Policies and practice disclosures of the service and time stamp

1.- Regarding this document.

1.1 Present document scope and area of application.

Safe Creative SL is a company dedicated to the service delivery of digital certification. To this end the development of the “Authority time stamp of Safe Creative” (hereinafter ASTSC) whose activity operates mandated by the present document.

This document is the application for all the interveners in the service of time stamp issued by the ASTSC and by third parties who accept the issued time stamp. All must know and accept the content of the present document of policies and practices in order to establish reliance in the time stamp services provided by the ASTSC and adapt their actions willingly.

This is also a reference document to third party entities and independent organizations that need to verify or certify that the ASTSC acts are compatible with the policies and practices here described.

Safe Creative provides the service of time stamp according to the regulation standards in each of the following areas:

This document determines the general rules of ASTSC operations, without pretending or being its purpose to include detailed technical specifications regarding the infrastructure sub-systems, networks & communications, organizational, operating procedures, measures and security controls.

The time stamps submitted in each moment by the ASTSC are subject to the policy and practices, which are gathered in this document version and are in force at such moment. Each version must be considered applicable during its life span.

1.2 Definitions & acronyms

1.3 Maintenance and publication of the policy and practices

This is version 1.1 of the ASTSCs policy and practices.

The current version of ASTSCs policy and practices is published at http://tsa.safecreative.org/policy.

The certificate stamp can be found published at http://tsa.safecreative.org/certificate.

2 Certification Policy Statement CPS

2.1 Introduction

This section describes “Safe Creative´s time stamp authority” (hereinafter ASTSC) offered by Safe Creative SL. The service generates time stamps in the PKCS#7 format defined in the RFC 3161.

The technical specifications used in the system development by the service provider are:

2.2 Description of the AST stamp service

The ASTSC time stamp service provides third parties with software systems. The technological mechanism demonstrates the existence of digital content during a particular time. ASTSC achieves this by signing the digital content at the time of certification.

The signature used is a digital signature named “time stamp” and includes the date and time obtained from a reliable source at the time of the signature. Safe Creative offers this service for:

2.3 Time Stamp Authority of Safe Creative

2.4 ASTSC time source

The ASTSC service uses as a reliable source, timeserver the Stratum 1 by means of communications protocol NTP and with the following:

2.5 OID

The OID (Object Identifier) of this policy is the ASTSC 1.3.6.1.4.1.45794.1.1

The OID is included in the time stamps performed by ASTSC

2.6 Precision

Maximum precision error during time stamp: 1 second.

2.7 Conformity & Audits

ASTSC only accepts petitions specified in the OID of this strict polity and revokes petitions that specify a different OID. All time stamps emitted by the ASTSC include the OID in this policy. Safe Creative audits at least once a year in order to verify the compliance policy of the ASTSC.

2.8 Management Codes

The digital asymmetric signature used by TSU has a pair of keys: the private key remains in the TSU, is found in a physical secure area and is of restricted access to authorized personnel. The public one is inside the TSU certificate and can be used to verify the time stamp authenticity.

The cryptographic time stamp system is used for the asymmetric encryption of the RSA algorithm information and for the MD5 fingerprint: SHA1, SHA-256 or SHA-512.

2.8.1 Private password protection

ASTSC follows standard recommendation ETSI TS 102 023 and does not store private password backup copies anywhere other than in the TSU.

2.8.2 Description of the TSU passwords

2.8.3 Life span of the TSU passwords

TSU signature password expires in the following cases:

When the lifetime expires, it will be renewed by a new one with the security guarantees contained in this document. ASTSC will never use an expired password.

2.9 TSU Certification of the ASTSC

The certificate contains a public TSU password of the ASTSC issued by the Certification Authority of Safe Creative S.L. under the renowned name of:

C = ES
O = Safe Creative
OU = Certification Authority
CN = Safe Creative Primary Certification Authority
EMAIL = pki@safecreative.com

The renowned assigned name for TSU of the ASTSC is:

C = ES
O = Safe Creative
CN = Time Stamp Authority Server

The cycle of life of this certificate expires on July 7th, 2018.

2.10 Access to the ASTSC client service

The login address is http://tsa.safecreative.org

The service request of the time stamp is performed by protocol RFC 3161.

2.11 Time stamp applications

The time stamps emitted by the ASTSC prove the existing date of an electronic document and its content. Some examples of this are:

2.12 Registration and operation inquiry

ASTSC maintains a registration of the stamps performed and can be consulted for its verification at http://tsa.safecreative.org

2.13 Service Availability

The time stamp service is available continuously and permanently.

2.14 Administration Access

Physical or electronic access to ASTSC sub system hardware is restricted to authorized technical personnel.

2.15 Contingencies facing disasters.

ASTSC´s sub system hardware is protected with security measures against natural disasters and electrical blackouts.

In the case of serious contingencies, the service will be suspended and will not render service with the security conditions recognized in this document. Quality contingencies may provoke the suspension of the service until they are corrected by:

The reliability contingencies can provoke the suspension of the service until they are corrected by:

  • Malfunction or error in the software sub systems, networks, communications or hardware.
  • Private password compromise.
  • 2.16 Policy identification

    2.17 End of service provision

    The ASTSC service does not have a temporary nature. Its duration is undefined without a completion date.

    However, if an activity termination were to occur, Safe Creative:

    3. Terms of use

    Acceptance of ASTSC´s polity and practices

    The activation or registration as a user of ASTSC´s time stamp service implies a complete acceptance without reserves of the terms of use as well as the policy and practices of ASTSC described in this document. This must apply without prejudice to the conditions and particular or special agreements established. We ask that you read this document thoroughly.

    The lack of acceptance of these conditions prevents the use of ASTSC´s service.

    3. 1 ASTSC Obligations

    Safe Creative is responsible for presenting the time stamp service according to what is described in ASTSC´s Policy and Practices document. ASTSC commits to the following obligations with the users:

    3.2 User´s obligations

    3.3 Verification of time stamps

    The certificates used by ASTSC are the following:

    The Primary Authority Certification of Safe Creative publishes a list of revoked certificates (CRL) at http://pki.safecreative.com/pub/crl/cacrl.crl

    3.4 Level of service agreement: SLA of ASTSC

    The definitions indicated bellow are applied to the SLA of the Safe Creative Time Stamp Authority.

    Terms of ASTSC´s SLA

    The web interface services are included in ASTSC´s access accounts and is operable for the clients of these accounts with at least 99% of the activity time in the range of one calendar month.

    If Safe Creative S.L. does not comply with this level of service (ASTSC´s SLA) the user has a paid account, complies with the obligations in the terms of use, the user has the right to receive corresponding Credits of Service related to the following table:

    Percentage of inactivity time during a month Credits of service
    <99%  >=97%3
    <97%  >=95%7
    <95%15

    The resolution of ASTSC´s SLA is the only user´s legal recourse should Safe Creative not provide a level of availability in the agreed service.

    The user must use the service credits. The request must be presented to Safe Creative during the following month after ASTSC´s SLA breach. After that time the client looses the right to receive service credits.

    ASTSC´s SLA is excluded from communication or performance problems for reasons beyond Safe Creative´s control, catastrophic events or due to the client´s equipment, third parties or both.

    3.5 ASTSC´s Responsibility

    ASTSC can only respond to cases of non-compliance with the obligations applicable by the present declaration of policy and practices of time stamp and the applicable legislation. ASTSC guarantees access and availability to the time stamp service in the parameters and the compensation responsibilities exhibited in section 3.4 “Agreement of the level of service: ASTSC´s SLA” in the terms of use.

    ASTSC must not assume any responsibility for the use of time stamps in non-authorized uses during the present policy and practices document.

    ASTSC must not respond to errors, inaccuracies, defects, reliability, adequacy or purpose, legality or signatures incorporated to the time stamp by the user.

    3.6 Modifications and duration

    Safe Creative reserves the right to exercise at any moment modifications and updates to the provision of services, contents, configuration, availability and information presentation as well as the present conditions of use without prejudice to the acquired rights. It also reserves the right to suspend temporarily the access and to perform maintenance work or improvements without resulting in claims, liquidated or indirect damages for this concept other than those indicated in paragraph “Safe Creative SLA”.

    3.7 Applicable law and jurisdiction

    The operating conditions of this service shall be governed and interpreted according to Spanish legislation. Any controversy that may exist between parties in relation to what is established is subject to the courts and tribunals of Zaragoza capital.

    3.8 Corporate Information

    This web site and the services provided are owned by Safe Creative S.L. with CIF B99161739 and address in Zaragoza (Spain), C/ Bari, 39 2nd floor, and registered in the Mercantile Register of Zaragoza, in volume 3534, book 0, sheet 192, inscription 1.

    Safe Creative provides the public passwords of its systems. They are available at: http://www.safecreative.org/pkinfo

    OFFICES:

    Europe
    Zaragoza (Headquarters)
      C/ Bari, 39, 2ª Planta – 50197 Zaragoza (Spain)

    Madrid
    C/ Luis Buñuel 2, 3rd Floor
    Ciudad de la Imagen – 28223 – Pozuelo de Alarcón Madrid