Medium Hardware Assurance Identity/Encryption Obligations


HW CertIn order to request and use a Medium-Hardware Assurance Identity/Encryption Certificates issued under the ORC ECA CPS you (the subscriber) must make the request in the presence of an RA using a web browser and a FIPS 140-1/2 Level 2 token and agree to the following obligations.
  • Subscribers shall use cryptographic tokens that have been verified to meet FIPS 140 Level 2 to receive a Medium Hardware Assurance certificate.
  • To accurately represent yourself in all communications with ORC and the PKI.
    • To protect the certificate private key from unauthorized access in accordance with the Private Key Protection section of the ORC ECA CPS. Only the person named in the certificate is authorized to access the private key. The private key is accessed when using the certificate.   (You are the only person authorized to use certificates issued in your name.  You may not loan them to another person or allow another person to access a web site with them.  You are to protect them with a password at all times.)

    • To immediately report to an RA or LRA and request certificate revocation if Private Key Compromise is suspected.   (If your device is lost or stolen you are obligated to notify ORC.  ORC will then Revoke the certifcate on the device so that they may not be used to access web sites.)

  • To use the certificate only for authorized applications which have met the requirements of the US Government ECA CP and the ORC ECA CPS.
  • To use the certificate only for the purpose for which it was issued, as indicated in the key usage extension.
  • To report any changes to information contained in the certificate to the appropriate RA or LRA for certificate reissue processing.
  • Abide by all the terms, conditions, and restrictions levied upon the use of private keys and certificates.
  • Subscribers signify and guarantee that their application does not interfere with or infringe upon the rights of any others regarding their trademarks, trade names or any other intellectual property.
    Subscribers shall hold ORC harmless for any losses resulting from any such act.
  • As a result of issuing a certificate that identifies a person as an employee or member of an organization, ORC does not represent that the individual has authority to act for that organization.
  • For Relying Parties: Use of REVOKED certificates could have damaging or catastrophic consequences in certain applications. The matter of how often new Revocation data should be obtained is a determination to be made by the relying party and the system accreditor.
    If it is temporarily infeasible to obtain Revocation information, then the relying party must either reject use of the certificate, or make an informed decision to accept the risk, responsibility, and consequences for using a certificate whose authenticity cannot be guaranteed to the standards of the ORC ECA practice statement.
Theft, compromise or misuse of the private key may cause the Subscriber, Relying Party, and their organization legal consequences.
I understand that during this process I will be generating my key pair and will possess the only copy of my private key on the workstation/computer (or hardware token) from which I am making my request. If lost, damaged, or compromised, I will be responsible for requesting and incurring the costs of a new certificate.
I have read and understand all the certificate instructions listed in the Subscriber Instructions document, as well as Trusted the ECA CAs.
I have read and agree to all of the Subscriber Obligations listed above.
To schedule a time to meet with an RA, please see our walk-ins page.