Digital certificate obligations

Digital Certificate (DC) security is vital both for customers and LINZ to safeguard the use and integrity of Landonline.

General

  1. Upon an Applicant being confirmed as a Subscriber then he or she must:
    1. generate a Key Pair using a LINZ approved digital certificate installation application;
    2. ensure that all information provided and any representations made to LINZ, LINZ’s Customer Registration Authority and the Certification Authority are complete and accurate;
    3. not modify the contents of a Certificate or use his or her Certificate for the purposes of creating further Certificates;
    4. and only use a Certificate for Landonline Remote Access and then only for legal and authorised purposes.

Storage and Protection

  1. The Subscriber must protect his or her Private Key(s) from any Compromise and take all necessary precautions to prevent any loss, disclosure, modifications, or unauthorised use of his or her Private Key(s); and
  2. The Subscriber must not archive his or her Private Key(s) or place his or her Private Key(s) in Escrow;
  3. The Subscriber must not use his or her Private Key in relation to more than one Certificate or for any software or hardware authentication application other than Landonline;
  4. No person shall download another person's digital certificate. This rule applies equally to Agents, who shall not download a digital certificate on behalf of another person.
  5. The Subscriber or person named in the digital certificate is the only person authorised to download that certificate.

Renewal, Revocation and Compromise

  1. The Subscriber must apply for renewal of each Key Pair at least 4 weeks before expiry of one of the Keys in that Key Pair.
  2. On the renewal of any Certificate, the Subscriber must:
    1. generate a new Key Pair using a LINZ approved digital certificate installation application;
    2. delete old Keys and Certificates from his or her browser; and
    3. follow the processes and procedures that apply in relation to initial registration of a Certificate
  3. Only a Subscriber can apply for the renewal of a Key Pair in his or her name.
  4. A Subscriber may only request revocation of a Certificate through LINZ and may not directly request the Certification Authority to revoke a Certificate.
  5. A Subscriber must immediately notify LINZ of:
    1. any change to any information included in his or her Certificate or any change in circumstances which would make the information in his or her Certificate misleading or inaccurate; and
    2. known or suspected loss, disclosure or other compromise of his or her Private Key(s).
  6. In the event of one of the matters in (11), a Subscriber must:
    1.  immediately request that the Certificate be revoked;
    2. request that a new certificate be generated; and
    3. help LINZ investigate the circumstances of any such known or suspected loss, disclosure or other compromise.
  7. A request under (12.1) or (12.2) is to be made in a manner specified by the LINZ Registration Authority and Landonline User Guide.
  8. If revocation of a Certificate is required for any reason other than Compromise, the Subscriber must ask LINZ for such revocation as soon as reasonably practicable.
  9. A Subscriber must stop using his or her Certificate if it has expired or been revoked.

Definitions

Terms used in these User Obligations have the same meaning as terms in the Landonline General Terms and Conditions, unless otherwise defined below.

Certificate means a data record produced by the Certification Authority that:
  a. identifies the Certification Authority issuing it;
  b. names or otherwise identifies the relevant Subscriber;
  c. contains a Public Key that corresponds to a Private Key under the control of the relevant Subscriber;
  d. identifies the data record’s operational period;
  e. contains a serial number; and
  f. is digitally signed by the Certification Authority;

Certification Authority means the entity selected by LINZ to issue and manage the Certificates;

Escrow means any arrangement whereby the Subscriber delivers his or her Private Key into the hands of a third party to be held until the happening of some event or the performance of some condition;

Key means a Private Key or a Public Key, as the context requires;

Key Pair means two cryptographic keys that allow a message encrypted by one key to only be decrypted by the other and that do not allow one key to be discovered by calculations involving the other key;

LINZ Registration Authority (RA) means the person or entity appointed by LINZ from time to time to manage the application, registration and revocation procedures for Subscribers;

Private Key means the unrevealed key of a Key Pair;

Public Key means the revealed key of a Key Pair.