Radianz Messaging Service from BT Global Banking and Financial Markets

Radianz Messaging Service
from BT Global Banking and Financial Markets

Grant of Approval

tScheme Limited grants approval to the electronic trust service identified as:
Radianz Messaging Service

as supplied by:
BT Global Banking and Financial Markets
of 81 Newgate Street, London EC1A 7AJ.

The management system used to deliver this service is certified by:
LRQA Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES

to satisfy the criteria defined in the following tScheme Approval Profiles:

Qualified Certificates (QCs):
This Service Provider has demonstrated compliance with the provisions laid down in Directive 1999/93/EC, including with the requirements of Annex I (requirements for QCs), Annex II (requirements for Service Providers issuing QCs) and those of Annex III (requirements for compliant Secure Signature Creation Devices - SSCDs).

This approval initially commenced on:
8th March, 2011

and annual renewal against the current issue of these Approval Profiles was confirmed in:
May 2016

Documents supporting this grant are available by clicking on the links in the table above.

This Grant of approval is issued by:
tScheme Limited
Mulberry Grove
PO Box 3653
RG40 9NN
United Kingdom

Company Number 4000985

Approved Service Description

The subject service of this Grant of Approval is the Radianz Messaging Service from BT Global Banking and Financial Markets.

BT owns and operates a fully managed secure messaging infrastructure through which services are delivered to customers in the Financial Services Community.

The security of the infrastructure and services is based upon an underlying PKI, for which BT operates as the Certificate Authority (CA) providing two types of Certificates, Qualified Signing Certificates conforming to the requirements of [EC Directive 1999/93/EC on a Community framework for electronic signatures] and Encryption Certificates. The PKI architecture includes an online Certificate Issuing CA and an off-line Root CA, both of which are in scope of the tScheme certification.

The PKI services include:

  • Certificate Authority (CA) Service: This covers the overall provision and life-cycle management of Certificates;
  • Registration Authority (RA) Service: Subscribers must be ‘registered’ to use the PKI. The RA service manages the registration and validation of Subscribers and validates Certificate requests received from registered Subscribers;
  • Certificate Generation: On receipt of a validated certificate request the Certificate Generation service creates Certificates for delivery to the requester;
  • Certificate Dissemination: This service provides for the secure distribution of Certificates to the requester;
  • Certificate Status Management: Once a Certificate becomes effective it is considered to be valid until its expiration date. Exceptionally a Certificate may become invalid prior to expiration;
  • Certificate Status Validation: For Certificate status to be determined Certificate revocation information must be made available;
  • Signing Key Pair Management: This is the provision of signing keys for use by Subscribers;
  • Encryption Key Pair Management: Provision of encryption keys for customers and also BT for use within the infrastructure (e.g. firewalls);
  • Non-Repudiation Service: See Non-Repudiation Policy.

The PKI Service is utilised as part of the Secure Network Solution which is delivered to community members. The RA and CA Certificate Subscription and Issuance models are defined within the Registration Guide.

A Certificate Policy and a Certification Practice Statement are produced which govern how the PKI services are managed. These are published at https://www.radianzmessaging.bt.com/BTMSM/RMDocuments.aspx

The Qualified Certificates are used for:

  • Digital Signature: A cryptographic mechanism to simulate a signature in digital, rather than written, form;
  • Non-repudiation: Non-repudiation is the concept of ensuring that a contract/instruction cannot later be denied by either of the parties involved;
  • Certificate Signing: When the subject public key is used for verifying a signature on public key certificates;
  • CRL Signing: When the subject public key is used for verifying a signature on a Certificate Revocation List (CRL).

The Encryption Certificates are used for:

  • Key Encryption: Preventing unauthorised disclosure of private keys or session keys;
  • Data Encryption: Preventing unauthorised disclosure of message content.

The PKI delivers electronic trust services to its member Community. The end-entities within that Community are represented by Gateways (computer-based applications) fitted with hardware cryptographic devices to facilitate the security-enforcing features of the PKI.

BT management systems also use Certificates issued by the CA.

BT has a dedicated support team which provides 24x7 cover for the infrastructure and the services provided across that infrastructure, including the electronic trust services. The support operation is accessible through a single point of contact.

(Issue 1.9, Feb 2016)


What we do

Approval for organisations in the trust service provider sector.


Schemes and Profiles

Providing guidelines and criteria for organisations to develop their trust services.


Why tScheme approval?

It’s the mark which says your service meets the highest standards of trust.