Medium Token Assurance Identity/Encryption Obligations

Token CertIn order to request and use a Medium-Token Assurance Identity/Encryption Certificates issued under the ORC ECA CPS you (the subscriber) must make the request using a web browser and a FIPS 140-1/2 Level 2 token and agree to the following obligations.
  • Subscribers shall use cryptographic tokens that have been verified to meet FIPS 140 Level 2 to receive a Medium Token Assurance certificate.
  • To accurately represent yourself in all communications with ORC and the PKI.
    • To protect the certificate private key from unauthorized access in accordance with the Private Key Protection section of the ORC ECA CPS. Only the person named in the certificate is authorized to access the private key. The private key is accessed when using the certificate.  (You are the only person allowed to use certificates issued in your name.  You may not loan your device to another person nor provide another person with the PIN that protects your device.)


  • To immediately report to an RA or LRA and request certificate revocation if Private Key Compromise is suspected.  (If your device is stolen or lost, you are obligated to inform ORC.  ORC will then Revoke your certificates so that they may not be used to access web sites, etc.)
  • To use the certificate only for authorized applications which have met the requirements of the US Government ECA CP and the ORC ECA CPS.
  • To use the certificate only for the purpose for which it was issued, as indicated in the key usage extension.
  • To report any changes to information contained in the certificate to the appropriate RA or LRA for certificate reissue processing.
  • Abide by all the terms, conditions, and restrictions levied upon the use of private keys and certificates.
  • Subscribers signify and guarantee that their application does not interfere with or infringe upon the rights of any others regarding their trademarks, trade names or any other intellectual property.
    Subscribers shall hold ORC harmless for any losses resulting from any such act.
  • As a result of issuing a certificate that identifies a person as an employee or member of an organization, ORC does not represent that the individual has authority to act for that organization.
  • For Relying Parties: Use of REVOKED certificates could have damaging or catastrophic consequences in certain applications. The matter of how often new Revocation data should be obtained is a determination to be made by the relying party and the system accreditor.
    If it is temporarily infeasible to obtain Revocation information, then the relying party must either reject use of the certificate, or make an informed decision to accept the risk, responsibility, and consequences for using a certificate whose authenticity cannot be guaranteed to the standards of the ORC ECA practice statement.
Theft, compromise or misuse of the private key may cause the Subscriber, Relying Party, and their organization legal consequences.
I understand that during this process I will be generating my key pair and will possess the only copy of my private key on the workstation/computer (or hardware token) from which I am making my request. If lost, damaged, or compromised, I will be responsible for requesting and incurring the costs of a new certificate.
I have read and understand all the certificate instructions listed in the Subscriber Instructions document, as well as Trusted the ECA CAs.
I have read and agree to all of the Subscriber Obligations listed above.
To Order a Cryptographic Token please contact ORC at 1-800-816-5548 7:30 AM to 7:30 PM Eastern Standard Time or e-mail
ORC Office Locations for token purchase (please call for appointment first) – Fairfax, VA located at 11250 Waples Mill Rd, Suite 210, South Tower