• No results found

Transnet Registration Authority Charter

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Transnet Registration Authority Charter"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 1 of 10

Transnet Registration Authority Charter

Version 3.0 is applicable from Effective Date

Transnet

Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 – 544 9368

Fax +27 (0)11 – 544 9599 Website: http://www.transnet.co.za/

Maeson

Maherry

(2)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 2 of 10

Table of Contents

Introduction ... 3

Scope ... 3

Appointment ... 3

Document Name and Publication... 4

Applicant and Subscriber ... 4

Domain of Use (Eligibility for Certification) ... 4

Purpose of Certification ... 5

Ownership of Charter ... 5

Private Key Infrastructure Hierarchy ... 5

Certificate Content ... 6

Application for a Transnet Certificate ... 6

Process of Enrolment and Request Verification ... 7

Advising on the Outcome of the Application ... 8

Certificate Use Verification ... 8

Acceptance of Certificate ... 8

Revocation of Transnet Certificates ... 8

Revocation Processes ... 9

Transnet Certificate Suspension ... 9

Transnet Certificate Renewal ... 10

T-SYSTEMS-RA Annual Audit ... 10

(3)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 3 of 10

Introduction

Transnet is the largest and most crucial part of the freight logistics chain that delivers goods to each and every South African. Every day Transnet delivers thousands of tons of goods around South Africa, through its pipelines and both to and from its ports. It moves that cargo on to ships for export while it unloads goods for overseas.

Transnet’s vision and mission is to be a focused freight transport company, delivering integrated, efficient, safe, reliable and cost-effective services to promote economic growth in South Africa. Transnet aims to achieve this goal by increasing their market share, improving productivity and profitability and by providing appropriate capacity to their customers ahead of demand.

In order to fulfill this vision and mission, Transnet will make increasing use of the Internet and information Systems. Transnet, therefore, needs a strong, trusted identity credential used, for example to secure e-mail and provide document signing capability in order for there to be secure and trusted communications between Transnet employees, contractors, suppliers and clients anywhere in the world. In order to preserve high levels of confidentiality and integrity in this public medium, Transnet has chosen to use an international established standard in secure communications, namely, the L@Wtrust managed Digital Certificate services. The terms contained in this Charter are subject to the terms and conditions contained in the L@Wtrust Certification Practice Statement (CPS). Combined, this Charter and the L@Wtrust CPS specify the digital certification process and provide the required trust in Transnet as a digital certificate issuer. All persons are required to adhere to the terms and conditions contained in the L@Wtrust CPS as well as any other requirements imposed by Transnet that do not conflict with the L@Wtrust CPS.

Scope

This document is part of the Transnet Information Security Policies and is applicable to Transnet as well as to all parties taking part in the Transnet digital certification process. Transnet’s Information Security Manager is the final authority on all Risk Management related security within the Transnet sphere of operations.

Appointment

L@Wtrust appoints T-Systems as a Registration Authority (T-SYSTEMS-RA), acting on behalf of Transnet, to:

(4)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 4 of 10

2. Perform authentication of identities and verification of information submitted by applicants when

applying for the issuance of a digital certificate by the LAWtrust CA in terms of the provisions of this Charter, which has been approved by the L@Wtrust Policy Authority.

3. Where such authentication and verification is successful, submit the request to the LAWtrust CA, in

accordance with the provisions of this Charter and the L@Wtrust CPS.

The T-SYSTEMS-RA is appointed exclusively for the purposes of authenticating the identity and verifying supporting and ancillary information of applicants using the services provided by T-Systems.

Document Name and Publication

This document is called the Transnet Registration Authority Charter. The latest version of the Charter

may be accessed on the Transnet Intranet website http://intra.spoornet.co.za, the Transnet Document

Management System or at the L@Wtrust website https://www.lawtrust.co.za/repository.

Applicant and Subscriber

In this Charter a natural person applying for a Transnet Certificate shall be described as an “applicant” until the application for the Transnet Certificate has been granted. Once a Transnet Certificate has been issued the natural person to whom it has been issued shall be referred to as a “subscriber”.

Domain of Use (Eligibility for Certification)

Formal Transnet employees or an approved business partner of the group can be digitally certified under the following conditions:

1. The subscriber has an existing or potential business relationship with Transnet.

2. The subscriber has a valid Transnet (Freight Rail or Capital Project) e-mail account.

3. The subscriber has a cellular phone number.

4. The subscriber is in good standing with Transnet.

5. The subscriber is fully aware of the responsibilities regarding the care and use of digital certificates and

(5)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 5 of 10

Purpose of Certification

Digital certification is to be used to provide the subscribers with trusted identity credentials for, amongst other uses:

1. Secure e-mail.

2. Digital signature capability to send and receive secure e-mail to and from the Internet.

3. Authentication to Transnet business systems.

4. File and folder encryption.

5. Digitally sign documents or transactions.

The above will ensure authentication, authorisation, privacy, message integrity and non-repudiation. The subscriber may only use the Transnet digital certificate for legitimate business purposes.

Ownership of Charter

The Freight Rail Security Manager is responsible for the upkeep of this Charter. Changes to this Charter are to be made by freight Rail Security Manager, authorised by the T-Systems CSS-TSS Information Security Manager and approved by the L@Wtrust Policy Authority.

The T-System CSS-TSS Information Security Manager takes full responsibility for the upkeep and content of this Charter, but limits its liability to the use of this Charter as described in the L@Wtrust CPS, this Charter and any other Transnet governance policies.

The day to day business operations related to certificate lifecycle would be executed by T-Systems CSS-TSS Information Security Department.

The technical operations related to certificate lifecycle would be executed by T-Systems CSS-TSS Information Security Department.

Private Key Infrastructure Hierarchy

The trust hierarchy is as follows:

۰

Entrust.net – Secure Server Certification Authority – Root Certification Authority (RCA)

۰

LAWtrust CA – Local Certification and Issuing Authority (IA)

(6)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 6 of 10 The root key hierarchy is as follows:

۰

Entrust.net – Secure Server Certification Authority – ROOT CA

۰

LAWtrust CA (Transnet Certificates to be signed by this CA) – ISSUING CA

Certificate Content

۰

Common Name (First Name & Surname)

۰

E-mail address

۰

Issuing Authority: LAWtrust CA

۰

Organisation: Transnet

۰

Additional 1: Company Name

۰

Additional 2: Freight Rail/Capital Projects Business Reference Number

۰

Additional 3: Individual Unique ID Number

۰

Additional 4: URL linked to Transnet Disclaimer

Application for a Transnet Certificate

The T-SYSTEMS-RA shall be entitled to accept and process applications for natural persons for the issue of a Transnet Certificate.

As a minimum the T-SYSTEMS-RA shall require from the natural person applicant:

۰

To log a call with the Transnet Service Desk.

۰

A duly completed and signed Certificate Issuance Authorisation Form approved by Transnet Senior

Management.

۰

A duly completed and signed Subscriber Agreement.

۰

Copy of the applicant’s ID, Passport or Driver’s License.

(7)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 7 of 10

Process of Enrolment and Request Verification

Online electronic enrolment will be done and the following enrolment fields/selections are compulsory:

1. First Name (CN)

2. Surname (CN)

3. E-mail address (Email)

4. Company Name (OU: Freight Rail or Capital Projects)

5. Freight Rail/Capital Projects Business Reference Number (Serial number)

6. National ID Number (Telephone number)

The T-SYSTEMS-RA appointed Certificate Administrator, who falls under the authority of T-Systems CSS-TSS, will perform the following steps to issue a certificate:

1. Receive a request, which has been authorised by Transnet Senior Management or falls within the

guidelines set by the Transnet Security Manager.

2. Register the subscriber and create the One Time Certificate Reference Number and Authorisation

Code on the Certificate Management System.

3. Store the Authorisation Code on a secure system referencing the Certificate Reference Number.

4. E-mail the Certificate Reference Number to the applicant at the e-mail address provided in the

Certificate Issuance Authorisation Form - this will be provided to the T-Systems Systems Engineer or qualified representative on his/her visit to the applicant.

5. The T-Systems Systems Engineer or qualified representative needs to verify the applicant’s identity

with face-to-face verification against the applicant’s National ID, Passport or Driver’s License and obtain a physical signature on the Implementation quality control document.

6. The T-Systems Systems Engineer or qualified representative will physically phone the Certificate

Administrator to request the Authorisation Code referenced by the Certificate Reference Number.

7. The Certificate Administrator will verbally hand over the Authorisation Code to the T-Systems System

Engineer Systems Engineer or qualified representative telephonically to enable the download of the subscriber’s certificate.

(8)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 8 of 10

Advising on the Outcome of the Application

If the application is refused the SYSTEMS-RA shall give the applicant notice of the refusal by the T-SYSTEMS-RA.

The notice shall be addressed to the e-mail address provided in the application, failing which in the manner deemed most expedient by the T-SYSTEMS-RA and shall provide the reasons for the refusal.

If the application is granted the T-SYSTEMS-RA within 10 (ten) days of the receipt of the application by the T-SYSTEMS-RA, will advice the applicant and by notice addressed to the e-mail address provided in the application.

Certificate Use Verification

۰

The certificate validity can be verified in the L@Wtrust CRL [website: http://crl.lawtrust.co.za/lawtrust.crl].

۰

The certificate is valid for a maximum period of one year from date of issue.

Acceptance of Certificate

After the issuance of the Transnet Certificate and notification addressed to the subscriber, the subscriber shall check that the content of the Transnet Certificate is correct.

Unless notified to the contrary by the subscriber of any inaccuracies in the Transnet Certificate, the Transnet Certificate shall be deemed to have been accepted by the subscriber and the information contained in the Transnet Certificate deemed to be accurate.

Revocation of Transnet Certificates

Transnet Certificates may be revoked under authority from the Transnet Security Manager under the following circumstances:

1. Transnet can revoke a certificate without explanation when, in Transnet’s sole discretion, such is

deemed to be necessary.

2. Abuse of the digital certificate by the subscriber.

3. Subscriber’s request.

(9)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 9 of 10

5. Subscriber certificate content not valid.

6. Subscriber suspected of fraudulent activity.

7. Loss, compromise, or suspected compromise, of a subscriber’s private key or workstation.

8. Issue or use of the certificate not in accordance with the L@Wtrust CPS.

9. The LAWtrust CA or Entrust CA expires.

10. Any other reason that the LAWtrust CA or the T-SYSTEMS-RA reasonably believes may affect the integrity, security or trustworthiness of a Transnet Certificate.

Revocation Processes

A Transnet Certificate Revocation Request may be submitted by a subscriber, the T-SYSTEMS-RA or the LAWtrust CA if any of the above occurs.

The T-SYSTEMS-RA shall authenticate a request for revocation of a Transnet Certificate using a sub-set of the information provided by the subscriber with the certificate application and upon verification send a revocation request to the LAWtrust CA

The LAWtrust CA shall within 24 hours of receiving a revocation request, post the serial number of the revoked Transnet Certificate to the CRL in the L@Wtrust repository.

The T-SYSTEMS-RA shall make a commercially reasonable effort to notify the subscriber by e-mail if the subscriber’s Transnet Certificate is revoked.

Revocation of a Transnet Certificate shall not affect any of the subscriber’s contractual obligations under the L@Wtrust CPS or the Transnet Subscriber Agreement entered into by the subscriber or any Relying Party Agreements.

Transnet Certificate Suspension

The T-SYSTEMS-RA may suspend a Transnet Certificate if:

1. The subscriber is not in good standing with the Transnet, T-SYSTEMS-RA or LAWtrust CA;

2. The subscriber fails to adhere to the provisions of the L@Wtrust CPS or the Transnet RA Charter;

(10)

H T T P : / / W W W . T R A N S N E T . C O . Z A / T R A N S N E T R E G I S T R A T I O N A U T H O R I T Y C H A R T E R S T A N D A R D P O L I C Y V E R S I O N : 3 . 0 E F F E C T I V E D A T E : 1 1 - 0 2 - 2 0 1 0 Transnet L@Wtrust Page 10 of 10 The T-SYSTEMS-RA may request the LAWtrust CA to suspend a Transnet Certificate without prior notice to the subscriber. The T-SYSTEMS-RA shall make a commercially reasonable effort to notify the subscriber of the suspension by sending an e-mail to the e-mail address provided in the certificate application.

Transnet Certificate Renewal

The Transnet Information Security Policy dictates that a renewal process will be followed.

T-SYSTEMS-RA Annual Audit

The T-SYSTEMS-RA shall be audited once per calendar year for compliance with the practices and procedures set out in this Charter and the L@Wtrust CPS. If the results of an audit report recommend remedial action, the T-SYSTEMS-RA shall initiate corrective action within 30 (thirty) days of receipt of such audit report.

References

1. All Transnet Related Legislation

2. Transnet Certificate Issuance Authorisation

3. Transnet/T-Systems Implementation Quality Control Document

4. Transnet Subscriber Agreement

References

Download now ( PDF - 10 Page - 370.28 KB )

Related documents

Report by the Executive Director Residents Services and the Director of Customer Services

4.1 The Select Committee is asked to consider the proposed development of the Customer Service Function, the recommended service delivery option and the investment required8. It

Automatic image annotation and object detection

• The development of a model named the image based feature space (IBFS) model for linking image regions or segments with text labels, as well as for automatic image

The Social Media Glossary

Online community: A group of people using social media tools and sites on the Internet OpenID: Is a single sign-on system that allows Internet users to log on to many different.

Proprietary Schools Licensed in Louisiana

Proprietary Schools are referred to as those classified nonpublic, which sell or offer for sale mostly post- secondary instruction which leads to an occupation..

Neural mechanisms of binocular motion in depth perception

The work presented here supports the prevailing view that both CD and IOVD share common cortical loci, although they draw on different sources of visual information, and that

Measurement of the Absolute Magnitude and Time Courses of Mitochondrial Membrane Potential in Primary and Clonal Pancreatic Beta-Cells

This built on our previously introduced calculation of the absolute magnitude of ΔψM in intact cells, using time-lapse imaging of the non-quench mode fluorescence

Regularities in the Augmentation of Fractional Factorial Designs

more than four additional runs were required, they were needed for the 2 7-3 design, which is intuitive as this design has one more factor than the 2 6-2 design

Effects of Dietary Lecithin, Nucleoside, and Krill Supplementation to a Fishmeal Based Diet on Growth and Feed Utilization of Sharpsnout Sea Bream (Diplodus Puntazzo)

The aim of this 96 day feeding trial was to investigate the effects of the addition of different combinations of dietary lecithin, nucleosides, and krill to a fishmeal-based