YOU MUST READ THIS RELYING PARTY AGREEMENT ("AGREEMENT") BEFORE VALIDATING A
HKeSP CERTIFICATE , USING HKeSP'S ONLINE CERTIFICATE STATUS PROTOCOL ("OCSP")
SERVICES, ACCESSING OR USING A HKeSP OR HKeSP AFFILIATE DATABASE OF CERTIFICATE
REVOCATIONS OR RELYING ON ANY HKeSP CERTIFICATE-RELATED INFORMATION
(COLLECTIVELY, "HKeSP INFORMATION”). IF YOU DO NOT AGREE TO THE TERMS OF THIS
AGREEMENT, DO NOT SUBMIT A QUERY AND DO NOT DOWNLOAD, ACCESS, OR RELY ON ANY
HKeSP INFORMATION. IN CONSIDERATION OF YOUR AGREEMENT TO THESE TERMS, YOU ARE
ENTITLED TO USE HKeSP INFORMATION AS SET FORTH HEREIN.
1. Term of Agreement. This Agreement becomes effective when you
submit a query to search for a HKeSP.com Certificate, or rely on any HKeSP.com
Information in the manner set forth in the preamble above. This Agreement shall
be applicable for as long as you use and/or rely on such HKeSP.com Information.
2. Definitions.
"Certificate" or “Digital Certificate” means a message that, at least, states a
name or identifies the issuing CA, identifies the Subscriber, contains the
Subscriber's public key, identifies the Certificate’s validity period, contains
a Certificate serial number, and contains a digital signature of the issuing
CA.
"Certificate Applicant" means an individual or organization that requests the
issuance of a Certificate by a Certification Authority.
"Certification Authority" or "CA" means an entity authorized to issue, suspend,
or revoke Certificates. For purposes of this Agreement, CA shall mean
HKeSP.com.
“Certification Practice Statement” or “CPS” means a document, as revised from
time to time, representing a statement of practices a CA employs in issuing
Certificates. HKeSP.com’s CPS is published at www.hkesp.com/ca.
"Non-verified Subscriber Information" means any information submitted by a
Certificate Applicant, and included within a Certificate, that has not been
confirmed by the CA or RA and for which the applicable CA and RA provide no
assurances other than that the information was submitted by the Certificate
Applicant.
"Registration Authority" or "RA" means an entity approved by a CA to assist
Certificate Applicants in applying for, approving, rejecting, or revoking
Certificates.
"Relying Party" means an individual or organization that acts in reliance on a
Certificate.
"Repository" means the collection of documents located at the link for the
repository which may be accessed from the website where the Certificate was
issued.
"Subscriber" means a person, organization, or entity who is the subject of and
has been issued a Certificate, and is capable of using, and is authorized to
use, the private key that corresponds to the public key listed in the
Certificate at issue.
"HKeSP.com Trust Network" or "VTN" means the Certificate-based public key
infrastructure governed by the HKeSP.com Trust Network certificate policies,
which enables the worldwide deployment and use of Certificates by HKeSP.com,
its affiliates, their respective customers, Subscribers and Relying Parties.
3. Informed Decision. You acknowledge and agree that: (i) you
have sufficient information to make an informed decision as to the extent to
which you choose to rely on the information in a Certificate; (ii) your use or
reliance of any HKeSP.com Information is governed by this Agreement and you
shall bear the legal consequences of your failure to comply with the
obligations contained herein. YOU ARE SOLELY RESPONSIBLE FOR DECIDING WHETHER
OR NOT TO RELY ON THE INFORMATION IN A CERTIFICATE.
4. Certificates. HKeSP.com offers three distinct classes of
certificate services, with each class providing specific functionality and
security features corresponding to a specific level of trust within the VTN:
(i) Class 1 Certificates. Class 1 Certificates offer the lowest level of
assurance and should not be used for authentication purposes or to support
non-repudiation. These Certificates are issued to individuals, and
authentication procedures are based on assurances that the Subscriber's
distinguished name is unique within the domain of a particular CA and that a
certain e-mail address is associated with a public key. These certificates do
not provide proof of the identity of the Subscriber. Class 1 Certificates are
appropriate for digital signatures, encryption, and access control for
non-commercial or low-value transactions where proof of identity is not
necessary.
(ii) Class 2 Certificates. Class 2 Certificates offer a medium level of
assurance in comparison with the other two classes. Class 2 authentication
includes verification of information submitted by the Certificate Applicant
against identity proofing sources. Class 2 Certificates can be used for digital
signatures, encryption, and access control, including as proof of identity in
medium-value transactions. Under limited circumstances, Class 2 Certificates
may be issued to an organizational Subscriber (rather than an individual within
the organization). Such Certificates may be used for organization
authentication and application signing only under the terms of the HKeSP.com
CPS.
(iii) Class 3 Certificates. Class 3 Certificates provide the highest level of
assurances within the VTN. Class 3 Certificates are issued to individuals and
organizations for digital signatures, encryption, and access control, including
as proof of identity, in high-value transactions. Class 3 individual
Certificates provide assurances of the identity of the Subscriber based on the
personal (physical) presence of the Subscriber to confirm his or her identity
using, at a minimum, a well-recognized form of government-issued identification
and one other identification credential. Class 3 organizational Certificates
may be issued to devices to provide authentication; message, software, and
content integrity; and confidentiality through encryption. Class 3
organizational Certificates provide assurances of the identity of the
Subscriber based on a confirmation that the Subscriber organization does in
fact exist, that the organization has requested the Certificate Application,
and that the person submitting the Certificate Application on behalf of the
Subscriber was authorized to do so. Class 3 organizational Certificates also
provide assurances that the Subscriber is entitled to use the domain name
listed in the Certificate Application.
5. Your Obligations. As a Relying Party, you are obligated to
ensure the reasonableness of your reliance on any HKeSP.com Information by: (i)
assessing whether the use of a Certificate for any given purpose is appropriate
under the circumstances; (ii) utilizing the appropriate software and/or
hardware to perform digital signature verification or other cryptographic
operations you wish to perform, as a condition of relying on a Certificate in
connection with each such operation; and (iii) checking the status of a
Certificate you wish to rely on, as well as the validity of all the
Certificates in its chain.
6. Limitations on Use. YOU ARE HEREBY NOTIFIED OF THE
POSSIBILITY OF THEFT OR OTHER FORM OF COMPROMISE OF A PRIVATE KEY CORRESPONDING
TO A PUBLIC KEY CONTAINED IN A CERTIFICATE, WHICH MAY OR MAY NOT BE DETECTED,
AND OF THE POSSIBILITY OF USE OF A STOLEN OR COMPROMISED KEY TO FORGE A DIGITAL
SIGNATURE. Further, HKeSP.com Certificates are not designed, intended, or
authorized for use as control equipment in hazardous circumstances or for uses
requiring fail-safe performance such as the operation of nuclear facilities,
aircraft navigation or communication systems, air traffic control systems, or
weapons control systems, where failure could lead directly to death, personal
injury, or severe environmental damage. Class 1 Certificates shall not be used
as proof of identity or as support of non-repudiation of identity or authority.
HKeSP.com, its CAs, and RAs are not responsible for assessing the
appropriateness of the use of a Certificate.
7. Compromise of VTN Security. You shall not monitor,
interfere with, or reverse engineer the technical implementation of the VTN or
otherwise intentionally compromise the security of the VTN (unless you cannot
be prohibited from so doing under applicable law), except upon prior written
approval from HKeSP.com.
8. HKeSP.com Warranties. HKeSP.com warrants to Relying Parties
who reasonably rely on a Certificate that (i) all information in the
Certificate, except for Non-verified Subscriber Information, is accurate as of
the date of Certificate issuance; (ii) Certificates appearing in the Repository
have been issued to the individual, organization, or device named in the
Certificate as the Subscriber; and (iii) the Certificate was issued in
substantial compliance with the HKeSP.com CPS.
9. Disclaimers of Warranties. EXCEPT FOR THE EXPRESS LIMITED
WARRANTIES CONTAINED IN SECTION 8, HKeSP DISCLAIMS ALL OTHER WARRANTIES,
EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSES, SATISFACTION OF
CUSTOMER REQUIREMENTS, NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF A
COURSE OF PERFORMANCE, DEALING OR TRADE USAGE. TO THE EXTENT JURISDICTIONS DO
NOT ALLOW THE EXCLUSION OF CERTAIN REPRESENTATIONS, WARRANTIES OR GUARANTEES,
SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.
10. Indemnity. You agree to indemnify, defend and hold
harmless HKeSP.com, any non-HKeSP.com CA or RA, and any of their respective
directors, shareholders, officers, agents, employees, successors and assigns
from any and all third party claims, suits, proceedings, judgments, damages,
and costs (including reasonable attorney's fees and expenses) arising from (i)
your failure to perform the obligations of a Relying Party in accordance with
this Agreement, (ii) your reliance on a Certificate that is not reasonable
under the circumstances, or (iii) your failure to check the status of a
Certificate to determine if the Certificate is expired or revoked. HKeSP.com
shall promptly notify you of any such claim, and you shall bear full
responsibility for the defense of such claim (including any settlements);
provided however, that (a) you keep HKeSP.com informed of, and consult with
HKeSP.com in connection with the progress of such litigation or settlement; (b)
you shall not have any right, without HKeSP.com’s written consent, which
consent shall not be unreasonably withheld, to settle any such claim if such
settlement arises from or is part of any criminal action, suit or proceeding or
contains a stipulation to or admission or acknowledgement of, any liability or
wrongdoing (whether in contract, tort, or otherwise) on the part of HKeSP.com,
or requires any specific performance or non-pecuniary remedy by HKeSP.com; and
(c) HKeSP.com shall have the right to participate in the defense of a claim
with counsel of its choice at its own expense. The terms of this Section 10
will survive any termination of this Agreement.
11. Limitations of Liability.
11.1 THIS SECTION 11 APPLIES TO LIABILITY UNDER CONTRACT
(INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE AND/OR STRICT
LIABILITY), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM.
11.2 IF YOU INITIATE ANY CLAIM, ACTION, SUIT, ARBITRATION, OR
OTHER PROCEEDING RELATING TO THIS AGREEMENT, TO THE EXTENT PERMITTED BY
APPLICABLE LAW, HKeSP SHALL NOT BE LIABLE FOR (I) ANY LOSS OF PROFIT, BUSINESS,
CONTRACTS, REVENUE OR ANTICIPATED SAVINGS, OR (II) ANY INDIRECT OR
CONSEQUENTIAL LOSS.
11.3 HKeSP'S TOTAL LIABILITY FOR ALL DAMAGES SUSTAINED BY ALL
RELYING PARTIES CONCERNING A SPECIFIC CERTIFICATE (OTHER THAN AN EXTENDED
VALIDATION CERTIFICATE) SHALL BE DETERMINED ACCORDING TO THE CLASS OF THE
CERTIFICATE RELIED UPON AND LIMITED, IN THE AGGREGATE, TO THE AMOUNT SET FORTH
BELOW.
Class
|
Liability Caps
|
Class 1 |
One Hundred RMB ($ 100.00 CNY) |
Class 2 |
Five Thousand RMB ($ 5,000.00 CNY) |
Class 3 |
Ten Thousand RMB ($10,000.00 CNY) |
THE LIABILITY LIMITATIONS PROVIDED IN THIS SUBSECTION 11.3 SHALL BE THE SAME
REGARDLESS OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS, OR CLAIMS RELATED
TO SUCH CERTIFICATE.
11.4 THIS SUBSECTION 11.4 APPLIES TO HKeSP SSL CERTIFICATES
WITH EXTENDED VALIDATION ONLY: IF HKeSP FAILED TO ISSUE THE EXTENDED VALIDATION
CERTIFICATE IN COMPLETE COMPLIANCE WITH THE EXTENDED VALIDATION GUIDELINES,
THEN HKeSP’S LIABILITY FOR LEGALLY RECOGNIZED AND PROVEN CLAIMS SHALL BE
LIMITED TO RMB¥2000 PER RELYING PARTY PER CERTIFICATE.
11.5 NOTWITHSTANDING THE FOREGOING, HKeSP’S LIABILITY SHALL
NOT BE LIMITED UNDER THIS SECTION 11 IN CASES OF PERSONAL INJURY OR DEATH
ARISING FROM HKeSP’S NEGLIGENCE OR TO ANY OTHER LABILITY WHICH CANNOT BE
EXCLUDED BY APPLICABLE LAW (INCLUDING MANDATORY LAWS OF ANY APPLICABLE
JURISDICTION). TO THE EXTEND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF
CERTAIN LIABILITY LIMITATIONS, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO
YOU.
12. Force Majeure. Neither party shall be deemed in default
hereunder, nor shall it hold the other party responsible for, any cessation,
interruption or delay in the performance of its obligations hereunder
(excluding payment obligations) due to earthquake, flood, fire, storm, natural
disaster, act of God, war, armed terrorism, armed conflict, labor strike,
lockout, boycott or other similar events beyond the reasonable control of such
party, provided that the party relying upon this Section 12 (i) gives prompt
written notice thereof; (ii) takes all steps reasonably necessary to mitigate
the effects of the force majeure event; provided further, that in the event a
force majeure event extends for a period in excess of thirty (30) days in the
aggregate, either party may immediately terminate this Agreement upon written
notice.
13. Severability. If any provision of this Agreement should be
found by a court of competent jurisdiction to be invalid, illegal or
unenforceable in any respect, the validity, legality and enforceability of the
remaining provisions contained shall not, in any way, be affected or impaired
thereby.
14. Governing Law. Any disputes related to this Agreement
shall be governed in all respects by and construed in accordance with the laws
of the Commonwealth of Virginia, United States of America, excluding its
conflict of laws rules.
15. Dispute Resolution. To the extent permitted by law, before
you invoke any dispute resolution mechanism with respect to a dispute involving
any aspect of this Agreement, you shall notify HKeSP.com, and any other party
to the dispute for the purpose of seeking resolution. If the dispute is not
resolved within sixty (60) days after the initial notice, then a party may
proceed in accordance with the following:
(i) When each party to the dispute is a Canadian or U.S. resident or
organization situated or doing business in Canada or the United States. All
suits arising in connection with this Agreement shall be brought in the United
States District Court for the Eastern District of Virginia or the state courts
of Fairfax County, Virginia, U.S.A. The parties agree that such courts shall
have exclusive in personam jurisdiction and submit to the exclusive in personam
jurisdiction and venue of such courts. The parties further waive any right to a
jury trial regarding any action brought in connection with this Agreement.
(ii) Where one or more parties to the dispute is not a Canadian or U.S.
resident or organization situated or doing business in Canada or the United
States. All disputes arising in connection with this Agreement shall be finally
settled under the Rules of Conciliation and Arbitration of the International
Chamber of Commerce (ICC) as modified as necessary to reflect the provisions
herein by one or more arbitrators. The place of arbitration shall be in Geneva,
Switzerland, and the proceedings shall be conducted in English. In cases
involving a single arbiter, that single arbiter shall be appointed by mutual
agreement of the parties. If the parties fail to agree to an arbiter within
fifteen (15) days, the ICC shall choose an arbiter knowledgeable in computer
software law, information security and cryptography or otherwise having special
qualifications in the field, such as a lawyer, academician, or judge in common
law jurisdiction.
Nothing in this Agreement will be deemed as preventing either party from
seeking injunctive relief (or any other provisional remedy) from any court
having jurisdiction over the parities and the subject matter of this dispute as
is necessary to protect either party's name, proprietary information, trade
secret, know-how, or, or any other intellectual property rights.
16. Non-Assignment. Except as stated otherwise, your rights
under this Agreement are not assignable or transferable. Any attempt by your
creditors to obtain an interest in your rights herein, whether by attachment,
levy, garnishment or otherwise, renders this Agreement voidable at HKeSP.com's
option.
17. Notices. You will make all notices, demands or requests to
HKeSP.com with respect to this Agreement in writing to: Attn: General Counsel,
HKeSP.com, Inc., 200 Tai Nan Street, Sham Shui Po, KLN, HK.
18. Entire Agreement. This Agreement constitute the entire
understanding and agreement between HKeSP.com and you with respect to the
transactions contemplated, and supersedes any and all prior or contemporaneous
oral or written representation, understanding, agreement or communication
relating thereto.
HKeSP.com Relying Party Agreement Version 1.0
Last Updated on: 31 / August / 2015