Processi - Rilascio di certificati

Emissione sincrona - Ufficiale LRA

Richiedere ed emettere smartcard e certificati con il «processo di emissione sincrono».

• Per il rilascio sincrono della smartcard di classe B, il richiedente/utente finale viene invitato a un colloquio con il LRA-Officer in cui deve portare i suoi documenti di viaggio in corso di validità (carta d’identità/passaporto).
• Il LRA-Officer verifica l’identità del richiedente.
• I certificati di classe B vengono caricati su una smartcard contenente le chiavi digitali (prestaged).
• Durante questo processo le chiavi vengono firmate e i certificati vengono personalizzati.
• A tale scopo, il LRA-Officer utilizza lo strumento «Walk-In Wizard», che offre anche l’opzione di sbloccare la carta utente.
• Il richiedente/utente finale inserisce il PIN nel wizard.

Emissione asincrona - RIO

Richiedere ed emettere smartcard e certificati con il «processo di emissione asincrono».

• Issuance via the so-called RIO process is mainly relevant for offices and organisations affiliated to the Confederation that are located on several sites. This process allows personal identification and card issuance to be locally isolated while performing the issuance process securely.
• When instructed to do so by their line manager or HR unit, the certificate recipient/end user goes in person to the responsible RIO. The RIO identifies them by means of a valid travel document (ID/passport) and enters the personal details, and especially the serial number of the prepared smart card, in a certificate request.
• The verified travel document (ID card/passport) is copied onto the printed request (see below). The resulting document is signed by both the RIO and the certificate recipient/end user. The RIO then hands over the smart card to the certificate recipient – note that the card is not yet personalised and does not contain a certificate – and the recipient signs a receipt together with the subscriber agreement. The RIO scans the request documents and sends them in an email, which the RIO signs with their own class B certificate, to the responsible LRA officer.
• The LRA officer checks the request and then issues the personal certificate for the certificate recipient/end user. As part of this process, an eTicket is automatically generated in the system. The LRA officer uses the generated eTicket number to print out the unseal document and sends it, either by post to the certificate recipient's/end user's private address or by signed and encrypted email to the RIO for forwarding to the certificate recipient.
• The certificate recipient/end user can now use the smart card and the eTicket number to launch the unseal wizard at a workstation with two card readers, and unseal their smart card (see sub-process Unseal class B smart card) in the «Token unseal» menu. Their certificates are written onto the card and the PIN is set. The card is now ready for use.