All messages sent via SEFOS are encrypted by SEFOS, outside Microsoft's control, with unique keys according to the AES256 standard. This makes it possible to use SEFOS together with Microsoft products without Schrems II or similar laws and rulings enabling outside organizations accessing the information.
With SEFOS, users can be identified with different types of identification methods. Everything from BankID, Freja eID and SITHS card, to SMS, email, and password.
With SEFOS, users can send messages to two types of recipients. Either as a registered SEFOS users or a recipient without connection to the service. All types of recipients can reply to a message to create bidirectional communication.
A recipient who is registered to SEFOS can be addressed without the need for the sender to know which ID method the recipient is using. You also do not need to set any attributes, such as social security number or similar.
Instead, what you decide is which Level Of Assurance (LOA) the recipient must fulfill in order to receive the information. This is also connected to the e-mail address of the user. For example, if you select LOA 3, this means that the recipient needs to use one of the ID methods that meet this level of assurance, to open the message. If a user who only uses a password to log in to SEFOS, receives a LOA3 message, the user will be requested to change its login method to open the message.
If you choose to send a message to a recipient who is not registered to a SEFOS node, instead you will be asked to select the identification method for the recipient.
Depending on the level of assurance (LOA) you ask for the recipient to provide, you will be able to select different ID-methods. For the highest level, LOA3, a e-identification or equivalent or an organizational ID such as a SITHS card or similar will be required. But you can also choose a lower level of assurance and address recipients via two-factor authentication through e-mail and SMS-verification.
Thanks to sensitive information and data being separated from Microsoft and handled outside the applications, we can benefit from Outlook and Teams while ensuring that regulations such as GDPR are met. The sensitive information is transported encrypted between the SEFOS nodes that different users are connected to and handled completely outside Microsoft's control.
If your organization does not use Microsoft applications, it is possible to use SEFOS as a separate web service alt. integrate the technology into another application.
To be able to use SEFOS, your organization first need to be connected to a what is called SEFOS-node.All nodes can communicate with each other and together they create a SEFOS network. As an organization, you can either be connected to a shared node, or have your own dedicated node.. You can also choose whether the node is to be installeras i er egen IT-miljö eller konsumeras as a service.
SEFOS erbjuds som tjänst och kan via vår svenska tjänsteleverantör säkerställa att all data som hanteras via våra SEFOS-noder, stannar inom Sverige. Vi kan därmed också uppfyll ett flertal certifieringar som ISO 9001, 14001, 22301 & 27001.
With a dedicated SEFOS-node you get the opportunity to also customize messages that are being sent to recipients who are not registered to SEFOS.
You can add your own logo, use your own domain address and link any agreements you have with various eID providers to these messages. A dedicated node is for you if you wish to further customize these messages and create greater trust when addressing a recipient who is not connected to SEFOS.