3.1
Initial Registration
3.1.1
Basic Certificate Applications' Validation Requirements
Following an on-line or offline certificate application submitted by an individual or organization, COMTRUST will undertake a validation process to obtain reasonable assurance that the applicant is the person who he claims to be and that information provided by him at the time of enrolment are accurate.
3.1.1.1
Certificate Applications' Validation Procedure
In line with the validation requirements mentioned above COMTUST will implement the following internal validation procedures:
-
Compare and confirm the accuracy of application data gathered against the credentials
-
Class 1 User Certs: The subscribers will be expected to present the following required documents and one of the optional documents for the purpose of verification by Comtrust Service Representative: The condition of showing original may be waived by RA in circumstances, where the subscriber is also a subscriber of Etisalat's Land telephone lines service or Emirates Internet Multimedia's Internet service and his or her record can be verified from Internet records by the RA.
Required Documents:
(i) Copy of passport with valid residence visa (original to be shown to COMTRUST service representative
(ii) Copy of UAE labour card (Original to be shown, if original passport in not available).
Optional Documents (one or may be required at the discretion of RA)
(i) Employer/Company/Sponsor’s letter
(ii) Copy of Driver’s license
(iii) Other form of identification from government, employer or a UAE bank
After verifying these documents, Comtrust Service Representative will sign and submit copies of these documents to respective Registration Authorities. Alternatively, documents may be directly submitted to COMTRUST RA.
Business User Certificates:
The validation of applicants will be carried out on the basis of information provided by the respective organizations, purchasing these certificates in bulk. These organizations will be required to provide atleast the following:
-
Copy of their trade license or equivalent document
-
Letter of introduction of applicant conforming identity of individual , giving passport number and expiry date, and relationship with the organization. If necessary, COMTUST may take further appropriate measures to verify identities.
Server Certificates: In addition to the verification of information applicant has submitted on-line (or off-line) to COMTRUST, the documents listed below may be requested from the applicant for validation before issuance of server certificates. A minimum of copy of trade license of business organizations and power of Attorney will always be required. Additional documents can be asked for by RA at its discretion.
(i) Applicant Identification Data
(ii) Registration form signed and properly filled in
(iii) Server agreement signed
(iv) Chamber of Commerce Registration
(v) Passport copy of owner
(vi) Passport copy of sponsor
(vii) Copy of tenancy contract (optional)
(viii) Bankers Information
(ix) Payment information (corporate credit card or cheque)
(x) Evidence of authority binding the applying entity to a particular government
/ government owned department (Required in the case of application from foreign
governments)
3.1.2
Types of names
Comtrust will follow X-509 naming conventions
3.1.3
Need for names to be meaningful
The certificates issued by the COMTRUST shall have legal names of the person to whom the certificate is issued along with name of the organization associated with that person, locality and country.
3.1.4
Rules for interpreting various name forms
See section 7.1.4.
3.1.5
Uniqueness of names
COMTRUST will create the unique name by using common name, e-mail, country, locality & DN qualifier.
3.1.5.1
Name claim dispute resolution procedure
COMTRUST shall have the sole authority to resolve the disputes relating to claims of names. COMTRUST shall be the sole and final arbitrator in all such cases.
3.1.5.2
Recognition, authentication and role of trademarks
a) COMTRUST cannot guarantee that the names issued will contain the requested trademarks.
b) COMTRUST will not perform any trademark infringement investigation at the time the naming information is provided by a subscriber. COMTRUST is not liable for any trademark infringement by a subscriber or a third party.
3.1.6
Method to prove possession of private key
In order to prove possession of the private key with the subscriber, COMTRUST will require the subscriber to send a digitally signed message to COMTRUST.
3.1.7
Authentication of organization identity
After on-line (or off-line) registration, the applicant is advised on the requirements to prove his/her identity and proofs relating to the organizations identity by submitting a signed copy of the required credentials, as listed in section 3.1.1.1 for server certificate, and a letter in original from the business entity confirming the identity of the applicant providing his/her residence phone, mobile phone and/or e-mail (giving details of such subscriptions).
In case of application from foreign governments, Comtrust will
additionally require an evidence of authority binding the
applying entity to the particular government / government
department. The original documents will be required to be shown to the Account Manager or Registration Authority.
Where circumstances so dictate, COMTRUST may confirm the business entity’s name, address, and other registration information through use of independent sources and databases available to it and through inquiry to the appropriate government entities, as required. COMTRUST, at any time, may involve third parties for providing all or any of the confirmations needed for this purpose. Confirmation of information of companies, banks, and their agents requires certain procedures focusing on specific business-related criteria (such as proper business registration). At times, if requested by COMTRUST, the certificate applicant may be required to provide additional information and proof before issuance of certificates. All such additional validations shall be done at the expense of Subscriber.
3.1.8
Authentication of individual identity
After on-line registration, an applicant is advised on the requirements to prove his/her identity by submitting required credentials, as listed in section 3.1.1.1 of this CPS for class one User Certificate for further verification.
3.2
Routine Rekey
COMTRUST will make a reasonable effort to notify subscribers, via E-mail, of the up-coming expiration of their certificates (except for revoked certificates and Demo Certs). Such e-mail notice is intended solely for the convenience of the subscriber and will be sent to the subscriber 10 days prior to the expiration of the relevant certificate.
3.3
Rekey after Revocation
Not Available
3.4
Revocation Request
The subscriber of a digital certificate may at any time request revocation of the certificate. The revocation request can either be made through sending a digitally signed email to COMTRUST at RA@comtrust.ae. In case the subscriber is not in possession of the private key, then he or she can request revocation by calling COMTRUST contact center at 800-6-900 and by presenting the password selected by him or her during certificate enrollment stage.
