The following definitions are to be used while reading thisCPS. Unless otherwise specified, the word “CA” used throughout this documentrefers to Safe Solutions RA, likewise CPS means CPS of Safe Solutions RA. Wordsand expressions used herein and not defined but defined in the InformationTechnology Act, 2000 and subsequent amendments, hereafter referred to as the
ACT shall have the meaning respectively assigned to them inthe Act. The following terms bear the meanings assigned to them hereunder andsuch definitions are applicable to both the singular and plural forms of suchterms: “Act” means Information Technology IT Act, 2000
"ITAct" Information Technology IT Act,2000, itsamendments, Rules thereunder, Regulations and Guidelines Issued by CCA “ASP” or“Application Service Provider” is an organization or an entity using ElectronicSignature as part of their application to facilitate the user for requestingissuance and electronically sign the content through any empanelled ESP.
“Auditor" means any accredited computer securityprofessional or agency recognized and engaged by CA for conducting audit ofoperation of RA;
“CA” refers to Safe Solutions RA, a Certifying Authority,licensed by Certifying Authorities Capricorn, Sify, Emudhra, Govt. of Indiaunder provisions of ITAct, and includes CA Infrastructure issuing DigitalSignature Certificates & also for providing Trust services such asTS,OSCP&CRL
“CA Infrastructure” The architecture, organization, techniques,practices, and procedures that collectively support the implementation andoperation of the CA. It includes a set of policies, processes, serverplatforms, software and work stations, used for the purpose of administeringDigital Signature Certificates and keys. "CA Verification Officer"means trusted person involved in identity and address verification of DSCapplicant and according approval for issuance of DSC.
"Certification Practice Statement or CPS" means astatement issued by a CA and approved by CCA to specify the practices that theCA employs in issuing Digital Signature Certificates; “Certificate”—A DigitalSignature Certificate issued by CA.
“Certificate Issuance”—The actions performed by a CA increating a Digital Signature Certificate and notifying the Digital SignatureCertificate applicant (anticipated to become a subscriber) listed in theDigital Signature Certificate of its contents. Certification Practice Statement(CPS) v4.0.0
“CertificatePolicy”—The India PKI Certificate Policy laid down by CCA and followed by CAaddresses all aspects associated with the CA’s generation, production,distribution, accounting, compromise recovery and administration of DigitalSignature Certificates. Certificate Revocation List (CRL)—A periodically (orexigently) issued list, digitally signed by a Certifying Authority, ofidentified Digital Signature Certificates that have been suspended or revokedprior to their expiration dates.
“Controller” or “CCA”means the Controller of Certifying Authorities appointed as per Section 17subsection (1) of the Act. Crypto Token/Smart Card—A hardware cryptographicdevice used for generating and storinguser’s private key(s) and containing apublic key certificate, and, optionally, a cache of other certificates, includingall certificates in the user`s certification chain.
"Digital Signature" means authentication of anyelectronic record by a subscriber by means of an electronic method or procedurein accordance with the provisions of section 3 of IT Act;
“Digital Signature Certificate Applicant” or “DSC Applicant”—A person that requests the issuance of a Digital Signature Certificate by aCertifying Authority.
“Digital Signature Certificate Application” or “DSCApplication” —A request from a Digital Signature Certificate applicant to a CAfor the issuance of a Digital Signature Certificate Digital SignatureCertificate—Means a Digital Signature Certificate issued under subsection (4)of section 35 of the Information Technology Act, 2000.
“ESP” or “eSign Service Provider” is a Trusted Third Partyas per definition in Second Schedule of Information Technology Act to provideeSign service. ESP is operated within CA Infrastructure & empanelled by CCAto provide Online Electronic Signature Service. Organization—An entity withwhich a user is affiliated. An organization may also be a user.
“Private Key" means the key of a key pair used tocreate a digital signature;
"Public Key" means the key of a key pair used toverify a digital signature and listed in the Digital Signature Certificate;
“Registration Authority” or “RA” is an entity engaged by CAto collect DSC Application Forms (along with supporting documents) and tofacilitate verification of applicant’s credentials
“Relying Party” is a recipient who acts in reliance on acertificate and digital signature. Certification Practice Statement (CPS)v4.0.0
“Relying Party Agreement” Terms and conditions published byCA for the acceptance of certificate issued or facilitated the digitalsignature creation.
"Subscriber IdentityVerification method" means the method used for the verification of theinformation (submitted by subscriber) that is required to be included in theDigital Signature Certificate issued to the subscriber in accordance with CPS.CA follows the Identity Verification Guidelines laid down by Controller.Subscriber—A person in whose name the Digital Signature Certificate is issuedby CA.
Time Stamping Service: A service provided by CA to itssubscribers to indicate the correct date and time of an action, and identity ofthe person or device that sent or received the time stamp.
Subscriber Agreement—The agreement executed between asubscriber and CA for the provision of designated public certification servicesin accordance with this Certification Practice Statement
Time Stamp—A notation that indicates(at least) the correct date and time of an action, and identity of the personor device that sent or received the time stamp. "Trusted Person"means any person who has:- i. Direct responsibilities for the day-to-dayoperations, security and performance of those business activities that areregulated under the Act or Rules in respect of a CA, or ii. Duties directlyinvolving the issuance, renewal, suspension, revocation of Digital SignatureCertificates (including the identification of any person requesting a DigitalSignature Certificate from a licensed Certifying Authority), creation ofprivate keys or administration of CA’s computing facilities.
Revocation and Suspension of Certificates - Capricorn CA will only revoke aCertificate if it is requested by the holder. Revoked or suspended DSC shall beupdated in the CRL.
In addition, Capricorn CA shall also revoke a DSC in thefollowing circumstances (including but not limited to)
CapricornCA’s private key or systems are compromised.
TheSubscriber’s private key corresponding to the public key in the DSC has beencompromised.
Amaterial fact represented in the DSC has changed or is false or has beenconcealed.
Uponthe death or insolvency of the Subscriber
Uponthe dissolution of the Firm / Company where the Subscriber is a Firm / Company
Anyother circumstances as may be determined by the Capricorn CA in accordance withthe rules or regulations or the governing law.
RA is informed to revoke the DSC. The applicant is informed via email and SMSon the registered email address and mobile number.
Security Audits - Every event related to the security and safety ofthe system of Capricorn CA is recorded in audit log file. Events like change inDigital Signature Certificate creation policies, login and logoff attempts,system start-up and shutdown etc are recorded.
Highly critical logs shall be reviewed daily. Moderatelycritical logs shall be reviewed weekly and low critical logs shall be reviewedmonthly. All audit logs are protected with read-only permissions to prevent anymodification to the logs.
Emudhra and Capricorn CancellationProcess:
2) Tocomplete the payment through third party payment application, you may requiredto provide certain information or data pertaining to you to facilitate SafeSolutionsto : (a) transmit your identifying information to a PaymentApplication; (b) if applicable, receive appropriate payment authorization froma Payment Application; and (c) collect any other information that you orPayment Application requires of Safe Solutions in order to facilitate paymentprocessing. You hereby authoriseSafe Solutions to store, process, and transmityour Data as necessary for a Payment Application to facilitate paymentprocessing between you and a third party payment application designated by You;
3) Youhereby understand and agree Safe Solutions does not have any control over thethird party payment applications. These payment application services areoperated by third-party independent organizations and not agents, employees, orsubcontractors of Safe Solutions. Initiating transactions using Safe Solutionspayment gateway shall not be construed to make Safe Solutions a party to anytransaction processed by third party Payments applications;
4) Youwill be solely responsible for any and all disputes with any PaymentApplications related to or in connection with a payment processing, including,but not limited to: (i) chargebacks; (ii) cancellation of transactions; (iii)duplicate transactions or charges; and (vi) amount of time to complete paymentprocessing.
5) Youwill be responsible for : a) registering and maintaining an operative accountwith payment applications; b) to comply with all the regulation of the paymentapplication as well as laws related to such payments; c) all acts or omissionsof your authorised representatives and d) data security standards stipulatedfor carrying out such online transactions;
6) Youhereby undertake and agree that you will use the instrument (debit card, creditcard, net banking facility or other facilities) for which you are the lawfulowner and legally authorised to use the same. You will indemnify and hold SafeSolutions harmless against any claim brought against Safe Solutions on accountof your initiation of transaction by using payment gateway facility of SafeSolutions.
Safe Solutions Comments Services Schedule eMudhra may provide its subscribers the Contact services toempower them to use the product/services in more efficient and effectivemanner, where in the users can