WO2001018715A1 - System and method for providing certificate-related and other services - Google Patents
System and method for providing certificate-related and other services Download PDFInfo
- Publication number
- WO2001018715A1 WO2001018715A1 PCT/US2000/024606 US0024606W WO0118715A1 WO 2001018715 A1 WO2001018715 A1 WO 2001018715A1 US 0024606 W US0024606 W US 0024606W WO 0118715 A1 WO0118715 A1 WO 0118715A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- participant
- level
- gto
- relying
- customer
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
Definitions
- member institutions create an entity, referred to hereafter as the root entity, to establish a global, interoperable network of financial institutions which operate as certification authorities.
- each participating financial institution (each, a "participant") issues digital certificates to customers and corporations and their employees, based on a set of uniform system rules and business practices.
- the root entity provides the infrastructure within which the system participants provide these services, including establishing technological and procedural systems to support system activities, developing and maintaining rules and regulations governing participation in the system, providing ongoing monitoring and data processing functions to limit the risks to system members and their customers, and establishing a dispute resolution mechanism for issues arising out of use of the system.
- the technological, procedural, and legal frameworks established by the root entity and its members permit those members to provide more meaningful and better controlled identity certification services than have previously been available. By doing so, the system encourages the adoption of trusted business-to-business electronic commerce.
- the root entity is intended to be a commercially viable, for-profit business that facilitates domestic and international business-to-business electronic commerce by creating a framework for the provision of certification authority services by its participants. Participants use the system to manage the risks involved in acting as certification authorities issuing digital certificates to parties who can then use those certificates to affix digital signatures to messages sent through electronic communications systems, including the Internet.
- the system is a "closed" system, in which only parties that have agreed to abide by the system's rules and regulations are allowed to participate.
- the system and its members operate in accordance with a set of operating rules (the "operating rules").
- the system is comprised of regulated financial institutions coming together to take the basic technology provided by public key cryptography and public key infrastructure (PKI), and combine it with adherence to a common set of operating rules to facilitate electronic commerce. While the system provides the infrastructure for participating organizations, the service leverages the participants' existing customer base, and the financial institution entity as a trusted financial intermediary.
- the system is a multi-vendor system, and allows participants to customize the management of identity risk when dealing with individuals over an electronic medium with applications that best meet each particular participant's customer needs.
- LI participants may join the system either directly, as “Level One Participants” (LI participants), or indirectly, as “Level Two Participants” (L2 participants).
- LI participants may issue certificates either directly to subscribing customers or to L2 participants.
- L2 participants may issue certificates only directly to subscribing customers.
- the system may be used to facilitate business-to-business e-commerce.
- the service provided by the system fits well with the needs of mid-size to large institutions for both secure transactions and communications with other businesses.
- the disclosed system comprises the following key elements:
- the system provides an infrastructure for managing risk.
- the following six, root entity-level key risk areas are analyzed and appropriate controls established within each: a. Operational b. Reputation c. Regulatory d. Strategic e. Credit f. Liquidity/Financial
- a "closed" system is utilized - meaning that both sides of any transaction, are contractually bound to the same set of system rules and operating procedures. From a participant standpoint, the ability to track and monitor outstanding warranties is another feature which also provides the ability to manage risk. 2.
- the root entity's responsibilities include delivery of the following: a. root technology. b. signing keys of all participating financial institutions, which in turn issue certificates to end-users or sign the keys of issuing corporations. c. establish the infrastructure to facilitate emergence of e-commerce applications, not the applications themselves. 3. Technologically interoperable organization
- the system provides a platform for various technologies to "interoperate" with each other.
- New vendors approach "interoperability" from both a sponsoring and a participating institution standpoint.
- Technical interoperability is structured in this way to ensure that compliance with technology specifications is equivalent to achieving actual operational interoperability.
- System interoperability extends beyond technology, to the operating rules, system procedures, and issuance practices of all participants within the system hierarchy.
- Warranty certificates are used to interact with multiple trading partners, across multiple business applications, in multiple jurisdictions.
- the trust feature, and benefit from it, is addressed by the system in a number of ways: a.
- the system leverages the traditional bank role in identifying customers for purposes of facilitating commerce, and operating as service providers in a regulated environment subject to significant oversight and regulation.
- b. The network is dedicated to maintaining high minimum standards.
- c. A digital certificate is only as trustworthy as the certifying authority that issued it. The accuracy and validity of a digital certificate is key to a recipient's reliance on a digital signature. By issuing such a digital certificate, the certifying authority certifies the identity of the person sending a message signed with the certificate.
- d. Through establishment and compliance with system rules, a PKI is developed that ensures the integrity of the certifying authority's operations.
- the system requires a party to obtain affirmative confirmation of the validity of an identity.
- the system also provides the means to obtain that confirmation and a warranty thereon on a real-time or near real-time basis through an on-line status check.
- CTLs certificate revocation lists
- the system primarily relies on checks of certificates with known "good status" rather than the more customary check of certificates that are known to be bad.
- Warranty/ Assurance aggregate limits on exposure to identity warranties
- the system design imposes aggregate limits on the exposure that any issuing participant may incur through explicit warranties granted with respect to identity certificates issued by that institution. Because each warranty is bounded by the agreements among the parties, both in terms of financial risk and duration, it is possible for each LI participant and the root entity to monitor the participant's compliance with this limit on a real-time basis.
- the root entity monitors the cap of all issuing participants on a daily basis. In addition, the system monitors the cap on a real time basis.
- the transactions may be captured on a real-time basis, and reported on a periodic basis (to be determined) to the root entity.
- the root entity can impose sanctions on participants for violation of warranty cap rules.
- the system comprises a mechanism by which to increase or decrease warranty cap. c. Required collateral posting
- collateral is required of all institutions issuing this assurance.
- the collateral is based on a combination of two criteria:
- An individual participant is required to post a specific amount of collateral in accordance with each participant's specific credit rating. Credit rating is checked on a periodic basis, or whenever revised by a rating firm. (It may take the form of a continuous monitoring of credit rating, leading to changes in collateral happening in concert with changing credit ratings).
- the ability to provide for shuffled and fragmented root keys is another security feature specific to the system.
- Fig. 1 is a high level graphic depiction of the system structure
- Fig. 2 is a block diagram illustrating the relationship between the parties in the system operating model
- Figs. 3-7 are a series of conceptual diagrams that illustrate the flow of data through the system for initialization, validation, and warranty processes
- Fig. 8 illustrates aspects of the dispute resolution process of the present system
- Fig. 9 illustrates aspects of the collateral management system of the present system
- Figs. 10-12 illustrate aspects of user interaction with the present system
- Fig. 13 illustrates aspects of the root entity of the present system
- Fig. 14 illustrates aspects of a participant of the present system.
- Fig. 1 is a high level graphic depiction of the system structure.
- the system comprises a root entity 102 that is initially formed as a global joint venture of eight founding member banks 104) and a technology partner 104 2 .
- Equity membership is then expanded among regulated financial institutions to achieve a diversity of ownership from all major regions of the globe as well as from other financial industry sectors.
- the system further comprises a plurality of LI participants 106 a plurality of co ⁇ orate clients 108, and a plurality of employees 110 of co ⁇ orate clients 108. Also part of the system, although not shown in Fig. 1, are a plurality of L2 participants 106 2 . L2 participants 106 2 also typically have a plurality of co ⁇ orate clients 108 which each typically have a plurality of employees 110.
- root entity 102 creates an infrastructure within which participants 106 provide system services. Specifically, root entity 102 engages in the following functions:
- Root entity 102 is a for-profit entity, significant revenue opportunities also exist at the individual participant level. By offering add-on electronic services, or by "electronifying" existing customer services, participants 106 compete with each other to attract incremental revenue. Participants 106 also have the right to independently determine products, bundles, and services offered, and fees charged to customers. Root entity 102 does not address the fees that participants 106 charge their customers, other than establishing a processing fee for each validation to be paid by one participant to another; there is no interchange fee. This structure enhances the market for participant developed electronic commerce applications, and provides for the transformation of traditional bank products for electronic use. All LI participants 106, are required to act as an issuing participant. o Participants 106 providing the services described above engage in the following activities:
- L2 participants 106 2 are also required to be financial institutions. Specific eligibility requirements are included within the operating rules described below. 0 The role of an L2 participant 106 2 is to issue certificates to its customers 108 and act as principal on warranties issued. LI participants 106,, provide the outsourced reliance manager function to their L2 participants 106 .
- the criteria for participation are dependent upon the entity's role as an LI participant 106, L2 participant 106 2 , co ⁇ oration (customer 108), or user (employee 110). In all cases, however, the criteria are designed to: 1. Protect the system and its members from the legal, operational, credit and reputational risks that may arise from the failure of a member to meet its obligations with respect to certificate and warranty issuance and usage. 2. Ensure that the institution is operationally competent to carry out its obligations within the system 3. Ensure that the system complies with all applicable laws
- each LI participant 106 enters into a level one participant agreement (LIP agreement) with root entity 102.
- the LIP agreement preferably governs LI participant 106,'s participation in the system and system services.
- the LIP agreements preferably establishes a direct contractual relationship between root entity 102 and LI participant 106, which binds LI participant 106, to the system Operating Rules. As such, root entity 102 can directly enforce against LI participant 106, the system Operating Rules and other system rules specified in the agreement.
- An exemplary LIP Agreement appears in appendix 2-l(b)(v)(A)(l) to the system Operating Rules set forth below.
- each LI participant 106 enters into a level one participant/ level two participant agreement (L1P/L2P agreement) with its respective L2 participants 106 2 .
- L1P/L2P agreement preferably governs the provisions of service by an LI participant 106, to an L2 participant 106 2 and preferably establishes both a direct contractual relationship between sponsoring LI participant 106, and its subordinate L2 participant 106 2 as well as a third-party beneficiary relationship between the L2 participant 106 2 and root entity 102.
- both LI participant 106, and root entity 102 can directly enforce against L2 participant 106 2 the system Operating Rules and other system rules specified in the agreement.
- An exemplary set of required terms for an L1P/L2P agreement appears in appendix 2-2(b)(v) to the system Operating Rules set forth below.
- L2 participant 106 2 if sponsoring LI participant 106, does not demonstrate that root entity 102 will be able to enforce its rights as a third party beneficiary of the L1P/L2P agreement, L2 participant 106 2 must also enter into an level two participant agreement (L2P agreement) with root entity 102.
- the L2P agreement preferably governs L2 participant 106 2 's participation in the system and system services.
- the L2P agreement preferably establishes a direct contractual relationship between root entity 102 and L2 participant 106 2 which binds L2 participant 106 2 to the system Operating Rules.
- root entity 102 can directly enforce against L2 participant 106 2 the system Operating Rules and the other system rules specified in the agreement.
- An exemplary L2P agreement appears in appendix 2-l(b)(v)(A)(2) to the system Operating Rules set forth below.
- Participants 106 may be terminated only for specific reasons related to preserving system integrity and favorable risk posture. Procedures provide participants 106 with notice and opportunity to cure deficiencies. However, participants 106 may be suspended on an immediate and a summary basis to preserve system integrity. L2 Participants 106 2 may be suspended or terminated either by an LI participant 106, at request of root entity 102, or by root entity 102 directly (as backstop). Participants 106 may also elect to suspend or terminate membership in the system. Terminated participants 106 are required to take all necessary steps to terminate system-supported services, and to immediately inform their customers 108. Root entity 102 must also be able to invalidate (almost immediately) the subsequent validation of any certificates issued by suspended or terminated participants 106. (The above provisions apply equally to suspended participants 106.) II- Operational Concepts
- the system is based on an operating model with five primary parties: root entity 102, an issuing participant 10, a subscribing customer 20, a relying participant 30, and a relying customer 40.
- root entity 102 The relationship between these parties is illustrated in Fig. 2.
- Fig. 2 Also shown in Fig. 2 is a collateral custodian 112.
- Each component depicted in Fig. 2 is certified by root entity 102 and possesses its own certificate, which in turn is validated through a trusted hierarchy. Certificates are issued to LI participants 106,, which then issue their certificates to L2 participants 106 2 or customers 108.
- the relationships, as depicted in Fig. 2, are: subscribing customer 20 is a customer of issuing participant 10, and relying customer 40 is a customer of relying participant 30.
- each customer 108 interacts with the system through its respective participant 106.
- a seller asks its financial institution (LI participant) to validate the credentials of a buyer.
- the seller's financial institution contacts the buyer's financial institution, which in turn attests to the identity of its customer, a buyer.
- Figs. 3-7 are a series of conceptual diagrams that illustrate the flow of data through the system for initialization, validation, and warranty processes. Fig. 3 is described in this section. Figs. 4-7 are described below.
- each entity in the operating model of Fig. 2 comprises elements that facilitate the business processes described below.
- root entity 102 comprises a certificate authority 302 and a participant repository 304.
- Certificate authority 302 issues digital certificates to LI participants 106, as described in more detail below.
- Issuing participant 10 comprises a certificate authority 306 that is connected to a repository 308.
- Certificate authority 306 issues digital certificates to customers of issuing participant 10, as described in more detail below.
- Repository 308 is further connected to an IP certificate risk check and reporting module 310.
- Issuing participant 10 further comprises bank legacy systems 312, other transaction systems 314, and other tracking DBFs 316.
- Elements 308-316 are all connected to an intelligent messaging gateway (IMG) router 318 through which flows all messages to and from issuing participant 10 relating to the provision of system services.
- IMG intelligent messaging gateway
- Subscribing customer 20 has a digital certificate 322 that it receives from issuing participant 10. Subscribing customer 20 also has the necessary equipment to communicate with relying customer 40.
- Relying participant 30 comprises a certificate authority 324 that is connected to a repository 326. Certificate authority 324 issues digital certificates to customers of relying participant 30, as described in more detail below. Repository 326 is further connected to an IP certificate risk meter and reporting module 328. Relying participant 30 further comprises bank legacy systems 330, other transaction systems 332, and other tracking DBFs 334. Elements 326-334 are all connected to an IMG router 336 through which flows all messages to and from relying participant 30 relating to the provision of system services. Relying customer 40 has a digital certificate 338 and a client IMG formatter 340. Messages from relying customer 40 requesting a system service are formatted by IMG formatter 340 and transmitted to IMG router 336. C. Proposed Business Process
- a prospective LI participant 106 applies for admission to the system.
- the applicant receives and signs a participation agreement and agrees to be bound by the operating rules.
- the prospective LI participant must agree to act as an issuing participant 10 in order to also act as a relying participant 30.
- root entity 102 sets a maximum warranty cap for the applicant and a collateral amount that the applicant is required to post.
- the specific amount of collateral that a participant must post per warranty certificate issued varies from participant to participant based on established criteria - and as discussed below. Root entity 102 also orients the LI participant 106, and helps establish an implementation schedule.
- the new LI participant 106 establishes internal certificate authority operation with appropriate testing and sign-off by root entity 102.
- the new LI participant 106 also opens a collateral account with collateral custodian 112 and deposits funds as required by root entity 102.
- Collateral custodian 112 notifies root entity 102 when such funds are transferred by the new LI participant 106
- Collateral custodian 112 provides monthly reports to root entity 102 for each collateral account established at collateral custodian 112.
- step C the LI participant 106, requests a digital certificate from root entity 102.
- step D root entity 102 issues the requested digital certificate to the LI participant 106,.
- step E issuing participant 10 and relying participant 30 execute and exchange an inter LI contract.
- warranty certificate is needed to obtain the validation and warranty assurance services discussed below.
- Warranty certificate issuance is described in connection with Fig. 5. As shown in Fig. 5, in step 502, subscribing customer 20 requests a certificate from issuing participant 10. In step 504, issuing participant 10 does an appropriate due diligence to ensure that "know your customer" requirements have been met.
- the system Operating Rules comprise a set of know your customer requirements.
- the know your customer requirements represent the minimum procedures that must be employed by a participant to confirm the identity of a new or existing customer and to issue an identity certificate to such a customer.
- An exemplary set of know your customer requirements appear in appendix 2-l(b)(ii) to the system Operating Rules set forth below.
- a request for a certificate must be authenticated and approved before certificate issuance.
- subscribing customer 20 receives and signs a customer agreement with issuing participant 10 (see also step F in Fig. 4).
- the issuing participant 10 issues the certificate to subscribing customer 20 (see also step G in Fig. 4). Analogous steps are performed to issue a digital certificate to relying customer 40. 3.
- root entity 102 imposes aggregate limits on the Identity Warranties that an issuing participant 10 may have outstanding at any one time. Because each Identity Warranty is bounded, both in terms of financial risk and duration, by an agreement between root entity 102 and the issuing participant 10, root entity 102 can monitor a participant's compliance with the warranty limit.
- root entity 102 uses risk management principles to monitor the warranty cap of all issuing participants 10. Issuing participants capture transactions on a real-time basis and report these transactions to root entity 102, preferably at least daily. Root entity 102 may impose sanctions on issuing participants for violation of warranty cap rules. Root entity 102 may also increase or decrease a participant's warranty cap.
- warranty caps are intended to control the aggregate level of operating risk exposure for an individual participant and to control the aggregate risk in the system. Once a warranty cap is set for a particular participant, the sum of outstanding Identity Warranties for that participant may not exceed the cap. This is accomplished by checking that each new Identity Warranty, when added to the aggregate of an issuing participant's outstanding Identity Warranties, does not cause the participant to exceed its warranty cap. In a preferred embodiment, the initial warranty limit may be for participants 106
- the initial limit on the Identity Warranty Amount for that participant may be $100,000 per transaction with a maximum duration of 180 days. Root entity 102 assesses these initial limits periodically and may adjust them.
- root entity 102 establishes warranty caps using a calculation methodology.
- the criteria of this methodology preferably include: (1) establishing an objective measure for setting the maximum outstanding aggregate Identity Warranty Amount for LI participants 106, (2) establishing a measure that relates financial stability and soundness to the maximum outstanding aggregate Identity Warranty Amount that a participant may issue (e.g. institution vs. operating subsidiary, AAA credit vs. BBB credit, etc.) (3) utilizing existing market based proxies to establish measurement parameters and (4) providing adequate financial coverage for the expected operating loss performance (i.e. Identity Warranty Claims) of LI participants 106, through proxies or actual experience.
- key components taken into account in calculating a warranty cap are the total capital level of the participant, or the amount of capital or dedicated collateral available, the credit rating of the participant, and the operating loss factor of the participant.
- the operating loss factor is an experience based measurement of expected Identity Warranty Claims as a percentage of Identity Warranties issued during a measurement period.
- an exemplary formula for calculating an Issuing Participant Warranty cap may be:
- all issuing participant warranty caps are based on a operating loss factor of 0.6%. This factor represents a starting point for all participants and is adjusted at least annually for each participant to reflect that participant's actual operating experience. This factor may be derived in accordance with the steps below:
- root entity 102 also establishes the starting point for a participant's credit discount factor. Initially, a credit rating of AA or higher may preferably be used as the benchmark from which other lower graded credit discount factors are calculated. An exemplary set of credit discount factors are set forth below:
- total capital represents the capital level of the legal entity under which the participant certification authority operates. For example, if a participant operates its certification authority under an operating subsidiary, then the capital level of the subsidiary is preferably used to determine the issuing participant warranty cap. However, if the participant operates its certification authority as part of its main financial services entity, then the total capital of that entity may preferably be used to determine the issuing participant warranty cap.
- a participant in order to participate in the system, a participant must meet the minimum eligibility criteria set forth in the system Operating Rules. Once a participant qualifies, the level of capital used to determine eligibility may or may not be relied on to calculate that participant's warranty cap.
- a participant may elect to hold dedicated collateral, or credit based collateral, to enhance its ability to offer warranties.
- Credit based collateral o may be used in addition to the participant's capital level to calculate its warranty cap.
- Credit based collateral is preferably held in a segregated account for the benefit of the participant's relying customers. If the participant defaults, then root entity 102 uses both the credit based collateral and the performance based collateral, discussed below, to satisfy any unpaid certified identity warranty claims. 5
- LI participant 106 has $2 billion in capital and a AA credit rating. As such, LI participant 106, may provide warranties of up to $333 billion at any one time. Based on a maximum $100,000 warranty per transaction, LI participant 106, may have a minimum of 3.3 million outstanding Identity Warranties at any 0 one time.
- a participant may not exceed its warranty cap at any 0 point in time.
- participants are preferably required to report all offered and accepted identity warranties to root entity 102 on a periodic basis.
- all issuing and relying participants are preferably required to report to root entity 102 all Identity Warranties accepted since the previous report at least once per day. Root entity
- 5 entity 102 preferably varies a participant's reporting requirements based on the percentage of its warranty cap that is utilized. A participant that is significantly below its warranty cap poses less of a risk of exceeding its cap than does a participant that begins a reporting period close to its cap. Accordingly, root entity 102 preferably imposes variable reporting requirements for participants for each reporting period based on the participant's aggregate
- root entity 102 also preferably tests the accuracy of participant reporting by comparing warranty offers reported by issuing participants to warranty acceptances reported by relying participants. Root entity 102 is also preferably responsible for periodically reviewing and adjusting each warranty cap.
- root entity 102 also imposes collateral requirements on
- collateral requirements need not be designed to ensure full coverage of all outstanding Identity Warranties, they preferably are designed to increase the probability of a relying customer's recovery on an Identity Warranty Claim by making ⁇ e. assets available.
- the collateral requirements also create incentives for participants to minimize Identity Warranty Claims by encouraging good operational controls and discouraging frivolous disputes between participants.
- root entity 102 preferably uses the pledged collateral to settle any unresolved certified Identity Warranty Claims.
- the amount of collateral a participant posts consists of performance based collateral and, if the participant elects, credit based collateral.
- the criteria used for determining the amount of performance based collateral required include: (1) providing coverage for relying customer warranty claims in the event of default and creating incentives for strong operational controls and fair treatment of Identity Warranty Claims (2) market proxies or other objective measures of a participant's operating loss due to warranty claims and the level of outstanding Identity Warranty Claims (3) results of periodic monitoring (e.g., quarterly, annually, etc.) of operating loss performance levels (4) results of monitoring collateral levels on a daily basis or more frequently as needed and (5) quality of collateral. Root entity 102 may preferably require high quality collateral such as U.S. government obligations.
- key components taken into account in calculating performance based collateral requirements include warranties outstanding at a point in time (e.g., at the end of a business day), an operating loss factor, and outstanding unpaid Identity Warranty Claims.
- an exemplary formula for calculating a performance based collateral requirement may be:
- Performance Based Collateral Requirement [Warranties Outstanding * Operating Loss Factor] + [Aggregate Amount of outstanding unpaid Identity Warranty Claims]
- a participant elects to increase its warranty cap by posting credit based collateral, the participant is also required to maintain a credit based collateral amount. This amount equals the value of the credit based collateral. The participant is required to maintain the credit based collateral amount until it changes its election and/or its warranty cap is no longer calculated on the basis of credit based collateral.
- the total aggregate value of collateral that a participant is required to pledge (also called the required collateral) amount is the sum of the participant's performance based collateral requirement and its credit based collateral amount.
- An exemplary calculation of the required collateral amount for an LI participants 106, is illustrated below. For pu ⁇ oses of this example, it is assumed that LI participant 106, has $500 million in outstanding Identity Warranties, an operating loss factor of 0.6%, and outstanding Identity Warranty claims of $200,000. As such, LI participant 106, must maintain a minimum of $3.2 million in collateral for the benefit of relying customers in the event of the default. If the participant relied on $2 million in credit based collateral to increase its warranty cap, its required collateral amount would be $ 5.2 million.
- all participants execute and comply with the terms of a system collateral and security agreement.
- enter into a collateral security agreement.
- LI participant 106 Pursuant to the collateral security agreement, LI participant 106, grants to a collateral agent, for the benefit of relying customers, a security interest in the collateral posted by LI participant 106, to secure its obligation to pay certified identity warranty claims.
- An exemplary collateral security agreement appears in appendix 2- l(b)(v)(C)(2) to the system Operating Rules set forth below.
- root entity 102 preferably sets a system- wide minimum requirement for daily reporting and collateral adjustments.
- the operating loss factors for each participant are periodically re-evaluated to ensure that collateral levels best approximate a participant's anticipated operating loss.
- Issuing participants must report to root entity 102 all settled and outstanding warranty claims. Root entity 102 uses these claims to determine the participant's operating loss factor.
- root entity 102 acts as the agent of each relying customer with respect to posted collateral. Root entity 102 can direct the collateral trustee to liquidate collateral and pay a relying customer if a participant fails to pay a certified Identity Warranty claim. If a participant fails to make a required payment, root entity 102 has no obligation to pay. However, if it decides to pay, root entity 102 preferably does not pay valid Identity Warranty claims exceeding the available collateral. If a participant fails to make required payments and collateral is not readily accessible, root entity 102 preferably does not advance funds nor does it make any payment. In a preferred embodiment, root entity 102 determines the required collateral amount for each participant daily. Root entity 102 also receives, at least daily, reports from participants on Identity Warranty amounts approved and Identity Warranty claims filed in order to determine the collateral required.
- root entity 102 designates the types of collateral, (called o eligible collateral) that may be posted by participants in satisfaction of the collateral requirements described above. Initially, the only eligible collateral may be a direct obligation of the United States government (e.g., U.S. treasury securities). Over time, root entity 102 may preferably establish additional types of eligible collateral. If it does so, root entity 102 preferably notifies each participant. 5 In a preferred embodiment, root entity 102 establishes collateral accounts with one or more collateral agents to hold collateral posted by participants. Each participant's collateral is preferably held in a separate account for the benefit of relying customers with claims against that participant. Each participant may be given the opportunity to select the collateral agent with which it wishes to post collateral.
- the collateral agent under agreements between root entity 102 and each collateral agent, the collateral agent is responsible for calculating a collateral value.
- the collateral agent notifies root entity 102 and the relevant participant of the collateral value of the participant's collateral as of the close of each business day.
- the collateral value is equal to the sum of the market values of each security included in the collateral multiplied 5 by a haircut for that security as defined below. Any collateral that is not eligible collateral is preferably assigned a market value of zero.
- participant 102 preferably calculates the participant's required collateral amount.
- the collateral agent calculates the collateral value of the participant's collateral. Not later than 10:00 a.m., New York time, on the next business day, the collateral agent notifies root entity 102 of the collateral value.
- root entity 102 notifies the participant of its required collateral amount and of the resulting delivery amount or return amount.
- a delivery amount is the amount, if any, by which the required collateral amount exceeds the collateral value.
- a return amount is the amount, if any, by which the collateral value exceeds the required collateral amount.
- root entity 102 notifies the participant of a delivery amount, then not later than 3:00 p.m., New York time, on that same day, the participant preferably delivers eligible collateral with a collateral value at least equal to that delivery amount. Failure to satisfy this requirement within one business day is grounds for suspension of the participant. If root entity 102 has notified the participant of a return amount, the participant may elect to request the return of collateral with a collateral value no greater than the return amount.
- a participant fails to satisfy a certified Identity Warranty claim when due, root entity 102, as the agent of the relying customer, instructs the collateral agent to liquidate sufficient collateral to satisfy that claim, with interest, as provided in the system Operating Rules. If the collateral is insufficient to satisfy all of the certified Identity Warranty claims of a participant, then the claims are satisfied on a first- come, first-served basis. If two claims have equal priority, then the claims are preferably paid ro rata and the participant remains liable for any deficiency. 4. Requesting an Identification Validation (Warranty Assurance with Zero Value) Identification validation is described in connection with Fig. 6. It should be noted that all of the following interactions are associated with the warranty certificate and signed transactions. As shown in Fig. 6, in step A, subscribing customer 20 initiates a transaction with relying customer 40. In step B, relying customer 40 requests an identification validation from relying participant 30.
- step C relying participant 30 checks with root entity 102 as to the validity of issuing participant 10's certificate.
- step D relying participant 30 receives a response to this check from root entity 102.
- step E relying participant 30 checks with issuing participant 10 as to the validity of subscribing customer 20's certificate.
- step F relying participant 30 receives a response to this check from issuing participant 10.
- step G relying participant 30 forwards the results of these checks to relying customer 40. 5.
- Requesting an Identification Validation with Warranty Identification validation with warranty is described in connection with Fig. 7. As shown in Fig. 7, in step 702, subscribing customer 20 initiates a transaction with relying customer 40 (see also A in Fig. 7E).
- relying customer 40 requests an identification validation with warranty from relying participant 30 (see also B in Fig. 7E).
- the request includes the estimated damages to relying customer 40 if subscribing customer 20 is misidentified and a specified period for which relying customer 40 wants the warranty to be valid.
- step 706 relying participant 30 checks with root entity 102 as to the validity of issuing participant 10's certificate (see also C in Fig. 7E).
- step 708 relying participant 30 receives a response to this check from root entity 102 (see also D in Fig. 7E).
- step 710 relying participant 30 checks with issuing participant 10 as to the validity of subscribing customer 20 's certificate and conveys the wa ⁇ anty request to issuing participant 10 (see also E in Fig. 7E).
- step 712 issuing participant 10 checks the validity of subscribing customer 10's certificate and determines whether it will issue a warranty as requested and the cost for such a warranty. Issuing participant 10 may issue the warranty only if the warranty amount would not place the aggregate amount of warranties outstanding of issuing participant 10 over its warranty cap.
- step 714 If issuing participant 10 declines to issue a warranty, then in step 714, it transmits a message to that effect to relying participant 30. In step 716, relying participant 30 forwards this message to relying customer 40, and this scenario ends. Otherwise, if issuing participant 10 agrees to issue a warranty, then the scenario continues with step 718, in which issuing participant 10 updates its total outstanding issuance against its cap to reflect the new activity, and within required time frames, updates collateral with respect to the formula outlined above (see also J in Fig. 7E). At the end of the day, or as required, issuing participant 10 exports current status of its warranty cap to root entity 102's Warranty Cap and Collateral Manager (WCCM) which reflects all warranty certificates issuing participant 10 issued that day.
- WCCM Warranty Cap and Collateral Manager
- issuing participant 10 is subject to a warranty issuance limit in total. In addition, however, issuing participants 10 may also choose to establish limits on a per- subscriber basis. This, however, is not a system requirement.
- step 720 issuing participant 10 transmits its acceptance of the warranty request to relying participant 30.
- This message includes warranty terms and a contract (see F in Fig. 7E).
- step 722 relying participant 30 prices the warranty.
- step 724 relying participant 30 transmits the terms of the warranty to relying customer 40 (see also G in Fig. 7E).
- step 726 relying customer 40 decides whether to purchase the wa ⁇ anty at the price and terms communicated. If relying customer 40 elects to decline the warranty, then in step 728, relying customer 40 declines the warranty and notifies issuing participant 10.
- step 730 relying customer 40 returns an acceptance of the terms of the warranty to relying participant 30 (liability remains with issuing participant 10).
- the acceptance includes the signed warranty contract (see H in Fig. 7E).
- step 732 relying participant 30 notifies root entity 102 and issuing participant 10, and bills relying customer 40 's account for the total fees associated with the warranty (in some cases, subscribing customer 20 is responsible for charges and the billing structure is different).
- the notification to issuing participant 10 includes the signed warranty contract (see I in Fig. 7E). Relying participant 30 need not check with root entity 102 as to whether issuing participant 10 is within its limits before the transaction is completed.
- the reports required by the system inform root entity 102 (independently of issuing participant notification). Those banks over their limits are sanctioned as indicated in this document and the operating rules. In addition controls in the system monitor the limits. In relation to warranties, if the window is thirty minutes or less between offer and acceptance, a follow-up validation of certificate status (for either issuing participant 10 or subscribing customer 20) is not required. Individual participants 106 may put into place more stringent requirements.
- root entity 102's warranty cap and collateral manager reflects all warranty transactions each issuing participant has issued that period, and issues a revised aggregate position to the participant 106 and root entity 102.
- the additional collateral is posted and transferred to the collateral account trustee.
- the WCCM does an end of period assessment to determine new level of collateral based on market changes.
- a system accounting mechanism for tracking must be in place. Only one issued warranty is allowed per transaction (for duration of that warranty). Only one bid can be issued (outstanding) per transaction at a time. This must be acted against before another bid is placed. The amount of the outstanding bid must be "reserved" against the warranty limit.
- Relying participant 30 can refuse to request a validation or Identity Warranty Assurance (IWA) from issuing participant 10 if legally prohibited from doing so (e.g. to comply with OFAC).
- IWA Identity Warranty Assurance
- Relying customer 40 does not file a claim within the applicable time period and the warranty expires (step 806); or - Relying customer 40 files a claim after the applicable time period and the warranty expires (step 808). If, as depicted in step 804, relying customer 40 files a claim within the warranty time limit (along with associated supporting evidence) with relying participant 30, then the system proceeds to step 810 where relying participant 30 notifies the corresponding issuing participant 10 of a filed claim and provides supporting evidence per the contractual obligations with the issuing participant 10 and relying customer 40 (see also C in Fig. 8F).
- step 812 relying participant 30 notifies both root entity 102, and issuing participant 10's WCCM of the filed claim and the amount of claim.
- step 814 issuing participant 10 determines whether it will pay. Root entity 102 sets conditions under which claims against warranties shall be paid. The intent is to make sure there is a gold standard for business. Each warranty issuer is provided the latitude to evaluate and dispose of claims using its own procedures. However, minimum standard criteria are established under which claims would be paid. If issuing participant 10 decides not to pay the claim, the system branches to step 814.
- step 818 if relying customer 40 is dissatisfied with issuing participant 10's decision, then the system branches to step 820 where relying customer 40 may initiate dispute resolution/arbitration proceedings (see also E in Fig. 8F). In that event, the collateral is only "released" after the outcome of the dispute resolution process.
- relying participant 30 may provide a provisional credit/credit enhancement to relying customer 40 in its discretion; if so, relying participant 30 pays relying customer 40 before issuing participant 10 agrees to cover the claim and subrogation allows relying participant 30 to file claim with issuing participant 10, subject to contracts specifying this right.
- step 814) issuing participant 10 decides to pay the warranty claim, then the system branches to step 822 where issuing participant 10 informs relying participant 30 of its decision.
- step 824 issuing participant 10 pays the claim to relying participant 30 (see also D in Fig. 8F).
- step 826 the WCCM monitors the fact that issuing participant 10 has paid the claim, decreases the amount of collateral by amount paid, and also by amount required.
- step 806 If, as depicted in step 806, a claim is not filed within the warranty expiration date, then the system proceeds to step 828 where the warranty expires. In step 830, issuing participant 10's outstanding warranty amount is decreased by the expired warranty amount. In step 832, at the end of the day, root entity 102's WCCM decreases the collateral requirement to reflect expiration of warranties.
- step 808 If, as depicted in step 808, a claim is filed after warranty expiration, then the process is the same as if a claim was not filed except that the full value of the outstanding warranty is now reflected back in the WCCM. 7. Collateral Management
- each LI participant 106 must post collateral in accordance with the criteria established by root entity 102 to be eligible to issue warranty certificates.
- the collateral management system is further described in connection with Fig. 9.
- the collateral management system comprises a collateral custodian or trustee 112 which maintains custodial accounts 902 for a plurality of participants 106 and whose activities are monitored by root entity 102.
- the sizes of the custodial accounts are indicated by the grey areas labeled C 1-6 in Fig. 9.
- the collateral requirement is typically less than the total value of outstanding warranties that have been issued by a participant 106, but the percentage is variable, rather than fixed.
- Fig. 9 Also shown in Fig. 9 is an embodiment for calculating the collateral requirement for a particular participant. For pu ⁇ oses of the illustrated embodiment, it is assumed that the total outstanding warranty values for a particular participant 106 is $50M. The collateral requirement for the participant 106 is then calculated as follows in the illustrated embodiment:
- the end user is usually an employee 110 of a co ⁇ oration 108 that has signed a contract with a participant 106 to use the system service.
- the components available to employee 110 for use with the system are shown in Fig. 10.
- employee 110 is given a certificate on a smart card 1002 by employer 108 or participant 106.
- Employee 110 also has a smart card reader 1004 attached to his PC 1006 which has installed any necessary software 1008 to use smart card reader 1004.
- Employee 110 must also load system-enabled application software 1010 on to his desktop 1006 or access it through a browser to a server (not shown).
- the location of application software 1010 should be transparent to employee 110.
- interaction with the system will vary. End user interaction is also a function of the application and relying customer 40 's requirements. Therefore, this
- step 1102 employee 110 starts up his web browser and goes to the site of relying customer 40.
- step 1104 employee 110 interacts with the web site, selecting, for example, the supplies he needs. He could also conduct other transactions such as submitting an RFP, placing an order, negotiating a contract, etc.
- step 1106 the system 15 ready to complete the transaction, he indicates this to the system (step 1106). For example, employee 110 may click on a button to indicate that he is ready to submit his order and purchase the supplies.
- step 1108 the seller's system may ask employee 110 for other information needed to complete the order, such as ship-to address.
- employee 110 is then asked to insert his smart card into the reader. Employee 110 places his smart 0 card into the reader and enters his PIN. If the PIN is valid, then in step 1112, the user sees a message saying the system is processing his transaction.
- step 1114 the employee 110's system software 1010 signs the transaction and sends it with his warranty certificate to relying party 40, in this case the seller.
- relying party 40 validates the buyer's certificate by sending a message to relying 5 participant 30.
- step 1118 relying participant 30 sends a message to issuing participant 10 to determine if the certificate is valid, as explained above.
- step 1120 issuing participant 10 sends a response back to relying participant 30 that says the buyer's certificate is valid. Issuing participant 10 also includes its own certificate in the response.
- step 1122 relying participant 30 then sends a message to root entity 102 to determine if 0 issuing participant 10's certificate is valid.
- step 1124 the seller sends a message back to employee 110 that his transaction has been accepted, along with any other pertinent information.
- the seller's system may have the capability to request an IWA programmed into its software. In this case, the warranty is requested and negotiated in the background (as described above) while the buyer waits for 5 confirmation of his purchase order. If problems are encountered as the transaction is conducted, appropriate error messages are displayed to employee 110. These include asking employee 110 to reenter his PIN if it was incorrect. Employee 110 is allowed three tries before he is locked out and
- step 1202 subscribing customer 10 becomes the relying party and requests the seller to send its warranty certificate.
- step 1202 The steps then followed are similar to those described above.
- the IWA is not negotiated in the background, but between employee 110, its participant 106, and the seller's participant 106.
- step 1204 employee 110 enters the amount and time period for the warranty.
- step 1206 this message is sent
- step 1208 employee 110 gets a message back saying the warranty request was accepted and the fee for the IWA.
- step 1210 employee 110 decides if the warranty terms are acceptable. If employee 110 agrees to pay the specified amount, the system branches to step 1212 where employee 110 sends this response through issuing participant 10 to the seller's 0 ("relying") participant 30. If, however, employee 110 does not want to pay the charge for the IWA, the system branches to step 1214 where employee 110 sends a message back, either declining the IWA or requesting another IWA for a different date and amount. This negotiation continues until employee 110 either accepts the IWA and the associated fee or says no and ends the transaction. 5 All transactions are logged so that in the event of disputes or questions, employee
- issuing participant 10 issuing participant 10, root entity 102, relying party 40, and relying participant 40 can refer to this information.
- Root Entity 102 A. Root Entity 102
- Root entity 102 sits atop the operating model, serving as the main "backbone" for the system. It performs the following critical functions to facilitate seamless operation of the system: 5 1. Operates a root level repository to provide on-line status for validity of L 1 participant certificates.
- the reliance manager must have an accounting system.
- root entity 102 is responsible for managing the root operation and maintaining the integrity of the system. The root functions are performed either centrally or distributed, depending on what the function is. The entities within root entity 102 that are responsible for performing these functions are now described in connection with Fig. 13. o As shown in Fig. 13, root entity 102 employs a private key made up of five root key fragments 1302. Each fragment 1302 is stored on its own token 1304 which is kept secured when it is not being used by a key fragment holder 1306.
- Each key fragment holder 1306 is responsible for the security of his fragment 1302 and for presenting fragment 1302 to a signing device host 1308 when needed for the 5 approval of certificate authority transactions such as issuance of certificates and CRLs. In particular, when, for example, a certificate is to be signed, key fragment holder 1306 is present to input his token into a signing device host 1308.
- Key fragment holders 1306 and signing device hosts 1308 are located in 0 geographically diverse locations. The distribution of key fragments 1302 provides a high level of security and protection for the root private key. As further shown in Fig. 13, two key fragment holders 1306 and signing device hosts 1308 are located in a data center 1310 in New York (one PC, one reader, and two tokens), two in a first bank data center 1312 in Frankfurt, Germany (one PC, one reader, and two tokens), and the fifth in a second bank 5 data center 1314 in Hong Kong.
- signing officer stations 1316 that are geographically disbursed as well, with one located at each founding bank 104, for a total of eight signing officer stations 1316. Signing officer stations 1316 are located in a secure location at each of the founding members 104,. 0 Each bank 104, also has two signing officers (SOs) 1318 for a total of 16 altogether.
- SOs signing officers
- Signing officers 1318 are responsible for operating signing officer workstations 1316. Each founding bank 104, may, if desired, have a back-up for each SO 1318. Each SO 1318 approves the use of his/her fragment to generate the root key to sign certificates, revocations, CRL's, and SO changes based upon verification of request data and based 5 upon a recommendation from an authorizer 1320, described below. SO 1318 does not directly sign a certificate.
- Authorizer 1318 is needed to approve the use of a fragment 1302 before it can be "released" to the root key generation algorithm.
- a quorum of fragments 1302 must be approved to generate the root key to sign the certificate. Quorums are established at the time the key is generated. One reject/no vote rejects the whole request.
- Authorizer 1320 is also shown in Fig. 13. The function of authorizer 1320 resides at founding banks 104,. While this is a required function, it may not necessarily require a dedicated resource.
- Authorizer 1320 receives and reviews the documentation for root certificate requests, revocations, CRL's, SO maintenance, etc.
- This person makes the recommendation to SOs 1318 to approve or reject the requests that have been received, and is responsible for ensuring that SOs 1318 have access to documentation (e.g. meeting notes) to facilitate sound decision-making. If sufficient information is unavailable to approve the request, it must be rejected.
- documentation e.g. meeting notes
- Registrar 1322 is a root entity 102 employee. This person receives and reviews the documentation for CA transactions such as certificate and CRL requests, and then inputs the request into a CA 1324, initiating the signing process.
- System administrator 1326 is a root entity 102 employee who manages the system and its databases by doing functions such as: a) Defining and maintaining information about issuers, SOs 1314, and registration authorities 1328 b) Performing backups c) Changing passwords
- Root CA auditor 1330 is responsible for reviewing CA 1324 and SO 1318 records to ensure that the PKI has not been compromised and procedures are being followed. This review entails verifying the audit records, validating the information in the audit records, and making sure that none are missing. Root CA auditor 1330 must also examine the key pairs submitted for certification, and resulting digital signatures for authenticity before it is released for use. This individual should be within the operations area and differs from those designated within the risk management area of root entity 102.
- the Root CA 1324 is kept in a highly secure location, with physical and virtual access controls to ensure the system cannot be intruded upon. To minimize the risk of a root key compromise, the root key is never maintained as a whole, but rather in 5 fragments. Three of these 5 fragments constitute a "quorum", or the number of fragments to be used in the mathematical formula that recalculates the root key every time it is needed for a signing operation.
- the quorum rules are: a) The fragment quorum is 3 of 5. b) An SO can be an SO on no more than 2 fragments. c) It must be possible to sign if 4 SO' s are unavailable.
- LI Participants 106 Following are the various functions performed by LI participants 106,:
- L 1 is also responsible for reporting warranty status to root entity 102
- LI participants 106 have the latitude to define more restrictive standards and rules provided they do not conflict with system standards.
- LI participant 106 The functions performed by LI participant 106, 's certificate authority level are similar to those done by the root certificate authority operated by root entity 102.
- Fig. 14 Shown in Fig. 14 is a registrar 1402 who is the person responsible for inputting the certificate request into the system. This may be done directly by a customer, by an account officer, or by a data entry person.
- Fig. 14 Suggested level (if done by bank): Officer or equivalent Also shown in Fig. 14 is an authorizer 1404.
- Authorizer 1404 receives from a 30 customer 108 or an account officer the documentation for certificate requests, revocations,
- Fig. 14 Also shown in Fig. 14 is a signing officer (SO) 1406 who is responsible for operating a signing officer workstation 1408. Based upon authorizer 1404's recommendation, and verification of the request data, SO 1406 approves the use of LI participant 106,'s private key to sign certificates, revocations, CRL's, and SO changes. If a bank chooses to fragment their private key, then multiple SO's and quorums are necessary.
- SO signing officer
- Fig. 14 Also shown in Fig. 14 is a system administrator 1410.
- System administrator 1410 manages LI participant 106,'s system and databases by performing functions such as: a) Defining and maintaining information about certificates b) Performing backups c) Changing passwords
- - Suggested level Officer or equivalent
- auditor 1412 is responsible for reviewing the certificate authority and SO records to ensure that the PKI has not been compromised and procedures are being followed. This entails verifying the audit records, validating the information in the audit records and making sure that none are missing. Auditor 1412 must also examine the key pairs and digital signatures for authenticity.
- Each Level 1 certificate authority has its own set of operational and security procedures to be followed. At a minimum, they meet the requirements specified in the system operating rules.
- Each Level 1 certificate authority has haves its own risk management policies and procedures. At a minimum, they meet the requirements specified in the system operating rules.
- C. Customers 108 The responsibilities of system customers 108 are as follows:
- Root entity 102 is responsible for establishing a system of risk management within the system infrastructure. Management of each system entity is then responsible for ensuring the appropriate controls and structure are operating effectively. To accomplish this, all participants 106 adhere to a clearly defined set of system rules that are structured to reflect the requirements resulting from the detailed analysis of risks, and the identification of controls appropriate to mitigate those risks. Clearly defined contracts are adopted for binding all parties to these rules.
- Root entity 102's risk management policy is to both limit risk and to place responsibility and liability at the point where the risk arises. Therefore root entity 102's risk is limited to the technology and operations directly managed by, or on behalf of, root entity 102. An independent review is performed of the identified risks and proposed controls to assist in the quantification of risk exposure, and the impact and likelihood of loss within the system.
- root entity 102 The following six key risks are analyzed by root entity 102 shortly after its formation and then on an ongoing basis.
- Operational Risks a) Technology- security breaches or other failures arising from design weakness or misuse of technology supporting the system, which result in system interruptions, cryptographic weaknesses, hardware/application failure.
- Control Objectives - utilization of expertise in design and implementation, adequate testing before implementation, contingency plans, establishment of security/access policies and controls, independent audits, ongoing monitoring. b) Processing - all failures in actions through error, design weakness, or inadequate policy and procedure implementation resulting in failure to safeguard keys, untimely or inaccurate processing of certificates/updating CRLs, inappropriate certificate usage, or unauthorized transactions.
- Control Objectives establishment of operating policies and procedures; establishment of limits, ongoing evaluation of risks, ongoing review/monitoring, contingency plans, mechanism to monitor limits/risks related to outside service providers, ability to push down requirement for similar controls to the CA, c) criminal/Illicit Acts - deliberate attempts to/breaches of the technology in processing within the system and/or the failure to detect the occurrence of fraud, resulting in compromise of keys, misuse of certificates, alteration/theft of data, assumption or forged identifications.
- Control Objectives processing controls, limits, implementation of security, access measures, regular reviews, and ongoing monitoring for adherence.
- Reputation Risks negative impact on public opinion and trust by events or publicity resulting in loss of revenue and/or legal action.
- Control Objectives ability at the root entity 102 level to promptly act to correct or address failures in operations, security, privacy requirements or compliance related to certificates/usage, enforcement against those CA's or service providers who do not perform in accordance with contract, policy terms, and obligations.
- Regulatory/Legal Risks - requirements are not adhered to or rules are ambiguous and untested - resulting in fines, penalties, or public embarrassment.
- Control Objectives establishment of a legal function within root entity 102, agreement requirements that CA's adhere to appropriate laws and regulations, clearly defined rights, obligations, and assumptions of liability within contractual agreements, establishment of ongoing regulatory dialogue.
- Control Objectives root entity 102 tracking of market, legal, and technology events to enable prompt corrective action, contract limits on financial liability.
- Control Objectives OTO approval of CA members based on certain financial criteria, root entity 102 establishment of caps for each CA, tracking of assurance transactions, claims, and settlements, requirement that CA's establish and adhere to appropriate procedures related to: adherence to limits, knowing your customer requirements, monitoring credit/financial conditions. 6. Liquidity/Financial Risks - adverse or improper business decisions or implementation, inadequately capitalized structure, or insufficient loss protection resulting in serious negative impacts on earnings or capital.
- Root entity 102 requires periodic external audits be performed of its own operations as well as those of its members. Member reviews are performed at the member's own expense. Root entity 102 also requires that third party technical reviews be performed periodically. All participants 106, as well as root entity 102, are also required to implement internal risk monitoring programs and routines, which specifically address the risks of their operational functions.
- Root entity 102 reserves the right to request/review audit reports and to evaluate, or further test, to ensure that audit corrections have been made. Root entity 102 also reserves the right to, at its own expense, perform or cause to have performed, any additional audit work considered necessary. V. Operating Rules
- root entity 102 promulgates operating rules that specify the rights and obligations of system entities.
- operating rules is as follows:
- Section 2 Participant Eligibility
- Section 3 GTO Services: General Rights and Responsibilities of Participants
- Section 10 Digital Identification Service: Rights and Responsibilities of an Issuing Participant
- Section 11 Digital Identification Service: Rights and Responsibilities of a Relying Participant
- Section 14 Description Section 15: Utility Key Service: Rights and Responsibilities of an Issuing Participant
- Section 16 Utility Key Service: Rights and Responsibilities of a
- Authenticate means, with respect to a Subscribing Customer, to use the Subscribing Customer's Private Key, corresponding to a related Public Key of the Subscribing Customer, to create a Digital Signature on a Digital Transmission for the pu ⁇ ose of indicating the Subscribing Customer's identity and association with the contents of the Digital Transmission.
- Authenticate means, with respect to a Relying Customer, to use a Subscribing Customer's Public Key, corresponding to a related Private Key of the Subscribing Customer, for the pu ⁇ ose of confirming the Subscribing Customer's identity and association with the contents of a Digital Transmission.
- Authorized means, with respect to a Digital Transmission, that (a) the Subscribing Customer placed its Digital Signature on the Digital Transmission; (b) the Subscribing Customer's Digital Signature was placed on the Digital Transmission by an entity or person authorized by the Subscribing Customer to do so; (c) the Subscribing Customer's Digital Signature was placed on the Digital Transmission by an entity or person to or with whom the Subscribing Customer provided or shared its Private Key; (d) the Subscribing Customer's Digital Signature was placed on the Digital Transmission with fraudulent intent by an entity or person acting in concert with the Subscribing Customer; or (e) the Subscribing Customer received a material benefit relative to the transaction in question as a result of the Digital Transmission on which its Digital Signature was placed.
- Certificate Authority means GTO or a Participant that issues and manages Digital Certificates in the GTO System.
- a Certificate Authority provides the Repository Function with respect to the Digital Certificates it issues, and may also provide the Reliance Manager Function with respect to such Digital Certificates.
- "Certified IW Claim” means and IW Claim for which the Issuing Participant has determined, or a determination under the Dispute Resolution process has found, that all conditions under these Operating Rules and the terms of the relevant Identity Warranty for the breach of the Identity Warranty and the payment of the IW Claim have been met, and that the Issuing Participant is liable to the Relying Customer (or the Relying Participant by operation of Section 11(10)) for the amount of the IW Claim or a portion thereof.
- Collateral Agent' means a financial institution selected by GTO to hold for the benefit of Relying Customers (or for the benefit of Relying Participants by operation of Section 11(10)) collateral posted by the Issuing Participant pursuant to Section 3(18).
- Confidential Information means any computer hardware or software, documents, manuals, service materials or other information relating to the GTO Services or the GTO System that: (a) is owned, leased, licensed to, or otherwise subject to control by, GTO or its agents; and (b) is either provided to a Participant by GTO or is accessed by a Participant from GTO in connection with its use of the GTO System. Confidential Information also includes the results of Participant audits provided to GTO pursuant to Section 3(19) or the results of GTO audits provided to Participants pursuant to Section 4(7).
- Confidential Information does not include: (x) information generally available to the public other than by breach of these Operating Rules, a Participant Agreement or a Customer Agreement; (y) information developed independently by, or already known to, a Participant as reflected in its written records; or (z) information received by a Participant from a third party lawfully in possession thereof and itself without restriction on disclosure.
- Customer means an entity that has entered into a Customer Agreement with a Participant.
- Customer Agreement means an agreement complying with the applicable requirements of these Operating Rules between a Participant and a Customer governing the provision of the GTO Services to the Customer by that Participant.
- a Customer Agreement may be: (a) in written form signed by the Participant and the Customer; or (b) where legally enforceable, in an electronic form that meets the requirements of enforceability in all applicable jurisdictions.
- Digital Certificate means a digital record issued by GTO or an Issuing Participant that identifies the entity (either GTO or the Issuing Participant) issuing the certificate, uniquely identifies a Participant or a Customer, contains that Participant's or Customer's Public Key, and states the Digital Certificate's effective period.
- a Digital Certificate is digitally signed with either (a) the Private Key of GTO when it issues a Digital Certificate to a
- Digital Signature means the unique digital identification of an entity that is created by the entity applying its Private Key to a Digital Transmission for the ptupose of confirming the identity of that entity to the recipient of the
- a Digital Signature employs a Private Key, a corresponding Public Key, and a mathematical function known as a "message digest function," such that a person receiving or otherwise accessing the Digital Transmission and the signer's Public Key can assess: (a) whether the transformation of the Digital Transmission into the message digest function was created using the Private Key that corresponds to the signer's Public Key; and (b) whether the Digital Transmission has been altered since the transformation was made.
- Digital Transmission means an electronic transmission in digital form sent by a Subscribing Customer to a Relying Customer which contains text, images and/or other data, and which the Subscribing Customer Authenticates with a Digital Signature.
- Disute Resolution means the process set forth in Appendix 3-20 for resolving a dispute arising from the GTO Services or these Operating Rules.
- GTO Global Trust Organization
- GTO Services means: (a) the Digital Identification Service; (b) the Utility
- GTO Software means the software provided by GTO to a Participant that the Participant uses, or provides to its Customer or Level Two Participant for use, in connection with the GTO Services.
- GTO System means the computer network, communications and other systems located at GTO, the Participants and their agents and processors through which Participants and GTO communicate and offer the GTO
- GTO System Transmission means a Certificate Status/Warranty Request
- Issuer Certificate means the Digital Certificate issued to a Participant that relates to the Public Key of the Participant.
- the Issuer Certificate is issued to a Level One Participant by GTO and to a Level Two Participant by a Level One Participant.
- IWA Response is defined in Section 1(71).
- Level One Participant or “Li Participant” means an entity: (a) whose
- Level One Participant Agreement means the written agreement between a Level One Participant and GTO governing the Level One Participant's participation in the GTO System and the GTO Services that is in the form set forth in Appendix 2-l(i)(l).
- Level One Participant/Level Two Participant Agreement means the written agreement between a Level One Participant and a Level Two Participant governing the provision of services as a Level One Participant to that Level Two Participant and that is substantially in the form set forth in Appendix 2-2(b)(v).
- Level Two Participant or “L2 Participant” means an entity: (a) whose
- Level Two Participant Agreement means the written agreement between a Level Two Participant and GTO governing the Level Two Participant's participation in the GTO System and the GTO Services that is in the form set forth in Appendix 2-1 (b)(v)(A).
- Marks means the logos, designs, trademarks, service marks, names, or symbols relating to the GTO Services, the GTO System, or GTO, including without limitation those described in Appendix 5-7.
- Operating Rules means these Operating Rules (including the related * 0 Appendices), as amended from time to time according to the procedures set forth in Section 8(1).
- Participant means a Level One Participant or a Level Two Participant.
- Participant Agreement means a Level One Participant Agreement, a Level 15 Two Participant Agreement, or a Level One Participant/Level Two
- Participant Status Request is defined in Section 1(72) and Section 1(75).
- Participant Status Response is defined in Section 1(73) and Section 1(76). 0 pp.
- Primaryvate Key means one-half of a cryptographic key pair as drawn from the class of asymmetric key cryptographic functions used in the GTO System that GTO, a Participant or a Customer may apply to electronic transmissions, messages or records for identification and communication purposes, including to place a Digital Signature on a Digital Transmission. 5 qq. "Private Key Public Key Pair" means a Private Key and the related Public Key of GTO, a Participant or a Customer.
- Public Key means one-half of a cryptographic key pair as drawn from the class of asymmetric key cryptographic functions used in the GTO System 0 that is uniquely related to the Private Key of GTO, a Participant or a
- Relying Participant means, with respect to a Relying Customer, the
- Repository Function means the management of a database containing information on the status of the outstanding, Expired or Revoked Digital Certificates issued by an Issuing Participant to its Subscribing Customers and/or Level Two Participants.
- Root Key means the Private Key of GTO.
- Smart Card means a plastic card containing a computer chip that meets the specifications and standards set forth in Appendix 3-l(a)/2.
- Subscribing Customer means a Customer that obtains a Digital Certificate from an Issuing Participant for use in connection wtith the GTO Services.
- Terminal Party Processor means an entity or person that provides services to a Participant, pursuant to Section 3(15), in connection with the Participant's offering of the GTO Services to its Customers and/or Level Two Participants and participation in the GTO System.
- Year 2000-Compliant means to record, store, process, provide and, where appropriate, insert true and accurate dates from, into and between the 20th and 21st centuries, and the years 1999 and 2000, including leap year calculations. With respect to hardware and software provided by GTO to a Participant and with respect to a Participant, Year 2000-Compliant also means compliance with the Year 2000-related requirements of the government authority(ies) applicable to the Participant.
- Certificate Status/Warranty Request means an electronic message transmitted by a Relying Participant, on behalf of a Relying Customer, to an Issuing Participant that (a) requests confirmation of the status of an Identification Certificate included in a Digital Transmission as a Valid Digital Certificate, and (b) may request an Identity Warranty for that
- Certificate Status/Warranty Request shall include the information items and be in the format specified in Appendix 4- 1.
- Certificate Status/Warranty Response means an electronic message transmitted by an Issuing Participant to a Relying Participant responding to the Relying Participant's Certificate Status/Warranty Request.
- a Certificate Status/Warranty Response shall include the information items and be in the format specified in Appendix 4-1.
- Digital Identification Service means the GTO Service described in
- Identification Certificate means a Digital Certificate issued by an Issuing Participant to a Subscribing Customer that can be used by the Subscribing Customer in connection with the Digital Identification Service.
- An Identification Certificate shall include the information items and be in the format specified in Appendix 1.
- Identity Warranty means a warranty by the Issuing Participant that a Subscribing . Customer Authorized a Digital Transmission.
- Identity Warranty Amount or "IWA” means the maximum amount (in a designated currency supported by the GTO System for Identity Warranties) of an Identity Warranty.
- Identity Warranty Claim or "IW Claim” means a claim against an Issuing Participant brought by a Relying Participant on behalf of its Relying Customer (or on its own behalf by operation of Section 11(10)) asserting a breach of an Identity Warranty approved by the Issuing Participant and seeking payment from the Issuing Participant pursuant to Section 10(11).
- Issuing Participant Warranty Cap means the maximum amount (in a designated currency supported by the GTO System for Issuing Participant Warranty Caps) of aggregate outstanding Identity Warranty Amounts that may be approved by an Issuing Participant for all of its Subscribing Customers.
- IWA Response means an electronic message transmitted by a Relying Participant, on behalf of a Relying Customer, to an Issuing Participant and GTO accepting or rejecting an Identity Warranty approved by the Issuing
- An IWA Response shall include the information items and be in the format specified in Appendix 4-1.
- Participant Status Request means an electronic message transmitted by a Participant to GTO that requests confirmation of the status of an Issuer Certificate of another Participant.
- a Participant Status Request shall include the information items and be in the format specified in Appendix 4-1.
- Participant Status Response means an electronic message transmitted by GTO to a Relying Participant and an Issuing Participant responding to a Participant Status Request.
- a Participant Status Response shall include the information items and be in the format specified in Appendix 4-1.
- Relationship Warranty Cap or "RWC” means the maximum amount (in a designated currency supported by the GTO System for Relationship Warranty Caps) of aggregate outstanding Identity Warranty Amounts that may be approved by an Issuing Participant for a particular Subscribing Customer, Level Two Participant and/or a particular Identification Certificate.
- Participant Status Request means an electronic message transmitted by a Participant to GTO that requests confirmation of the status of an Issuer Certificate of another Participant.
- a Participant Status Request shall include the information items and be in the format specified in Appendix 4-1.
- Participant Status Response means an electronic message transmitted by GTO to a Relying Participant and an Issuing Participant responding to a Participant Status Request.
- a Participant Status Response shall include the information items and be in the format specified in Appendix 4-1.
- a Utility Certificate shall include the information items and be in the format specified in Appendix 1.
- Validity Request means an electronic message transmitted by a Relying Participant, on behalf of a Relying Customer, to an Issuing Participant that requests confirmation of the status of a Utility Certificate included in an electronic message as a Valid Digital Certificate.
- a Validity Request shall include the information items and be in the format specified in Appendix 4- 1.
- Validity Response means an electronic message transmitted by an Issuing Participant to a Relying Participant responding to the Relying Participant's Validity Request.
- a Validity Response shall include the information items and be in the format specified in Appendix 4-1.
- (A) is engaged primarily in the business of providing financial services (such as banking, securities, or insurance underwriting), (B) is subject to substantive regulation by a government authority in its designated home country, (C) is subject to periodic examination by a government authority in its designated home country, (D) is subject to capital requirements (or an alternative equivalent measure) established by a government authority in its designated home country, and (E) reports financial information on its operations no less frequently than annually to a government authority in its designated home country;
- financial services such as banking, securities, or insurance underwriting
- Tier 1 capital to risk weighted assets of at least six (6) percent, calculated in accordance with the standards established by the Basle Committee on Banking Regulations and Supervisory Practices or its successors (or has an alternative equivalent capital ratio calculated in accordance with the standards established by a government authority in its designated home country), for the previous two fiscal years;
- Tier 1 capital as defined by the Basle Committee on Banking Regulations and Supervisory Practices or its successors (or as defined by a government authority in its designated home country) of at least $500 million (U.S.), for the previous two fiscal years;
- MCM 2 Investor's Service, or "MCM 2" from McCarthy, Crisanti &
- Maffei (or an equivalent rating from an internationally recognized public rating agency as recognized in its designated home country or an other equivalent rating recognized by GTO); and 20 ii. the entity:
- (A) is engaged primarily in the business of providing financial services (such as banking, securities, or insurance underwriting), (B) is subject to substantive regulation by a government authority in its designated home country, (C) is subject to periodic examination by a government authority in its designated home country, (D) is subject to capital requirements (or an alternative equivalent measure) established by a government authority in its designated home country, and (E) reports financial information on its operations no less frequently than annually to a government authority in its designated home country;
- financial services such as banking, securities, or insurance underwriting
- (1) demonstrates that it possesses all necessary legal and 20 co ⁇ orate authority, including under the applicable law described in Section 3(13), to participate in the GTO System, to offer the GTO Services to its Customers, and to meet the obligations of a Level Two Participant under these Operating Rules;
- GTO may determine an entity comprised of owners, members or participants engaged primarily in the business of providing financial services to be eligible to be a Level One Participant or a Level Two Participant, notwithstanding that the entity does not satisfy one or more of the eligibility criteria of Section 2(1) or Section 2(2), provided GTO determines that (a) the entity's participation in the GTO System as a Participant will further the pu ⁇ oses of the GTO System, (b) the entity is subject to supervision, examination or regulation by a government authority in its designated home country, and (c) the entity's participation in the GTO System as a Participant will not impose material additional risk to GTO, the GTO System or one or more Participants.
- An entity seeking to become a Level One Participant shall provide to GTO documentation satisfactory to GTO to enable GTO to determine whether the entity satisfies the conditions of eligibility specified for Level One Participants in Section 2.
- GTO shall in its sole discretion determine whether any entity satisfies such conditions of eligibility.
- GTO may deny admission to an entity, that otherwise satisfies such eligibility criteria, on the basis of legal, reputational, operational, credit or other risk that GTO in its sole discretion determines the admission of the entity could pose to GTO, the GTO System or one or more Participants.
- Level One Participant With respect to an entity seeking to become a Level Two Participant, its sponsoring Level One Participant shall obtain documentation satisfactory to the Level One Participant to enable the Level One Participant to determine whether the entity satisfies the conditions of eligibility specified for Level Two Participants in Section 2(2). A Level One Participant may sponsor an entity as a Level Two Participant only if the entity satisfies such conditions of eligibility.
- Level One Participant shall immediately notify GTO of such change.
- a sponsoring Level One Participant shall require its sponsored Level Two
- a Participant may use its Private Key and the related Digital Certificate from GTO or a Level One Participant to issue Digital Certificates to its Customers.
- a Participant is responsible for the distribution of Digital
- Appendix 3-l(a)/i and Appendix 3-l(a)/2 are responsible for generating for its Customers Private Key/Public Key Pairs, or for requiring its Customers to generate Private Key/Public Key Pairs, in accordance with the minimum standards set forth in Appendix 3-l(a)/I and Appendix 3- l(a)/2.
- a Participant shall not issue Digital Certificates to natural persons, but only to non-consumer entities, such as companies, co ⁇ orations, limited liability companies, associations, government agencies, partnerships and sole proprietorships.
- a Customer may authorize any natural person (for example, employees) or entity (for example, subsidiaries or affiliates) to utilize on behalf of the Customer the Digital Certificate issued to the Customer, but each act or omission of such persons or entities with respect to the Digital Certificate shall for all pu ⁇ oses of these Operating Rules be deemed to be an act or omission of the Customer.
- a Participant shall use its Issuer Certificate only for the pu ⁇ oses set forth in the Operating Rules.
- a Participant is responsible for the safekeeping of its Private Key. This safekeeping shall require, at a minimum, that all operational uses of the Participant's Private Key, including without limitation the generation and storage of the Private Key, occur in computer hardware devices. In addition, the Participant shall safekeep its Private Key in accordance with the minimum standards set forth in Appendix 3-l(a)/I.
- a Participant is responsible for the generation of its Private Key/Public Key Pair in accordance with the minimum standards set forth in Appendix 3-l(a)/i.
- a Participant shall use its Private Key to digitally sign each GTO System Transmission that it sends.
- the Participant shall include its Issuer Certificate in each GTO System Transmission.
- a Participant shall operate a time clock as part of its computer system that records the time for pu ⁇ oses of the GTO Services.
- the time established on this time clock shall be based on a reliable time source selected by the Participant, and shall operate on the Greenwich Mean Time standard.
- GTO may require the Participant to select another reliable time source if there is more than a second differential between the time on the Participant's time clock and the time on the GTO time clock.
- a Participant shall include a time stamp on each GTO System Transmission it sends.
- the formats and parameters for effective time stamps are set forth in Appendix 3 -6(b).
- a Participant shall not rely upon or deem effective a GTO System Transmission that does not contain a time stamp or for which the referenced time in the time stamp is outside permitted parameters for that type of GTO System Transmission, as set forth in Appendix 3-6(b). g. Expired or Revoked Issuer Certificates.
- the Participant shall: (i) cease to use the Issuer Certificate for any pu ⁇ ose in connection with the GTO Services; and (ii) cause its Subscribing Customers and Level Two Participants to cease using for any purpose in connection with the GTO Services their Digital Certificates that are digitally identified with the Expired or Revoked Issuer Certificate.
- the Participant shall provide as promptly as possible but in no event later than thereafter notice of such Revocation to all of its
- a Participant shall be continuously available (twenty-four hours a day, every calendar day of the year) to respond to GTO System Transmissions. Except as otherwise prohibited under any applicable law, a Participant shall respond to a GTO System Transmission according to the time periods set forth in Appendix 3- 6(b).
- a Participant Prior to the end of November of each calendar year, a Participant shall disclose to GTO those days or portions of days of the next calendar year during which the Participant will be prohibited under applicable law from responding to GTO System Transmissions as provided in Section 3(8)(a).
- a Participant provides any GTO Software, hardware, telecommunication equipment or other electronic devices received from GTO to a Customer, or to a Level Two Participant that has not entered into a GTO Software License with GTO pursuant to Section 2(2)(b)(vi), for use in accessing or using a GTO Service, the Participant shall enter into a written sub-license agreement with its Customer or Level Two Participant substantially in the form set forth in Appendix 3-9.
- a Participant shall treat all Confidential Information as confidential and proprietary.
- a Participant shall use at least the same degree of care to protect the confidentiality of the Confidential Information as the Participant uses to protect its own similar confidential information, which degree of care shall be no less than reasonable care.
- a Participant shall only disclose Confidential Information to its employees, agents and contractors as necessary to offer the GTO Services to its Customers. Prior to disclosing Confidential Information to an employee, agent or contractor, such person shall be subject to applicable employment policies, agreements or contracts which require Confidential
- GTO shall treat as confidential and proprietary all information provided to GTO by a Participant and identified to GTO as confidential. GTO shall use at least the same degree of care to protect the confidentiality of confidential Participant information as GTO uses to protect its own similar confidential information, which degree of care shall be no less than reasonable care. Except as provided in Section 3(10)(e), GTO shall only disclose confidential Participant information to its employees, agents and contractors as necessary to offer the GTO Services to the Participant. Prior to disclosing confidential Participant information to an employee, agent or contractor, such person shall be subject to applicable employment policies, agreements or contracts which require confidential Participant information to be held in confidence and not to be disclosed to a third party except as permitted under Section 3(1 0)(e). iii. Customer Information. Except as provided in Section 3(10)(e), GTO or a
- GTO or a Participant shall not use any information obtained from a Customer of either the Participant or another Participant in connection with the GTO Services for pu ⁇ oses other than providing the GTO Services.
- GTO or a Participant shall use at least the same degree of care to protect the confidentiality of such information as it uses to protect its own similar confidential information, which degree of care shall be no less than reasonable care. Except as provided in Section 3(10)(e), GTO or a Participant shall only disclose such information to its employees, agents and contractors as necessary to offer the GTO Services to the Customer. Prior to disclosing such information to an employee, agent or contractor, such person shall be subject to applicable employment policies, agreements or contracts which require such information to be held in confidence and not to be disclosed to a third party except as permitted under Section 3(10)(e).
- Participant learns of an actual or potential breach of confidentiality of Confidential Information or Customer information subject to Section 3(10)(c).
- GTO shall provide notice to Participant as promptly as reasonably possible in the event GTO learns of an actual or potential breach of confidentiality of Participant confidential information subject to Section 3(10)(b) or Customer information subject to Section 3(10)(c).
- Participant Financial Information Each Participant shall provide to GTO the information requested by GTO on a periodic basis or from time to time about the financial condition of the Participant, except to the extent prohibited from doing so under any applicable law.
- Each Participant is responsible for offering the GTO Services to its Customers in compliance with any " applicable law, regulation or other legal requirement, including without limitation applicable law governing digital signatures, certificate authorities, public key/private key or asymmetric cryptography, encryption export or import restrictions, data privacy, anti-trust or competition and confidentiality.
- a Participant is responsible for obtaining any required approval or consent from or providing any required notice to applicable 5 government authorities prior to offering the GTO Services to its Customers.
- Appendix 3-l(a)/i relating to the GTO Services for the time periods and in the manner specified in Appendix 3-l(a)/i.
- a Participant may contract with one or more Third Party Processors to undertake on behalf of the Participant certain or all of the responsibilities of the Participant under these Operating Rules and to provide on behalf of the Participant the GTO Services to 5 Customers and/or Level Two Participants.
- Such prior notice to GTO shall include: (i) the name, address and telephone number of the Third Party Processor; (ii) the name, address and telephone number of a contact person at the Third Party Processor and at the Participant; and (iii) such other information as required by GTO.
- a Participant that enters into an arrangement with a Third Party Processor 5 that does not involve any of the functions specified in the preceding sentence shall execute a written agreement with the Third Party Processor which includes a requirement that the Third Party Processor (i) comply with these Operating Rules (as they are applicable to the Participant that has entered into the arrangement with the Third Party Processor), (ii) cooperate fully with any Dispute Resolution where its cooperation is requested by a Participant or GTO, and (iii) be bound by the decisions of any arbitral tribunal resulting from any Dispute Resolution to which the Participant that has entered into the arrangement with the Third Party Processor may be subject.
- This Section 3(15)(b) does not apply to any functions provided by a sponsoring Level One Participant to its sponsored Level Two Participant.
- the Participant that has entered into the arrangement with the Third Party Processor shall remain primarily responsible and liable to GTO and the other Participants for the Participant's obligations under these Operating Rules. All acts or omissions of the Third Party Processor shall for all purposes of these Operating Rules be deemed to be acts or omissions of the Participant that has entered into the arrangement with the Third Party Processor.
- a Participant shall indemnify GTO, each other Participant, and their respective directors, officers and employees from and against any and all liability, loss, claim or expense incurred by or damages to GTO, the other Participant, or their respective directors, officers and employees and arising from: (i) the Participant's failure to comply with any applicable law, these Operating Rules or a Participant Agreement; (ii) the Participant's Customer's failure to comply with any applicable law or a Customer Agreement between that
- a Level One Participant shall with respect to each Level Two Participant with which it has executed a Level One Participant/Level Two Participant Agreement indemnify GTO, each other Participant, and their respective directors, officers and employees from and against any and all liability, loss, claim or expense incurred by or damage to GTO, the other Participant or their respective directors, officers and employees and arising from: (i) the acts or omissions of such Level Two Participant in providing the GTO Services to its Customers; (ii) such Level Two Participant's participation in the GTO System; (iii) such Level Two Participant's failure to comply with its Level One Participant/Level Two Participant Agreement; or (iv) claims of the Customers of such Level Two Participant, other than an IW Claim.
- a Participant shall maintain contingency plans in force, including adequate back-up and recovery procedures, to ensure that the Participant can continue to meet its obligations under these Operating Rules without material interruption in the event of the failure or shut down of the Participant's primary computer facilities or other operating facilities.
- a Participant's contingency plans shall meet the minimum requirements set forth at Appendix 3-2.
- a Participant shall notify GTO within hours of transferring any portion of its Certificate Authority services to its back-up or recovery facilities.
- Each Issuing Participant shall post collateral, as provided in its GTO
- the collateral posted by each Participant shall be valued by GTO from time to time in accordance with Appendix 2-l(b)(v)(C).
- GTO shall instruct the Collateral Agent to sell or redeem collateral posted by a Participant in the order and manner and with such priority among Relying Customers, set forth in Appendix 2-l(b)(v)(C).
- GTO shall have no obligation or liability to any Customer, Participant or any other entity or person in connection with GTO's responsibilities provided for in this Section 3(18). Without limiting the generality of the preceding sentence, GTO shall have no obligation to provide funds or collateral to the extent that there is insufficient collateral maintained by an Issuing Participant to satisfy all or a portion of the Identity Warranty Claims brought against the Issuing
- a Level Two Participant shall maintain the collateral required under this Section 3(18) through its sponsoring Level One Participant on a pass- through basis.
- Each Participant shall conduct, at the Participant's expense, an internal or external audit of its compliance with these Operating Rules. This audit shall be conducted in compliance with the minimum standards set forth in Appendix 3 -6(b), and shall be conducted at least annually. The Participant shall provide the results of each such audit to GTO, at the Participant's expense.
- a sponsoring Level One Participant is responsible for ensuring that each of its sponsored Level Two Participants complies with the audit requirements of this Section 3(1 9Xa).
- GTO or its designated agent shall have the right to conduct at Participant's expense, at a time and frequency determined by GTO in its sole discretion, on-site audits of the Participant to determine the Participant's compliance with these Operating Rules.
- the Participant shall in connection with this audit provide to such auditors and inspectors designated by GTO reasonable access to the Participant's and its Third Party Processor's facilities, employees, subcontractors, books and records.
- the Participant shall at the Participant's expense remedy any deficiencies revealed by any audit conducted pursuant to this Section 3(19) within the time period specified in the audit results, or if no such time period is specified within a reasonable time period.
- Participant As Issuing Participant and Reiving Participant. Each Participant shall be both an Issuing Participant and a Relying Participant; although no Participant shall be required to enter into a Customer Agreement with any particular Subscribing Customer or any particular Relying Customer.
- Subscribing Customer and Relying Customer Utilize Same Participant.
- the Subscribing Customer and the Relying Customer both receive GTO Services from the same Participant, that Participant shall with respect to that Digital Transmission be both the Issuing Participant (for the Subscribing Customer) and the Relying Participant (for the Relying Customer).
- GTO shall act as the Certificate Authority for all Issuer Certificates issued by GTO to Level One Participants, and shall respond to Participant Status Requests received from Participants in accordance with the requirements of Appendix 4-1.
- GTO Safekeeping of Root Key
- GTO Operational Procedures; Technical Standards. GTO shall develop and make available to the Participants the operating procedures and technical and other standards necessary for GTO System Transmissions.
- Issuer Certificates shall Expire in accordance with the terms of the Issuer
- GTO may, in accordance with the procedures prescribed in Appendix 3 -6(b), Revoke a Participant's Issuer Certificate in the event GTO determines in its sole discretion that: (i) the security or confidentiality of the Participant's Private Key or the Root Key has been compromised or is reasonably at risk of being compromised; (II) the Revocation is necessary to avoid an immediate and material threat to the safe and sound operation of the GTO System; or (iii) the Participant is Terminated pursuant to Section 7. GTO shall endeavor to provide notice to the Participant prior to the Revocation of its Issuer Certificate. In any event, it shall provide such notice to the Participant as promptly as reasonably possible after such Revocation. Such notice shall state the reasons for Revocation.
- GTO Upon the request of the Participant, GTO shall in accordance with the procedures set forth in Appendix 3-l(a)/i issue a replacement Issuer Certificate to replace a Revoked Issuer Certificate if GTO reasonably determines that the cause(s) or reason(s) for the Revocation have been remedied or otherwise have been satisfactorily addressed.
- GTO may Suspend or Terminate a Participant as provided in Section 7.
- GTO Availability of GTO; Response Time Periods. Except where otherwise prohibited under any applicable law, GTO shall be continuously available
- GTO shall respond to a Participant Status Request according to the time periods set forth in Appendix 4-1.
- GTO shall conduct, at GTO's expense, an internal or external audit of its compliance with these Operating Rules. This audit shall be conducted on at least an annual basis. GTO shall provide the results of an audit to a
- a Participant In the event GTO does not conduct an audit for a particular annual period as provided in Section 4(7)(a), a Participant shall have the right to audit at its own expense GTO for that annual period. The Participant shall reimburse GTO for the costs incurred by it due to such audit.
- GTO agrees that GTO, and the records maintained by it in connection with the operation of the GTO System and the provision of the GTO Services to a Participant, shall be available for examination and audit at the location at which GTO maintains such records by the governmental or regulatory agencies having jurisdiction over the Participant. GTO also agrees to provide these governmental or regulatory agencies access to the equipment employed by GTO to provide the GTO Services to the Participant, and to permit GTO employees and agents to be interviewed by such governmental or regulatory agencies in connection with such examination and audit. Each Participant subject to the jurisdiction of such governmental or regulatory agency(ies) shall reimburse GTO on a pro rata basis for the costs incurred by it due to any such examination or audit.
- GTO shall be liable only to an Issuing Participant for (i) the Issuing Participant's liability to a Relying Customer under Section 10(11) (or the Relying Participant by operation of
- Section 11(10) in the event the Issuing Participant's erroneous confirmation of the Validity of an Identification Certificate in connection with a Certificate Status/Warranty Response approving an Identity Warranty resulted solely from the failure of GTO to safekeep the Root Key as provided in Section 4(2); [(ii) insert any additional GTO liability for GTO System performance;] and (iii) any liability of or damages to a Participant arising as a result of the gross negligence or willful misconduct of GTO.
- GTO be liable to a Participant for any punitive, indirect, incidental, special or consequential damages, regardless of the form of action and regardless of whether GTO was advised of the possibility of such damages.
- GTO's liability for any act or omission or series of acts or omissions related to the same occurrence shall be limited to a maximum of $ .
- GTO shall not incur any liability to a Participant or any other entity or person if GTO is prevented, forbidden or delayed from performing, or omits to perform, any act or requirement, including without limitation in connection with its safekeeping of the Root Key, by reason of: (i) any provision of any present or future law or regulation or order of the United States of America, or any state thereof, or of any foreign country, or political subdivision thereof or of any court of competent jurisdiction that is applicable to a Participant or GTO; (ii) the failure of any electrical, communication or other system operated by any party other than GTO; or (iii) any act of God, emergency condition or war or other circumstance beyond the control of GTO, provided
- GTO exercises such diligence as the circumstances require.
- GTO shall have no liability to any Participant, Customer or other entity or person for any loss, claim, damage or expense arising from GTO's or its or their participation in any way in the GTO System, any GTO Service, or the offering of any GTO Service to Customers, Level Two Participants or other entities or persons.
- the Participant acknowledges that GTO and its vendors are the sole and exclusive owners of all right, title and interest in and to the Marks.
- the Participant acknowledges and agrees that its use of the Marks shall be binding on, and shall inure to the benefit and be on behalf of, GTO and its heirs, legal representatives, successors and assigns.
- the Participant acknowledges the Marks are valid under applicable law and that the Participant's use of the Marks as set forth herein will not create in the
- the Participant shall use and display the appropriate Marks when offering the GTO Services to its Customers in a manner that indicates that the offered services are GTO Services, in accordance with the guidelines set forth in Appendix 5-7.
- the Participant shall use the Marks so that such trademarks make a separate and distinct impression from any other trademark that may be used with or affixed to the materials bearing the Marks, as well as any associated documentation or marketing materials. Except as permitted herein, the Participant shall not adopt or use as part or all of any co ⁇ orate name, trade name, trademark, service mark or certification mark, the Marks, either alone or in combination with other words, or any other mark based on the Marks, or any designation confusingly similar to the Marks, without the prior written consent of GTO.
- the Participant shall, at GTO's request, abandon all use of such mark, and any registration or application for registration thereof, and the Participant shall reimburse GTO for all costs and expenses of any opposition or related proceeding (including attorneys' fees) instigated by GTO or its authorized representative on account of such usage.
- the Participant shall not imply that any services offered under the Marks are exclusively offered by the Participant.
- the Participant shall provide GTO with written notice of any infringement, potential infringement or improper use of the Marks that comes to the attention of the Participant. Only GTO shall have the right to file or register the Marks with a governmental authority; however, the Participant shall provide reasonable assistance to GTO to protect the Marks or record the interests of GTO in the Marks in any jurisdiction in which the Participant distributes materials bearing the Marks, including the review and execution of documents. Notwithstanding the foregoing, only GTO shall have the right to bring suit for infringement, dilution or unfair competition or otherwise in connection with the Marks.
- the Participant Upon the request of GTO, the Participant shall provide GTO with a copy of all materials that the Participant uses that include any of the Marks to permit GTO to assess the level of consistency and quality of use of the Marks and to ensure that the Participant maintains the consistency and quality of the materials bearing the Marks. The Participant shall provide such materials at no cost to GTO. If at any time GTO, in its sole discretion, determines that any of the materials bearing the Marks falls to materially conform to the standards set forth in Appendix 5-7, GTO shall notify the Participant in writing and the Participant shall correct the non-conformance and provide a corrected specimen of the materials bearing the Marks to GTO for review within thirty (30) days from the written notice from GTO regarding such non-conformance .
- the Participant agrees that it will not challenge, in a court of law or otherwise, the ownership or any other rights of GTO in and to the Marks.
- the Participant shall not apply or assist any third party to apply for or register the Marks or a confusingly similar designation anywhere in the world.
- GTO grants to the Participant a non-exclusive license to sub-license the use of the Marks designated on Appendix 5-7 to Customers and/or Level Two Participants solely for the pu ⁇ ose of the Customer indicating that the Customer transmits or accepts Digital Transmissions Authenticated through the GTO System, and the Participant shall include in its Customer Agreement the language regarding the protection of the Marks attached hereto as Appendix 5-7.
- All rights in the Marks not expressly granted herein are reserved to GTO.
- Participants shall pay fees to GTO in connection with the GTO Services as provided for in Appendix 6-1 .
- the Participant shall pay GTO the amount specified in Appendix 6-1.
- GTO may Suspend a Participant in accordance with Section 7(1) where
- GTO reasonably determines (i) to address one of the situations described in
- GTO may, in accordance with the procedures prescribed in Appendix 3-6(b), Suspend a Participant for a period of time not to exceed one hundred and twenty (120) days if GTO reasonably determines that: (i) the Participant does not comply with a material requirement of these Operating Rules or an agreement provided for in these Operating Rules, including without limitation the requirement to maintain appropriate collateral as required in
- GTO may during the period of the Participant's Suspension: (i) prohibit the Suspended Participant from issuing Digital Certificates to its Customers or Level Two Participants; (ii) prohibit the Suspended Participant from approving Identity Warranties for its Subscribing Customers; (iii) prohibit the Suspended Participant from requesting Identity Warranties from other Issuing Participants on behalf of its Relying Customers; (iv) reduce the Suspended Participant's Issuing Participant Warranty Cap; (v) increase the Suspended Participant's collateral requirements; (vi) require the Suspended Participant to cease using its Issuer Certificate for any pu ⁇ ose in connection with the GTO Services; (vii) require the Suspended Participant to provide notice to its Subscribing Customers and/or Level Two Participants of the Suspension and to include in such notice the informational items specified by GTO; (viii) require the Suspended Participant to cause certain or all of its Customers or Level Two Participants
- GTO shall endeavor to provide written notice to the Participant prior to its Suspension, and shall include in such notice a summary of the cause(s) or reason(s) for the Suspension. In any event, it shall provide such notice to the Participant as promptly as reasonably possible after such Suspension. GTO shall within seven (7) days of the Suspension provide the Suspended Participant the opportunity to petition GTO in accordance with procedures set forth in Appendix 3 -6(b) for termination of the Suspension or modification of the conditions of the Suspension.
- a Participant may at any time voluntarily terminate its participation in the GTO System or a GTO Service.
- a Participant shall provide GTO at least days prior written notice of such termination.
- GTO may, in accordance with the procedures prescribed in Appendix 3-6(b), Terminate a Participant's Participant Agreement, its participation in the GTO System and the GTO Services if (i) GTO has previously Suspended the Participant and GTO reasonably determines that any of the cause(s) or reason(s) for the Participant's Suspension have not been remedied or otherwise satisfactorily addressed during the Suspension (ii) the Participant failed to disclose pertinent information or willfully misrepresented information in its application to become a Participant; (iii) the Participant no longer qualifies as an eligible entity, as set forth in Section 2; (iv) the Participant fails to, or refuses to, pay any fees or make any other payments arising under these Operating Rules; or (v) GTO is precluded for any reason from opera ⁇ g, or otherwise determines to discontinue provision of, the GTO System.
- GTO shall provide the Participant at least thirty (30) days prior written notice of GTO's intention to Terminate the Participant, and shall include in such notice a summary of the reasons for such Termination. During such thirty (30) day period, the Participant may petition GTO in accordance with procedures set forth in Appendix 3-6(b). Upon a decision by GTO to
- GTO shall provide notice of the Termination to the Participant stating the reasons for and the effective date of the Termination.
- a sponsoring Level One Participant may Terminate a sponsored Level Two Participant in the event the Level Two Participant meets any of the criteria for Suspension prescribed in Section 7(l)(b) or for Termination prescribed in Section 7(2)(b).
- GTO may direct a sponsoring Level One Participant to Terminate a sponsored Level Two Participant if GTO determines in its sole discretion that the Level Two Participant meets any of the criteria for Suspension prescribed in Section 7(l)(b) or for Termination prescribed in Section 7(2)(b), In the event the sponsoring Level One Participant fails to
- GTO may (i) itself Terminate the Level Two Participant in accordance with the procedures prescribed in Appendix 3-6(b), and/or (ii) Suspend or Terminate the Level One Participant.
- GTO or the Sponsoring Level One Participant shall Revoke the Terminated Participant's Issuer Certificate;
- the Terminated Participant shall immediately inform its Customers that they shall immediately cease to use for any pu ⁇ ose in connection with the GTO Services their Digital Certificates that are digitally identified with the Terminated Participant's Issuer Certificate and the Terminated Participant shall immediately Revoke all such Digital Certificates;
- the Terminated Participant shall obtain from its Customers and destroy as promptly as possible all Smart Cards and GTO Software;
- the Terminated Participant shall provide a certification to GTO that it has Revoked all such Digital Certificates, and obtained and destroyed all such Smart Cards and GTO Software; and
- the Terminated Participant shall immediately cease to use any of the Marks for any pu ⁇ ose.
- Termination does not negate or otherwise affect any transaction or communication, message, GTO System Transmission or other electronic transmission transmitted to or from the Terminated Participant prior to the Termination, including without limitation a Digital Certificate Authenticated by the Terminated Participant prior to its Termination or the Terminated Participant's obligations under these Operating Rules with respect to any approved Identity Warranty included in any Certificate Status/Warranty Response transmitted by the Terminated Participant prior to its Termination.
- the Operating Rules may be amended from time to time by a majority vote of the GTO Board of Managers (or successor GTO governing body). Amendments to these Operating Rules shall be published no less than sixty (60) days prior to their stated effective date, unless GTO determines in its sole discretion that conditions necessitate that an amendment become effective more promptly.
- Sections 1 through 18 shall control.
- the later dated provision shall control,
- these Operating Rules shall control.
- Any notice to a Participant required under these Operating Rules shall be provided: (i) in writing by facsimile or overnight courier to the address of the Participant specified in the Participant Agreement; or (ii) by electronic message Authenticated through the GTO System. If a Level Two Participant has not entered into a Participant Agreement pursuant to Section 2(2)(b)(vi), the sponsoring Level One Participant shall notify GTO of the address to be used by GTO for notice to the Level Two Participant, and notice by GTO by email or in writing by facsimile or overnight courier to that address shall constitute notice to that Level Two Participant.
- Either GTO or a Participant may from time to time change the address or facsimile number for notification purposes, by giving the other prior notice of the new address or facsimile number and the date upon which it will become effective.
- Appendix in these Operating Rules shall be to a section or Appendix of these Operating Rules.
- the Digital Identification Service provides a Relying Customer with a method of assessing the identity of a Subscribing Customer that transmits a Digital Transmission to the Relying Customer over a computer network, such as the Internet. Issuing Participants issue Identification Certificates to their Subscribing Customers. The Subscribing Customer uses the Identification Certificate and its related Private Key to Authenticate a Digital Transmission. The Relying Customer receiving that Digital Transmission requests its Relying Participant to confirm the status of the Identification Certificate included in that Digital Transmission as a Valid Digital
- the Digital Identification Service also permits the Relying Customer to request an Identity Warranty from the Issuing Participant.
- the Relying Customer that declines to request an Identity Warranty does so by requesting an Identity Warranty Amount equal to zero.
- the Relying Participant seeks confirmation of the status of the Identification Certificate and approval of an Identity Warranty (if requested by the Relying Customer) on behalf of the Relying Customer by submitting a Certificate Status/Warranty Request to the Issuing Participant.
- the Issuing Participant responds to the Relying Participant's Certificate Status/Warranty Request by transmitting a Certificate Status/Warranty Response to the Relying Participant. If the Issuing Participant has approved an Identity Warranty in the Certificate Status/Warranty Response, the Relying Participant then indicates, on behalf of the Relying Customer, the Relying Customer's agreement to the Identity Warranty Amount and the other terms of the Identity Warranty by transmitting to the Issuing Participant and to GTO an IWA Response. Where the Issuing Participant has approved and the Relying Customer has accepted the Identity Warranty
- the Issuing Participant will be deemed to have breached its warranty and be obligated to pay the Relying Customer, up to the Identity Warranty Amount, in the event the Subscribing Customer did not in fact Authorize the Digital Transmission and the Relying Customer incurs certain types of losses (specified in Section 10(11)) as a result.
- the Issuing Participant Upon receipt of a Certificate Status/Warranty Request from a Relying Participant, the Issuing Participant transmits a Participant Status Request to GTO to request confirmation of the Validity of the Relying Participant's Issuer Certificate. GTO responds to the Issuing Participant's Participant Status Request by transmitting a Participant Status Response to the Issuing Participant and to the Relying Participant.
- the Relying Participant transmits a Participant Status Request to GTO to request confirmation of the Validity of the Issuing Participant's Issuer Certificate.
- GTO responds to the Relying Participant's Participant Status Request by transmitting a Participant Status Response to the Relying Participant and to the Issuing Participant. SECTION 10.
- DIGITAL IDENTIFICATION SERVICE
- An Issuing Participant shall act as the Certificate Authority in accordance with the requirements of Appendix 3-l(a)/2 for Identification Certificates issued by the Issuing Participant to its Subscribing Customers.
- GTO Software to those Subscribing Customers that have entered into Customer Agreements with the Issuing Participant.
- An Issuing Participant shall not use the GTO System to issue Identification Certificates, other than in connection with the Digital Identification Service.
- Issuing Participant shall only issue an Identification Certificate including the Public Key of a Subscribing Customer if: (a) the Private Key length and other key characteristics meet the requirements set forth in Appendix 3- l(a)/i; and (b) the Private Key /Public Key Pair of the Subscribing Customer was generated by the Issuing Participant or the Subscribing Customer using the computer software, hardware and other technology specified in Appendix 3-1 (a)/i .
- Subscribing Customers the Issuing Participant shall in accordance with the minimum standards set forth in Appendix 2-l(b)(ii): (a) confirm the identity of the Subscribing Customer; (b) confirm the validity of any Subscribing Customer information to be placed in the Identification Certificate; (c) confirm the identity of the individuals and entities that will use the Private Key /Public Key Pair and Identification Certificate on behalf of the Subscribing Customer; and (d) confirm the authority of the individuals and entities authorized to use the Identification Certificate on behalf of the Subscribing Customer. e.
- An Issuing Participant shall establish for each Subscribing Customer, or for each Identification Certificate it issues to each Subscribing Customer, a Relationship Warranty Cap, and shall monitor the outstanding Identity Warranty Amounts approved by the Issuing Participant on behalf of each Subscribing Customer or Identification Certificate to ensure that the aggregate Identity Warranty Amounts do not exceed the Relationship Warranty Cap for such Subscribing Customer or Identification Certificate.
- An Issuing Participant may change the Relationship Warranty Cap for a Subscribing Customer from time to time.
- the Issuing Participant shall transmit to GTO a Participant Status Request with regard to the Relying Participant according to the timeframes and procedures set forth in Appendix 4-1.
- the Issuing Participant shall respond to the Certificate Status/Warranty Request from the Relying Participant by transmitting a Certificate Status/Warranty Response to the Relying Participant within the timeframes and according to the procedures set forth in Appendix 4-1.
- An Issuing Participant shall transmit a Certificate Status/Warranty Response only in response to a Certificate Status/Warranty Request received from a
- An Issuing Participant shall not transmit a Certificate Status/Warranty Response in response to a Certificate Status/Warranty Request received from any entity or person that is not a Relying Participant with a Valid Issuer Certificate, or in response to a communication, message or electronic transmission that is not a Certificate Status/Warranty Request.
- an Issuing Participant shall: (a) confirm the status of the indicated Identification Certificate as a Valid Digital Certificate; or (b)deny the status of such Identification Certificate as a Valid Digital Certificate.
- the Issuing Participant also shall in the Certificate Status/Warranty Response: (x) approve the requested Identity Warranty by indicating the approved Identity Warranty Amount, the approved effective period for the Identity Warranty not exceeding months, the time period within which the Relying Customer must accept the Identity Warranty via transmission by the Relying Participant of an IWA Response which shall not be less than fifteen (15) minutes nor more than and such other information as required in Appendix 4-1 ; or (y) deny the requested Identity Warranty.
- An Issuing Participant that denies a requested Identity Warranty may in the Certificate Status/Warranty Response offer an alternative Identity Warranty than that requested by the Relying Customer (for example, with a different Identity Warranty Amount than that requested by the Relying Customer).
- the Issuing Participant also shall provide in the Certificate Status/Warranty Response such other information as required in Appendix 4-1.
- An Issuing Participant shall deny that an Identification Certificate is a Valid Digital Certificate if upon application of its procedures complying with
- Appendix 3-6(b) it determines the Identification Certificate not to be Valid.
- An Issuing Participant shall deny the Validity of any Identification Certificate that has Expired or has been Revoked, or if required to do so under the terms of any applicable Suspension.
- An Issuing Participant shall transmit a reason for the denial in accordance with the codes provided in Appendix 4-1 .
- An Issuing Participant may deny a requested Identity Warranty for any bona fide reason.
- An Issuing Participant shall not approve a requested Identity Warranty if: (a) the Identity Warranty Amount would cause the Issuing Participant to exceed its Issuing Participant Warranty Cap; or (b) the Identity Warranty Amount would cause the Subscribing Customer to exceed the
- GTO may (but shall not be required to) (x) in the Participant Status Response responding to the Participant Status Request related to that Identity Warranty disapprove that Identity Warranty, and (y) Suspend or Terminate the Issuing Participant.
- the Issuing Participant shall not be liable to a Relying Customer for any loss or damage incurred by the Relying Customer as a result of its failure to take reasonable steps to mitigate such loss or damage.
- the Issuing Participant shall advise the Relying Participant in writing of the Issuing Participant's good faith determination whether to honor the IW Claim. If the Issuing Participant has determined to honor the IW Claim in whole or in part, it shall pay the Relying Customer by transmitting funds to the Relying Participant within days of the Relying Participant's receipt of the Issuing Participant's determination. If the Issuing Participant has determined to deny the IW Claim in whole or in part, it also shall provide to the Relying Participant in writing the reason(s) for such denial.
- DIGITAL IDENTIFICATION SERVICE
- a Relying Participant shall receive requests from its Relying Customers: (a) for confirmation of the status of an Identification Certificate included in a Digital Transmission as a Valid Digital Certificate, and (b) for approval of an Identity Warranty in connection with a Digital Transmission.
- the Relying Participant Upon receipt from a Relying Customer of a request for confirmation of the status of an Identification Certificate, the Relying Participant shall confirm the Validity of the Relying Customer's Digital Certificate in accordance with the procedures set forth in Appendix 3-l(a)/2.
- the Relying Participant shall transmit a Certificate Status/Warranty Request to the Issuing Participant according to the timeframes and procedures set forth in Appendix 4-1 unless (a) the Relying Customer's Digital Certificate is not Valid, (b)the Relying Customer did not submit its request within the shorter of the time period specified in the Subscribing Customer's Digital Transmission or calendar days from the Relying Customer's receipt of the Digital Transmission from the Subscribing Customer, or (c) the Relying
- the Relying Participant is prohibited under applicable law from transmitting the Certificate Status/Warranty Request.
- the Relying Participant fails to transmit a Certificate Status/Warranty Request pursuant to this Section 11(3), the Relying Participant shall notify the Relying Customer in accordance with the timeframes, procedures and formats set forth in Appendix 4-1.
- the Relying Participant shall transmit to GTO a Participant
- the Relying Participant may transmit to the Relying Customer confirmation of the status of an Identification Certificate as a Valid Digital Certificate only if the Relying Participant has received a Certificate Status/Warranty Response from the Issuing Participant confirming the Validity of the Identification Certificate and a Participant Status Response confirming the Validity of the Issuing Participant's Issuer Certificate.
- the transmission of this confirmation shall be in accordance with the timeframes, procedures and formats set forth in Appendix 4-1.
- the Relying Participant may only transmit to the Relying Customer confirmation of the approval of an Identity Warranty if the Relying
- the Relying Participant shall transmit to the Relying Customer the following information as provided in the Certificate Status/Warranty Response: (a) the approved Identity Warranty Amount; (b) the expiration date of the Identity Warranty; (c) the identity of the Issuing Participant approving the Identity Warranty; (d) the time period by when the Relying Customer must accept or reject the Identity Warranty; (e) the fee that would be charged the Relying Customer for the issuance of the Identity Warranty, unless otherwise specified to the Relying Customer; and (f) any other limitation on the Identity Warranty prescribed in the Certificate Status/Warranty Response.
- the transmission of this confirmation shall be in accordance with the timeframes, procedures and formats set forth in Appendix 4-1.
- the Relying Participant shall obtain from its Relying Customer either an acceptance or a rejection of the Identity Warranty approved by the Issuing Participant in the Certificate Status/Warranty Response within the time period specified by the Relying Participant. If the Relying Customer does not respond within the applicable time period, the Relying Customer shall be deemed to have rejected the Identity Warranty.
- the Relying Participant shall convey the Relying Customer's acceptance or rejection of the Identity Warranty by transmitting an IWA Response to GTO and to the Issuing Participant within the lesser of or the time period specified by the Issuing
- Relying Participant shall within days of its receipt of such supporting documentation transmit to the Issuing Participant the Relying Customer's IW Claim including the supporting documentation.
- the Relying Participant shall transmit to GTO a report describing any IW Claims transmitted by the Relying Participant to an Issuing Participant during that day, which shall include the name of the Issuing Participant against which the IW Claim was filed, the name of the Relying Customer filing the IW Claim, the amount of the IW Claim and such other information as prescribed in Appendix 11-8.
- the transmission of this report shall be in accordance with the timeframes, procedures and formats set forth in Appendix 4-1.
- the Relying Participant Upon receipt of a response from the Issuing Participant to an IW Claim as provided in Section 10(12), the Relying Participant shall within days provide to the Relying Customer the Issuing Participant's response, including any accompanying documentation received by the Relying Participant from the Issuing Participant. To the extent the Relying Participant has not previously credited or otherwise paid the Relying Customer for the amount of the IW Claim, the Relying Participant shall credit or otherwise remit any payment received from the Issuing Participant to the Relying Customer in accordance with the Relying Participant's usual business procedures.
- the Relying Participant shall transmit to GTO a report describing any IW Claims previously transmitted by the Relying Participant to an Issuing Participant that were finally resolved during that day, which shall include the name of the Issuing Participant against which the IW Claim was filed, the name of the Relying Customer filing the IW Claim, a description of the final resolution and such other information as prescribed in Appendix 11-8.
- the transmission of this report shall be in accordance with the timeframes, procedures and formats set forth in Appendix 4-1.
- the Relying Participant assumes all of the rights of the Relying Customer with respect to such payment and IW Claim, including without limitation the rights of the Relying Customer to payment by the Issuing Participant pursuant to Section 10(11) and to collateral maintained by the Issuing Participant pursuant to Section 3(18). SECTION 12.
- DIGITAL IDENTIFICATION SERVICE
- GTO shall assign an Issuing Participant Warranty Cap for each Participant.
- GTO shall monitor the Identity Warranty Amounts approved by the Participant for its Subscribing Customers in accordance with the procedures and timeframes prescribed in Appendix 12- 1(e), but shall have no obligation to monitor Identity Warranties and Issuing Participant Warranty Caps on a real-time basis.
- GTO Upon receipt of a Participant Status Request from an Issuing Participant, GTO shall confirm whether the Issuer Certificate of the Relying Participant is Valid. GTO shall transmit to the Issuing Participant and the Relying Participant the Participant Status Response according to the timeframes and procedures set forth in Appendix 4-1.
- GTO Upon receipt of a Participant Status Request from a Relying Participant, GTO shall (a) confirm whether the Issuer Certificate of the Issuing Participant is Valid, and (b)in the event the Issuing Participant has approved in its Certificate Status/Warranty Response an Identity Warranty, GTO shall confirm whether the Identity Warranty Amount would result in the Issuing Participant exceeding its Issuing Participant Warranty Cap as such cap is monitored by GTO as provided in Section 12(1). In the event an Identity Warranty Amount approved by an Issuing Participant would cause a Participant to exceed its Issuing Participant Warranty Cap as such cap is monitored by GTO as provided in Section 12(1), GTO shall disapprove the
- GTO shall transmit to the Relying Participant and the Issuing Participant the Participant Status Response according to the timeframes and procedures set forth in Appendix 4-1.
- DIGITAL IDENTIFICATION SERVICE
- a Subscribing Customer may use its Private Key, the related
- a Subscribing Customer may authorize any person or entity to utilize its Private Key, the related Identification Certificate and the GTO Software on behalf of the Subscribing Customer, and all acts or omissions of such person or entity with respect to such Private Key, the related Identification Certificate and the GTO Software shall for all purposes of these Operating Rules be deemed to be acts or omissions of the Subscribing Customer.
- the Relying Customer may request from its Relying Participant confirmation of the status of the
- Subscribing Customer Agreement An Issuing Participant shall enter into an agreement for the Digital Identification Service with each Subscribing Customer that provides, at a minimum, for the following:
- Issuing Participant, other Participants, GTO, and their employees and agents may within the limits of applicable law transmit and receive any data or information about, regarding or involving the Subscribing Customer among and between themselves and other third parties: (i) to provide the Digital Identification Service to the Subscribing Customer; (ii) to resolve any dispute arising from the Digital Identification Service; or (iii) pursuant to applicable law, regulation, order, subpoena or other legal requirement of a government authority;
- Relying Customer Agreement A Relying Participant shall enter into an agreement for the Digital Identification Service with each Relying Customer that provides, at a minimum, for the following:
- Relying Customer's direct damages (specifically excluding punitive, indirect, incidental, special or consequential damages and damages incurred by the Relying Customer as a result of its failure to take reasonable steps to mitigate its damages) up to the approved Identity Warranty Amount and only those direct damages arising during the effective period of the Identity Warranty (that is, subsequent to the transmission of the IWA Response or other start time specified in the Certificate Status/Warranty Response and prior to the expiration of the Identity Warranty specified in the Certificate Status/Warranty Response) that resulted from the fact that the Subscribing Customer did not Authorize the Digital Transmission; (iii) the Relying Customer's sole means to file its IW Claim against the Issuing Participant is through its Relying Participant; (iv) the Relying Participant's obligation to the Relying Customer is limited to remitting to the Relying Customer any recovery the Relying Participant receives from the Issuing Participant pursuant to these Operating Rules to the extent it has not previously credited or otherwise paid the Relying
- the Relying Customer may file an IW Claim as provided in Section 13(3)(g) of these Operating Rules through its Relying Participant against an Issuing Participant that has approved an Identity Warranty only if: (i) the Relying
- the Relying Customer provides notice of its I W Claim to the Relying Participant within the effective period of the Identity Warranty specified in the Certificate Status/Warranty Response; (ii) the Relying Customer within - days of such notice provides to the Relying Participant (A) written documentation, if reasonably available, from the Subscribing Customer denying that it Authorized the Digital Transmission to the Relying Customer, and (B) an affidavit certified by a duly authorized person on behalf of the Relying Customer, with complete and detailed accompanying supporting documentation, certifying the amount of the Relying Customer's direct damages that resulted from the fact that the Subscribing Customer did not Authorize the Digital Transmission; and (iii) the notice and supporting documentation are in accordance with the format and information requirements prescribed in Appendix 11-8 to these Operating Rules (this provision does not affect any right or claim that a Relying Customer may have against the Subscribing Customer arising from the Digital Transmission under applicable law); ix. the Relying Customer may not file any
- the Relying Customer may not make any such claim if it fails to provide the notice or supporting documentation required under Section 1 3(3)(h) of these Operating Rules within the timeframe prescribed in Section 13(3)(h) of these Operating Rules, or if the Relying Customer's loss or claim resulted from: (i) the Subscribing Customer's failure to perform or meet its obligations contained in or related to the Digital Transmission for any reason other than the fact that the Subscribing Customer did not Authorize the Digital Transmission; (ii) any error in the text or other data in the Digital Transmission, regardless of the cause of the error; or (iii) a claim arising from or related to the Subscribing Customer's delayed, incomplete or unacceptable performance of its obligations as set forth in or related to the Digital Transmission;
- each Issuing Participant is required to provide collateral as security for the Issuing Participant's obligation to satisfy a Certified IW Claim not otherwise satisfied by the Issuing Participant, (ii) such collateral is required to be deposited in an account maintained by a commercial bank as Collateral
- Agent for GTO acting for the benefit of the Relying Customer (or for the benefit of the Relying Participant to the extent the Relying Participant previously has credited or otherwise paid the Relying Customer for the IW Claim), (iii) the amount of collateral required to be deposited and the time at which such deposit is required in relation to the issuance of an Identity Warranty or the filing of an IW Claim depends upon the financial condition of the Issuing Participant and other factors, as determined by GTO, (iv) the amount realized on such collateral may be less than the amount of the Issuing Participant's liability to the Relying Customer provided for in Section 13(3)(g), and (v) in the event the amount realized on such collateral is less than the amount of such Issuing Participant's liability, the Issuing Participant shall remain solely liable for such deficiency; xii.
- the Relying Customer's acknowledgment and authorization that the Relying Participant, other Participants, GTO and their employees and agents may within the limits of applicable law transmit and receive any data or information about, regarding or involving the Relying Customer among and between themselves and other third parties: (i) to provide the Digital Identification Service to the Relying Customer; (ii) to resolve any dispute arising from the Digital Identification Service; or (iii) pursuant to applicable law, regulation, order, subpoena or other legal requirement of a government authority;
- Authenticated with a Digital Signature created with the Subscribing Customer's Private Key shall have the same legal effect, validity and enforceability as if the Digital Transmission had been in writing signed by the Subscribing Customer, and that the Relying Customer will not challenge the legal effect, validity or enforceability of the Digital Transmission solely because it is in digital rather than written form;
- Sample Customer Agreement Provisions Sample Customer Agreement provisions are attached to these Operating Rules at Appendix 13-5.
- a Participant may, but is not required to, use these sample provisions. GTO makes no representation that any of these sample provisions satisfies any or all requirements of these Operating Rules or any law applicable to the Participant, or that any of these provisions would be binding on any Customer. Participant should obtain its own legal advice regarding the terms and conditions of its Customer Agreements.
- An Issuing Participant provides the Utility Key Service to its Subscribing Customer by issuing Utility Certificate(s) to its Subscribing Customer.
- Subscribing Customer uses a Utility Certificate in connection with an electronic message transmitted to a Relying Customer.
- the Utility Key Service provides a Relying Customer with a method of confirming the status of a Digital Certificate associated with an electronic message transmitted by the Subscribing Customer to the Relying Customer.
- the Utility Key Service does not permit a Relying Participant to request from the Issuing Participant an Identity Warranty.
- Issuing Participants may issue Utility Certificates and the GTO Software in accordance with the requirements of Appendix 3-l(a)/l and 3 -6(b) to their Subscribing Customers for use in connection with the Utility Key Service.
- An Issuing Participant shall act as the Certificate Authority in accordance with the requirements of Appendix 3-l(a)/2 for Utility Certificates issued by the Issuing Participant to its Subscribing Customers.
- the Issuing Participant shall in accordance with the minimum standards set forth in Appendix 2-l(b)(ii): (a) confirm the identity of the Customer; (b) confirm the identity of the individuals and entities that will use the Private Key/Public Key Pair and Utility Certificate on behalf of the Subscribing Customer; and (c) confirm the authority of the individuals and entities authorized to use the Utility Certificate on behalf of the Subscribing Customer, including with regard to the types and amounts of transactions to which the authorization relates.
- Participant shall transmit to GTO a Participant Status Request with regard to the Relying Participant according to the timeframes and procedures set forth in Appendix 4-1.
- the Issuing Participant shall respond to the Validity Request from the Relying Participant by transmitting a Validity Response to the Relying Participant within the timeframes and according to the procedures set forth in Appendix 4-1.
- An Issuing Participant shall transmit a Validity Response only in response to a Validity Request received from a Relying Participant with a Valid Issuer Certificate.
- An Issuing Participant shall not transmit a Validity Response in response to a Validity Request received from any entity or person that is not a Relying Participant with a Valid Issuer Certificate, or in response to a communication, message or electronic transmission that is not a Validity Request.
- an Issuing Participant shall: (a) confirm the status of the indicated Utility Certificate as a Valid Digital Certificate and provide such other information as required in Appendix 4-1 or (b) deny the status of the indicated Utility Certificate as a Valid Digital Certificate and provide such other information as required in Appendix 4-1.
- the Issuing Participant in the event the Issuing Participant has transmitted a Validity Response confirming that a Utility Certificate is Valid but in fact that Utility Certificate has Expired or has been Revoked, or otherwise is not Valid, the Issuing Participant shall have no liability to the Relying Customer or any other Participant.
- a Relying Participant shall receive requests from its Relying Customers for confirmation of the status of a Utility Certificate included in an electronic transmission as a Valid Digital Certificate.
- the Relying Participant Upon receipt from a Relying Customer of a request for confirmation of the status of a Utility Certificate, the Relying Participant shall transmit a Validity Request to the Issuing Participant according to the timeframes and procedures set forth in Appendix 4-1 unless (a) the Relying Customer did not submit its request within the shorter of the time period specified in the Subscribing Customer's electronic message or calendar days from the Relying Customer's receipt of the electronic message from the Subscribing Customer, or (b) the Relying Participant is prohibited under applicable law from transmitting the Validity Request.
- the Relying Participant Upon receipt of a Validity Response from an Issuing Participant, the Relying Participant shall transmit to GTO a Participant Status Request with regard to the Issuing Participant according to the timeframes and procedures set forth in Appendix 4-1.
- the Relying Participant may transmit to the Relying Customer confirmation of the status of a Utility Certificate as a Valid Digital Certificate only if the Relying Participant has received a Validity Response from the Issuing Participant confirming the Validity of the Utility Certificate and a Participant Status Response confirming the Validity of the related Issuer Certificate.
- the transmission of this confirmation shall be in accordance with the timeframes, procedures and formats set forth in Appendix 4-1.
- GTO Upon receipt of a Participant Status Request from an Issuing Participant, GTO shall confirm whether the Issuer Certificate of the Relying Participant is Valid. GTO shall transmit to the Issuing Participant and the Relying Participant the Participant Status Response according to the timeframes and procedures set forth in Appendix 4- 1.
- GTO Upon receipt of a Participant Status Request from a Relying Participant, GTO shall confirm whether the Issuer Certificate of the Issuing Participant is Valid. GTO shall transmit to the Relying Participant and the Issuing Participant the Participant Status Response according to the timeframes and procedures set forth in Appendix 4-1.
- a Subscribing Customer may use its Private Key, the related
- a Subscribing Customer may authorize any person or entity to utilize its Private Key, the related
- the Relying Customer may request from its Relying Participant confirmation of the status of the Utility Certificate as a Valid Digital Certificate.
- Subscribing Customer Agreement An Issuing Participant shall enter into an agreement for the Utility Key Service with each Subscribing Customer that provides, at a minimum, for the following:
- Issuing Participant, other Participants, GTO and their employees and agents may within the limits of applicable law transmit and receive any data or information about, regarding or involving the Subscribing Customer among and between themselves and other third parties: (i) to provide the Utility Key
- Subscribing Customer or named in such a Utility Certificate that information about their identity and authority may be transferred to other Participants and GTO for the pu ⁇ ose of providing the GTO Services or otherwise carrying out the goals of the GTO System;
- a Relying Participant shall enter into an agreement for the Utility Key Service with each Relying Customer that provides, at a minimum, for the following:
- the Relying Customer's acknowledgment and authorization that the Relying Participant, other Participants, GTO and their employees and agents may within the limits of applicable law transmit and receive any data or information about, regarding or involving the Relying Customer among and between themselves and other third parties: (i) to provide the Utility Key Service to the Relying Customer; (ii) to resolve any dispute arising from the Utility Key Service; or (iii) pursuant to applicable law, regulation, order, subpoena or other legal requirement of a government authority; v. the Relying Customer's warranty of the accuracy of any information submitted to its Relying Participant in connection with the Utility Key Service;
- the Participant may include the provisions required in Section 18(2) and Section 18(3) in the same agreement.
- Sample Customer Agreement Provisions are attached to these Operating Rules at Appendix 13-5. A Participant may, but is not required to, use these sample provisions. GTO makes no representation that any of these sample provisions satisfies any or all requirements of these Operating Rules or any law applicable to the
- Participant or that any of these provisions would be binding on any Customer. Participant should obtain its own legal advice regarding the terms and conditions of its Customer Agreements.
- Appendix 1 GTO Digital Certificate Profiles
- Appendix 3-2 Operational and Security Controls l. Physical, Procedural and Personnel Controls 2. Computer Security Controls
- Appendix 4-1 Information Requirements, Protocols And Formats
- Appendix 4-2 Standards for GTO Safekeeping and Distribution of Root Key
- Appendix 6-1 Fee Schedule
- the Participant Prior to issuing an Identification Certificate to a new or existing Customer, the Participant shall confirm the identity of the Customer pursuant to the minimum procedures set forth below.
- (c) for a partnership obtain from the public register proof of establishment of the partnership in those jurisdictions which have legal requirements governing the establishment of a partnership and from the customer, a list of all general and minority/limited partners and a copy of the partnership agreement of the Customer;
- Applicant hereby applies for participation in the System as a Level One Participant and agrees with Root Entity, a Delaware limited liability company ("ROOT"), to comply with and be bound by all applicable provisions of the System Operating Rules, as they may be amended from time to time, and to participate in and accept full responsibility for all fees and costs assessed and liabilities allocated by Root in connection with the services provided under this Agreement.
- ROOT Delaware limited liability company
- Applicant possesses all necessary legal and co ⁇ orate authority to participate in the System, offer System Services to its Customers, and to meet the obligations of a Level One Participant under the System Operating Rules; and that 2. Applicant's Customer Agreements will be binding upon and enforceable against its Customers.
- Applicant shall not assign this Agreement or any of its rights or obligations hereunder without the prior written consent of Root Entity, and any such attempted assignment in violation of this provision shall be void.
- Applicant hereby represents and warrants that (i) all of the information provided in this Application and the accompanying documents is true, correct, and complete, (ii) it meets all requirements for its participation in the system, (iii) it is duly organized and validly existing under the laws of the jurisdiction of its organization or inco ⁇ oration and, if relevant under such laws, in good standing, (iv) it has the power to execute this Application and any other documentation relating to this Application that it is required by this Application or the documents inco ⁇ orated by reference herein to deliver and to perform its obligations under this Agreement and any obligations it has under any other document relating to this Application, (v) this Application has been duly authorized by appropriate co ⁇ orate action, (vi) it has duly executed and delivered this Application and that this Application, and all of the obligations of Applicant set forth in this Application or in the documents inco ⁇ orated by reference into this Application are valid and binding obligations of Applicant enforceable against Applicant in accordance with its terms, (vii) the execution and delivery of this Application and the accompany
- Applicant agrees that failure to disclose information pertinent to this application for participation in the System, or willful misrepresentation of any such information shall be a basis for termination of participation. Should circumstances change that would affect Applicant's participation eligibility, Applicant shall immediately notify Root Entity at the address set forth below. Any notice or other correspondence to be sent to Applicant by Root Entity may be sent to Applicant's address as shown herein. This Agreement shall be governed by and construed in accordance with the laws of the State of New York.
- Applicant hereby applies for participation in the System as a Level Two Participant and agrees with Root Entity, a Delaware limited liability company ("Root"), to comply with and be bound by all applicable provisions of the System Operating Rules, as they may be amended from time to time, and to participate in and accept full responsibility for all fees and costs assessed and liabilities allocated by Root Entity in connection with the services provided under this Agreement.
- Root Entity a Delaware limited liability company
- Applicant shall not assign this Agreement or any of its rights or obligations hereunder without the prior written consent of Root Entity, and any such attempted assignment in violation of this provision shall be void.
- Applicant hereby represents and warrants that (i) all of the information provided in this application and accompanying documents is true, correct, and complete, (ii) it meets all requirements for its participation in the system, (iii) it is duly organized and validly existing under the laws of the jurisdiction of its organization or inco ⁇ oration and, if relevant under such laws, in good standing, (iv) it has the power to execute this Application and any other documentation relating to this Application that it is required by this Application or the documents inco ⁇ orated by reference herein to deliver and to perform its obligations under this Agreement and any obligations it has under any other document relating to this Application, (v) this Application has been duly authorized by appropriate co ⁇ orate action, (vi) it has duly executed and delivered this Application and that this Application, and all of the obligations of Applicant set forth in this Application or in the documents inco ⁇ orated by reference into this Application are valid and binding obligations of Applicant enforceable against Applicant in accordance with its terms, (vii) the execution and delivery of this Application and the accompanying
- Applicant agrees that failure to disclose information pertinent to this application for participation in the System, or willful misrepresentation of any such information shall be a basis for termination of participation. Should circumstances change that would affect Applicant's participation eligibility, Applicant shall immediately notify Root Entity at the address set forth below. Any notice or other correspondence to be sent to Applicant by Root Entity may be sent to Applicant's address as shown herein. This Agreement shall be governed by and construed in accordance with the laws of the State of New York.
- Fax # Fax #: Appendix 2-l(b)(v)(C)(2)
- Root Entity a Delaware limited liability company
- Root Entity a Delaware limited liability company
- the Issuing Participant has agreed to pay each Relying Customer to which it issues an Identity Warranty damages for breach of such an Identity Warranty in an amount and under the circumstances determined under the System Operating Rules (as in effect from time to time, the "Operating Rules"), and to provide collateral as security for its obligation to make such payment upon the terms set forth in the Operating Rules;
- the Issuing Participant desires (1) that such collateral be deposited in the Account (as defined below) maintained by the Collateral Agent, acting as collateral agent on behalf of the Relying Customers pursuant to an agreement between the Relying Customer and the Collateral Agent (the "Collateral Agent Agreement"), and (2) to grant to the Collateral Agent, for the benefit of the Relying Customers, a security interest in such collateral;
- Root Entity will provide certain information to the Issuing Participant and the Collateral Agent regarding the amount and type of collateral that the Issuing
- Participant is required to maintain pursuant to this Agreement from time to time;
- a "Business Day” shall be any day other than a Saturday or Sunday, on which commercial banks in each of [New York, and ] are not authorized or permitted by law
- Collateral shall mean all bonds, notes, bills and other securities, or security entitlements to any of the foregoing, and all other property, Transferred to or received by the Collateral Agent at any time pursuant to this Agreement, and not Transferred to the Issuing Participant pursuant to Section 4(c), 4(d), 4(0, 4(g) or 10 of this Agreement, 10 together with all property substituted for any of the foregoing, all property purchased with the proceeds of any of the foregoing, and all interest and other income on, or products or proceeds of, any of the foregoing.
- Transfer shall mean: (1) in the case of security entitlements to U.S. Treasury Securities, delivery to an account of the recipient (or its custodian) at a Federal Reserve 15 Bank and designated by the recipient from time to time, (2) in the case of any other type of property that is designated as Eligible Collateral from time to time, as provided in the Warranty Caps and Collateral Requirements, and (3) in the case of any cash or amounts on deposit, wire transfer in immediately available funds to an account designated by the recipient from time to time.
- the Issuing Participant hereby pledges, hypothecates, assigns, transfers and grants to the Collateral Agent, for the benefit of the Relying Customers, a first priority perfected security interest in all of the Issuing Participant's right, title and interest in, to and under the Collateral.
- the Issuing Participant hereby represents and warrants, as of the date of this Agreement and as of each date as of which it Transfers Collateral to the Collateral Agent, as follows:
- the Issuing Participant is a juridical person duly organized, validly existing and (if relevant in its jurisdiction of organization) in good standing under the laws of its jurisdiction of organization and has all requisite power and authority, co ⁇ orate or otherwise, to execute and deliver, and to perform all of its obligations under, this Agreement.
- the Issuing Participant's jurisdiction of organization is the jurisdiction specified as such on the signature pages of this Agreement.
- the Issuing Participant has the power and authority to pledge, hypothecate, assign, transfer, grant a security interest in and Transfer the Collateral as provided for herein.
- the Issuing Participant is or as of the date of Transfer will be the sole legal and beneficial owner of, or otherwise has or as of the date of Transfer will have the right to Transfer, all Collateral that it Transfers to the Collateral Agent pursuant to this Agreement, free and clear of all liens, security interests, charges, encumbrances, defenses, restrictions and counterclaims of every kind and nature (other than those created by this Agreement).
- Root Entity shall establish from time to time (i) the aggregate value, in [U.S. Dollars] [the currency specified on the signature page hereof], of Performance Based Collateral (as defined in the Warranty Caps and Collateral Requirements) required to be pledged under this Agreement by the Issuing Participant (the "Performance Based Collateral Amount") and (ii) if the Issuing Participant elects, as provided in the Operating Rules, to obtain an increase in its Issuing Participant Warranty Cap by delivering Credit Based Collateral (as defined in the Warranty Caps and Collateral Requirements), the aggregate value, in [U.S. Dollars] [the currency specified on the signature page hereof], of
- the "Required Collateral Amount” shall be the sum of the Performance Based Collateral Amount and the Credit Based
- Root Entity shall notify the Issuing Participant and the Collateral Agent of (x) the Required Collateral Amount and the (y) Delivery Amount or Return Amount (each as defined below) as of such Business Day.
- the "Delivery Amount" as of any Business Day shall be the amount by which the Required Collateral Amount as in effect as of 5:00 p.m., New York time, on the preceding Business Day exceeds the Collateral Value of the Collateral as of 5:00 p.m., New York time, on the preceding Business Day (calculated as provided in the Warranty Caps and Collateral Requirements).
- the "Return Amount" as of any Business Day shall be the amount by which the Collateral Value of the Collateral as of 5:00 p.m., New York time, Business Day (calculated as provided in the Warranty Caps and Collateral Requirements) exceeds the Required Collateral Amount as in effect as of 5:00 p.m. New York time on the preceding Business Day.
- any Collateral that does not constitute Eligible Collateral under (and as defined in) the Warranty Caps and Collateral Requirements shall be treated as having no value for pu ⁇ oses of determining the Collateral Value.
- the Issuing Participant shall Transfer to the Collateral Agent Eligible Collateral having a Collateral Value at least equal to the Delivery Amount.
- the Collateral Agent shall, upon the request of the Issuing Participant, Transfer to the Issuing Participant Collateral selected by the Issuing Participant and having a Collateral Value no greater than the Return Amount, provided that the Collateral Agent shall not Transfer any such Collateral to the extent that such Transfer would cause the Collateral Value of the Collateral as of the date of Transfer to be less than the Required Collateral Amount as of such date.
- the Issuing Participant may, on any Business Day, Transfer to the Collateral Agent substitute Eligible Collateral (the "Substitute Collateral").
- the Collateral Agent shall Transfer to the Issuing Participant the items of Collateral specified by the Issuing Participant in its notice of substitution not later than 5:00 p.m., New York time, on the Business Day following the date on which the Collateral Agent receives the Substitute Collateral, provided that the Collateral Agent shall not Transfer any such Collateral to the extent that such Transfer would cause the Collateral Value of the Collateral as of the date of Transfer to be less than the Required Collateral Amount as of such date. e.
- the Issuing Participant shall have no right to withdraw Collateral from the Account.
- the Collateral Agent shall Transfer to the Issuing Participant any interest or other income that the Collateral Agent receives on or in respect of the Collateral not later than [5:00 p.m.], New York time, on the Business Day following the date on which the Collateral Agent receives such amounts, provided that the Collateral Agent shall not Transfer any such income to the Issuing Participant to the extent that such Transfer would cause the Collateral Value of the Collateral as of the date of Transfer to be less than the Required Collateral Amount as of such date. Until any such interest or other income is Transferred to the Issuing Participant to as provided in this Section, such interest or other income shall constitute Collateral and shall be held in the Account subject to return as provided in Section 4(c).
- the Collateral Agent shall invest such proceeds in U.S. Treasury securities [of the shortest reasonably available maturity] [selected by the Issuing Participant] unless, not later than 11 :00 a.m., New York time, on such Business Day, the Issuing Participant Transfers to the Collateral Agent additional Eligible Collateral having a Collateral Value at least equal to such proceeds.
- Such proceeds until invested in such U.S. Treasury securities, and such U.S. Treasury securities shall constitute Collateral and shall be held in the Account subject to return as provided in Section 4(c). Subject to Section 4(h), if the Issuing Participant does Transfer to the Collateral Agent additional Eligible Collateral having a Collateral Value at least equal to such proceeds prior to the time specified above, the Collateral
- the Collateral Agent shall hold the Collateral in a segregated account (the "Account") entitled "[Name of Issuing Participant] Collateral Account, Subject to the Security Interest of the Relying Customers Under Identity Warranties Issued by [Name of Issuing Participant]."
- the Issuing Participant agrees to pay the Collateral Agent's customary and reasonable charges for maintaining the Account.
- the Issuing Participant will not sell, assign, transfer, pledge or otherwise encumber any of its rights in or to the Collateral or any unpaid dividends or other distributions or payments with respect thereto or grant a lien, encumbrance or security interest in any of the Collateral.
- the Issuing Participant will, at its own expense, promptly execute, acknowledge and deliver all such instruments and take all such action as the Collateral Agent from time to time may reasonably request in order to ensure to the Collateral Agent for the benefit of the Relying Customer the benefits of the liens in and to its Collateral intended to be created by this
- the Issuing Participant will defend its title to the Collateral and the liens of the Collateral Agent thereon against the claim of any person and will maintain and preserve such liens until the termination of this Agreement.
- the Collateral Agent shall:
- the Collateral Agent shall provide the Issuing Participant with an accounting with respect to all proceeds of any sale or redemption of Collateral and the transfer thereof pursuant to Root Entity's instructions.
- the Issuing Participant agrees to indemnify and hold harmless the Collateral Agent, Root Entity, each Relying Participant and each Relying Customer from and against any and all claims, demands, losses, judgments, and liabilities (including liabilities for penalties) of whatsoever kind or nature, and to reimburse the Collateral Agent, Root Entity, each Relying Participant and each Relying Customer for all costs and expenses, including attorneys' fees and disbursements arising out of the exercise by the Collateral Agent of any right, power or remedy granted to it upon the default in payment of any of the Obligations.
- Each of the Collateral Agent and Root Entity may consult with legal counsel selected by it and shall not be liable for any action taken or suffered hr good faith by it in accordance with the advice of such counsel.
- neither the Collateral Agent nor Root Entity shall incur any liability under or in respect of this Agreement or the Collateral Agent Agreement by acting upon any notice, consent, certificate or other document or instrument believed by it to be genuine or authentic or to be signed by the proper party or parties, or with respect to anything which it may do or refrain from doing in the reasonable exercise of its judgment, or which may seem to it to be necessary or desirable in the premises.
- This Agreement shall continue until the payment in full of all amounts payable by the Issuing Participant under all Certified IW Claims and this Agreement, and until the Issuing Participant is no longer a Participant in the System, all Digital Certificates issued by the Issuing Participant have been revoked or have expired, all Identity Warranties issued by the Issuing Participant have expired and all claims made for breach of any Identity Warranties issued by the Issuing Participant have been paid or resolved.
- Root Entity Upon the termination of this Agreement, Root Entity shall instruct the Collateral Agent to Transfer any remaining Collateral to the Issuing Participant.
- This Agreement and the terms, covenants, and conditions hereof, shall be binding upon and inure to benefit of the Issuing Participant, the Collateral Agent, Root Entity and each Relying Participant and Relying Customer, and their respective legal successors and permitted assigns.
- This Agreement shall not be assignable by either party without the consent of the other, and any pu ⁇ orted assignment without such consent shall be void.
- the Issuing Participant shall provide, simultaneously with its execution and delivery of this Agreement, em opinion of counsel to the Issuing Participant as to the matters referred to in Section 3(a) and (c) through (h).
- IN WITNESS WHEREOF the parties hereto have caused this Agreement to be executed by their respective officers thereunto duly authorized, as of the date indicated below.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU71238/00A AU7123800A (en) | 1999-09-10 | 2000-09-08 | System and method for providing certificate-related and other services |
Applications Claiming Priority (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15332699P | 1999-09-10 | 1999-09-10 | |
US15344399P | 1999-09-10 | 1999-09-10 | |
US15337099P | 1999-09-10 | 1999-09-10 | |
US15332799P | 1999-09-10 | 1999-09-10 | |
US60/153,326 | 1999-09-10 | ||
US60/153,443 | 1999-09-10 | ||
US60/153,370 | 1999-09-10 | ||
US60/153,327 | 1999-09-10 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001018715A1 true WO2001018715A1 (en) | 2001-03-15 |
WO2001018715A8 WO2001018715A8 (en) | 2001-09-27 |
Family
ID=27496088
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/024606 WO2001018715A1 (en) | 1999-09-10 | 2000-09-08 | System and method for providing certificate-related and other services |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2001018715A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6003007A (en) * | 1996-03-28 | 1999-12-14 | Dirienzo; Andrew L. | Attachment integrated claims system and operating method therefor |
US6115642A (en) * | 1996-12-31 | 2000-09-05 | Buildnet, Inc. | Systems and methods for facilitating the exchange of information between separate business entities |
-
2000
- 2000-09-08 WO PCT/US2000/024606 patent/WO2001018715A1/en active Search and Examination
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6003007A (en) * | 1996-03-28 | 1999-12-14 | Dirienzo; Andrew L. | Attachment integrated claims system and operating method therefor |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6115642A (en) * | 1996-12-31 | 2000-09-05 | Buildnet, Inc. | Systems and methods for facilitating the exchange of information between separate business entities |
Also Published As
Publication number | Publication date |
---|---|
WO2001018715A8 (en) | 2001-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9684889B2 (en) | System and method for providing certification-related and other services | |
WO2001018717A1 (en) | System and method for providing certificate-related and other services | |
Blythe | The tiger on the peninsula is digitized: Korean e-commerce law as a driving force in the world's most computer-savvy nation | |
Giannetto et al. | Strengthening the protection of financial consumers in Mongolia’s banking sector | |
WO2000048360A1 (en) | System and method for providing certification-related and other services | |
WO2001018715A1 (en) | System and method for providing certificate-related and other services | |
KR102570105B1 (en) | System for prevention of real estate fraud transaction | |
AU2004208693A1 (en) | System and method for providing certification-related and other services | |
McGill | Standard Refunds | |
Oberholzer | RFQ# 70Z0G319QPBY04100 | |
Authority | Act on the Financial Supervisory Authority: 878/2008; amendments up to 445/2023 included | |
Noor et al. | Legal Analysis of the Position of Personal Guarantee Owners in the Bank Credit Agreement Structure | |
Gorecki | THE BANKING LAW | |
Burau et al. | Electronic money: comparative analysis of regulation in the European Union, the United States and Ukraine | |
Temem | Issuance requirements of electronic money within the framework of the Islamic banking system | |
Securities | THE BANKING LAW | |
Augustinos et al. | International Banking and Finance | |
Magdo et al. | Banking Law/Money Laundering Panel | |
Assembly | Concerning the Regulation of Mortgage Loan Originators, and, in Connection Therewith, Modifying the" Mortgage Broker Licensing Act" to Conform to the Federal" Secure and Fair Enforcement for Mortgage Licensing Act of 2008", Exempting Certain Financial Institutions from the List of Prohibited Practices Under the Act, and Making an Appropriation. | |
DEED | BAA FUNDING LIMITED | |
Team et al. | Process | |
Chasige | SECURITIES EXCHANGE ACT OF 1934 | |
LOS ANGELES | by and between | |
ENFORCEMENT | INTRODUCTION TO THE BANK SECRECY ACT | |
REGULATION | DETAILED ASSESSMENT OF OBSERVANCE |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: C1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
CFP | Corrected version of a pamphlet front page | ||
CR1 | Correction of entry in section i |
Free format text: PAT. BUL. 11/2001 UNDER (30) REPLACE "NOT FURNISHED" BY "60/153326" |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
DPE2 | Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101) |