Managed PKI Security from BT

Managed PKI Security
from BT

Grant of Approval

tScheme Limited grants approval to the electronic trust service identified as:
Managed Public Key Infrastructure (PKI) Security service

as supplied by:
British Telecommunications Plc
of 81 Newgate Street, London EC1A 7AJ.

The management system used to deliver this service is certified by:
LRQA Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES

to satisfy the criteria defined in the following tScheme Approval Profiles:

Title Identity Issue
Base Approval Profile tSd0111 3.02
Approval Profile for Registration Services tSd0042 3.04
Approval Profile for a Certification Authority* tSd0102 3.03
Approval Profile for Signing Key Pair Management tSd0103 3.04
Approval Profile for Certificate Generation* tSd0104 3.03
Approval Profile for Certificate Dissemination tSd0105 3.03
Approval Profile for Certificate Status Management tSd0106 3.03
Approval Profile for Certificate Status Validation tSd0107 3.03

*not including Qualified Certificates

This approval initially commenced on:
27th May 2002

and annual renewal against the current issue of these Approval Profiles was confirmed in:
May 2022

Documents supporting this grant are available by clicking on the links in the table above.

This Grant of approval is issued by:
tScheme Limited
Mulberry Grove
PO Box 3653
RG40 9NN
United Kingdom

Company Number 4000985

Approved Service Description

The subject service of this Grant of Approval is the Managed Public Key Infrastructure (PKI) Security service from British Telecommunications Plc.

BT Managed Public Key Infrastructure (PKI) Security is a managed service that provides the technology and processes required to issue digital certificates. The service is suitable for any organisation that needs to issue certificates - these can be issued under either the Symantec Trust Network (STN) public hierarchy and the STN CPS or the Customer’s own self-signed root and the non-STN CPS.

Within Managed PKI Security, the Registration Authority (RA) and Certification Authority (CA) functions are separated. The customer organisation performs the RA function and BT performs the CA function.

This arrangement allows the customer RA function to apply validation criteria that are based on its local business knowledge and approve or reject certificate requests using its own business rules. It also allows the organisation to delegate the complex and difficult CA management function to a specialist organisation that has the infrastructure and practices required to protect and manage sensitive CA Keys and PKI records. Specific CA functions managed by BT are:

  • CA Key Generation and Management
  • Certificate Status Management and Validation

BT uses its own RA to validate requests for the service, confirming that the applicant company is registered and that the Managed PKI Security Administrator has the organisational authority required to operate the RA and enter into the Managed PKI Security contract on the applicant company’s behalf.

Following acceptance of the request a new CA Certificate is issued and the CA signing keys installed at the secure CA facility operated by BT.

The service is built using Symantec technology and utilises industry standard protocols to protect order information and to deliver certificates. Employees, or customers, of the subscribing organisation apply for end user certificates from a local web site using their browser. Requests are validated by the local RA, digitally signed & encrypted and then sent to the CA, where certificates are constructed and signed using the organisation’s CA Digital Certificate.

BT provides the Managed PKI Security customer with certificate status data, either in the form of a Certificate Revocation List or through the use of the Online Certificate Status Protocol (OCSP), to validate certificates within their application(s). (Note: OCSP is not available to Managed PKI Security FastTrack customers). BT also provides status information to relying parties.

For further information, please see the Service Policy Disclosure Statement. This can be found by clicking on the Service Policy Disclosure Statement link in the How We Can Help section at: https://www.globalservices.bt.com/en/solutions/products/bt-managed-public-key-infrastructure


What we do

Approval for organisations in the trust service provider sector.



A collection of white papers and presentations from tScheme.


Why tScheme approval?

It’s the mark which says your service meets the highest standards of trust.