Uses of the Certificates

1. Permitted uses for the certificates

Corporate certificate of membership

The corporate certificates of membership are certificates recognised in accordance with the provisions set out in article 11.1, with the contents defined in article 11.2 and issued in compliance with the obligations of articles 12, 13, and 17 to 20 of Law 59/2003, of 19 December, on electronic signature.

Corporate certificates of membership work with secure device for creating electronic signature, in accordance with article 24.3 of Law 59/2003, of 19 December, and they comply with the provisions laid down in the technical standards of the European Telecommunications Standards Institute, identified with reference TS 101 456.

The certificates are issued to registered members in the corporate scope of the subscriber association, and they are in no event issued to the public. This member is considered the owner of the respective keys and of the card and complementary software.

The corporate certificates of membership guarantee the identity of the subscriber and owner of the private identification key and signature, and permit the "recognised electronic signature" to be generated; in other words, the advanced electronic signature which is based on a recognised certificate and which has been generated using a secure device, for which, as set out in article 3 of Law 59/2003, of 19 December, has a status equal to the electronic signature, for legal effects, without having to fulfil any other additional requirement.

They likewise guarantee the status of registered member, given the compulsory intervention of the association in the certificate issuance proceedings, acting as registration entity or as guarantor of the information.

On the other hand, the corporate certificates of membership may be used in applications that do not require electronic signature equivalent to written signature, but only the identification of the owner of the keys, in the name of the subscriber, such as the applications which are indicated below:

  1. Authentication in access control systems.
  2. Secure electronic mail signature.
  3. Other digital signature applications.

The electronic signature generated in the use of these applications will have the effects determined in the regulatory standards of the application, which may declare the equivalence with the written signature or just the identification effect, because this signature, at least, will have been produced with the secure device.

Lastly, the corporate certificates of membership may be used to encrypt own documents or to receive confidential documents, in any format, protected by the encrypting of the document using:

  1. The public key of the owner of keys indicated in the certificate.
  2. An encryption key to session, symmetric, encrypted with the public key of the owner of keys indicated in the certificate.

In all events, the owner of the key should use his private key to decrypt the message, warning the subscriber of the certificate and the owner of the key that in no event can a lost key be recovered, so that the OMC will not respond for any loss of encrypted information that cannot be recovered in cases of loss of certificates or keys.

Corporate certificate of administrative personnel

The corporate certificates of administrative personnel are certificates recognised in accordance with the provisions set out in article 11.1, with the contents prescribed in article 11.2 and issued in compliance with the obligations of articles 12, 13, and 17 to 20 of Law 59/2003, of 19 December, on electronic signature.

LCorporate certificates of administrative personnel work with secure device for creating electronic signature, in accordance with article 24.3 of Law 59/2003, of 19 December, and they comply with the provisions laid down in the technical standards of the European Telecommunications Standards Institute, identified with reference TS 101 456.

The certificates are issued to administrative personnel in the corporate scope of the subscriber association, and in no event are they issued to the public. This body is considered the owner of the respective keys and of the card and complementary software.

The corporate certificates of administrative personnel guarantee the identity of the subscriber and owner of the private identification key and signature, and permit the "recognised electronic signature" to be generated; in other words, the advanced electronic signature which is based on a recognised certificate and which has been generated using a secure device, for which, as set out in article 3 of Law 59/2003, of 19 December, has a status equal to the electronic signature, for legal effects, without having to fulfil any other additional requirement.

They likewise include a declaration concerning the category of the owner of keys, that they have been verified before issuing the certificate, and are correct. It should be pointed out that this indication is not, in itself, enough to determine the powers which the owner of keys has in order to sign on behalf of the subscriber; consequently the user of the certificate will have to verify the signature authorities and powers of the owner by other different means to the certificate, for example the OMC validation service.

On the other hand, the corporate certificates of administrative personnel may be used in applications that do not require electronic signature equivalent to written signature, but only the identification of the owner of the keys, in the name of the subscriber, such as the applications which are indicated below::

  1. Authentication in access control systems.
  2. Secure electronic mail signature.
  3. Other digital signature applications.

The electronic signature generated in the use of these applications will have the effects determined in the regulatory standards of the application, which may declare the equivalence with the written signature or only the identification effect, because at least this signature will have been produced with the secure device.

Lastly, the corporate certificates of administrative personnel may be used to encrypt own documents or to receive confidential documents, in any format, protected by the encrypting of the document using:

  1. The public key of the owner of keys indicated in the certificate.
  2. An encryption key to session, symmetric, encrypted with the public key of the owner of keys indicated in the certificate.

In all events, the owner of the key should use his private key to decrypt the message, warning the subscriber of the certificate and the owner of the key that in no event can a lost key be recovered, so that the CGCOM will not respond for any loss of encrypted information that cannot be recovered in cases of loss of certificates or keys.

Corporate certificate of professional association

The corporate certificates of professional association are certificates recognised in accordance with the provisions set out in article 7 and 11.1, with the contents prescribed in article 11.2 and issued in compliance with the obligations of articles 12, 13, and 17 to 20 of Law 59/2003, of 19 December, on electronic signature.

Corporate certificates of professional association work with secure device for creating electronic signature, in accordance with article 24.3 of Law 59/2003, of 19 December, and they comply with the provisions laid down in the technical standards of the European Telecommunications Standards Institute, identified with reference TS 101 456.

Corporate certificates of professional association are certificates for the association, for use in applications of Public Administrations that expressly admit certificates of legal entity, and in no event are they issued to the public. The person who receives the professional association certificate is considered the owner and responsible for the safekeeping of the keys, and also the respective complementary software and card.

The corporate certificates of professional association guarantee the identity of the subscriber and owner of the private identification key and signature, and permit the "recognised electronic signature" to be generated; in other words, the advanced electronic signature which is based on a recognised certificate and which has been generated using a secure device, for which, as set out in article 3 of Law 59/2003, of 19 December, has a status equal to the electronic signature, for legal effects, without having to fulfil any other additional requirement.

On the other hand, the corporate certificates of professional association may be used in applications that do not require electronic signature equivalent to written signature, but only the identification of the owner of the keys, in the name of the subscriber, such as the applications which are indicated below:

  1. Authentication in access control systems.
  2. Secure electronic mail signature..
  3. Other digital signature applications.

The electronic signature generated using these applications will have the effects determined in the regulatory standards of the application, which may declare the equivalence with the written signature or only the identification effect, because this signature, at least, will have been produced with the secure device.

Lastly, the corporate certificates of professional association may be used to encrypt own documents or to receive confidential documents, in any format, protected by the encrypting of the document using:

  1. The public key of the owner of keys indicated in the certificate.
  2. An encryption key to session, symmetric, encrypted with the public key of the owner of keys indicated in the certificate.

In all events, the owner of the key should use his private key to decrypt the message, warning the subscriber of the certificate and the owner of the key that in no event can a lost key be recovered, so that the OMC will not respond for any loss of encrypted information that cannot be recovered in cases of loss of certificates or keys.

Corporate certificate of registered body

The corporate certificates of registered body are certificates recognised in accordance with the provisions set out in article 11.1, with the contents prescribed in article 11.2 and issued in compliance with the obligations of articles 12, 13, and 17 to 20 of Law 59/2003, of 19 December, on electronic signature.

Corporate certificates of registered body work with secure device for creating electronic signature, in accordance with article 24.3 of Law 59/2003, of 19 December, and they comply with the provisions laid down in the technical standards of the European Telecommunications Standards Institute, identified with reference TS 101 456.

The certificates are issued to registered bodies in the corporate scope of the subscriber association, and in no event are they issued to the public. This body is considered the owner of the respective keys and of the card and complementary software.

The corporate certificates of registered body guarantee the identity of the subscriber and owner of the private identification key and signature, and permit the "recognised electronic signature" to be generated; in other words, the advanced electronic signature which is based on a recognised certificate and which has been generated using a secure device, for which, as set out in article 3 of Law 59/2003, of 19 December, has a status equal to the electronic signature, for legal effects, without having to fulfil any other additional requirement.

They likewise include a declaration concerning the category and organic office of the owner of keys, that they have been verified before issuing the certificate, and are correct. It should be pointed out that this indication is not, in itself, enough to determine the powers which the owner of keys has in order to sign on behalf of the subscriber; consequently the user of the certificate will have to verify the signature authorities and powers of the owner by other different means to the certificate, for example the OMC validation service.

On the other hand, the corporate certificates of registered body may be used in applications that do not require electronic signature equivalent to written signature, but only the identification of the owner of the keys, in the name of the subscriber, such as the applications which are indicated below:

  1. Authentication in access control systems.
  2. Secure electronic mail signature.
  3. Other digital signature applications.

The electronic signature generated in the use of these applications will have the effects determined in the regulatory standards of the application, which may declare the equivalence with the written signature or only the identification effect, because this signature, at least, will have been produced with the secure device.

Lastly, the corporate certificates of registered body may be used to encrypt own documents or to receive confidential documents, in any format, protected by the encrypting of the document using:

  1. The public key of the owner of keys indicated in the certificate.
  2. An encryption key to session, symmetric, encrypted with the public key of the owner of keys indicated in the certificate.

In all events, the owner of the key should use his private key to decrypt the message, warning the subscriber of the certificate and the owner of the key that in no event can a lost key be recovered, so that the OMC will not respond for any loss of encrypted information that cannot be recovered in cases of loss of certificates or keys.

2. Limits and prohibitions of use of the certificates

The certificates shall be used for their own function and established purpose, and shall not be used for other functions and with other purposes.

Likewise, the certificates shall only be used in accordance with applicable law, especially considering the import and export restrictions in force from time to time. 
The certificates shall not be used for signing petitions for issue, renewal, suspension or recall of certificates or for signing any kind of public key certificates, or for signing lists of certificate revokes (LRC).

The certificates have not been designed, cannot be used and their use or resale is not authorised as control devices of dangerous situations or for uses that require fail safe actions, such as the functioning of nuclear plants, navigation systems or air communications, or weapons control systems, where a failure could directly lead to death, personal injuries or severe environmental damage.