9
1.3 Definitions......................................................................................................................................... 10
1.4 Contact Details .................................................................................................................................. 11
1.5 Services ............................................................................................................................................. 12
2 GENERAL PROVISIONS ....................................................................................................... 12
2.1 Obligations ........................................................................................................................................ 12 2.1.1 Certifying Authority (CA) Obligations .................................................................................................. 12 2.1.2 Registration Authority (RA) Obligations .............................................................................................. 12 2.1.3 Subscriber Obligations ........................................................................................................................ 13 2.1.4 Relying Party Obligations .................................................................................................................... 14 2.1.5 Repository Obligations ........................................................................................................................ 14
2.2 Liability ............................................................................................................................................. 14 2.2.1 CA Liability ........................................................................................................................................... 14 2.2.2 Kinds of damages covered .................................................................................................................. 15 2.2.3 Loss limitations (caps) per certificate or per transaction .................................................................... 16 2.2.4 Other Exclusions .................................................................................................................................. 16
2.3 Financial Responsibility ..................................................................................................................... 17 2.3.1 Indemnification of Certifying Authority by relying parties.................................................................. 17
2.3.1.1 Indemnification by Subscribers .................................................................................................. 17 2.3.1.2 Indemnification by Relying Parties ............................................................................................. 18
2.3.2 Fiduciary relationships between the various entities ......................................................................... 18 2.3.3 Administrative processes .................................................................................................................... 18
2.4 Interpretation and Enforcement ....................................................................................................... 19 2.4.1 Governing laws .................................................................................................................................... 19 2.4.2 Severability, Survival, Merger and Notice ........................................................................................... 19
2.4.2.1 Severability ................................................................................................................................. 19 2.4.2.2 Survival ....................................................................................................................................... 19 2.4.2.3 Merger ........................................................................................................................................ 19 2.4.2.4 Notice ......................................................................................................................................... 19
2.4.3 Dispute Resolution Procedures ........................................................................................................... 20
2.5 Fees ................................................................................................................................................... 20 2.5.1 Certificate issuance or renewal fees ................................................................................................... 21 2.5.2 Certificate Access Fee ......................................................................................................................... 21
Certification Practice Statement (CPS) v1.1
P a g e | 4
2.5.3 Revocation or status information access fee ...................................................................................... 21 2.5.4 Fees for other services such as policy information ............................................................................. 21 2.5.5 Refund policy....................................................................................................................................... 21
2.6 Publication and Repositories ............................................................................................................. 22 2.6.1 Certifying Authoritys practice information ........................................................................................ 22 2.6.2 Frequency of publication .................................................................................................................... 22 2.6.3 Access control on published information ........................................................................................... 23 2.6.4 Certifying Authoritys Repository ......................................