“With Thales HSMs, the digital certificates that enable services are protected from manipulation. This ensures the integrity of the entire system.”

Download in PDF »

Preventing fraud with digital identities

Established in 1959 to offer clearing of payments and transfers between Swedish banks and their customers, BGC is a critical part of Sweden’s financial system. In addition to processing payments, BGC develops and manages one of the world’s most innovative public key infrastructures (PKIs) for a consortium of nine Swedish banks. This PKI is the foundation for BankID, a system that authenticates users’ access to online banking and an array of government and business services.

When BGC and the banks designed BankID, they knew that a highly secure certificate authority (CA) was necessary to ensure the validity of the digital certificates that would be used to identify users. The CA issues, validates, and revokes the certificates that authenticate BankID identities, enabling protected transactions, legally binding digital signatures, and safe transmission of information. BGC and the banks decided that the best way to protect the integrity of user identities was to secure the issuance of the digital certificates within a hardware security module (HSM).

“It’s important that the keys protecting the issuance of digital certificates be safeguarded within the secure environment provided by HSMs,” says Gunnar Claesson, product manager for BGC’s PKI Services group. “Using HSMs to secure the BankID system was a core requirement for the banks to protect themselves and users from financial fraud.”

The secure solution for issuing and validating certificates

Long before undertaking the development of BankID, BGC recognized the need for hardware-based protection of private keys, and in 2001, it began using nCipher HSMs to secure its PKIs. When the BankID system was designed, BGC again chose nCipher HSMs, opting to deploy the network-attached nCipher netHSM.

“Thales nCipher HSMs provide a secure environment for efficiently issuing certificates used for legally recognized digital signatures,” explains Mr. Claesson. “With Thales nCipher HSMs, the digital certificates that enable services are protected from manipulation. This ensures the integrity of the entire system.”

24/7 availability essential

Since launching in 2003, the BankID system has proved popular. That’s hardly surprising given the many online services it offers consumers, and the opportunities it delivers to government agencies and businesses. For example, users can access over 300 services, including being able to file their taxes, change their address, make purchases, and apply for building permits or other government services. Organizations that join the system gain access to the participants, enabling them to easily serve citizens or win new customers.

More than 1.5 million people use the BankID system—a number that is growing each day. The entire system was designed with a redundant architecture to maximize uptime. Supporting many servers simultaneously, each of BGCs nCipher netHSMs helps to fulfill the availability needs of the mission-critical CA.

According to Mr. Claesson, “nCipher netHSMs are always available to the redundant servers, ensuring the high level of availability we need. Even services that have traditionally required a physical signature, such as applying for Swedish Social Insurance services, are continuously available and convenient.”

Support for optimal performance

Beyond its redundant architecture, BGC also relies on nCipher Support to help ensure exceptional system performance and availability. With nCipher Platinum Support, BGC gets 24/7 access to phone support and rapid replacement of HSMs, if needed.
According to Mr. Claesson, nCipher Support has delivered significant value to BGC. He says, “We are confident that answers to technical questions and equipment support are only a phone call away. nCipher Support definitely helps us to maximize uptime.”

Accelerating user adoption and innovation

The future looks very bright for BGC, the banks that own the BankID system, and the system’s end users. Why? The system is expected to grow significantly while allowing the banks to enjoy lower costs.

Mr. Claesson explains, “We expect more than 2.5 million people to use the BankID system by 2010. As more people use the system, transaction costs go down for the banks, and more organizations will purchase access to offer services. Those organizations will expand the scope of services offered to end users. Everyone wins, and thanks to nCipher HSMs, everyone is protected.”

BGC is proud of the system and its PKI services, but the company sees further room to innovate. “Whether we are managing the BankID system or processing transactions for banks, we are focused on continually improving service,” says Mr. Claesson. “Security is essential to our services, and nCipher netHSMs make it possible to provide the secure environment necessary for delivering innovation to the financial sector.”

Company Profile

BGC is a critical part of the Swedish financial infrastructure. Each day it processes as much as SEK 50 billion in transactions, and it serves 70 percent of all Swedish corporations, authorities, and organizations.

BGC’s PKI Services group provides hosted CA services to financial institutions and businesses within Sweden. Its customers include the BankID system, an online transaction and secure services system owned by nine of Sweden’s leading banks. By 2010, nearly 30 percent of the population of Sweden is expected to use the system.

BGC:

• Established in 1959
• Employs 240 people

Owned by SEB, Swedbank, Handelsbanken, Nordea, Danske Bank, SkandiaBanken, Kaupthing Bank Sverige, and Länsförsäkringar Bank

To learn more about the BGC, visit www.bgc.se.

For more information about nCipher products and services, visit www.ncipher.com.