The Icelandic PKI project

Jóhann Gunnarsson

Head of Division, Ministry of Finance

Welcome to Iceland

Where are we?

The Mid-Atlantic Ridge

FARICE (2003/4)

Land and population

• Land size:– 103 000 sq. km

• Population:– 293 600– 2.8 inhabitants per sq. km

• Whereof in Reykjavík and suburbs:– 62%

Foreign revenue 2003

Landbúnaður1%

Stóriðja14%

Iðnaðarvörur8%

Aðrar vörur2%

Samgöngur13%

Ferðaþjónusta13%

Þjónusta10%

Sjávarafurðir39%

Total value 284,457 million. kr.

Agricultural products

Heavy industry

Manufacturing

Other products

Transport

Tourism

Services

Marine products

Payment card transactions -per capita in Europe

0 50 100 150 200 250

Denmak

Finland

Ireland

Germany

Sweden

Netherlands

United Kingdom

Norway

Iceland

Source : European Payment Cards / Litill Heimur Consultancy Ltd.

Information Society Task Force

• Government strategy 1996• New strategy 2004

World Economic Forum

7

8

WorldEconomicForum

Capgemini survey

Only Austria and Belgium have grown faster46, 44 and 38%

Capgemini survey

Only Austria and Sweden have grown faster57, 46, 39%

Statistics

– Companies• 99% have computers• 97% have Internet connection• 81% have “broadband” Internet connection (ADSL or

faster) • 70% have own website

Figures from 2003

Statistics

• Households– 86% own a computer– 80% have Internet connections– around 80% of Icelanders use the Internet– 63% use it once pr. day or more– around 82% of individuals submitted tax

declarations 2003 on-line

Figures from 2004

The legal side

• Act No 28/2001 on electronic signature• Act No 30/2002 on Electronic Commerce and

other Electronic Services• Administrative Procedures Act no. 37/1993

– New section: ,,e-Procedures“• Administration decides whether to offer e-Procedures or

not• Qualified e-Signature always valid

Public key infrastructure

• Task force 2001• Government policy 2002• Pilot project 2003

– First certificate issued May 27., 2003

Digital certificate project 2003

• Digital certificates at the Directorate of Customs and the Directorate of Fisheries

• The pilot project– Led by the Ministry of Finance– Participants: Various institutions and directorates

Aims of pilot project

• Expand the Customs solution to include:– Opportunity for other agencies– More stringent rules for identification

• Develop Certification policy and practice• Test interoperation of certificates from various

vendors• Introduce the concept to business and public• Gather experience to build on our future PKI

The solution

• Certificates and supporting systems licensed from Verisign Corp. through Skýrr hf.

• Two types of certificates:– public for signing and encrypting e-mail etc.– private for accessing government systems like

customs and VAT

CPR of cert. holderEmail of holder

CPR of employer

CPR of responsible executive

Private root certificate

Private root certificate

Public root certificate

Public root certificate

Certificate policy

The Government of Iceland Certificate policy for official certificates in

eGovernment.

Requirements for Certification Authorities issuing public key

certificates.

Basic premises of CP

• Certification and certificate production sevices in an open market

• Free competition for any market player• Certificates for the administration, the business

community and the public• Single certificate for access to multiple services

– Interaction with various government services– Interaction with various private businesses using the same

certificates

• Use of certificates in cross-border transactions

Reference documents

• ETSI TS 102 042 v 1.1.1 (2002-04): Policy requirements for certification authorities issuing public key certificates– The organization of a CP– Contents

• Certifikatpolitik for OECS-certifikater– The Danish government CP for 3 types of

certificates– Conforms to ETSI TS 102 042