The use of solutions for electronic identification, authentication and non-repudiation - PTS-ER-2004:3
23/02/2004
The National Post and Telecom Agency (PTS) has been assigned by the Government to describe the use of solutions for electronic identification, authentication and non-repudiation in Sweden. This assignment includes describing the actors in the Swedish market, the scope of use among businesses and consumers, and also comparing this with the use within the EU. PTS shall also report on the impediments to increased use and submit proposals for measures to eliminate these and also concerning PTS’s role in this work.
The results of PTS’s surveys show that it is currently primarily banks and public authorities that offer consumers e-services requiring electronic identification, authentication and non-repudiation. Internet banks are used extensively, but otherwise the use is limited. A precondition for increased use among consumers is that there are more e-services that require electronic identification, authentication and non-repudiation. It is also important to increase knowledge about the services and solutions available.
Most Swedish businesses have some kind of solution for authentication in the business’ IT system. User names and static passwords are the most common solution. It is primarily small businesses that do not have any solutions at all for authentication. Just more than ten per cent of businesses use certificate solutions in their internal IT systems, predominantly large businesses. One-third of businesses use electronic signatures. It is primarily the absence of need and business benefit that impede businesses.
Use within the EU is also limited. It is primarily banks and public authorities that offer services that require electronic identification, authentication and non-repudiation.
PTS proposes that governmental offices implement the following measures. • Develop more e-services that require electronic identification, authentication and non-repudiation and also disseminate information about the public authority services that already exist.
- Provide good examples of how the technology can be used to make processes more efficient and simultaneously enhance security.
- Establish joint public authority guidelines showing what solutions for electronic identification, authentication and non-repudiation are required for various kinds of e-services. PTS proposes that the public authorities that have already been assigned to promote the development of new e-services, for example the Swedish Agency for Administrative Development or the Swedish Tax Agency, are directed to collaborate with other public authorities regarding the production of such guidelines.
- Provide information about the security of the solutions in existence, particularly to consumers and small businesses. PTS intends to supplement the information about Internet security on its website with further information about different solutions for electronic identification, authentication and non-repudiation.
- Ensure that impediments in the nature of legal requirements on form are eliminated if possible.