1. Subscriber and Proxy Obligations
As a user of the public key encryption and digital signature service, you agree to the following:
- you will comply with your employer’s security policies, rules and regulations regarding the use of any software and/or digital certificate provided to you and which includes the protection and safeguarding of any passwords and private keys in a secure manner;
- you will use any digital certificates and private keys provided to you by your employer only for employer-related business transactions;
- you acknowledge that the use of a private key shall be deemed to be an acceptance of the related public key and associated certificate and the terms and conditions of the issuing CA’s certificate policy
- subscribers issued certificates asserting an id-emspki-safeca OID shall use their private keys only from the machines that are protected and managed using commercial best practices for computer security and network security controls.
- as soon as you become aware of, or suspect the compromise of your private keys, passwords and/or software, you will promptly report this to your employer; and
- you will make true representations at all times regarding the information in your digital certificate and the information provided to your employer. You must notify your employer if your personal information changes (name change, organization change, email address change, etc.) throughout the duration of your use so the certificate information is correctly updated.
- you represent and warrant that you are not located in, under the control of, or are a national or resident of any country to which the export of the cryptographic hardware and/or software or related information would be prohibited by applicable export laws (including, but not limited to, the laws of the United States of America and Canada).
2. Revocation of Digital Certificates
Your certificate may be revoked at any time and without notice. The reasons for such revocation include, but are not limited to, the following:
- your private key is lost, stolen, or suspected of having been compromised
- your private keys or certificates become unavailable and no recovery is possible
- your identifying information contained in the digital certificate is no longer valid
- you are suspected of fraud or other adverse behavior
- you violate this Subscriber Agreement
Note: To see the latest obligations outlined on the Entrust subscriber agreement see: http://ehealthexchange.kayako.com/Knowledgebase/Article/View/9/0/entrust-agreements