Medicare Australia Online Claiming for PBS Community of Interest (Coi)For Site Certificates

ShortFormCertificatePolicy

Medicare Australia online claiming for PBSCommunityofInterest(CoI)

for Site Certificates issued by the

MedicareAustralia OrganisationCertification

Authority(MedicareAustraliaOCA)v2.8

21 February 2007

CopyrightNotice:

Thisdocumentcontainsinformationprotectedbycopyright. ©CommonwealthofAustralia

Thisworkiscopyright.Youmaydownload,display,printandreproducethismaterialinunaltered formonly(retainingthisnotice)foryourpersonal,non-commercialuseorusewithinyour organisation.ApartfromanyuseaspermittedundertheCopyrightAct1968,allotherrightsare reserved.RequestsandenquiriesconcerningreproductionandrightsshouldbeaddressedtoThe Manager,Media,MarketingandCommunicationsBranch,MedicareAustraliaNationalOffice,PO Box1001TuggeranongDCACT2901.

Contact:

MedicareAustralia

LockedBag6666

TuggeranongDCACT2901

AUSTRALIA

ThisDocumenthasbeenauthorisedbytheMedicareAustraliaPolicyManagementAuthority:

Date:

GeneralManagerornominee,InformationTechnologyandServicesDivision,MedicareAustralia

Representative

Introduction

ThisdocumentistheCertificatePolicy(CP)forMedicareAustraliaRelationshipCertificates(Site Certificates)issuedtoApprovedPharmaciesatpharmacylocationsintheonlineclaimingforPBS CommunityofInterest,whichiswithinthePharmaceuticalBenefitsBranch(PBB)ofMedicare Australia.

ThedocumentisstructuredandnumberedaccordingtotheGatekeeper ShortFormCertificate

PolicyTemplate.

ThisonlineclaimingforPBSCP(CP)shouldbereadinconjunctionwiththeMedicareAustralia OrganisationCertificationAuthorityCertificationPracticeStatement(MedicareAustraliaOCA CPS).

ThecommencementdateforthisCPis:1 September2006.

Terminology

onlineclaimingforPBSSiteCertificatemeansthecertificateissuedunderthisMedicare AustraliaonlineclaimingforPBSCertificatePolicybytheMedicareAustraliaOrganisation CertificationAuthority(MedicareAustraliaOCA)inaccordancewiththeprocessesandprocedures undertheMedicareAustraliaOCACPS. Itisreferredtoasa‘Certificate’inthisCP. The Certificatewillbeasoftcertificate.

PBBmeansPharmaceuticalBenefitsBranchofMedicareAustralia.

PBSmeansthePharmaceuticalBenefitsSchemeestablishedundertheNationalHealthAct1953

(Commonwealth)

Certificate Policy Clauses

CPIdentification

CertificatesissuedunderthisCPshallbearthePolicyOID:

1.2.36.174030967.1.3.1.2

(where“174030967”isthelast9digitsofMedicareAustralia’sABN)

Note:AnyOIDprefixedbythenumbers“1.2.36.174030967.1.3”willpertaintotheonline claimingforPBSCommunityofInterest.

1.INTRODUCTION

1.1PKIParticipants

RefertotheMedicareAustraliaOCACPSatcl.1.3forfurtherinformationonHeathSectorPKI

participants.

1.1.1CertificationAuthority

AllcertificatesissuedunderthisCPshallbeproducedbytheMedicareAustraliaOrganisation

CertificateAuthority(MedicareAustraliaOCA).

RefertotheMedicareAustraliaOrganisationCertificationAuthorityPracticeStatement(Medicare AustraliaOCACPS)forfurtherinformationontheapplicablepracticesandproceduresfor CertificatesissuedunderthisCP.

1.1.2. RelationshipOrganisation

MedicareAustraliaistheRelationshipOrganisation(MedicareAustraliaRO)intheHealthSector

PKI.

1.1.3. RelationshipOrganisationUnit

ThereareseparatelyidentifiedRelationshipOrganisationUnits(ROUs)withintheMedicare AustraliaRO,usuallyoneROUforeachCommunityofInterest(CoI)intheHealthSectorPKI operatedbyMedicareAustralia.

TheROUhasresponsibilitiesintheCoItomanageSubscribersandtheCoI. ThePBBisaROUfortheonlineclaimingforPBSCoI.

1.1.4CertificateControllers

CertificateControllersareMedicareAustraliaROpersonnelwithresponsibilitiesformanagement ofCertificates.

AllCertificateControllersoperatingunderthisCParedulyauthorisedrepresentativesofMedicare

Australia.

CertificateControllersmaynotbelocatedwithinthePBBofMedicareAustralia. Certificate

ControllersareMedicareAustraliapersonnelwhomaybelocatedoutsideofthePBB

1.1.5RelationshipOrganisationUnitOperatorsandCertificateRequestors

RelationshipOrganisationUnitOperators(ROUOs)areMedicareAustraliapersonnel. ROUOsmay belocatedwithintheonlineclaimingforPBSCoIandarelocatedwithinthePBB.

ROUOswithintheonlineclaimingforPBBCoIarenotCertificateControllers.

ROUOsoperateinaccordancewiththeprocessesandproceduressetoutintheMedicare

AustraliaOCACPSandthisCP.

ForonlineclaimingforPBS,PBBhasservicesprovidedto it bytheeBusinessServiceCentrein MedicareAustralia. Forthepurposesofreceivingapplicationsforonlineclaimingfor PBSand requestingcertificatesfromthe CertificateControllers,the eBusinessServicesCentreprovides ROUandROUOservicestoPBB.

ThepersonnelprovidingtheseservicestoPBBinrelationtoonlineclaimingforPBSaredeemed

tobeROUOsforthepurposesofthisCP. AllreferencestoROUOsinthisCPmaybetopersonnel locatedwithinPBBorthoselocatedintheEBusinessServiceCentre(orotherserviceproviderto PBB)whoprovideservicesunderthisCPtoPBB.

1.1.6. Subscribers

EachSubscriberunderthisCPisabusinessentityknowntoMedicareAustraliaasanApproved

Pharmacy(ApprovedPharmacy).

EachSubscriberunderthisCPmustbeanApprovedPharmacy,approvedinaccordancewiththe requirementsoftheNationalHealthAct1953.

TobecomeanApprovedPharmacy,apharmacymakesanapplicationtoMedicareAustralia. ApprovalsaregivenbyMedicareAustraliaofficerswhoarethedelegatesoftheSecretaryofthe DepartmentofHealthandAgeing,holdingdelegationsundertheNationalAct1953togrant approvals.

ApprovedPharmaciesmustmakeawrittenapplicationtoMedicareAustraliatoparticipatein onlineclaimingforPBSusingtheonlineclaimingforPBSParticipationApplicationandTermsand Conditions.

ThereisaSubscriberagreementunderthisCP,knownastheonlineclaimingforPBSPharmacy

ApplicationandTermsandConditions.

TheSubscriberisboundtothetermsandconditionssetoutintheonlineclaimingforPBS PharmacyApplicationandTermsandConditions bysigningtheApplicationthatispartofthe termsandconditions.

ForthepurposesofthisCP,ApprovedPharmacyincludesapharmacythathasmadeavalid applicationforapprovalandisawaitingapprovalasanApprovedPharmacy.

1.1.4. RelyingParties

RelyingPartiesunderthisCPareanyApprovedPharmacieswhorecognisetheauthorityof

MedicareAustraliafortransactionsbetweenMedicareAustraliaandtheApprovedPharmacy. ThereisnoRelyingPartyAgreementunderthisCP.

PartiesrelyingoncertificatesissuedunderthisCPandwhodonothaveawrittenagreementwith MedicareAustraliarelatingtotransactionsundertakenwithMedicareAustralia,relyonsuch certificatesattheirownrisk.

1.2CertificateUse

1.2.1 AppropriateCertificateUse

KeyPairsandCertificatesissuedunderthisCPareusedtoencrypttransactionstoMedicare

AustraliafromApprovedPharmaciesandtoApprovedPharmaciesfromMedicareAustralia.

1.2.2 ProhibitedCertificateUse

KeyPairsandCertificatesissuedunderthisCPshouldnottobeusedfortransactionswithany partyotherthanMedicareAustralia.

WhereaSubscriberusestheCertificatefortransactionswithanypartyotherthanMedicare

Australia,theSubscriberdoessoattheSubscriber’sownrisk.

1.3DefinitionsandAcronyms

DefinitionsandAcronymsareintheHealthSectorPKIGlossaryat

2IDENTIFICATIONANDAUTHENTICATIONOFSUBJECTS

2.1NamingofSubjects

Subscribers(aretermed‘CertificateSubjects’andreferredtointhisCPasApprovedPharmacies

inthex.509definition)underthisCPshallbenamed(andtheuniquenessoftheirnamesshallbe assured)accordingtoMedicareAustralia’sregistrationprocessforonlineclaimingforPBS.

2.2IdentificationandauthenticationofSubjectsatregistration

TheSubscribers(ApprovedPharmacies)underthisCPareidentifiedandauthenticatedat registrationthrough:

a) theapplicationprocesstobeapprovedasanApprovedPharmacy;

b) onapprovalasanApprovedPharmacy,allocationofanApprovalNumber,and c) theapplicationprocesstoparticipateinonlineclaimingforPBS.

2.3Identificationandauthenticationofusersatrenewal

Subscribers(ApprovedPharmacies)underthisCPshallbeidentifiedandauthenticatedandthe

Certificaterenewedautomaticallyattherelevanttimeprovidedthat:

a)thepharmacyisanApprovedPharmacy;and

b)theApprovedPharmacy’sregistrationstatuswithonlineclaimingforPBShasnot changed.

Note:allcertificaterenewalsunderthisCPinvolvere-keying.

2.4Identificationandauthenticationofrevocationrequest

RevocationofcertificatesunderthisCPshallonlyberequestedbyCertificateControllersand/or

ROUOsoftheonlineclaimingforPBSCoI,whenanApprovedPharmacyeither:

a)hasitsapprovalasanApprovedPharmacyrevoked;or

b)isde-registeredorcancelledfromonlineclaimingforPBS.

Wherean ApprovedPharmacyhasits approvalsuspended,theCertificateshallremainvalidfor theperiodtheApprovalPharmacy’sapprovalis undersuspension,providedtheCertificatedoes notexpireduringtheApprovedPharmacy’ssuspensionasanApprovedPharmacy.

AnApprovedPharmacywhoseapprovalasanApprovedPharmacyisundersuspensionwillnot beabletoundertakeonlineclaimingforPBSwithMedicareAustralia.

3.CERTIFICATELIFE-CYCLEOPERATIONALREQUIREMENTS

3.1.Certificatecreation

3.1.1. Enrolmentprocessandresponsibilities

EnrolmentandregistrationistheresponsibilityoftheROUOsandtheCertificateControllers. ApplicationtoparticipateinonlineclaimingforPBSistheresponsibilityoftheperson(s)

associatedwiththeapprovalnumberfortheApprovedPharmacy.

ApprovedPharmaciesareenrolledautomaticallyforonlineclaimingforPBSSiteCertificateswhen theyregisterwithonlineclaimingforPBSbycompletingandsigningtheonlineclaimingforPBS PharmacyApplicationandTermsandConditions

Theperson(s)inrelationtothepharmacyapprovalnumberisresponsibleforregistrationfor onlineclaimingforPBS.

TheROUOisresponsibleforregisteringtheapplicationfortheCertificateforonlineclaimingfor

PBSfortheApprovedPharmacy.

TheCertificateforanApprovedPharmacyshallbegeneratedbytwoCertificateControllersattwo standardCertificateControllers’workstationsInaccordancewiththeMedicareAustraliaOCACPS.

3.1.2.PublicationofthecertificatebytheCA

CertificatesissuedunderthisCPwillbepublishedintheHealthcarePublicDirectory.

RevocationstatusofCertificatesissuedunderthisCPwillalsobepublishedintheHealthcare

PublicDirectory.

3.2.KeyPairandCertificateUsage

KeyPairsandCertificatesissuedunderthisCPmustonlybeusedinconnectionwitheach Subscriber’s(ApprovedPharmacy’s)electronictransactionswithMedicareAustraliaforonline claimingforPBS.

EachPrivateKeyassociatedwitha CertificateissuedunderthisCPisalwaysassociatedwiththe ApprovedPharmacyregisteredwithonlineclaimingforPBS,andmustneverbe usedoutsideof thatcontext.

3.2.1Keypairgenerationandinstallation

AllSubscriberkeypairsunderthisCPshallbegeneratedbyCertificateControllersusingthe accreditedsoftwareoninstructionfromtheROUOsfortheonlineclaimingforPBSCoI.

ThesigningkeyCertificateshallbestoredinaseparatePKCS#12(P12file)totheencryption keyandCertificate. TheseP12files(includingthetrustchain)willbestoredinelectronic medium1 andpostedtotheSubscriberasinstructedbytheROUO.

ApassphrasetoaccessthekeysandCertificateswillalsobegeneratedandpostedseparatelyto thenominatedcertificateholderfortheApprovedPharmacy.

Notethatthepassphrasemustbepostedtothecertificateholder.

OnreceiptoftheseP12files,itistheresponsibilityoftheSubscriberortheauthorisedagentof theSubscribertoinstallthekeysandcertificatesintotheintendedenvironment.

3.3.Certificaterenewal

CertificatesissuedunderthisCPshallberenewedautomaticallybytheauthorisedofficerofPBB ofMedicareAustraliaprovidedthestatusof theSubject(ApprovedPharmacy)isunchanged. Refertocl.2.3fordetailsofidentificationandauthenticationatrenewal.

3.4.Certificaterevocation

CertificatesissuedunderthisCPshallberevokedunderthefollowingcircumstances:

•afterloss,destructionortheftoftheprivatekey;

•intheeventofde-registrationorcancellationbytheROUOofPBBofMedicareAustralia oftheApprovedPharmacy’sparticipationinonlineclaimingforPBS:

1‘electronicmedium’includesfloppydisk,CDorothermediuminwhichdatacanbestoredelectronically.

•wheretheApprovedPharmacyfailstocomplywiththisCPandtheMedicareAustralia

OCACPS,or

•wheretheApprovedPharmacy’sapprovalasanApprovedPharmacyisrevoked.

TheApprovedPharmacymustpromptlynotifyMedicareAustraliaofthepossibleloss,destruction ortheftoftheprivatekey,toenablerevocationtoberequestedinatimelymanner.

ROUOsandCertificateControllersmustcomplywiththe MedicareAustraliaOCACPS,any MedicareAustraliaandanyPBBbusinesscontinuityand disasterrecoveryplanin revoking CertificatesinresponsetoarequestfromanApprovedPharmacy.

3.5Certificatestatusservices

3.5.1Operationalcharacteristics

Nostipulation.

3.5.2Serviceavailability

ServiceavailabilityfortheCertificateRevocationList(CRL)issubstantially24x7at

3.5.3Optionalfeatures

Nostipulation.

4.REGISTRATIONOPERATIONALCONTROLS

UnderthisCP,RelationshipOrganisationUnitOperators(ROUOs)mustprocessapplicationsfor CertificatesbyApprovedPharmaciesinaccordancewiththebusinessrulesforonlineclaimingfor PBSandotherwrittenadministrativeprocedures(whereapplicable).

4.1Personnelcontrols

AllROUOsunderthisCPshallbeauthorisedofficersofthePBBofMedicareAustraliaforthe purposesofprovidingservicesunderthisCPtoPBB.

ROUOsunderthisCParenotRegistrationAuthorityOfficers(RAOs)underaGatekeeper accreditedPKI.

4.2LogicalandTechnologicalcontrols

ROUOswillcommunicatecertificaterequeststoMedicareAustralia’sCertificateControllersin accordancewiththesecurityprovisionsoftheMedicareAustraliaOCACPS.

4.3Physicalcontrols

CertificaterequestswillbeprocessedbyMedicareAustraliaCertificateControllersinaccordance withthesecurityprovisionsoftheMedicareAustraliaOCACPS.

4.4BusinesscontinuityoftheRelationshipOrganisation

Refertocl.4.4oftheMedicareAustraliaOCACPSfordetailsofthebusinesscontinuityoftheRO (MedicareAustralia).

4.5ROUterminationortransfer

TheROU(thatisPBB)maybeterminated,oritsbusinessresponsibilitiestransferred,bya decisionoftheCommonwealthgovernment,therelevantMinister,theSecretarytoaDepartment ortheChiefExecutiveOfficerofMedicareAustralia.

4.6ROUOTermination

AnROUOisterminatedthrough:

•TerminationoftheROUO’semploymentwithMedicareAustralia;or

•TerminationoftheROUO’srepresentationasaROUObythePBBofMedicareAustralia. PBBofMedicareAustraliamustensurethatthepersonwhohasceasedtobeanROUOcannot

makecertificaterequestsorcarryoutROUOfunctions.

5. CERTIFICATE,CRLANDOCSPPROFILES

5.1 Certificateprofile–MedicareAustraliaOnlineClaimingforPBS EnciphermentCertificate

Field / Content / Mandatory / Critical*
1.X.509v1Field / N/A
1.1.Version / V3 / M
1.2.SerialNumber / Apositiveintegerthatuniquelyidentifies theCertificate. / M
1.3.SignatureAlgorithm / SHA-1RSA,
SHA-1hashingalgorithmusingtheRSA
signingalgorithm. / M
1.4.IssuerDistinguishedName / M
1.4.1.Country(C) / AU / M
1.4.2.Organization(O) / GOV / M
1.4.3.OrganizationUnit(OU) / MedicareAustralia / M
1.4.3CommonName(CN) / MedicareAustraliaOrganisation
CertificationAuthority / M
1.5.Validity
1.5.1.NotBefore / ThedatethattheCertificateisvalidfrom (systemtimeatcertificateissuance). YYMMDDHHMMSSZ encodedas UTCTimefordatesupto2049and encodedasGeneralizedTimefordatesin
2050orlater. / M
1.5.2.NotAfter / ThedatethattheCertificateisvaliduntil.
5yearsfromStartValidity,i.e.certificate issuance.
YYMMDDHHMMSSZ encodedas
UTCTimefordatesupto2049and encodedasGeneralizedTimefordatesin
2050orlater / M
1.6.Subject
1.6.1.Country(c) / AU / M
1.6.2.State(St) / <STATE / M
1.6.3Locality(L) / SuburbName / M
1.6.4.Organization(O) / TradingName<Locality> / M
1.6.5.OrganisationUnit(OU)) / TradingName<Locality> / M
1.6.6.CommonName(CN) / TradingName<Locality>:RANumber / M
1.7.SubjectPublicKeyInfo / RSAPublicKeyof / 2048bits. / M
2.X.509v3Extensions
2.1.AuthorityKeyIdentifier / M / Non- Critical
2.1.1.KeyIdentifier / SHA-1hash(60bits)oftheIssuer's publickey.
2.1.2.AuthorityCertIssuer / Notpresent
2.1.3.AuthorityCertSerialNumber / Notpresent
2.2.SubjectKeyIdentifier / SHA-1hash(60bits)oftheSubject's publickey. / M / Non- Critical
2.3.KeyUsage / M / Critical
2.3.1.DigitalSignature / NOTSET
2.3.2.NonRepudiation / NOTSET
2.3.3.KeyEncipherment / SET
2.3.4.DataEncipherment / NOTSET
2.3.5.KeyAgreement / NOTSET
2.3.6.KeyCertificateSignature / NotSelected
2.3.7.CRLSignature / NotSelected
2.4.ExtendedKeyUsage / Notapplicable / Non- Critical
Non- Critical
2.5.CertificatePolicies
2.5.1.PolicyIdentifier / 1.2.36.174030967.1.3.1.2
Field / Content / Mandatory / Critical*
2.5.1.1.PolicyQualifierID / UserNotice
2.5.1.2.UserNotice / CertificatesissuedunderthisCPmustbe reliedonbyentitieswithinthe
CommunityofInterest,unlessotherwise
agreed,andnotforpurposesotherthan thosepermittedbythisCP.
2.5.1.3.PolicyQualifierID / CPSURI
2.5.1.4.CPSURI /
2.6.SubjectAlternateNames / Non- Critical
2.6.1.rfc822Name / <emailaddress> / O
2.7.BasicConstraints
2.7.1.SubjectType / NotCA / Critical
2.7.2.PathLengthConstraint / Notpresent
2.8.AuthorityInformationAccess
2.8.1.AccessDescription / Notpresent
2.8.1.1.AccessMethod / On-lineCertificateStatusProtocol
(1.3.6.1.5.5.7.4.1) / Non- Critical
2.8.1.2.AlternativeName / URL= australia.com.au/maoca.pkx
2.9CRLDistributionPoint
2.9.1URL /
%20Australia%20Organisation
%20Certification%20Authority%2Co
%3DMedicare%20Australia%2Cc%3DAU / Non- Critical
3.0OtherFields-Generic2
3.0.1GenericIA5String:“PharmacyApprovalNumber” (OID=1.2.36.174030967.1.3.2.1) / PharmacyApprovalnumber / O
3.0.3 GenericIA5String:RANumber (OID=1.2.36.73665175.1.10009) / RANumber / M

5.2 Certificateprofile–MedicareAustraliaOnlineClaimingforPBS SigningCertificate

Field / Content / Mandatory / Critical*
1.X.509v1Field / N/A
1.1.Version / V3 / M
1.2.SerialNumber / Apositiveintegerthatuniquelyidentifies theCertificate. / M
1.3.SignatureAlgorithm / SHA-1RSA,
SHA-1hashingalgorithmusingtheRSA
signingalgorithm. / M
1.4.IssuerDistinguishedName / M
1.4.1.Country(C) / AU / M
1.4.2.Organization(O) / MedicareAustralia / M
1,4,3,OrganizationUnit(OU) / MedicareAustralia / M
1.4.4CommonName(CN) / MedicareAustraliaOrganisation
CertificationAuthority / M
1.5.Validity

2TheseCertificateextensionOIDreferencesareexpectedtobecommontoallCoICertificatePolicies,and mayhaveapplicabilitytothisCoI.

Field / Content / Mandatory / Critical*
1.5.1.NotBefore / ThedatethattheCertificateisvalidfrom (systemtimeatcertificateissuance). YYMMDDHHMMSSZ encodedas UTCTimefordatesupto2049and encodedasGeneralizedTimefordatesin
2050orlater. / M
1.5.2.NotAfter / ThedatethattheCertificateisvaliduntil.
5yearsfromStartValidity,i.e.certificate issuance.
YYMMDDHHMMSSZ encodedas
UTCTimefordatesupto2049and encodedasGeneralizedTimefordatesin
2050orlater / M
1.6.Subject
1.6.1.Country(c) / AU / M
1.6.2.State(St) / <STATE / M
1.6.3.Locality(L) / SuburbName / M
1.6.4.Organization(O) / TradingName<Locality> / M
1.6.5.OrganisationUnit(OU)) / TradingName<Locality> / M
1.6.6.CommonName(CN) / TradingName<Locality>:RANumber / M
1.7.SubjectPublicKeyInfo / RSAPublicKeyo / f2048bits. / M
2.X.509v3Extensions
2.1.AuthorityKeyIdentifier / M / Non- Critical
2.1.1.KeyIdentifier / SHA-1hash(60bits)oftheIssuer's publickey.
2.1.2.AuthorityCertIssuer / Notpresent
2.1.3.AuthorityCertSerialNumber / Notpresent
2.2.SubjectKeyIdentifier / SHA-1hash(60bits)oftheSubject's publickey. / M / Non- Critical
2.3.KeyUsage / M / Critical
2.3.1.DigitalSignature / SET
2.3.2.NonRepudiation / NOTSET
2.3.3.KeyEncipherment / NOTSET
2.3.4.DataEncipherment / NOTSET
2.3.5.KeyAgreement / NOTSET
2.3.6.KeyCertificateSignature / NotSelected
2.3.7.CRLSignature / NotSelected
2.4.ExtendedKeyUsage / Notapplicable / Non- Critical
Non- Critical
2.5.CertificatePolicies
2.5.1.PolicyIdentifier / 1.2.36.174030967.1.3.1.2
2.5.1.1.PolicyQualifierID / UserNotice
2.5.1.2.UserNotice / CertificatesissuedunderthisCPmustbe reliedonbyentitieswithinthe
CommunityofInterest,unlessotherwise
agreed,andnotforpurposesotherthan thosepermittedbythisCP.
2.5.1.3.PolicyQualifierID / CPSURI
2.5.1.4.CPSURI /
2.6.SubjectAlternateNames / Non- Critical
2.6.1.rfc822Name / <emailaddress> / O
2.7.BasicConstraints
2.7.1.SubjectType / NotCA / Critical
2.7.2.PathLengthConstraint / Notpresent
2.8.AuthorityInformationAccess
2.8.1.AccessDescription / Notpresent
2.8.1.1.AccessMethod / On-lineCertificateStatusProtocol
(1.3.6.1.5.5.7.4.1) / Non- Critical
2.8.1.2.AlternativeName / URL= australia.com.au/maoca.pkx
2.9CRLDistributionPoint
2.9.1URL / / Non- Critical
Field / Content / Mandatory / Critical*
bin/getcrl_health.pl?DN=cn%3DMedicare
%20Australia%20Organisation
%20Certification%20Authority%2Co
%3DMedicare%20Australia%2Cc%3DAU
3.0OtherFields-Generic3
3.0.1 GenericIA5String:“PharmacyApprovalNumber” (OID=1.2.36.174030967.1.3.2.1) / PharmacyApprovalnumber / O
3.0.3 GenericIA5String:RANumber (OID=1.2.36.73665175.1.10009) / RANumber / M

5.3 MedicareAustraliaOCACRLProfile

Field / Content / Mandatory / Critical*
1.X.509v1Field / N/A
1.1.Version / V2 / M
1.2.SignatureAlgorithm / sha1RSA / M
1.3.IssuerDistinguishedName / M
1.3.1.Country(C) / AU / M
1.3.2.Organization(O) / GOV / M
1.3.3.OrganisationalUnit(OU) / MedicareAustralia
1.3.3.CommonName(CN) / MedicareAustraliaOrganisation
CertificationAuthority / M
1.4Validity / M
1.4.1EffectiveDate
1.4.2NextUpdate
1.5CRLNumber / M
2.X.509v3Extensions
2.1.AuthorityKeyIdentifier / M / Non- Critical
2.1.1.KeyIdentifier / SHA-1hash(60bits)oftheIssuer’s publickey
Frequencyofissuing / 60minutes
GracePeriod / 60minutes

5.4 MedicareAustraliaOCAOCSPProfile

Field / Content / Mandatory / Critical*
1.X.509v1Field / N/A
1.1.Version / V3 / M
1.2.SerialNumber / UniquevalueassignedbytheIssuing
CA / M
1.3.SignatureAlgorithm / SHA-1withRSASignature / M

3TheseCertificateextensionOIDreferencesareexpectedtobecommontoallCoICertificatePolicies,and mayhaveapplicabilitytothisCoI.

Field / Content / Mandatory / Critical*
1.4.IssuerDistinguishedName / M
1.4.1.Country(C) / AU / M
1.4.2.Organization(O) / GOV / M
1.4.3.OrganisationalUnit(OU) / MedicareAustralia
1.4.4.CommonName(CN) / MedicareAustraliaOrganisation
CertificationAuthority / M
1.5.Validity / 5years
1.5.1.NotBefore / Issuedate / M
1.5.2.NotAfter / Expirydate / M
1.6.Subject
1.6.1.Country(C) / AU / M
1.6.2.Organization(O) / GOV / M
1.6.3.OrganizationalUnit(OU) / MedicareAustralia
1.6.4.CommonName(CN) / MedicareAustraliaOCAOCSP Responder / M
1.7.SubjectPublicKeyInfo / PublicKeyencodedinaccordancewith
RFC2459PKCS#1- 2048bits / M
2.X.509v3Extensions
2.1.AuthorityKeyIdentifier / SHA-1hash(60bits)oftheIssuer’s publickey / M / Non- Critical
2.1.1.KeyIdentifier / TheKeyIdentifieroftheIssuerofthis
Certificate–60bit
2.1.2.AuthorityCertIssuer / Notpresent
2.1.3.AuthorityCertSerialNumber / Notpresent
2.2.SubjectKeyIdentifier / SHA-1hash(60bits)oftheSubject's publickey / M / Non- Critical
2.3.KeyUsage / M / Critical
2.3.1.DigitalSignature / SET
2.3.2.NonRepudiation / NotSelected
2.3.3.KeyEncipherment / NotSelected
2.3.4.DataEncipherment / NotSelected
2.3.5.KeyAgreement / NotSelected
2.3.6.KeyCertificateSignature / NotSelected
2.3.7.CRLSignature / NotSelected
2.4.ExtendedKeyUsage / Non- Critical
2.4.1.OCSPSigning / 1.3.6.1.5.5.7.3.9
2.5.CertificatePolicies
2.5.1.PolicyIdentifier / Notpresent
2.5.1.1.PolicyQualifierID / Notpresent
2.5.1.2.UserNotice / Notpresent
2.5.1.3.PolicyQualifierID / Notpresent
2.5.1.4.UserNotice / Notpresent
2.6.SubjectAlternateNames / Non- Critical
2.6.1.rfc822Name / NA
2.7.BasicConstraints
2.7.1.SubjectType / EndEntity / N/A
2.7.2.PathLengthConstraint / Notpresent
2.8.AuthorityInformationAccess
2.8.1.AccessDescription / Notpresent
2.8.1.1.AccessMethod / Notpresent / Non- Critical
2.8.1.2.AlternativeName / Notpresent
3.NoCheckExtension(genericextension)