BT Managed Secure Messaging. Non-Repudiation Policy

Similar documents
ING Public Key Infrastructure Technical Certificate Policy

Apple Inc. Certification Authority Certification Practice Statement

Apple Inc. Certification Authority Certification Practice Statement

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

CERTIFICATE POLICY CIGNA PKI Certificates

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

ISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

Mailbox Rental Terms and Conditions

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

SAFE-BioPharma RAS Privacy Policy

SSL Certificates Certificate Policy (CP)

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

WISeKey SA ADVANCED SERVICES ISSUING CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENT

Administration of PEFC scheme

ING Corporate PKI G3 Internal Certificate Policy

Smart Meters Programme Schedule 2.1

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Volvo Group Certificate Practice Statement

Terms and Conditions of Mobile Phone Service (Pre-Paid) Between Operator and Subscriber

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

AlphaSSL Certification Practice Statement

Timber Products Inspection, Inc.

Schedule Identity Services

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of

FPKIPA CPWG Antecedent, In-Person Task Group

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

ISO/IEC INTERNATIONAL STANDARD

AGREEMENT FOR USE OF NORTHERN POWERGRID ELECTRONIC MAINS RECORDS

Digital Signatures Act 1

BT Assure Cloud Identity Annex to the General Service Schedule

Version 2.3 Final. TMDB System User Manual (Registrar)

IDENTITY ASSURANCE PRINCIPLES

Avira Certification Authority Policy

VSC-PCTS2003 TEST SUITE TIME-LIMITED LICENSE AGREEMENT

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

RPost's Registered services and Evidence issues within the United Kingdom Legal System

Data Subject Access Request

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

CertDigital Certification Services Policy

An error will be returned by the services when invalid electronic requests are received.

WHC Toolbar. Application User guide. Wholesale Hosted Communications (WHC 3.0)

PKI Disclosure Statement Digidentity Certificates

Unisys Corporation April 28, 2017

User Terms of Service

Error Handling Strategy. DCC Guidance Document

WP24 CFD Settlement: Required Information

LET S ENCRYPT SUBSCRIBER AGREEMENT

DECISION OF THE EUROPEAN CENTRAL BANK

ETSI TR V1.1.2 ( )

Schedule EHR Access Services

Version 2.4 Final. TMDB System User Manual (Registry)

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.

The Open Group Certification for People. Training Course Accreditation Policy

ISO/IEC INTERNATIONAL STANDARD

SIN 508 Issue 1.2 August 2016

Terms and Conditions of Mobile Phone Service (Post-Paid) Between Operator and Subscriber

ECA Trusted Agent Handbook

Error Handling Strategy

Eco Web Hosting Security and Data Processing Agreement

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

GRCA FULL MEMBER GRADE (GRC Manufacturer) Regulations, Membership Procedure and Assessment

ROYAL MAIL GROUP ADDRESS MANAGEMENT UNIT PAF DATA END USER TERMS ( End User Terms )

LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

Validation Policy r tra is g e R ANF AC MALTA, LTD

Wonde may collect personal information directly from You when You:

1. Right of access. Last Approval Date: May 2018

ETSY.COM - PRIVACY POLICY

Suppliers' Information Note. BT LAN Extension Service Service Description

Signe Certification Authority. Certification Policy Degree Certificates

ACCEPTANCE OF ELECTRONIC MAINTENANCE RECORDS

Reference Offer for Leased Line and Ethernet Services

QUICKSIGN Registration Policy

CORPME TRUST SERVICE PROVIDER

Entrust SSL Web Server Certificate Subscription Agreement

TELECOMMUNICATIONS AND DATA CABLING BUSINESSES

PRIVACY NOTICE (TIER 4)

ISO/IEC INTERNATIONAL STANDARD

Director s Requirements No (Issued initially as Practice Bulletin 204)

OTA 2 Scheme Memorandum of Understanding

Implementation Guide for Delivery Notification in Direct

Framework for a Better Ads Experience Program

TIA. Privacy Policy and Cookie Policy 5/25/18

Level 1 Certificate in Reception Services ( )

Wireless Innovation Forum Contribution

Standard. Use of Cryptography. Information Security Manager. Page 1 of 12

Draft ETSI EN V1.0.0 ( )

Notification of Certification Bodies for assessing sustainable forest management in Romania

Certification Practices Statement (CPS) For Use With ARIN Internet Resource Registration Systems

Transcription:

BT Managed Secure Messaging Non-Repudiation Policy

Contents Page 1 Introduction 4 1.1 Scope 4 1.2 Terms and Definitions 4 2 Non-Repudiation Categories 5 2.1 Non-Repudiation of Origin 5 2.2 Non-Repudiation of Receipt 5 3 Non-Repudiation Evidence 6 3.1 Types of Evidence 6 3.2 Evidence Generation 6 3.2.1 Originator NR Evidence Generation 6 3.2.2 Recipient NR Evidence Generation 6 3.2.3 BT NR Evidence Generation 6 3.3 Evidence Retention 7 3.4 Evidence Verification 7 3.5 Evidence Validity 7 4 Obligations 8 4.1 Originator and Recipient Certification Obligations 8 4.2 Originator Obligations 8 4.3 Recipient Obligations 8 4.4 BT Obligations 8 4.5 Trusted Third Party Obligations 9 5 Applicable Law and Liability 10 5.1 Applicable Law 10 5.2 Liabilities 10 6 Dispute Resolution 11 6.1 Initiating NR Claim 11 6.2 Dispute Resolution 11 7 References 13 8 Glossary of Terms 14 Page 2 of 16

9 Authorisation 15 Page 3 of 16

1 Introduction The aim of this document is to define the Non-Repudiation Policy for BT Managed Secure Messaging that is operated and managed by BT. It is intended to specify the criteria for the provision of non-repudiation as part of the service. BT owns and operates a secure infrastructure through which services are delivered to BT Managed Secure Messaging customers. The services delivered through BT Managed Secure Messaging benefit from security features based upon a Public Key Infrastructure (PKI). The PKI delivers electronic trust services to members of the BT Managed Secure Messaging community. 1.1 Scope This document describes the Non-Repudiation Policy elements of the PKI for the delivery of services to customers. The document does not provide details of the design or implementation of the PKI capability, but identifies key elements which are relevant to the non-repudiation of services under the BT Managed Secure Messaging. 1.2 Terms and Definitions Term Recipient Originator Trusted Third-Party Gateway BT Managed Secure Messaging Message Usage in this Document Refers to an organisation with which BT has a contract to deliver secure messages from Originators. BT is also a Recipient when it receives messages on behalf of an Originator from a third-party service provider. Refers to an organisation with which BT has a contract to deliver secure messages to Recipients. BT is also an Originator when it sends messages on behalf of a third-party service provider to a Recipient. BT shall act as a Trusted Third-Party between the Originators and the Recipients, as the Certificate Authority (CA). The BT supplied equipment located at Originator and Recipient sites for secure messaging between Originators and Recipients. There are two types of gateways, a soft gateway application or a hardware gateway The totality of all functions provided by BT as an organisation for delivery of the BT Managed Secure Messaging service and includes Certificates that are used by the Originators and Recipients. Information transmitted between an Originator and a Recipient Page 4 of 16

2 Non-Repudiation Categories Non-repudiation is the concept of ensuring that a party to a communication cannot later deny having taken part in all or part of a communication. Nonrepudiation helps in settling possible disputes over whether a particular event or action has taken place in a communication by collecting, maintaining, making available and validating irrefutable evidence concerning a claimed event or action to resolve disputes about occurrence or non-occurrence of an event or action. This section defines the Non-Repudiation categories supported by the BT Managed Secure Messaging PKI. In the BT Managed Secure Messaging PKI, an originator submits messages to the originator gateway for secure delivery to the recipient gateway. The recipient gateway delivers received messages to the recipient. The following NR categories shall be supported: Non-repudiation of Origin (NRO) Non-repudiation of Receipt (NRR) 2.1 Non-Repudiation of Origin Non-repudiation of origin shall provide evidence that the originator gateway is indeed the genuine originator of a message delivered to the recipient. Originator gateways shall generate evidence of origin in the form of digitally signed messages. Evidence of origin of messages shall be retained by recipients. 2.2 Non-Repudiation of Receipt Non-repudiation of receipt shall provide evidence that the recipient gateway received a message that was submitted by the originator. Recipient gateways shall generate evidence of receipts in the form of digitally signed receipts. Evidence of receipt of messages shall be retained by originators. Page 5 of 16

3 Non-Repudiation Evidence For any non-repudiation, evidence is a crucial focus and this is discussed in the sub-sections below. 3.1 Types of Evidence NR evidence shall include the following: Registration Authority information Certificates all signing certificates issued by the CA Certificate Revocation List (CRL) containing all revoked certificates issued by BT Managed Secure Messaging CA hierarchy and all CRL history (i.e. a revoked certificate may be removed from the live CRL once it has expired) Message data Digital Signatures (digitally signed messages, MDNs, Screen SOAP over https requests and responses) Security context information to identify the message: Date and Time of generation or processing Gateway identification Certificate Identification Message Type (File transfer, Screen SOAP over http(s) etc) 3.2 Evidence Generation 3.2.1 Originator NR Evidence Generation Originators shall generate and retain NR evidence relating to all messages transmitted. These shall include: Message data Digital Signatures (digitally signed messages, MDNs, Screen SOAP over https requests and responses) 3.2.2 Recipient NR Evidence Generation Recipients shall generate and retain NR evidence relating to all messages it received. These shall include: Message data Digital Signatures (digitally signed messages, MDNs, Screen SOAP over https requests and responses) 3.2.3 BT NR Evidence Generation BT shall generate and retain the following NR evidence: Page 6 of 16

Registration Authority information Certificates all signing certificates issued by the CA Certificate Revocation List (CRL) containing all revoked certificates and all CRL history 3.3 Evidence Retention BT shall provide a re-verification service for up to 13 years past the end of the provision of the BT MSM Service. Each party (BT, Originators and Recipients) may securely retain their respective NR evidences for re-verification up to a period of 13 years after the evidence generation. 3.4 Evidence Verification BT shall provide a tool for the digital signature verifications. Originators or recipients shall provide the original message and evidence to be verified. Verification shall be performed as documented in [Ref: 3]. 3.5 Evidence Validity The evidence shall be deemed valid if the output of the validation shows that the signature of the message is valid and that the certificate was not revoked or expired at the time of signing. Page 7 of 16

4 Obligations 4.1 Originator and Recipient Certification Obligations The originators and Recipients shall notify BT promptly as documented in the CP [Ref: 1] when they require their Certificate to be revoked. The originators and recipients shall notify BT promptly of the following changes to their organisation: Change to the organisation name; Merger resulting in change to the organisation name; De-merger resulting in change to the organisation name; Company going bankrupt or entering into administration; Company ceasing operation; Change of Nominators; Change of Gateway Security Officers (GSOs). 4.2 Originator Obligations The originators shall securely store the evidence of receipt of messages sent to the recipients. The originators shall make available when requested the evidence of receipts of messages that is held by them. 4.3 Recipient Obligations The recipient shall securely store the evidence of origin of messages received from the originators. The recipient shall make available when requested the evidence of origin of messages that is held by them. 4.4 BT Obligations BT shall ensure that Certificates are revoked promptly when a revocation request is received as documented in the CP [Ref: 1]. BT shall ensure that Certificate related evidence is generated and retained: Registration Authority information Certificates all signing certificates issued by the CA Certificate Revocation List (CRL) containing all revoked certificates, and complete history of all CRLs BT shall promptly perform non-repudiation verification when requested by either the originator or recipient. Page 8 of 16

4.5 Trusted Third Party Obligations BT shall act as a Trusted Third Party to provide non-repudiation evidence verification in disputes between originators and recipients of BT Managed Secure Messaging. Page 9 of 16

5 Applicable Law and Liability 5.1 Applicable Law The law in England shall apply. 5.2 Liabilities Liabilities shall be as agreed in the contracts between BT and each of the parties. BT shall not be liable for any aspect of a dispute between parties, other than for the provision of the non-repudiation service on request from either or both of the parties in dispute. Page 10 of 16

6 Dispute Resolution The essence of non-repudiation is the provision of irrefutable evidence to support dispute resolution and BT will endeavour to resolve any potential dispute arising from use of BT Managed Secure Messaging. 6.1 Initiating NR Claim Any originator or recipient who has contracted to use BT Managed Secure Messaging shall initiate a Non-Repudiation claim by contacting BT in writing detailing the circumstances to the following address: Project Manager BT Managed Secure Messaging (MSM) BT Guidion House Harvest Crescent Ancells Business Park Fleet Hampshire GU51 2QP Tel: 01252 777714 Fax: 01252 624369 E-mail: msm.support@bt.com 6.2 Dispute Resolution BT shall act as a Trusted Third Party in disputes involving an originator and the recipient. BT shall provide the non-repudiation verification process through validation of evidence using applicable cryptographic key material. This validation will confirm that the evidence is genuine of origin, or of receipt. An originator or recipient may request that BT perform the verification process in respect of specific evidence relating to a dispute or potential dispute. In these circumstances, the requestor shall identify archived evidence in their possession and provide that evidence to BT for the purposes of the verification process. BT shall perform the requested verification process and notify the outcome of that process to the requesting party - see [Ref: 3] for details of verification procedures. If either or both of the originator or recipient fails to fulfil their obligation in respect of the long term archive of evidence and cannot provide the evidence then BT shall not be obliged to perform a non-repudiation verification process and shall not be responsible for any aspect of dispute resolution between the parties. Page 11 of 16

If either or both of the originator or recipient does not accept the verified evidence provided by BT, then BT shall not be responsible for any further aspect of disputes resolution between the parties. Page 12 of 16

7 References 1. Certificate Policy 2. S3 PKI Design 3. Non-Repudiation Procedures Page 13 of 16

8 Glossary of Terms Term PKI NR NRO NRR CA CRL TTP SOAP STP HTTPS GSO MDNs Description Public Key Infrastructure Non-Repudiation Non-repudiation of Origin Non-repudiation of Receipt Certificate Authority Certificate Revocation List Trusted Third Party Simple Object Access Protocol Straight Through Processing Secure Hyper Text Transfer Protocol Gateway Security Officer Message Disposition Notifications Page 14 of 16

9 Authorisation Owner Jasper Lanek Issue and Date Issue 1.2 : Dated July 2010 Location of electronic copy P:\ISC\Documents\tScheme\Approved Change Authority Andy Travell Distribution BT Managed Secure Messaging Programme Author Jasper Lanek Audience BT Staff and BT MSM Subscribers Issue Author Date Details of Change 1.0, 1st Draft Jasper Lanek Draft issued for review 1.0 Jasper Lanek 26/02/08 Comments following QA Review 1.1 Jasper Lanek 20/05/08 Replaced BT Secure Messaging Service with new name BT Managed Secure Messaging and removed references to IFM. 1.2 Jasper Lanek July 2010 Minor update to referenced document location and contact e-mail Approvals This document requires the following approvals. Signed approval forms are filed in the project files. Name Signature Title Date of Version Issue Andy Travell IFM Project Manager 09/07/10 1.2 All information in this document is provided in confidence for the sole purpose of adjudication of the document and shall not be used for any other purpose and shall not be published or disclosed wholly or in part to any other party without BT s prior permission in writing and shall be held in safe custody. These obligations shall not apply to information which is published or becomes known legitimately from some source other than BT. Many of the product, service and company names referred to in this document are trademarks or registered trademarks. They are all hereby acknowledged. British Telecommunications plc 2010 Registered Office: 81 Newgate Street, London EC1A 7AJ Page 15 of 16

Offices worldwide British Telecommunications plc 2010 Registered office: 81 Newgate Street, London EC1A 7AJ Registered in England No: 1800000

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback