COMPLETE TERMS OF SUBSCRIBER AGREEMENT:

1. Scope. This Agreement governs your rights, duties and liabilities as a Subscriber of an Intermediate Assurance Level Certificate issued by IdenTrust, using terms as defined in Section 12.

2. Certificate Issuance

2.1 Application. Contents of Your Certificate will be based on the information You entered on the previous screens as part of your completed application. If You are uncertain whether the information You provided is accurate, You should now click the "BACK" button in your browser and correct it. You agree to provide such further information as IdenTrust may reasonably require in connection with your application and the Identification and Authentication process.

2.2 Key Pair Generation. Two Key Pairs will be generated by You as part of the retrieval process. The two Public Keys (Digital Signature and Encryption) will be incorporated into Your Certificates and stored by IdenTrust in its Certificate Repository. IdenTrust issues separate Certificates for: (i) Digital Signature purposes (Your Digital Signature Certificate) and (ii) encryption/decryption purposes (Your Encryption Certificate). IdenTrust will keep a copy of the Private Key corresponding to Your Encryption Certificate in a secure, encrypted database for Key Recovery purposes, to be disclosed only pursuant to Sections 4.1 or 4.2. HOWEVER, IN NO EVENT SHALL IdenTrust EVER HAVE ACCESS TO, OR STORE, YOUR DIGITAL SIGNATURE PRIVATE KEY.

2.3 Identification and Authentication. Prior to issuing Your Certificate, IdenTrust will verify the information You submit in your application. You hereby authorize IdenTrust to verify your identity by any reasonable means. IdenTrust may consult public or private databases or other sources, solely for the purpose of verifying information submitted by you so that IdenTrust can verify your identity. IdenTrust will not request a credit report without your express written prior consent. In no way shall this Agreement be construed as any express consent from you to obtain a credit report. If, based on the information available, IdenTrust is unable to identify and authenticate You and your certificate request to its satisfaction, IdenTrust may refuse to issue You a certificate or seek your permission to obtain additional information. You also authorize IdenTrust to store and use in accordance with this Agreement any information generated during the application, Identification and Authentication, and certificate issuance processes. At all times, IdenTrust agrees to protect your privacy in accordance with Section 4.1 below.

2.4 Issuance. If IdenTrust accepts your application for an Intermediate Assurance Level Certificate and confirms the information submitted during the application process, IdenTrust will create Your Certificate and notify You how and where to retrieve Your Certificate. If IdenTrust is unable to confirm your identity, IdenTrust may refuse to approve your application and will not issue You an Intermediate Assurance Level Certificate.

2.5 Acceptance. When You enter the activation code(s), as provided by IdenTrust, in order to download Your Certificate, You will once again be presented with the Certificate's proposed contents. You agree to review the proposed contents of Your Certificate, and immediately notify IdenTrust of any errors, defects or problems with Your Certificate. You agree that You will have accepted Your Certificate: (i) when You use Your Certificate or the corresponding Private Key after downloading Your Certificate, or (ii) if You fail to notify IdenTrust of any errors, defects or problems with Your Certificate within a reasonable time after downloading it.

2.6 Certificate Lifetime. Your Certificate and renewals, will be valid for two years from the date of issuance. You will be notified and given the opportunity to renew your certificate beginning ninety (90) days prior to the expiration of your current certificate, unless (a) Your Certificate has been revoked or, (b) You have notified IdenTrust to cancel this agreement. If you elect to renew, you will be charged for a renewal certificate, and you will be responsible for complying with IdenTrustÆs then current procedures to receive your renewal certificate. The terms of this agreement shall apply to each such renewal certificate.

2.7 Purchase with Public Funds. You agree that if Your Certificate is purchased with funds provided by a governmental entity (the "Purchaser"), the Purchaser may act either on your behalf or on behalf of the Purchaser for the purposes of:
- requesting certificate revocation in accordance with Section 3.6 and 4.4; or
- requesting Key Recovery in accordance with Section 4.2
The Purchaser reserves the right to take these actions without cause and without Your prior consent.

3. Your Rights and Responsibilities

3.1 Fee. You agree to pay the applicable certificate issuance fee if You are issued an Intermediate Assurance Level Certificate using one of the payment methods available through IdenTrust's online State of Washington Certificate Center, or through other payment arrangements agreed upon between IdenTrust and You or someone acting on your behalf.

3.2 Representations and Warranties. By accepting Your Certificate, You: (i) accept its contents and the responsibilities identified in this Agreement, and (ii) represent and warrant to IdenTrust and to all who reasonably rely on the information contained in Your Certificate that: (a) You rightfully hold the Private Key corresponding to Public Key listed in Your Certificate; (b) all representations You made and information You submitted to IdenTrust in the application process were current, complete, true and not misleading, (c) You have provided all facts material to confirming your identity and to establishing the reliability of Your Certificate, (d) all information in Your Certificate that identifies You is current, complete, true and not misleading, (e) You are not aware of any fact material to the reliability of the information in Your Certificate that has not been previously communicated to IdenTrust, and (f) You have kept your Private Key secret.

3.3 Use of your Certificate. You may use Your Digital Signature Certificate to establish your identity with third-parties, sign documents and forms, file documents electronically, and obtain access to certificate-enabled on-line sources of information. Your encryption Certificate will allow You to engage in secure, encrypted communications with others. You may not use Your Certificate for (i) the execution of any application requiring fail-safe performance, such as the operation of nuclear power facilities, air traffic control systems, aircraft navigation systems, weapons control systems, or any other system whose failure could lead to injury, death or environmental damage; (ii) transactions where applicable law prohibits the use of Digital Signatures or encryption; or (iii) fraud or any other illegal scheme or purpose. If You use Your Certificate for any purpose prohibited in this Section, You forfeit all of the rights and protections granted to You by IdenTrust under this Agreement.

3.4 PROTECT YOUR PRIVATE KEY. You are solely responsible for protecting your Private Key. If you suspect or discover that either of your private keys has been stolen, lost, or otherwise compromised, then You must immediately notify IdenTrust, as provided in Section 3.6 below (if possible via e-mail signed with your Private Key), and request that Your Certificate be revoked. If this occurs, You must then immediately cease all use of Your Certificate and your Private Keys.

Failure to notify IdenTrust of the theft, loss, compromise, or misuse of either of your Private Keys, or continued use of the Key or Certificate after they have been compromised may cause You serious adverse legal consequences.

You agree to keep your Private Key (and any Activation Data used to protect your Private Key) secret and secure by (i) storing your Private Key only in (a) a Hardware Token, or (b) a Software Cryptomodule that requires the entry of Activation Data in order to access Key information (e.g., Entrust/Entelligence); (ii) protecting access to such Hardware Token or Software Cryptomodule by a PIN or password consisting of an alphanumeric code (combination of letters and/or numbers) of at least eight characters; and (iii) taking other reasonable security measures to prevent unauthorized access to, or disclosure, loss, modification, compromise, or use of, your Private Key, any Activation Data and the computer system or media on which your Private Key is stored.

3.5 Changes in Certificate Information. If Your name or your e-mail address listed in Your Certificate changes, You should immediately notify IdenTrust. If IdenTrust does not have a valid name or e-mail address for You, IdenTrust may not be able to fully perform its obligations to You, including but not necessarily limited to, sending Certificate renewal notices, revocation and suspension notices, and providing other information You may need to know about Your Certificate and its use. An incorrect e-mail address in Your Certificate may also prevent You from using it for signing and securing your e-mail, and may cause other technical problems or limitations on the use of Your Certificate.

3.6 Revoke your Certificate.
When to Revoke Your Certificate. You must immediately request that IdenTrust revoke Your Certificate if: (i) your name listed in Your Certificate is no longer current, complete or true; or (ii) You ever discover or suspect that your Private Key has been or is in danger of being lost, disclosed, compromised or subjected to unauthorized use in any way. You may also request that IdenTrust revoke Your Certificate at any time for any other reason.
How to Revoke Your Certificate. You can initiate a revocation request by: (i) sending a signed e-mail (containing the reason for revocation and using your Private Key) to helpdesk@IdenTrust.com; or (ii) requesting revocation online (using your Private Key) at IdenTrust's Certificate Center at http://www.IdenTrust.com/wa; or (iii) by calling the IdenTrust/State of Washington Customer Service Center at 1-888-294-7831.

3.7 Cease Using Your Certificate. You must immediately cease using Your Certificate (except You may use Your Encryption Certificate's Private Key for file decryption) in the following circumstances: (i) when You suspect or discover that your Private Key has been or may be compromised or subjected to unauthorized use in any way; (ii) when your name listed in Your Certificate is no longer current, complete or true; (iii) after You have requested, or been notified by IdenTrust that someone has requested, that Your Certificate be suspended; (iv) upon the revocation or expiration of Your Certificate; or (v) upon termination of this Agreement.

3.8 Consequences of Breach. If You act in any manner counter to Your obligations under this Agreement, You will forfeit any claims You may have against IdenTrust.

3.9 Indemnification. By accepting Your Certificate, You agree to indemnify and hold IdenTrust and its directors, officers, employees, agents and affiliates harmless from any and all liabilities, costs, and expenses, including reasonable attorneys' fees, related to: (i) any misrepresentation or omission of material fact by You to IdenTrust, whether or not such misrepresentation or omission was intentional; (ii) your violation of this Agreement; (iii) any compromise or unauthorized use of Your Certificate or your Private Key that is not caused by IdenTrust, unless prior to such unauthorized use You have appropriately requested revocation of Your Certificate and proven your authority to request revocation; or (iv) your misuse of Your Certificate or your Private Key, including without limitation any use of Your Certificate that is not permitted by this Agreement; PROVIDED, however, that nothing herein shall require the Subscriber to indemnify IdenTrust for any consequences caused by the fault of IdenTrust, or IdenTrust's failure to fulfill any of its obligations.

4. IdenTrust's Rights and Responsibilities

4.1 Your Privacy Is Important. IdenTrust will use reasonable care to ensure that your Private Information will be kept confidential. IdenTrust will: (i) comply with all applicable laws and regulations regarding privacy of information; (ii) protect the confidentiality of your Private Information; and (iii) use your Private Information only for the purpose of providing Certificate services and carrying out the provisions of this Agreement. Your Private Information will not be sold, rented, leased, or disclosed in any manner to any person without your prior express consent, except (i) as required by law, or (ii) as may be necessary for the performance of Certificate and Repository services or for auditing requirements. IdenTrust will protect your Private Information in a manner designed to ensure its integrity and to make it available to You, following an appropriate request.

However, Your Intermediate Assurance Certificate and any information contained in Intermediate Assurance Level Certificates, including your identity, must be seen by others and is not private. Information that may be disclosed includes, but is not limited to: (i) your name and e-mail address, (ii) the Public Key listed in Your Certificate; and (iii) the certificate serial number and expiration date. However, your address, telephone number and other personally identifying information, other than name and e-mail address, will not appear in Your Certificate and will not be disclosed to third parties except as provided in this Agreement.

4.2 Key Recovery. IdenTrust will provide Key Recovery services for the Private Key corresponding to Your Encryption Certificate in the event that it becomes unavailable. IdenTrust charges key recovery fees to entities governed by the Master Contract in accordance with the fee structure of the Master Contract. Other parties not governed by the Master Contract may obtain Key Recovery by paying the fees as provided in IdenTrust's current published fee schedule or by separate agreement with IdenTrust.

4.3 Certificate Repository. During the term of this Agreement, IdenTrust will operate and maintain a secure on-line Repository that is available to Relying Parties and that contains (i) all current, valid Certificates issued by IdenTrust under the State of Washington PKI (including, as applicable, Your Certificate), and (ii) a CRL and/or on-line database indicating the status, whether valid, suspended or revoked, of such Certificates. When You accept Your Certificate, IdenTrust will publish Your Certificate in the Repository and will indicate its valid status until it is suspended, revoked or expired, as provided in Section 4.4 below. IdenTrust will provide non-exclusive access to the Repository to Relying Parties to check the validity and status of Your Certificate.

4.4 Revocation and Suspension. If You request that Your Certificate be revoked, IdenTrust will revoke Your Certificate and update the Repository as soon as practical, but not later than set forth in the Certificate Policy, after IdenTrust has adequately confirmed that the person making the revocation request is authorized to do so. If the request is signed using your Private Key, IdenTrust will accept the request as valid.

IdenTrust may suspend Your Certificate for period of up to five business days upon receipt of an order of the Washington Secretary of State as provided in Section 19.34.210(5) of the Revised Code of Washington. If necessary due to technical requirements, IdenTrust's suspension procedure may be to temporarily revoke and then reissue the Certificate at no charge to You.

IdenTrust may revoke Your Certificate without advance notice, and thereafter notify you, if it determines that: (i) Your Certificate was not properly issued or was obtained by fraud; (ii) the security of your Private Key has or may have been lost or otherwise compromised; (iii) Your Certificate has become unreliable; (iv) material information in your application or Your Certificate has changed or has become false or misleading; (v) You have violated any applicable agreement or obligation; (vi) You or the Purchaser request revocation or suspension; (vii) a governmental authority has lawfully ordered IdenTrust to revoke Your Certificate; (viii) this Agreement terminates; or (ix) there are any other grounds for revocation.

IdenTrust will notify You when Your Certificate has been revoked or suspended.

4.5 Warranty, Disclaimer of Other Warranties and Limitation of Liability.

Warranty. IdenTrust warrants to You, as of the time IdenTrust issues Your Certificate and as of the time any Relying Party checks the Repository for the validity of Your Certificate, that: (i) when authenticating your identity and issuing Your Certificate, IdenTrust complied with the requirements of IdenTrust's policies and procedures governing Identification and Authentication and issuance of Certificates under the State of Washington Certificate Policy, (ii) in issuing Your Certificate, IdenTrust did not exceed any limits of its license as a Certification Authority in the State of Washington, (iii) IdenTrust took reasonable steps to verify the information in Your Certificate; (iv) the information You provided to IdenTrust during the application process for inclusion in Your Certificate was accurately transcribed to Your Certificate; (v) IdenTrust has managed Your Certificate in accordance with this Agreement and IdenTrust's policies and procedures governing the management of Certificates under the State of Washington Certificate Policy; (vi) there is no information in Your Certificate known to IdenTrust to be false; and (vii) Your Certificate meets all material requirements of this Agreement and of Chapter 19.34 of the Revised Code of Washington.

Disclaimer of Warranties. IdenTrust DISCLAIMS ANY AND ALL OTHER WARRANTIES OF ANY TYPE, WHETHER EXPRESS OR IMPLIED, THAT ARE NOT SPECIFICALLY PROVIDED HEREIN, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WITH REGARD TO THE SERVICES PROVIDED OR THE CERTIFICATE ISSUED HEREUNDER.

Limitation of Liability. INTERMEDIATE ASSURANCE LEVEL CERTIFICATES HAVE A RECOMMENDED RELIANCE LIMIT OF $10,000. IdenTrust DISCLAIMS AND LIMITS ITS LIABILITY TO YOU TO THE MAXIMUM EXTENT ALLOWED UNDER SECTION 19.34.280 OF THE REVISED CODE OF WASHINGTON. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, IdenTrust SHALL NOT BE LIABLE TO YOU FOR ANY CONSEQUENTIAL OR INCIDENTAL DAMAGES, EVEN IF IT HAS BEEN NOTIFIED OF THE POSSIBILITY OF SUCH DAMAGES.

5. Governing Law. The parties hereto agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply to this Agreement. This Agreement shall be governed by and construed under the laws of the State of Washington, except to the extent that the laws of the United States supersede or preempt the laws of the State of Washington.

6. Dispute Resolution. In the event of any dispute or disagreement between the parties hereto ("Disputing Parties") arising out of or related to this Agreement or Your Certificate, the Disputing Parties will use their best efforts to settle the dispute or disagreement through mediation or good faith negotiations following notice from one Disputing Party to the other(s). If the Disputing Parties cannot reach a mutually agreeable resolution of the dispute or disagreement within sixty (60) days following the date of such notice, then the Disputing Parties will submit the dispute to the Policy Management Authority administering the State of Washington Certificate Policy for resolution in accordance with the provisions of Section 2.4.3 of the Certificate Policy.

7. Entire Agreement. This Agreement, together with any other documents referred to and/or incorporated herein, constitute the entire agreement between You and IdenTrust with the respect to Your Certificate.

8. Third Party Beneficiaries. It is not the parties' intent that this Agreement, or any of the other documents mentioned in the preceding paragraph, should confer, and they shall not confer, any rights on any third party.

9. Amendment. You agree that IdenTrust may modify this Agreement from time to time during the term of this Agreement. Minor modifications shall become effective when posted to IdenTrust's Web site. Any modification to this Agreement that substantially alters your rights or obligations will become effective when You renew Your Certificate after You have received notice of such modification. You will be deemed to have received notice of any modification when (i) You actually receive written notice of such modification, or (ii) notice of such modification is accessible by You at the e-mail address You have provided to IdenTrust.

10. Severability. If any provision of this Agreement is found to be invalid or unenforceable, then this Agreement will be deemed amended by modifying such provision to the extent necessary to make it valid and enforceable while preserving its intent or, if that is not possible, by striking the provision and enforcing the remainder of this Agreement.

11. Survival. Sections governing confidentiality of information, indemnification, IdenTrust's warranties, disclaimer of warranties, limitation of liability, governing law and dispute resolution will survive any termination or expiration of this Agreement.

12. Definitions and Terms

Activation Data: User IDs, pass-phrases, passwords or PINs used to safeguard the Private Key from unauthorized viewing or use.

Certificate: A computer-based record or electronic message that: (i) identifies the Certification Authority issuing it; (ii) names or identifies a Subscriber; (iii) contains the Public Key of the Subscriber; (iv) identifies the Certificate's Validity Period; (v) is digitally signed by a Certification Authority; and (vi) has the meaning ascribed to it in accordance with applicable standards. A Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it. If You use the Entrust software client to store Your Certificate, it is identified by the software as a "Profile."

Certification Authority: An entity that creates, issues, manages and revokes Certificates.

CRL: A database or other list of Certificates that have been revoked or suspended prior to the expiration of their Validity Period.

Digital Signature/Digitally Sign: The transformation of an electronic record by one person, using a Private Key and Public Key Cryptography, so that another person having the transformed record and the corresponding Public Key can accurately determine (i) whether the transformation was created using the Private Key that corresponds to the Public Key, and (ii) whether the record has been altered since the transformation was made. It does not involve a handwritten signature.

Hardware Token: A secure hardware device (e.g., a smart card or a USB token) used to store a Subscriber's Private Keys and Certificates.

Identification and Authentication ("I&A"): To ascertain and confirm through appropriate inquiry and investigation the identity of a Subscriber.

Individual: A natural person and not a juridical person or legal entity.

Intermediate Assurance Level Certificate: The Certificates issued by IdenTrust to a Subscriber under the State of Washington PKI, either for Digital Signature or encryption/decryption purposes, that have a Recommended Reliance Limit of $10,000.

Key Pair: Two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is computationally infeasible to discover the other key.

Key Recovery: A key management operation performed by IdenTrust to recover the Private Key associated with Your Encryption Certificate in order to allow access to encrypted data.

Master Contract: Contract refers to that certain Master Contract, Number T00-MST-001, as amended, for Certification Authority and Public Key Infrastructure Services between, IdenTrust Services, LLC (IdenTrust) and the State of Washington Department of Information Services, renewed on April 1, 2007 by Amendment 07-15. The master contract is not part of the subscriber agreement and applies only between IdenTrust and the State in its capacity as a party to the master contract.

Operational Period: The actual term of validity of Your Certificate, beginning at the start of the Validity Period and ending on the earlier of (i) the end of the Validity Period as indicated in Your Certificate, or (ii) the revocation of Your Certificate.

Organization: An entity that is legally recognized in its jurisdiction of origin (e.g., a corporation, partnership, sole proprietorship, government department, non-government organization, university, trust, special interest group or non-profit corporation).

Private Information: Non-public information that You provide or that IdenTrust obtains, during the application and Identification and Authentication processes, that is not included in Your Certificate and that identifies You. Private Information includes the Private Key or Your Encryption Certificate.

Private Key: The key of a Key Pair kept secret by its holder and used to create Digital Signatures or to decrypt messages or files that were encrypted with the corresponding Public Key. References to a "Private Key" in connection with a Certificate shall mean the Private Key corresponding to the Public Key listed in that Certificate. Each reference to a "Private Key" in this Agreement shall mean and refer to each of your Private Keys.

Public Key: The key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and used by the recipient to validate Digital Signatures created with the corresponding Private Key. References to a "Public Key" in connection with a Certificate shall mean the Public Key listed in that Certificate.

Public Key Cryptography: A type of cryptography (a process of creating and deciphering communications to keep them secure) that uses a Key Pair to securely encrypt and decrypt messages. One key encrypts a message, and the other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically-related numbers that form a unique pair.

Recommended Reliance Limit: A Recommended Reliance Limit is an Issuing CA's recommended maximum total amount which a Relying Party should risk in a transaction or communication depending upon a given Certificate. Recommended Reliance Limits vary by Certificate Type. A Relying Party is advised to consider the Recommended Reliance Limit in electing to rely upon a Certificate, but is not prohibited from using any Certificate Type for any purpose of transaction based upon the applicable Recommended Reliance Limit.

Relying Party: An Individual or Organization that relies on Certificates issued under the State of Washington PKI, in accordance with Chapter 19.34 of the Revised Code of Washington.

Repository: An on-line system maintained by IdenTrust for storing and retrieving Certificates issued under the State of Washington PKI, and other information relevant to such Certificates, including information relating to Certificate validity, suspension or revocation.

Software Cryptomodule: A software program that (i) generates Key pairs, (ii) stores cryptographic material, and/or (iii) performs cryptographic functions.

State of Washington Certificate Policy: The set of rules governing the issuance and use of Intermediate Assurance Level Certificates among parties authorized to participate in the State of Washington PKI.

State of Washington PKI: The Certificate-based Public Key Cryptography system established by the State of Washington Certificate Policy and operated by IdenTrust as a licensed Certification Authority, in accordance with Chapter 19.34 of the Revised Code of Washington.

Subscriber: An Individual or Organization that (i) is named or identified in a Certificate as the subject of the Certificate, and (ii) holds a Private Key that corresponds to a Public Key listed in that Certificate. You are the Subscriber of Your Certificate.

Subscriber Agreement: A contract between a Subscriber and IdenTrust that details the procedures, rights and obligations of each party with respect to a Certificate issued to the Subscriber.

Validity Period: The intended term of validity of Your Certificate, beginning with the date of issuance ("Valid From" or "Activation" date), and ending on the expiration date indicated in Your Certificate ("Valid To" or "Expiry" date).

Your Certificate, Your Digital Signature Certificate, Your Encryption Certificate: The intermediate Assurance Level Certificate(s) issued to You pursuant to this Agreement. Each reference to "Your Certificate" in this Agreement shall mean and refer to both Your Digital Signature Certificate and Your Encryption Certificate, as applicable.