|
YOU
MUST READ THIS RELYING PARTY
AGREEMENT
("AGREEMENT")
BEFORE VALIDATING A
Secure Digital TRUST ENVIRONMENT
("SDTE") DIGITAL
CERTIFICATE
("CERTIFICATE"),
BY ACCESSING OR USING
Secure Digital'S DATABASE OF
CERTIFICATE REVOCATIONS AND
OTHER INFORMATION
("REPOSITORY") OR
ANY CERTIFICATE REVOCATION
LIST ISSUED BY Secure Digital OR
OUR LICENSEES
("Secure Digital CRL").
IF YOU DO NOT AGREE TO THE
TERMS OF THIS AGREEMENT, DO
NOT SUBMIT A QUERY AND DO
NOT DOWNLOAD, ACCESS, OR USE
ANY Secure Digital CRL BECAUSE
YOU ARE NOT AUTHORIZED TO
USE Secure Digital'S REPOSITORY
OR ANY Secure Digital CRL.
1. Definitions. The
capitalized terms used in
this Agreement shall have
the following meanings
unless otherwise specified:
"Certificate"
shall mean a digitally
signed message that contains
a Subscriber's public key
and associates it with
information authenticated by
Secure Digital or a
Secure Digital-authorized entity.
"Certificate
Applicant" shall mean
an individual or
organization that requests
the issuance of a
Certificate by a
Certification Authority.
"Certificate
Chain" shall mean an
ordered list of Certificates
containing an end-user
Subscriber Certificate and
CA Certificates, which
terminates in a root
Certificate.
"Certification
Authority" or
"CA" shall mean an
entity authorized to issue,
manage, revoke, and renew
Certificates in the SDTE.
"Nonverified Subscriber
Information" means any
information submitted by a
Certificate Applicant to a
CA or RA, and included
within a Certificate, that
has not been confirmed by
the CA or RA and for which
the applicable CA and RA
provide no assurances other
than that the information
was submitted by the
Certificate Applicant.
"Registration
Authority" or
"RA" shall mean an
entity approved by a CA to
assist Certificate
Applicants in applying for
Certificates, and to approve
or reject Certificate
Applications, revoke
Certificates, or renew
Certificates.
"Relying
Party" shall mean an
individual or organization
that acts in reliance on a
Certificate or a digital
signature.
"Repository" shall
mean a portion of the
Secure Digital website where
Relying Parties,
Subscribers, and the general
public can obtain copies of
Secure Digital literature,
including but not limited
to, the Secure Digital CPS,
Subscriber Agreements,
whitepapers, and CRLs.
"Subscriber" shall
mean a person who is the
subject of and has been
issued a Certificate.
"Subscriber
Agreement" shall mean
an agreement used by a CA or
RA setting forth the terms
and conditions under which
an individual or
organization acts as a
Subscriber.
"Secure Digital
CPS" shall mean the
Secure Digital Certification
Practice Statement, as
amended from time to time,
which may be accessed from
http://www.SecureDigitalSecuritySolutions.com/repository/cps.
2. Application.
This Agreement
becomes effective when you
submit a query to search for
a Certificate, or to verify
a digital signature created
with a private key
corresponding to a public
key contained in a
Certificate, by downloading
a Secure Digital CRL, or when you
otherwise use or rely upon
any information or services
provided by Secure Digital's
Repository, Secure Digital's
website, or any Secure Digital
CRL. Relying Party
Agreements in force within
the SDTE appear at: http://www.SecureDigitalSecuritySolutions.com/repository/rpa.
3. Description of
Certificates.
The Certificates
relied upon in accordance
with this Agreement are
issued within the SDTE.
The Secure Digital Trust
Environment or SDTE is a
global public key
infrastructure that provides
Certificates for both wired
and wireless applications.
Secure Digital is one of the
service providers within the
SDTE, together with a network
of licensees and partners
throughout the world.
The SDTE and Secure Digital under
this Agreement provides two
distinct classes
("Classes") and
three sub-classes
("Sub-classes") of
certification services for
both the wired and wireless
Internet and other networks.
Classes provided are
"Test" and
"Secure Digital Professional
Network ("SDPN")".
The SDPN provides three
Sub-classes,
"Basic",
"Group" and
"Premium". Each
Class and Sub-class of
Certificate provides
specific functionality and
security features and
corresponds to a specific
level of trust. You are
responsible for choosing
which Class or Sub-class of
Certificate you need. The
following subsections state
the appropriate uses and
authentication procedures
for each Class and Sub-class
of Certificate. For more
detailed information about
Secure Digital's certification
services, please see the
Secure Digital Certification
Practice Statement (the
"Secure Digital CPS")
which may be accessed at http://www.SecureDigitalSecuritySolutions.com/repository.
Secure Digital
Test Class -
Test Class
Certificates are used for
interoperability and other
testing purposes. They
are solely used for this
purpose and carry no
assurance information.
Secure Digital
SDPN Class comprise three
distinct sub-classes
referred to as
"Basic",
"Group" and
"Premium".
(i) SDPN Basic Sub-class
Certificates-
provide modest
security by assuring that a
certificate's subject and
e-mail address are included
unambiguously within
Secure Digital’s repository.
Basic Certificates do not
provide proof of identity
and offer relatively low
level of assurances. They
are individual Certificates,
whose validation procedures
are based solely on
assurances that the
Subscriber’s distinguished
name is unique and
unambiguous within the SDTE
and that a certain e-mail
address is associated with a
public key. They are
appropriate principally for
encryption and may also be
appropriate for digital
signatures and access
control for noncommercial or
low-value transactions where
proof of identity is
unnecessary.
(ii) SDPN Group Sub-class
Certificates
provides a medium
level of assurance within
the SDTE. SDPN Group
Sub-class Certificates are
issued to individuals,
organizations, and
Administrators for CAs and
RAs. SDPN Group Sub-class
individual Certificates may
be used for digital
signatures, encryption, and
access control, including as
proof of identity, within
the Subscriber's group. SDPN
Group Sub-class individual
Certificates provide
assurances of the identity
of the Subscriber based on
the verification of the
Subscriber's group RA, based
on, at a minimum, the
Subscriber's records or
file. Other SDPN Group
Sub-class organizational
Certificates are issued to
devices to provide
authentication; message,
software, and content
integrity; and
confidentiality encryption.
SDPN Group Sub-class
organizational Certificates
provide assurances of the
identity of the Subscriber
based on a confirmation that
the Subscriber organization
does in fact exist, that the
organization has authorized
the Certificate Application,
and that the person
submitting the Certificate
Application on behalf of the
Subscriber was authorized to
do so. SDPN Premium Sub-class
organizational Certificates
for servers also provide
assurances that the
Subscriber is entitled to
use the domain name listed
in the Certificate
Application.
(iii) SDPN Premium Sub-class
Certificates
provide the
highest level of assurances
within the SDTE. SDPN
Premium Sub-class
Certificates are issued to
individuals, organizations,
and Administrators for CAs
and RAs. SDPN Premium
Sub-class individual
Certificates may be used for
digital signatures,
encryption, and access
control, including as proof
of identity, in high- value
transactions. SDPN Premium
Sub-class individual
Certificates provide
assurances of the identity
of the Subscriber based on
the personal (physical)
presence of the Subscriber
before an independent third
party RA that confirms the
identity of the Subscriber
using, at a minimum, a
well-recognized form of
government- issued
identification and one other
identification credential.
Other SDPN Premium Sub-class
organizational Certificates
are issued to devices to
provide authentication;
message, software, and
content integrity; and
confidentiality encryption.
SDPN Premium Sub-class
organizational Certificates
provide assurances of the
identity of the Subscriber
based on a confirmation that
the Subscriber organization
does in fact exist, that the
organization has authorized
the Certificate Application,
and that the person
submitting the Certificate
Application on behalf of the
Subscriber was authorized to
do so. SDPN Premium Sub-class
organizational Certificates
for servers also provide
assurances that the
Subscriber is entitled to
use the domain name listed
in the Certificate
Application.
4. Acknowledgements and
Warranties
(i)
Sufficient Information. You
acknowledge and agree that
you have access to
sufficient information to
ensure that you can make an
informed decision as to the
extent to which you will
choose to rely on the
information in a
Certificate. You acknowledge
and agree that your use of
the Repository and your use
of any Secure Digital CRL, are
governed by this Agreement
and the Secure Digital CPS.
YOU ARE SOLELY
RESPONSIBLE FOR DECIDING
WHETHER OR NOT TO RELY ON
THE INFORMATION IN A
CERTIFICATE. You also
acknowledge and agree that
you shall bear the legal
consequences of your failure
to comply with the Relying
Party obligations set forth
in this Agreement.
(ii)
Compromise of SDTE Security.
You agree that you shall not
monitor, interfere with, or
reverse engineer the
technical implementation of
the SDTE, except upon prior
written approval from
Secure Digital, and shall not
otherwise intentionally
compromise the security of
the SDTE.
(iii)
Effect of a Certificate.
You acknowledge and agree,
to the extent permitted by
applicable law, that where a
transaction is required to
be in writing, a message or
other record bearing a
digital signature verifiable
with reference to a
Certificate is valid,
effective, and enforceable
to an extent no less than
had the same message or
record been written and
signed on paper. Subject to
applicable law, a digital
signature or transaction
entered into with reference
to a Certificate shall be
effective regardless of the
geographic location where
the Certificate is issued or
the digital signature
created or used, and
regardless of the geographic
location of the place of
business of the CA or
Subscriber.
(iv)
Limitations on Use.
Certificates issued under
the SDTE are not designed,
intended, or authorized for
use or resale as control
equipment in hazardous
circumstances or for uses
requiring fail-safe
performance such as the
operation of nuclear
facilities, aircraft
navigation or communication
systems, air traffic control
systems, or weapons control
systems, where failure could
lead directly to death,
personal injury, or severe
environmental damage. Test
Class, Individual Class and
Client SDPN Class
Certificates shall not be
used as proof of identity or
as support of nonrepudiation
of identity or authority.
Secure Digital, and its CAs and
RAs are not responsible for
assessing the
appropriateness of the use
of a Certificate. You agree
as a Relying Party that
Certificates will not be
used or relied upon by you
beyond the limitations set
forth in this Agreement.
5. Your Obligations.
As
a Relying Party, you are
obligated to:
(i) independently
assess the appropriateness
of the use of a Certificate
for any given purpose and
determine that the
Certificate will, in fact,
be used for an appropriate
purpose;
(ii) utilize the
appropriate software and/or
hardware to perform digital
signature verification or
other cryptographic
operations you wish to
perform, as a condition of
relying on a Certificate in
connection with each such
operation. Such operations
include identifying a
Certificate Chain and
verifying the digital
signatures on all
Certificates in the
Certificate Chain. You agree
that you will not rely on a
Certificate unless these
verification procedures are
successful;
(iii) check the status
of a Certificate on which
you wish to rely, as well as
all the Certificates in its
Certificate Chain. If any of
the Certificates in the
Certificate Chain have been
revoked, you agree that you
will not rely on the
end-user Subscriber
Certificate or other revoked
Certificate in the
Certificate Chain; and
(iv) rely on the
Certificate, if all of the
checks described in the
previous paragraphs are
successful, provided that
reliance upon the
Certificate is reasonable
under the circumstances and
in light of Section 4(i) of
this Agreement. If the
circumstances indicate a
need for additional
assurances, it is your
responsibility to obtain
such assurances for such
reliance to be deemed
reasonable.
6. Warranties.
Secure Digital
warrants to Relying Parties
who reasonably rely on a
Certificate (i) that all
information in or
incorporated by reference in
the Certificate, except for
Nonverified Subscriber
Information, is accurate;
(ii) that Certificates
appearing in the Repository
have been issued to the
individual or organization
named in the Certificate as
the Subscriber, and the
Subscriber has accepted the
Certificate by downloading
it from a website or via an
email message sent to the
Subscriber containing the
Certificate; and (iii) the
entities that approved the
Certificate Application and
issued the Certificate have
substantially complied with
the Secure Digital CPS when
issuing the Certificate.
7. Disclaimers. YOU
AGREE THAT YOUR USE OF
Secure Digital'S SERVICE(S) IS
SOLELY AT YOUR OWN RISK. YOU
AGREE THAT ALL SUCH SERVICES
ARE PROVIDED ON AN "AS
IS" AND AS AVAILABLE
BASIS, EXCEPT AS OTHERWISE
NOTED IN THIS AGREEMENT.
Secure Digital EXPRESSLY
DISCLAIMS ALL WARRANTIES OF
ANY KIND, WHETHER EXPRESS OR
IMPLIED, INCLUDING BUT NOT
LIMITED TO THE IMPLIED
WARRANTIES OF
MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND
NON-INFRINGEMENT. OTHER THAN
THE WARRANTIES AS SET FORTH
IN SECTION 6, Secure Digital DOES
NOT MAKE ANY WARRANTY THAT
THE SERVICE WILL MEET YOUR
REQUIREMENTS, OR THAT THE
SERVICE WILL BE
UNINTERRUPTED, TIMELY,
SECURE OR ERROR FREE; NOR
DOES Secure Digital MAKE ANY
WARRANTY AS TO THE RESULTS
THAT MAY BE OBTAINED FROM
THE USE OF THE SERVICE OR TO
THE ACCURACY OR RELIABILITY
OF ANY INFORMATION OBTAINED
THROUGH THE SERVICE. YOU
UNDERSTAND AND AGREE THAT
ANY MATERIAL AND/OR DATA
DOWNLOADED OR OTHERWISE
OBTAINED THROUGH THE USE OF
Secure Digital'S SERVICES IS DONE
AT YOUR OWN DISCRETION AND
RISK. NO ADVICE OR
INFORMATION, WHETHER ORAL OR
WRITTEN, OBTAINED BY YOU
FROM Secure Digital OR THROUGH
Secure Digital'S SERVICES SHALL
CREATE ANY WARRANTY NOT
EXPRESSLY MADE HEREIN. TO
THE EXTENT JURISDICTIONS DO
NOT ALLOW THE EXCLUSION OF
CERTAIN WARRANTIES, SOME OF
THE ABOVE EXCLUSIONS MAY NOT
APPLY TO YOU. Secure Digital IS
NOT RESPONSIBLE FOR AND
SHALL HAVE NO LIABILITY WITH
RESPECT TO ANY PRODUCTS
AND/OR SERVICES PURCHASED BY
YOU FROM A THIRD PARTY.
8. Indemnification.
You agree to release,
indemnify, defend and hold
harmless Secure Digital and any
non-Secure Digital CAs or RAs,
and any of their respective
contractors, agents,
employees, officers,
directors, shareholders,
affiliates and assigns from
all liabilities, claims,
damages, costs and expenses,
including reasonable
attorney's fees and
expenses, of third parties
relating to or arising out
of (i) your failure to
perform the obligations of a
Relying Party, (ii) your
reliance on a Certificate
that is not reasonable under
the circumstances, or (iii)
your failure to check the
status of a Certificate to
determine if the Certificate
is expired or revoked. When
Secure Digital is threatened with
suit or sued by a third
party, Secure Digital may seek
written assurances from you
concerning your promise to
indemnify Secure Digital, your
failure to provide those
assurances may be considered
by Secure Digital to be a
material breach of this
Agreement. Secure Digital shall
have the right to
participate in any defense
by you of a third-party
claim related to your use of
any Secure Digital services, with
counsel of our choice at
your own expense. You shall
have sole responsibility to
defend Secure Digital against any
claim, but you must receive
Secure Digital's prior written
consent regarding any
related settlement. The
terms of this Section 6 will
survive any termination or
cancellation of this
Agreement.
9. Limitations of
Liability.
THIS
SECTION 9 APPLIES TO
LIABILITY UNDER CONTRACT
(INCLUDING BREACH OF
WARRANTY), TORT (INCLUDING
NEGLIGENCE AND/OR STRICT
LIABILITY), AND ANY OTHER
LEGAL OR EQUITABLE FORM OF
CLAIM. IF YOU INITIATE ANY
CLAIM, ACTION, SUIT,
ARBITRATION, OR OTHER
PROCEEDING RELATING TO
SERVICES PROVIDED UNDER THIS
AGREEMENT, AND TO THE EXTENT
PERMITTED BY APPLICABLE LAW,
Secure Digital'S TOTAL LIABILITY
FOR DAMAGES SUSTAINED BY YOU
AND ANY THIRD PARTY FOR ANY
USE OR RELIANCE ON A
SPECIFIC CERTIFICATE SHALL
BE LIMITED, IN THE
AGGREGATE, TO TWO TIMES THE
AMOUNT PAID FOR THE
CERTIFICATE. THE LIABILITY
LIMITATIONS PROVIDED IN THIS
SECTION 9 SHALL BE THE SAME
REGARDLESS OF THE NUMBER OF
DIGITAL SIGNATURES,
TRANSACTIONS, OR CLAIMS
RELATED TO SUCH CERTIFICATE.
Secure Digital SHALL NOT BE
OBLIGATED TO PAY MORE THAN
THE TOTAL LIABILITY
LIMITATION FOR EACH
CERTIFICATE THAT IS RELIED
ON.
10. General Provisions
10.1.
Force Majeure.
Except for payment
and indemnity obligations
hereunder, neither party
shall be deemed in default
hereunder, nor shall it hold
the other party responsible
for, any cessation,
interruption or delay in the
performance of its
obligations hereunder due to
earthquake, flood, fire,
storm, natural disaster, act
of God, war, armed conflict,
terrorist action, labor
strike, lockout, boycott,
provided that the Party
relying upon this Section
10.1 shall have given the
other party written notice
thereof promptly and, in any
event, within five (5) days
of discovery thereof and
(ii) shall take all
reasonable steps reasonably
necessary under the
circumstances to mitigate
the effects of the force
majeure event upon which
such notice is based;
provided further, that in
the event a force majeure
event described in this
Section 10.1 extends for a
period in excess of thirty
(30) days in aggregate, the
other party may immediately
terminate this Agreement.
10.2.
Severability.
If any provision of
this Agreement, or the
application thereof, is for
any reason and to any extent
found to be invalid or
unenforceable, the remainder
of this Agreement (and the
application of the invalid
or unenforceable provision
to other persons or
circumstances) shall not be
affeSDTEd by such finding of
invalidity or
unenforceability, and shall
be interpreted in a manner
that shall reasonably carry
out the intent of the
parties.
10.3.
Governing Law.
You and Secure Digital
agree that any disputes
related to the services
provided under this
Subscriber Agreement shall
be governed in all respects
by and construed in
accordance with the laws of
the State of Nevada, The
parties agree that the
United Nations Convention on
Contracts for the
International Sale of Goods
shall not apply to this
Agreement.
10.4.
Dispute Resolution.
To the extent
permitted by law, you shall
notify Secure Digital, and any
other party to the dispute
for the purpose of seeking
dispute resolution, before
you may invoke any dispute
resolution mechanism with
respect to a dispute
involving any aspect of this
Agreement, you shall. If
the dispute is not resolved
within sixty (60) days after
the initial notice, then a
party may proceed in agrees
that all suits to
enforce any provision of
this Agreement or arising in
connection with this
Agreement shall be brought
in the State Court of Nevada
which includes the City of
Reno, Nevada. The
parties agree that such
courts shall have exclusive
jurisdiction and venue and
the parties submit to the
exclusive in personam
jurisdiction and venue of
such courts. The parties
further waive any right to a
jury trial regarding any
action brought in connection
with this Agreement.
10.5.
Independent Contractors.
The parties to this
Agreement are independent
contractors. Neither party
is an agent, representative,
or partner of the other
party. Neither party shall
have any right, power or
authority to enter into any
agreement for or on behalf
of, or incur any obligation
or liability of, or to
otherwise bind, the other
party. This Agreement shall
not be interpreted or
construed to create an
association, joint venture
or partnership between the
parties or to impose any
partnership obligation or
liability upon either party.
Each party shall bear its
own costs and expenses in
performing this Agreement.
10.6.
Non-Assignment. Except
as otherwise set forth
herein, your rights under
this Agreement are not
assignable or transferable.
Any attempt by your
creditors to obtain an
interest in your rights
under this Agreement,
whether by attachment, levy,
garnishment or otherwise,
renders this Agreement
voidable at Secure Digital's
option.
10.7.
Notices.
All notices, demands
or requests to Secure Digital
with respect to this
Subscriber Agreement shall
be made in writing to: Attn:
General Counsel, Secure Digital
Inc., 50 West Liberty
Street, Suite 880, Reno
Nevada 89501.
10.8.
Survival.
This Agreement shall
be applicable for as long as
you rely on a Certificate,
access or use the Secure Digital
database of CRL information
and in any manner of respect
concerning the subject
matter of this Agreement.
10.9.
Entire Agreement.
This Agreement
constitutes the entire
understanding and agreement
between Secure Digital and you
with respect to the
transactions contemplated,
and supersedes any and all
prior or contemporaneous
oral or written
representation,
understanding, agreement or
communication between
Secure Digital and you concerning
the subject matter hereof.
Neither party is relying
upon any warranties,
representations, assurances
or inducements not expressly
set forth herein. Section
headings are inserted for
convenience of reference
only and are not intended to
be part of or to affect the
meaning this Agreement.
Terms and conditions in any
purchase orders that are not
included in this
Agreement or that conflict
with this Agreement are null
and void.
(c) Secure Digital Inc. All
rights reserved
|
