Appendix revision date: March 1, 2018.
APPENDIX: DESCRIPTION OF THE K.SIGN PERSONAL QUALIFIED CERTIFICATE SERVICE
DocuSign France offers a K.Sign Personal Qualified Certificate Service in response to specific operations that shall be strictly limited to signing documents in all formats and with all types of signature tools compatible with the DocuSign France time-stamping and OCSP services.
1. Subscriber and Authorized Representative
What the Subscriber and Authorized Representative will have access to:
- Registration Portal for filling the Certificate Requests;
- DocuSign Signature Web Portal to sign submitted Certificate Requests when appropriate;
- Certificate to be loaded onto the Cryptographic device associated with the Certificate;
- Activation Code of the Certificate;
- Publication of the CRL (Certificate Revocation List);
- Tools for verifying the Certificate;
- Certificate Authority Certificates;
- Appropriate middleware for enabling the use of the Certificate on the Subscriber computer;
- List of supported computer platforms with the Certificate;
- Access to an Online Certificate Status Protocol (OCSP) for the Certificate validation service; and
- Recognition of the Certificate Authority in Adobe Reader software (version 9 and upwards) enabling automatic validation of signatures made with the Certificate.
2. Customer and DRA Central Operators
The K.Sign Personal Qualified Certificate Service allows a DRA Central Operator to manage Certificate Requests for issuing, renewing, and revoking Certificates. As part of the K.Sign Personal Qualified Certificate Service, DocuSign France shall provide the following:
- Authentication of Certificate Requests originating from a DRA and sent by a DRA Central Operator;
- Authentication of Revocation Requests originating from a DRA and sent by a DRA Central Operator;
- Validation of the Subscriber’s Legal Entity entered in the Certificate Request sent by a DRA Central Operator;
- Verification of completeness of registration applications sent by a DRA Operator;
- Issuance of K.Sign Personal Qualified Certificate for the benefit of the Subscriber designated in the Certificate Requests sent by a DRA Central Operator;
- Shipment of the Certificate to the DRA with the Certificate Delivery form to be signed during the face-to-face delivery;
- Access to Customer Support using https://support.docusign.com/en/acct1login and account credential received at login creation by DocuSign France;
- Revocation of Certificates; and
- Access to an OCSP Certificate validation service.
Digitized management of Certificate Requests through a Registration Portal interface shall made available to the Authorized Users by DocuSign France. This Registration Portal may be used and accessed for the following purposes:
- To enable Authorized Users to fulfill and submit Certificate Requests;
- To enable Authorized Users to follow up on the status of their Certificate Request progress towards verification and signature by all Parties;
- To enable the DRA Central Operator to have a dedicated authenticated access;
- To enable the DRA Central Operator to manage the Certificate Request for the purpose of:
- Notifying the Parties for signature;
- Following the status of the Certificate Request at DocuSign France until its issuance;
- Having a complete situation of all the Certificate Requests ongoing and completed or canceled;
- Printing the Certificate Delivery form associated with the Subscriber Certificate if needed during the face-to-face delivery; and
- Sending the Certificate Delivery form associated with the Subscriber Certificate to a signature workflow when possible.
- To enable the DRA to make available the list of the Certificates they manage as incorporated into the Agreement.
Under the Service, DocuSign France delivers Certificates that comply with the requirements of the Regulation:
- Certificate OID: 184.108.40.206.4.1.22220.127.116.11.15
- eIDAS regulation compliancy: ETSI 319 411 – 2 QCP-N + QSCD
In this regard, the digitized workflow for Certificate Request management shall be defined by DocuSign France in accordance with audited issuing procedures described in the Certification Policy for Seal Server Certificates that can be found at the following URL: https://www.docusign.fr/societe/politiques-de-certifications.
4. Service Setup
During the Service setup, the following are delivered:
- Training of DRA Central Operators;
- Customization of the Registration Portal and enablement of the DRA workspace with the Certificate type;
- Provisioning of the DRA Central Operators account in the DocuSign Signature Web Portal; and
- Delivery of the authentication certificate for maximum three (3) DRA Central Operators, additional authentication certificates can be procured.
5. Training of DRA Central Operators
This training is performed in a form of remote presentation of the Registration Portal and DocuSign Signature Web Portal. This session includes:
- Training of DRA Central Operators including technical training on the provided tools - Registration Portal and DocuSign Signature Web Portal for managing the Certificate Requests;
- Security training with regards to the duties associated with the DRA role and described in the Agreement; and
- A Training attendance sheet that is signed by each DRA Central Operator.
Presentation material is delivered to the DRA Central Operator.
6. Authenticated access of DRA Central Operators
In order to access the Registration Portal, each DRA Central Operator will need to complete a Certificate Request for K.Sign Office Certificate.
To access the DocuSign Signature Web Portal, the DRA Central Operator is provisioned with a login and password.
In this regard, the Customer is solely responsible for any damaging consequences that may result from the use of the DocuSign Signature Web Portal by an unauthorized third party following a fault or an act of negligence by an individual acting under the security of his/her password received via SMS or email and of the login and/or password provided to him/her by the DRA Central Operator.