PKI in the Swedish public sector Decentralised administration - each agency make their own decisions PKI in different situations: internally within an.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Public Key Infrastructure and Applications

Mr. Aivars Paegle, Legal manager at The Register of Enterprises of the Republic of Latvia, Juridical Division Workshop on Single Institution for Registration.

IPM THEORY CHALLENGE QUIZ NUMBER 3 Unit 3 Outcome 3.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

The Icelandic PKI project Jóhann Gunnarsson Head of Division, Ministry of Finance.

The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, Taavi Valdlo Estonian Informatics Centre

The Leading Information Centre Conference on Interoperable European ID Haikko, Finland 3-5 April 2002.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

European Electronic Identity Practices Country Update of Norway Speaker: Sverre Bauck Date:

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Comments to “the concept of e-government formation in Russia until 2010” Åke Grönlund Örebro University, Sweden

Bill Maaske CIO AZ Secretary of State

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.

Country Update: Austria Herbert Leitold Secure Information Technology Center - Austria

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

GEORGE MILLER BLUE TEAM CS 410 Mobile Digital Signatures A Mobile Access Defense Health System (MADHS)

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Estonian Informatics Centre 2nd Conf. on eServices in E. C. R.1 Estonian example of integration e- government services Ahto Kalja Tallinn Univ. of Technology,

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

E-Gov SLO 1 of 29 A to Z of the Slovenian e-Government Boštjan Tovornik, M.Sc Ministry of public administration.

EGov Interop'05 - Feb 23-24, Geneva (Switzerland) OBSERVATORY ON INTEROPERABLE eGOVERNMENT SERVICES eGov-Interop'05 Annual Conference February.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.

IT in the Swedish public sector Britta Johansson

The Swedish Land Information System as means for trust and efficiency for citizens and business Bo Lauri, , Baku.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

SODA Archiving October 2013

Slovenian Governmental Certification Authority Dr. Aleš Dobnikar Government Centre for informatics of the Republic of Slovenia 4th Business and Government.

E-Government as customer Mait Heidelberg Ministry of Economic Affairs and Communications

EGovernment Services in Poland Today & in The Future Dariusz Bogucki Ph.D, IDA II, National Co-ordinator National Registers Department, Ministry of Internal.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode.

Configuring Directory Certificate Services Lesson 13.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

The Porvoo Group Tapio Aaltonen Director, CA-services, co- chair Porvoo Group Population Register Centre Finland.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

/ 8 FEIDHE Electronic Identification in Finnish Higher Education Janne Kanner FEIDHE Electronic Identification in Finnish Higher Education.

Digital Signatures and Digital Certificates Monil Adhikari.

European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

E-Business – Technology and Networks Barani institute of Management sciences Fazal Rehman Shamil

Bulding blocks of e- government Ingmar Pappel. Bulding blocks of e-government  Personal Code  Digital Identity  Digital signature  X-Road  Organizations.

Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.

NEW TECHNOLOGIES FOR CITIZENS AND TAX SYSTEM ELECTRONIC TAX RETURN FILING SYSTEM July, 2000 GRUPPO TELECOM ITALIA - FINSIEL.

PEPPOL meeting - Sweden country presentation Irene Andersson, Swedish Agency for Administrative Development, VERVA, June 11, 2008.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Smart Data infrastructure

Getting Started Basic Paperwork I-9 W-4 Direct deposit

For you ― Finnish Tax Administration's eServices

The Swedish strategy on eGovernment

”From Policy to Practice”

Getting Started Basic Paperwork I-9 W-4 Direct deposit

Presentation transcript:

PKI in the Swedish public sector Decentralised administration - each agency make their own decisions PKI in different situations: internally within an agency/authority between authorities, local and national government e-services to citizens and industry

Background, PKI in Sweden Electronic id-cards are used internally within the public sector in some large agencies approximately cards, for sign on, electronic signatures and disk encryption Standards for certificates and smart card are defined by the association SEIS. These standards are now being introduced internationally.

Current situation PKI Statskontoret has general contracts for standardised electronic id-card for use internally within the public sector - pilot projects There is a need for PKI identification of companies and citizens for government electronic services Several CA:s are active, but most in close environments: internally within large corporations, government agencies, banks

Planned e-services g2b g2c RSV -business monthly tax declaration RSV-PRV Starting a business RFV sickness and parent benefits AMS employer and job seeker communication web sites CSN student loan system Real estate board applications

Scope Identification Signed Program- (Interactive web)documentsprogram govement orgintranetinternal approvals internalsingle sign-onexpence accounts gov org-decisionsdecisionsSHS-SHS gov orgconsiderations ad- hoc gov-check companymattersreports, declaratione-commerce businessinformationbeslut application gov-check personalmatters affirmation citizeninformation

Low cost and ease of use Acceptable security E-services Qualified electronic signatures Digipass secure identification. Signatures and identification with soft keys Signatures and identfication with hard keys

Aspects of security Full control of private key Key cannot be copied CA supervised Secure signatur device Personal attendance w issued cert ”strong” encryption Signing: - data integrity - signature

Qualified electronic signatus Secure identification digipass Signatures/ identification soft keys Signatures/ identification hard keys Key cannot be copied CA supervised Secure signing device Full control of private key Full control of private key Key cannot be copied Key cannot be copied Full control of private key Full control of private key Signing: - data integrity - signature Signing: - data integrity - signature Signing: - data integrity - signature Personal attendance w issued cert Personal attendance w issued cert Personal attendance w issued cert Personal attendance w issued cert

Suggested idea 3 classes of certificates Class 3: –electronic signatures when signing is required –information that requires a high degree of privacy –smart cards for private keys –issued by personal attendence Class 2: –sign on –digitial signatures for identification –private keys stored in software –issued by personal attendence Class 1: –other certificates

One certificate format - several packages?? X.509 v3 RFC PKIX Swedish standard for electronic ID-cards: SS Health care certificates Finnish EID-specs SAT - testspec for certifikat Swedish banks’ certificate policy

Certificate standards X.509 v3 RFC 2459 Smart card SS FINEID Bank cert (PKCS#11) (PKCS#12) PKCS#15

EID-cert identifies a person w personal id certificate for organisation E-post- certifikat - certifikat Several certificates are needed

Electronic id-card EID-cert identifierar individ m personnr Organisation certificates