Index of documents supporting the Grant of Approval to Royal Bank of Scotland’s Trustassured service.

  1. What the tScheme Approved Service Mark signifies.
  2. Approved Service - Service Description
  3. Approval Profiles used in the assessment:
    Base Approval Profile tSd0111 3.00
    Approval Profile for a Certification Authority tSd0102 3.01
    Approval Profile for Signing Key Pair Management tSd0103 3.02
    Approval Profile for Certificate Generation tSd0104 3.01
    Approval Profile for Certificate Dissemination tSd0105 3.01
    Approval Profile for Certificate Status Management tSd0106 3.01
    Approval Profile for Certificate Status Validation tSd0107 3.01
    Approval Profile for Registration tSd0042 3.02

Back to Grant details

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.


Approved Service - Service Description

The subject service of this Grant of Approval is the Trustassured Service provided by The Royal Bank of Scotland. The Trustassured Service provides an umbrella framework for the delivery of a range of services to business customers to enable them to transact in greater confidence in on-line environments.

At the core of the service is the ability to identify counterparties, thereby allowing customers to perform a range of on-line transactions on a global basis with the assurance that their trading partners are, indeed, who they say they are. This fundamental Identity Validation Service (IDV), backed by IdenTrust certificates, is central to each individual service that is delivered under the Trustassured brand.

RBS initially delivered a sign and store document management workflow application for Lombard, the leasing subsidiary of RBS. This application allows customers of Lombard to digitally sign leasing applications and associated documentation on-line. This application helps to eliminate logistical delays associated with traditional paperwork, and is improving customers’ control over their total working capital management.

Trustassured is the provider to the RBS Group of the credentials that are used for the BACStel-IP payment solution with in excess of 56,000 IdenTrust-based Smartcard tokens being used for this service. The responsibility for Registration and in particular ‘Know Your Customer’ is fulfilled by the respective Relationship Manager within the RBS Group.

Additionally RBS through use of ‘Whitelabel Services’ support seven other Banks in providing their credentials for the BACS Service. Some of the RBS BACS subscribers will make use of the HSM capability and hold their Certificates in this medium. In this case the responsibility for registration and ‘Know Your Customer’ is fulfilled by the respective Bank who owns the end customer relationship.

RBS Trustassured ‘Sign & Store’ was a web based document exchange application that facilitates legally binding online signatures of files and documents through use of IdenTrust digital certificates. Being a Web based application the only Hardware / Software that needs installation at the registered user?s premises is the standard Trustassured Smartcard and card reader.

Trustassured digital certificates are provided to customers in the form of smartcards (with accompanying smartcard readers and signing software). Smartcards represent a stronger form of identification than software based certificates in that they represent something the user has in their possession to undertake a transaction, as well as something they know (password). Software certificates however only represent something that is known (PIN / Password) and are therefore more open to malicious attack.

In the case of relying parties, it is necessary to provide the necessary hardware and software to be able to generate the requisite IDVs. The hardware is provided in the form of a Hardware Security Module (HSM) to store the customer’s digital signing keys and the software is called the DSMS (Digital System Messaging System) which is the software necessary to create, send and receive the IDV check (OCSP messaging standards).


Currently the Trustassured Service is only available to non-consumer entities, i.e. business customers and their employees, partnerships, government agencies, associations and sole proprietorships.

RBS will only issue Trustassured Services to approved customers who have fulfilled stringent ‘Know Your Customer’ requirements as laid down within the extensive IdenTrust Operating Rules and in accordance with the Group Corporate account opening procedures that are regulated by the Financial Services Authority (FSA). Each customer signs a Customer Agreement which binds each end-user to a clearly defined set of Terms and Conditions and Certificate Policies under which the digital certificates may and may not be used.


The tScheme Code of Conduct

Participants in the electronic trust services industry strive: