Skip to main content

Public Key Infrastructure (PKI) Agreement

The PKI Agreement and related reference document form an integral part of the documentation required to access the Corporate Online service. Customers should be aware that by signing the Corporate Online agreement they are also agreeing to be bound by the PKI Agreement Terms and Conditions. Both of these documents can be viewed in full by clicking on the links opposite.

Any customers using cards issued after 2nd of November 2018 should refer to the SHA2 version of the Digital Identification Service whilst any existing cards (issued up to 2nd of November 2018) should continue to refer to the SHA1 Digital Identification Service document until their card needs to be replaced. Please note there is no change to the Terms and Conditions.

Background

The Bank wishes to provide its customers with the highest levels of security when transacting over the internet. To ensure the security and integrity of the Corporate Online service we have developed a Digital Identity Service. Customers applying for the services that use PKI require to register for and be provided with Digital Identity Smartcards that will be used in conjunction with the service. These Smartcards are similar to any standard bank card, with one main difference, in that the 'chip' holds a 'certificate'. This stores personal details uniquely identifying the cardholder, such as:

  • Name
  • Email address
  • Employer
  • Who it was issued by
  • When it is valid from / to

The PKI service uses the latest security technology to address each of the following principles:

  1. Confidentiality - transmissions sent must be protected in transit and only readable by the intended recipient.
  2. Authentication - it must be possible for the recipient to positively identify the sender of a transmission in real-time.
  3. Integrity - it must be verified that a transmission received is the same as the transmission originally sent.
  4. Non-repudiation - if the above have been ensured, once a transmission is received and processed, the sender cannot claim they did not originate and send the transmission.

Key Management - PKI

The use of PKI enables a secure exchange of digital signatures in open networks where many communication partners are involved.

Digital Identity Service Reference Document

The document has three parts:

  1. Identity Certificate Policy:
    The Certificate Authority (CA) is the entity responsible for issuing and administering the digital certificates. The CA acts as the agent of trust in the PKI.

    Users need to be able to determine the degree of assurance or trust that can be placed in the authenticity and integrity of the public keys contained in certificates the CA issues. The information upon which such determinations can be made is documented in the Identity Certificate Policy.
  2. Utility Certificate Policy:
    The Registration Authority (RA) is responsible for recording and verifying all information the Certificate Authority needs.

    Utility Certificates are issued within Lloyds Banking Group companies, allowing digital certificates to be issued to customers.

    Certificates are only issued to individuals and organisations that have signed a Corporate Online customer agreement (in doing so customers also agree to be bound by the PKI Terms and Conditions).
  3. Dispute Resolution Procedure:
    In keeping with the high standard of security offered via the Digital Identity Service, all the relevant legal details are covered within the appropriate reference document.

    Another element of a PKI service is that there are clearly defined procedures in the event of any dispute. These procedures are agreed by all parties involved in supplying and using the Digital Identity Service.

If customers require any further information regarding the Digital Identity service they can do so by reading the PKI explained document. Any customer using cards issued after 2nd of November 2018 should refer to the SHA2 version of the Digital Identification Service [PDF] whilst any existing cards (issued up to 2nd of November 2018) should continue to refer to the SHA1 Digital Identification Service [PDF] document until their card needs to be replaced. Please note there is no change to the Terms and Conditions.

The Certificate Practice Statement (CPS) for the Digital Identity PKI service is available to customers on request. Please direct your request to the relevant Service Helpdesk.