Certificate Manager

An individual who has received a power of attorney from the client to represent him when requesting a certificate or a revocation. The Certificate Manager is informed of every occurrence relating to the certificate. He must complete a Certificate manager ID Form in addition to the Individual Subscriber Request (if he is also a Subscriber).

Certificate Revocation List (CRL)

This is the list of numbers of certificates to be revoked. It is available on the website of SG Trust Services. The URL is given in the field called "CRL distribution points" of the certificate.

Certification Authority (CA)

It is in this Certification Authority that the Subscribers have confidence for issuing and managing keys, certificates and revocation lists. Its function is one of legal responsibility, over and beyond everything else. The CA signs certificates that it issues.
SG Trust Services is a Certification Authority recognised by the French Authorities.
It has the following functions:

• Implementing the CP (Certification Policy),
• Management of certificates,
• Publication of the Certificate Revocation List (CRL),
• Logging and archiving of events and information related to the functioning of the PKI (Public Key Infrastructure).

The CA must also ensure that registration is carried out by the Registration Authority in accordance with the CP.

Certification Operator (CO)

The certification operator is composed of the infrastructure of the public key having a platform that enables it to generate and issue certificates and lists of revoked certificates that a section of the users trusts.

Certification Policy

A set of rules defining the requirements to which the Certification Authority conforms while providing services adapted to certain types of applications. The Certification Policy (CP) thus describes all organisational aspects associated with a given certificate.

Within the context of the SG Trust Services offer, two CP have been produced which can be viewed on the SG Trust Services website: Certification Policy for key authentication and encryption certificates and Certification Policy for signature certificates (www.sgtrustservices.com/en/entreprise/pc/)

Customer

Legal entity signing the General Conditions, Special Conditions and Certificate Manager Form, who authorises the Subscribers to use Certificates and gives a power of attorney to the Certificate Manager to represent him for managing Certificates. Customer also means the representative of the company (individual duly authorised by the legal entity). This representative is not necessarily the legal representative of the company.

Digital certificate

The certificate is a form of digital identification that allows you to secure exchanges on the Internet by guaranteeing authentication of the issuer, integrity of the data sent, non rejection of actions and the confidentiality of transmitted data. It is a logical data processing object that allows you to link the identity of an entity to certain characteristics of this entity intangibly.

Ownership:
- It is attributed to an individual. Therefore, it is personal and can be neither exchanged nor lent.
- It is renewable automatically if no request for non-renewal or modification has been made by persons or authorities¹ authorised to do so (its period of validity is limited and subject to the nature of its use).
- It is revocable, which means that in case of theft or violation of the key, the certificate can be stopped
- Associated to its private key, it is stored on a microprocessor card, issued by SG Trust Services.

SG Trust Services issues key authentication and encryption certificates: they satisfy the need to authenticate individuals who act on behalf of the company or to encrypt keys. These certificates can be used for remote administrative procedures.

The conditions for delivery, usage and management of these certificates are described in the Certification Policy for key authentication and encryption certificates and signature certificates (www.sgtrustservices.com/en/entreprise/pc/).

¹ Persons and authorities entitled to have an involvement in the life of a certificate:
- Subscriber,
- Certificate Manager,
- Representative of the company,
- Registration Authority,
- Certification Authority,
- Any other person authorised by the Certification Authority.

Global Trust Authority (GTA)

An international organisation bringing together financial institutions whose aim is to develop universal certificates, that is those which are acceptable to all (between banks, customer and supplier…). By virtue of belonging to the Groupe Société Générale and being a member of GTA, SG Trust Services allows its customers to benefit from this future interoperability. To learn more about this, visit our site: http://www.theglobaltrustauthority.org

Identrus

An international organisation bringing together financial institutions, Identrus also aims to develop universal certificates, that is those which are acceptable to all (between banks, customer and supplier…). By virtue of belonging to the Groupe Société Générale and being a member of Identrus, SG Trust Services allows its customers to benefit from this future interoperability. Identrus and GTA are two independent organisations. To learn more about this, visit our site: http://www.identrus.com

Individual Subscriber Request

An individual information form set up for each Subscriber to create, renew, revoke or stop a certificate. This form is compulsory even if it is for a Certificate Manager who is also a Subscriber.

Key pairs

A key pair is a pair consisting of a Private Key (must be kept secret) and a public key, necessary for performing cryptology based on asymmetric algorithms. Two types of key pairs are displayed below:

- Key pairs of which the Private Key is used for authentication and the public key for verification;
- key exchange or key transport key pairs, through which secret keys (symmetric) are transported (these secret keys being those implemented for encrypting or decrypting a confidentially protected message). The Private Key of a Key exchange key pair is also called "Private Confidentiality Key."

Public Key Infrastructure (PKI)

This is a set of components, functions and procedures dedicated to the management of keys and certificates used by the security services based on public key cryptography.

Recognition

This is an authorisation which an authority known to a company by verification of its Certification Policy gives. This recognition allows a company to issue certificates that are valid for remote declaration and remote payment within the context of the application proposed by the known authority.

Registration Authority (RA)

Entity responsible for checking the identity of applicants for certificates. The RA ensures that applicants for certificates undertake to use the certificates only in accordance with the conditions defined in the Certification Policy.
The RA is also responsible for:

• Receiving and processing requests for revocation of certificates,
• Archiving certificate request or revocation forms.

Branch offices of the Société Générale Group will play the role of the Registration Authority in the context of the remote administrative procedures.

Renewing a certificate

An operation carried out automatically at the end of the validity period of a certificate that consists of generating a new certificate for a Subscriber. The certificate is renewed every two years for reasons of security. The regeneration of a certificate after being revoked is not a renewal.

Revoking a certificate

This operation can be requested by the Certificate Manager, the Subscriber, the Registration Authority, the Certification Authority or by any other person authorised by the Certification Authority. It is done by cancelling the commitment guarantee of the Certification Authority on a given certificate, before the end of its validity period. Revocation is considered to be complete when the Certificate number to be revoked and the Revocation date are published in the List of Revoked Certificates.

Revocation is done online on the SG Trust Services website (www.sgtrustservices.com) or by telephone, fax, e-mail, post or in the branch office.

Subscriber (of a certificate)

This is an individual to whom a certificate is issued.

Subscriber ID Code of a certificate

This code is chosen by the Subscriber at the time of subscription and enables the certificate to be obtained and revoked. It appears on the Individual Subscriber Request.

The offer from SG Trust Services is an offer of subscription to a digital certificates service. The subscription is renewable automatically and ends only if one of the two parties – SG Trust Services or the customer – formally requests it.

Subscription Form (SF)

The Subscription Form is the document that makes the subscription request for a certificate official. After having been checked by the Registration Authority, this form will enable the certificate(s) to be made available.
The subscription form comprises several parts:

• ‘‘Company’’,
  - General Conditions
  - Specific Conditions
  - Supporting documents with the company’s SIREN or an equivalent registration number
  - Copy of the updated Client's statutes bearing the signature of the representatives
  - Direct debit authorization (to fill uniquely if the customer has a bank account in France)
  - Customer’s Bank Account Identification (uniquely if the customer has a bank account in France)
  
• ‘‘Certificate Manager’’,
  - Identification Card of the Manager
  - Proof of identity of the Certificate Manager
  - The Connection Kit sales contract
  
• ‘‘Subscriber’’,
  - Individual Subscriber Request
  - Proof of identity of the Subscriber of the certificate.

It is important that all documents relating to the company, manager and Subscriber are supplied in duplicate: after having been validated and accepted by the branch office (role of the Registration Authority), the first is sent to the client and the second is kept by SG Trust Services.

Violation

A key is said to be violated when it is known by persons other than those authorised to use it (the Subscriber). The latter must not hesitate to revoke his certificate if he suspects a violation of his key.