Index of documents supporting the Grant of Approval to CitiBank’s Citi Issuance Services.

  1. What the tScheme Approved Service Mark signifies.
  2. Approved Service - Service Description
  3. Approval Profiles used in the assessment:
    Base Approval Profile tSd0111 3.00
    Approval Profile for a Certification Authority tSd0102 3.01
    Approval Profile for Certificate Generation tSd0104 3.01
    Approval Profile for Certificate Dissemination tSd0105 3.01
    Approval Profile for Certificate Status Management tSd0106 3.01
    Approval Profile for Certificate Status Validation tSd0107 3.01
    Approval Profile for Registration tSd0042 3.02

Back to Grant details

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.


Approved Service - Service Description

The subject service of this Grant of Approval is the Citi Issuance Services from Citibank, N.A.

Citi’s service offering is a hosted environment through which customers can manage the issuance process on a per request or bulk upload basis, including registration, and lifecycle management of Trust Network and SAFE-BioPharma digital certificates that are issued to individual end-users as well as applications or servers of customers.

Citi’s Issuance Services for SAFE-BioPharma compliant digital certificates are governed by the SAFE-BioPharma standard operating model which adds a controlled contractual layer to the business-to-business transactions which rely on digital certificates. Citi Issuance Services for Trust Network digital certificates are governed by IdenTrust standard rule set.

Citi’s solution is comprised of five main service components:

  1. Citi SAFE Certificate Authority (Citi CA) Citi’s public key infrastructure (PKI) Certificate Authority, which complies with SAFE-BioPharma Certificate Policy and has been cross-certified with the SAFE-BioPharma Bridge Certificate Authority.
  2. Citi Trust Network Certificate Authority (Citi TN CA) Citi’s public key infrastructure (PKI) Certificate Authority, which complies with IdenTrust Certificate Policy and standard rule set.
  3. Online Certificate Status Protocol (OCSP) Responder (Citi Validation Service) provides applications an online responder for validating the status of a given digital certificate in real-time.
  4. Certificate Management Services application (Citi CMS) - which is an online application that provides a web interface for administrators and end-users to manage the registration and lifecycle of digital certificates under a delegated administration model, enforcing granular access rights.
  5. Citi Identity Gateway provides a SOAP over HTTP(S) web service, compliant with WS-Security standards, that serves as a communication/transformation hub between the Citi CA and client applications that provide RA functions.

Through this services infrastructure, Citi is able to provide its customers with SAFE-BioPharma and Trust Network digital certificates as an on-demand model via either a fully managed Application Service Provider (ASP) based solution with minimal footprint or IT infrastructure required on the customer environment; or an integrated, managed web service, which customers can invoke through their existing IT infrastructure. .


The tScheme Code of Conduct

Participants in the electronic trust services industry strive: