For recognized certificates, a set of rules in the Digi-Sign's Certification Practice Statement governs the issuance of ID-Cert. This set of rules also provides the applicability of an ID-Cert to a particular community and / or class of application with common security requirements. It is the responsibility of a user (relying party) of the ID-Cert to decide whether to accept an ID-Cert issued by Digi-Sign to:

• Authenticate the identity of the person named therein, in the case of a Personal ID-Cert Class 1;
• Authenticate the identity of the organization named therein, and identify the Authorized Delegate named therein, in the case of an Organizational ID-Cert Class 2;
  
• In the case of an Encipherment ID-Cert Class 3:
  
- Send encrypted electronic messages to the subscriber
- Decrypt encrypted electronic messages as they are received by the subscriber; and
- Issue acknowledgement by the subscriber upon the receipt of the encrypted electronic message.

• Authenticate the identity of the organization named therein, and identify the Authorized User named therein, in the case of an Organizational ID-Cert Class 5.
  

These rules provide a useful means for the relying parties or potential relying parties of an ID-Cert to determine whether it is sufficiently trustworthy for a particular use.

ID-Cert subscribers are bound by the Subscriber Terms and Conditions and provisions of the Digi-Sign Certification Practice Statement, which prescribe, amongst others, that Digi-Sign:

(a) Shall not be responsible for the contents of any transmission, message, contract adopted by or signed by the Subscriber using keys and ID-Cert provided by Digi-Sign;

(b) Shall not be responsible for the use of the Subscriber's private key and ID-Cert by the Subscriber;

(c) Shall publish the Subscriber's public key and ID-Cert in the Digi-Sign Certificate Directory;

(d) Reserves its absolute right to amend the provisions of the CPS from time to time; and

(e) Reserves its absolute right to revoke key and ID-Cert and to publish it in the Certificate Revocation List where

(i) Digi-Sign suspects a compromise of the Subscriber's key or ID-Cert, or

(ii) such compromise is proven, or

(iii) Digi-Sign is properly requested to do so under the CPS.

For Super SSL certificates and Premium-Cert, please contact the Digi-Sign Hotline: (852) 2917 8833 for details.

This ID-Cert is issued to individuals to support Digital Signatures that purport to confirm the identities or other significant characteristics of the individuals who hold a particular key. It is issued to individuals who have attained the age of 18 years and who provide the necessary personal particulars requested by Digi-Sign as per the Subscriber Application form. Such particulars will be checked against the information contained in one of the following documents for verification of the personal identity:

(a) Hong Kong permanent identity card;

(b) Hong Kong identity card;

(c) Valid travel document indicating that the holder's limit of stay in Hong Kong has not expired.

This ID-Cert is issued to organizations to support Digital Signature that purport to confirm the identities or other significant characteristics of the organizations and identify the Authorized Delegates who have been duly authorized to hold a particular key and make Digital Signatures for and on behalf of the organizations. It is issued to organizations which provide the necessary organizational details requested by Digi-Sign as per the Subscriber Application form, including in particular, the following:

(a) Business registration, or exemption from business registration, under the Business Registration Ordinance (Cap. 310);

(b) Registration of a company incorporated in Hong Kong Special Administrative Region ("HKSAR"), or registration of an overseas company, under Part XI of the Companies Ordinance (Cap. 32);

(c) For organizations other than those registered with the Company Registry or Inland Revenue Department of the Government of HKSAR:

i. documentation issued by the appropriate registration agency of the Government of HKSAR attesting to the existence of the organization;

ii. reference to the relevant legislation for the formation and existence of the organization; and / or

iii. written legal opinion given by a legal practitioner practising the laws of the jurisdiction in which the organization was incorporated on the legal status, capacity, power and formality requirement of the organization;

(d) For bureaux, departments and agencies of the Government of HKSAR, an authorization letter.

Alternatively, the details required by Digi-Sign as per the Subscriber Application form may be made available to Digi-Sign through an Accredited Organization following the authorization of the organizations concerned.

For further explanation of (2) above, an applicant organization includes an unincorporated company and a company incorporated in the HKSAR, an overseas company registered in the HKSAR, a statutory body, or an organization that is established under one of the Hong Kong Ordinances.

This ID-Cert is issued to individuals and organizations for encryption and decryption of electronic messages and to support Digital Signatures (for the issue of acknowledgements by the Subscriber upon receipt of encrypted messages) that purport to confirm the identities or other significant characteristics of the individual who hold a particular key, or Authorized Delegates or Authorized Users of organizations who have been duly authorized to hold a particular key and make the Digital Signatures for and on behalf of the organizations. The normal practice is for the subscriber to lodge a Subscriber Application for the Encipherment ID-Cert Class 3 at the same time as the application for Personal ID-Cert Class 1 or Organizational ID-Cert Class 2 or Organizational ID-Cert Class 5, as the case may be.

Where the Subscriber Application is submitted separately for the Encipherment ID-Cert Class 3, the applicant must be an existing Personal ID-Cert Class 1 Subscriber, or an existing Organizational ID-Cert Class 2 Subscriber or an existing Organizational ID-Cert Class 5 Subscriber at the time of application for the Encipherment ID-Cert Class 3.

The procedures, controls and relevant requirements for an applicant to lodge an application of an Encipherment ID-Cert Class 3, as well as for Digi-Sign to process the application, will be the same as those for the application for a Personal ID-Cert Class 1 or an Organizational ID-Cert Class 2 or an Organizational ID-Cert Class 5, as the case may be.

This ID-Cert is issued to organizations to support Digital Signatures that purport to confirm the identities or other significant characteristics of the organizations and identify the Authorized Users who have been duly authorized to hold a particular key and make Digital Signatures for and on behalf of the organizations. It is issued to organizations which provide the necessary organizational details requested by Digi-Sign as per the Subscriber Application form, including in particular, the following:

(a) Business registration, or exemption from business registration, under the Business Registration Ordinance (Cap. 310);

(b) Registration of a company incorporated in Hong Kong Special Administrative Region ("HKSAR"), or registration of an overseas company, under Part XI of the Companies Ordinance (Cap. 32);

(c) For organizations other than those registered with the Company Registry or Inland Revenue Department of the Government of HKSAR:

i. documentation issued by the appropriate registration agency of the Government of HKSAR attesting to the existence of the organization;

ii. reference to the relevant legislation for the formation and existence of the organization; and / or

iii. written legal opinion given by a legal practitioner practising the laws of the jurisdiction in which the organization was incorporated on the legal status, capacity, power and formality requirement of the organization;

(d) For bureaux, departments and agencies of the Government of HKSAR, an authorization letter.

Alternatively, the details required by Digi-Sign as per the Subscriber Application form may be made available to Digi-Sign through an Accredited Organization following the authorization of the organizations concerned.

For further explanation of (4) above, an applicant organization includes an unincorporated company and a company incorporated in the HKSAR, an overseas company registered in the HKSAR, a statutory body, or an organization that is established under one of the Hong Kong Ordinances.

Digi-Sign is responsible to establish the criteria for accreditation of organizations for the purpose of transfer of Subscriber Application details information direct from such organizations in support of Subscriber Applications for ID-Cert. Prior to accreditation, Digi-Sign will verify the following:

(a) The organization providing the Subscriber Application details is a statutory body, or a public body, or is otherwise establish under the Hong Kong laws;

(b) The organization has the capability and procedure in place to retain personal identity information for the purpose of substantiating the identification of the person applying for Personal ID-Cert Class 1;

(c) The organization has the capability and procedure in place to retain the Subscriber Application details for the purpose of substantiating the identity of the organization applying for Organizational ID-Cert Class 2 or Organizational ID-Cert Class 5;

(d) The organization has its privacy policy in conformance to the Personal Data (Privacy) Ordinance (Cap. 486);

(e) For Personal ID-Cert Class 1, the organization providing the Subscriber Application details is in a position to:

- Demonstrate the procedure to verify the personal identity, such as by "face to face" authentication, or by another method determined by Digi-Sign to be equally effective in authenticating the identity of the applicant;

- Produce a photocopy of the personal identity, or attest the personal identity, whenever requested by Digi-Sign to do so; and

- Produce written procedures to show how the personal identity is being kept up-to-date.

(f) For Organizational ID-Cert Class 2, the organization providing the Subscriber Application details is in a position to:

- Produce photocopies of documentation necessary for identification of an Authorized Delegate and the corresponding organizational identity, or attest the identity of an Authorized Delegate and the corresponding organizational identity, whenever requested by Digi-Sign to do so; and

- Produce written procedures to show how the Subscriber Application details are being kept up-to-date.

(g) For Organizational ID-Cert Class 5, the organization providing the Subscriber Application details is in a position to:

- Produce photocopies of documentation necessary for identification of an Authorized Representative and Authorized User and the corresponding organizational identity, or attest the identity of an Authorized Representative and Authorized User and the corresponding organizational identity, whenever requested by Digi-Sign to do so; and

- Produce written procedures to show how the Subscriber Application details are being kept up-to-date.

(h) Where the Subscriber Application details have been received from an Accredited Organization, the hand-over of the PIN Mailer may be done through the Accredited Organization as a Digi-Sign agent, provided that Digi-Sign is satisfied that the systems and procedures, including management controls, relevant to the handling of PIN Mailers by the Accredited Organization, are documented and that they are at least as effective and secure as those employed by Digi-Sign. The Accredited Organization will also be subjected to spot checks by Digi-Sign to ensure that the systems and procedures agreed and documented are complied with by the Accredited Organization.

(i) When an organization ceases to be Digi-Sign's Accredited Organization:

- Digi-Sign will ceases accepting Subscriber Application details transferred from this organization.

- Where the organization also distributes disks and PIN mailers, Digi-Sign will recover any disks and PIN mailers yet to be distributed by the organization and notify the Subscribers that Digi-Sign will distribute the disks and PIN mailers instead.

An ID-Cert subscriber may apply to Digi-Sign to change the following Subscriber details:

1. For the changes applied to individual subscribers or the Authorized Delegate or Authorized Representative of Organizational subscribers

- Correspondence address
- Telephone numbers (voice, fax, mobile)
- Title
- Nationality

2. For the changes applied to Organizational subscribers

- Contact person's particulars
- Company or Organizational web site
- Authorized Representative

The subscriber must complete a Digi-Sign Change Request form. However, Digi-Sign shall revoke the existing ID-Cert and issue a new one, if the requested change involves change of the following information published in the ID-Cert:

A. For the changes applied to individual subscribers or the Authorized Delegate or Authorized User of Organizational subscribers

- Name
- Email address
- Hong Kong Identity Card Number, Passport, other Travel Document Number or other valid Identity Document

B. For the changes applied to Organizational subscribers

- Company / Organization Name
- Authorized Delegate / Authorized User
- Email address
- Business Registration Number / Organization Registration Number

The subscribers may at any time apply to Digi-Sign to revoke the ID-Cert. However, a subscriber must promptly apply to Digi-Sign to revoke the ID-Cert upon the occurrence of the following:

- Loss of the private key
- Compromise or suspected compromise of the private key
- Failure of the protection of the private key, or suspected failure of the protection

A request to revoke an ID-Cert must be in writing and submitted by the subscriber, the Authorized Delegate or the Authorized Representative for the Authorized Users of the subscriber as the case may be, to Digi-Sign in person. Digi-Sign will provide facilities for the subscriber to download a revocation request form.

Digi-Sign will keep records of the time and date of receipt of a revocation request, and endeavour to process the revocation before the end of the next working day of its receipt at the Digi-Sign Office. Processing of the request will include checking of the subscriber's signature in the revocation request form.

Once the validity of the revocation request is established, Digi-Sign will initiate action in its trustworthy system to revoke the ID-Cert, and update the Certificate Revocation List (CRL). The business hours for processing of ID-Cert Revocation Request are as follows:

Monday to Friday: 8:30am to 6:00pm

Whenever it is necessary to notify Digi-Sign of an ID-Cert Revocation Request outside the above business hours, or on any day when the Digi-Sign Office is closed for business, the subscriber should call the Emergency Telephone No. at the Contact Us section to make arrangement.

For all revocation of ID-Cert, the Digi-Sign trustworthy system will update the Digi-Sign CRL promptly upon the processing of revocation of an ID-Cert in the system. Digi-Sign will further issue a notice of revocation to the subscriber, and this will be done within two working days of the update of the revocation to the CRL.

• One year validity period: HK$99
• Two year validity period: HK$159
• Three year validity period: HK$189

• One year validity period: HK$99
• Two year validity period: HK$159
• Three year validity period: HK$189
• Charge for company search: HK$180

• One year validity period: HK$99
• Two year validity period: HK$159
• Three year validity period: HK$189
• Charge for company search: HK$180

1. All Classes of ID-Cert are valid for a maximum of 36 months from date of issuance.

2. An encipherment certificate will be issued at HK$30 to each subscriber at the time of issuance of Personal ID-Cert Class 1 or Organizational ID-Cert Class 2 or Organizational ID-Cert Class 5.

3. If an encipherment certificate is requested separately from a subscriber application, a fee of HK$79 (1 Year) / HK$119 (2 Year) / HK$139 (3 Year) per encipherment certificate is payable.

4. A service charge of HK$130 is payable for each subscriber application, where the applicant has requested to deliver the certificate and to complete the identity verification process at a special location within Hong Kong nominated by the subscriber and this location is outside the Digi-Sign offices.

For Super SSL Certificates and Premium-Cert, please contact the Digi-Sign Hotline: (852) 2917 8833 for details.

• Digi-Sign may charge HK$100 for each request.
  

The above fees and charges are current at the time of publication. Digi-Sign reserves the right to vary the rates, fees and charges herein without prior notice.

Digi-Sign pledges to notify the applicants of the result of the subscriber applications within three working days of the decision to approve or reject the subscriber applications upon receipt of all necessary information and supporting documents from the applicants.

For Super SSL Certificates and Premium-Cert, please contact the Digi-Sign Hotline: (852) 2917 8833 for details.