Radianz Messaging Service
from BT Global Banking and Financial Markets
Grant of Approval
tScheme Limited grants approval to the electronic trust service identified as:
Radianz Messaging Service
as supplied by:
BT Global Banking and Financial Markets
of 81 Newgate Street, London EC1A 7AJ.
The management system used to deliver this service is certified by:
LRQA Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES
to satisfy the criteria defined in the following tScheme Approval Profiles:
|Base Approval Profile||tSd0111||3.00|
|Approval Profile for Registration Services||tSd0042||3.02|
|Approval Profile for a Certification Authority*||tSd0102||3.01|
|Approval Profile for Signing Key Pair Management*||tSd0103||3.02|
|Approval Profile for Certificate Generation*||tSd0104||3.01|
|Approval Profile for Certificate Dissemination||tSd0105||3.01|
|Approval Profile for Certificate Status Management||tSd0106||3.01|
|Approval Profile for Certificate Status Validation||tSd0107||3.01|
*including Qualified Certificates
Qualified Certificates (QCs):
This Service Provider has demonstrated compliance with the provisions laid down in Directive 1999/93/EC, including with the requirements of Annex I (requirements for QCs), Annex II (requirements for Service Providers issuing QCs) and those of Annex III (requirements for compliant Secure Signature Creation Devices - SSCDs).
This approval initially commenced on:
8th March, 2011
and annual renewal against the current issue of these Approval Profiles was confirmed in:
Documents supporting this grant are available by clicking on the links in the table above.
This Grant of approval is issued by:
PO Box 3653
Company Number 4000985
Approved Service Description
The subject service of this Grant of Approval is the Radianz Messaging Service from BT Global Banking and Financial Markets.
BT owns and operates a fully managed secure messaging infrastructure through which services are delivered to customers in the Financial Services Community.
The security of the infrastructure and services is based upon an underlying PKI, for which BT operates as the Certificate Authority (CA) providing two types of Certificates, Qualified Signing Certificates conforming to the requirements of [EC Directive 1999/93/EC on a Community framework for electronic signatures] and Encryption Certificates. The PKI architecture includes an online Certificate Issuing CA and an off-line Root CA, both of which are in scope of the tScheme certification.
The PKI services include:
- Certificate Authority (CA) Service: This covers the overall provision and life-cycle management of Certificates;
- Registration Authority (RA) Service: Subscribers must be ‘registered’ to use the PKI. The RA service manages the registration and validation of Subscribers and validates Certificate requests received from registered Subscribers;
- Certificate Generation: On receipt of a validated certificate request the Certificate Generation service creates Certificates for delivery to the requester;
- Certificate Dissemination: This service provides for the secure distribution of Certificates to the requester;
- Certificate Status Management: Once a Certificate becomes effective it is considered to be valid until its expiration date. Exceptionally a Certificate may become invalid prior to expiration;
- Certificate Status Validation: For Certificate status to be determined Certificate revocation information must be made available;
- Signing Key Pair Management: This is the provision of signing keys for use by Subscribers;
- Encryption Key Pair Management: Provision of encryption keys for customers and also BT for use within the infrastructure (e.g. firewalls);
- Non-Repudiation Service: See Non-Repudiation Policy.
The PKI Service is utilised as part of the Secure Network Solution which is delivered to community members. The RA and CA Certificate Subscription and Issuance models are defined within the Registration Guide.
A Certificate Policy and a Certification Practice Statement are produced which govern how the PKI services are managed. These are published at https://www.radianzmessaging.bt.com/BTMSM/RMDocuments.aspx
The Qualified Certificates are used for:
- Digital Signature: A cryptographic mechanism to simulate a signature in digital, rather than written, form;
- Non-repudiation: Non-repudiation is the concept of ensuring that a contract/instruction cannot later be denied by either of the parties involved;
- Certificate Signing: When the subject public key is used for verifying a signature on public key certificates;
- CRL Signing: When the subject public key is used for verifying a signature on a Certificate Revocation List (CRL).
The Encryption Certificates are used for:
- Key Encryption: Preventing unauthorised disclosure of private keys or session keys;
- Data Encryption: Preventing unauthorised disclosure of message content.
The PKI delivers electronic trust services to its member Community. The end-entities within that Community are represented by Gateways (computer-based applications) fitted with hardware cryptographic devices to facilitate the security-enforcing features of the PKI.
BT management systems also use Certificates issued by the CA.
BT has a dedicated support team which provides 24x7 cover for the infrastructure and the services provided across that infrastructure, including the electronic trust services. The support operation is accessible through a single point of contact.
(Issue 1.9, Feb 2016)