1. PKI in the Swedish public sector Decentralised administration - each agency make their own decisions PKI in different situations: internally within an agency/authority between authorities, local and national government e-services to citizens and industry

2. Background, PKI in Sweden Electronic id-cards are used internally within the public sector in some large agencies approximately 50 000 cards, for sign on, electronic signatures and disk encryption Standards for certificates and smart card are defined by the association SEIS. These standards are now being introduced internationally.

3. Current situation PKI Statskontoret has general contracts for standardised electronic id-card for use internally within the public sector - pilot projects There is a need for PKI identification of companies and citizens for government electronic services Several CA:s are active, but most in close environments: internally within large corporations, government agencies, banks

4. Planned e-services g2b g2c RSV -business monthly tax declaration RSV-PRV Starting a business RFV sickness and parent benefits AMS employer and job seeker communication web sites CSN student loan system Real estate board applications

5. Scope IdentificationE-mail Signed Program- (Interactive web)documentsprogram govement orgintranetinternal e-mailapprovals internalsingle sign-onexpence accounts gov org-decisionsdecisionsSHS-SHS gov orgconsiderations ad- hoc gov-check companymattersreports, declaratione-commerce businessinformationbeslut application gov-check personalmatters affirmation citizeninformation

6. Low cost and ease of use Acceptable security E-services Qualified electronic signatures Digipass secure identification. Signatures and identification with soft keys Signatures and identfication with hard keys

7. Aspects of security Full control of private key Key cannot be copied CA supervised Secure signatur device Personal attendance w issued cert ”strong” encryption Signing: - data integrity - signature

8. Qualified electronic signatus Secure identification digipass Signatures/ identification soft keys Signatures/ identification hard keys Key cannot be copied CA super- vised Secure signing device Full control of private key Full control of private key Key cannot be copied Key cannot be copied Full control of private key Full control of private key Signing: - data integrity - signature Signing: - data integrity - signature Signing: - data integrity - signature Personal attendance w issued cert Personal attendance w issued cert Personal attendance w issued cert Personal attendance w issued cert

9. Suggested idea 3 classes of certificates Class 3: –electronic signatures when signing is required –information that requires a high degree of privacy –smart cards for private keys –issued by personal attendence Class 2: –sign on –digitial signatures for identification –private keys stored in software –issued by personal attendence Class 1: –other certificates

10. One certificate format - several packages?? X.509 v3 RFC 2459 - PKIX Swedish standard for electronic ID-cards: SS 61 43 31-32 Health care certificates Finnish EID-specs SAT - testspec for certifikat Swedish banks’ certificate policy

11. Certificate standards X.509 v3 RFC 2459 Smart card SS614331-32 FINEID Bank cert (PKCS#11) (PKCS#12) PKCS#15

12. EID-cert identifies a person w personal id certificate for organisation E-post- certifikat E-mail- certifikat Several certificates are needed

13. Electronic id-card EID-cert identifierar individ m personnr Organisation certificates