Public Key Infrastructure (PKI) Agreement

Downloads

Agreement

The Digital Identification Service PKI Customer Agreement and Digital Identification Service PKI Reference Document form an integral part of the documentation required to access services such as Bacstel-IP and the Lloyds Euro Service (SEPA Direct Debit). Customers should be aware that by signing up for any PKI supported service they are also agreeing to be bound by the Digital Identification Service PKI Customer Agreement. The Customer Agreement and Reference Document can be viewed in full by clicking on the links above.

Background

The Bank wishes to provide its customers with the highest levels of security when transacting over the internet. To ensure the security and integrity of these services we provide a Digital Identification Service. Customers applying for the services that use PKI require to register for and be provided with Digital Identity Smartcards that will be used in conjunction with the service. These Smartcards hold a 'certificate' within the chip, which stores personal details uniquely identifying the cardholder, such as:

Name
Email address
Employer
Who it was issued by
When it is valid from / to.

The Digital Identification Service uses security technology to address each of the following principles:

Confidentiality - transmissions sent must be protected in transit and only readable by the intended recipient.

Authentication - it must be possible for the recipient to positively identify the sender of a transmission in real-time.

Integrity - it must be verified that a transmission received is the same as the transmission originally sent.

Non-repudiation - if the above have been ensured, once a transmission is received and processed, the sender cannot claim they did not originate and send the transmission.

Key Management - PKI

The use of PKI enables a secure exchange of digital signatures in open networks where many communication partners are involved.

Digital Identification Service PKI Reference Document

The document has three parts:

Identity Certificate Policy:

The Identity Certificate is only to be used by contracted parties of IdenTrust or IdenTrust Participants in accordance with the Identity Certificate Policy.

Bank IdenTrust Identity Certificates are only to be used for the purpose of providing the following IdenTrust services:

user authenticity
digital signing
non-repudiation.

Identity Certificates restrict services to those described above by defining Key usage fields within the Certificate (See Certificate Profile).

Utility Certificate Policy:

The Utility Certificate is only to be used by contracted parties of IdenTrust or IdenTrust Participants in accordance with the Utility Certificate Policy.

Bank IdenTrust Utility Certificates are only to be used for the purpose of providing the following IdenTrust services:

Data Confidentiality and Integrity
Secure Key distribution
Key Agreement
Digital Signatures
Client Authentication.

Utility Certificates restrict services to those described above by defining Key usage fields within the Certificate (See Certificate Profile)

Dispute Resolution Procedure:

In keeping with the high standard of security offered via the Digital Identification Service, all the relevant legal details are covered within the appropriate reference document.

Another element of a Digital Identification Service is that there are clearly defined procedures in the event of any dispute. These procedures are agreed by all parties involved in supplying and using the Digital Identification Service.

IdenTrust Certificate Practice Statement

The IdenTrust Certificate Practice Statement (CPS) is available to customers on request. Please direct your request to the relevant Service Helpdesk.

Lloyds Bank Business Banking Customers

Return to the Lloyds Bank Business Banking website.

Lloyds Bank Commercial Customers

Return to the Lloyds Bank Commercial website.