European electronic identity practices
This presentation is the property of its rightful owner.
Sponsored Links
1 / 27

European Electronic Identity Practices PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

European Electronic Identity Practices. Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005. CA organisation. Responsible CA organisation : Population Register Centre (PRC) The background of the organisation : PRC operates under Ministry of the Interior

Download Presentation

European Electronic Identity Practices

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


European electronic identity practices

European Electronic Identity Practices

Country Update of Finland

Speaker: Päivi Pösö

Date: 26.5.2005


Ca organisation

CA organisation

  • Responsible CA organisation: Population Register Centre (PRC)

  • The background of the organisation: PRC operates under Ministry of the Interior

  • Description of the existing CA infrastructure: PRC is the CA in public sector. We have outsourced the ICT-technology.


Status of national legislation on eid

Status of National legislation on eID

The position of PRC as the CA is based on the Population Register Act

PRC shall ensure that the parties of certified electronic transactions can be authenticated

and that messages and document can be electronically signed and enciphered


Status of national legislation on eid1

Status of National legislation on eID

  • In Finland the police issues the ID cards and PRC the citizen certificates in these

  • PRC may issue citizen certificates also for other cards or technical means.

  • Certificates are quality certificates based on the Act of Electronic Signatures


Status of national legislation on eid2

Status of National legislation on eID

  • Are eID specific regulations enacted and in place? Yes

    - The Population Information Act and Decree (1993)

  • The Identity Card Act (1999)

  • Act on Electronic Services and Communication in the Public Sector (2003)

  • Directive on Electronic Signatures

  • Act on Electronic Signatures (2003)


Status of national deployment of eid

Status of National deployment of eID

  • Co-operation with telecommunication operators

  • Citizen certificate in Sim-card

  • Easy to use, no additional equipments


Status of national deployment of eid1

Status of National deployment of eID

  • Is the card obligatory? No

  • Starting date of issuance:1.12.1999


Status of national deployment of eid2

Status of National deployment of eID

  • Number of citizen certificates issued by 30-04-2005 : 78.000 issued, at the moment 65.000 valid cards

  • Number of inhabitants: 5.235.000

  • Yearly growth rate (percentage): 35.000

  • Expected number of cards/eID certs by end of 2007: 135.000


Status of national deployment of eid3

Status of national deployment of eID

  • Basic functionalities of the eID card:- official ID document: Yes- European travel document: Yes- support of on-line access to e-Services: Yes- social security information on the card: Yes

  • Validity period of the card/certificates: 5 years


Status of national deployment of eid4

Status of national deployment of eID

  • Price in Euros of the cards:- for the citizen:40 €

    - for the card issuer: 40 €

    - price for the card reader and software: 20 – 40 €- any additional costs for the user/relying party:No additional costs

  • From whom and how may the citizen obtain the end/user packages: PC-stores


Basic id function

Basic ID function

  • What cardholder data is electronically stored in the card: - national identifier- family name, given name - email (optional)


Basic id function1

Basic ID function

  • Are these data elements in a dedicated data file? No - Is the file ’openly accessible’? No - If not, how is the file protected? PIN - Does the data file comply with the ICAO LDS? Yes

  • Is the personal data (also) held in a certificate? Yes


Basic authentication function

Basic Authentication function

  • What Cardholder Verification mechanism is used: - PIN? Yes - Biometrics?No- Is introduction of biometrics envisioned? Under survey, not active

  • Is there a PKI supported cardholder authentication mechanism? Yes

  • Is there a mutual device authentication mechanism? No


Basic signing function

Basic Signing function

  • Is a PKI supported signing mechanism (certificate and key pair) present for e-transaction services (non –repudiation)? Yes

  • - The card holder´s authentication certificate

  • - The card holder´s digital signature certificate

  • - PRC´s CA certificate


Eid based services

eID based services

  • What kind of services (include examples) are accessible to cardholders based on acceptance of the cards / eID Certificates:

    www.etu-klubi.fi


Eid based services1

eID based services

Examples of Sevice provider using the Fineid Card

  • Tax administration

  • Several Cities

  • Several Insurance Companies

  • OKO Bank

  • Social Insurance Institution

  • Electronic Forms Finland – service

  • The Finnish Defence Forces


Eid based services2

eID based services

Total number of eID based services accessible by cardholders by 30.04.2005: Over 50

  • Goal (in numbers/ percentage) of eID based services to be accessible to cardholders by the end of 2007: At least 200


Eauthentication business models financial

eAuthentication Business models; financial

  • What are the Charging/Revenue mechanisms? eID card costs 40 €

  • What charges are levied for use of the card? Free of charge

  • Is there a charge for checking certificates? No

  • Has a cost benefit analysis been compiled for the eID scheme? This is the basic infrastructure in Finland

  • Is there a studyreportavailable? No


Eauthentication business models public private partnership

eAuthentication Business models; public/private partnership

  • Are non government bodies allowed to use the IAS or other card functions in support of their services? Yes

  • Is the card a multi-application smart card? No

    • If No, are there any plans for this and in what timeframe?

    • Co-operation with cities and municipalities


Eauthentication business models public private partnership1

eAuthentication Business models; public/private partnership

  • What is the level of usage of supported services (number of transactions per card per year)?

    - No reliable studies of this

  • What is the approach to and experience with card branding? There are information and logos of theSocial Insurance Institute of Finland and cities/municipalities


Eauthentication business models cross border usage

eAuthentication Business models; cross border usage

  • Are there agreements with other national smart card issuers for mutual recognition of cards? (Status of Memorandum of Understanding (MOU) with other CAs):

  • MOU was made with Estonia in 2003.

  • Co-operation is under preparation in TIFI-project with many countries.


Other interoperability issues

Other Interoperability issues

  • What is the level of Current Compliance with each of the following international standards or group activities (Full/Planned/None):

    • CWA eAuthentication (under development):planned

    • CWA 14890 Secure Signature creation device:planned

    • CEN 224 –15 European Citizen Card (under development):none

    • ISO/IEC JTC1 SC 37 biometric standards:none

    • ICAO recommendations: all


Current use and plans in biometrics if applicable

Current use and plansin Biometrics (if applicable)

  • Technical solution(s):

  • Type of project(s):

  • Application areas:

    • Under survey, based on the experiences coming from the biometric passport.


Lessons learned so far

Lessons learned so far

Prerequisites for success

  • easy to use

  • social and health care services

  • broad, cross-administrative co-operation

  • co-operation with the private sector

  • supporting and guiding service providers


Next plans

Next plans

  • Biometric passport in co-operation with the Ministry of Interior, Police Department

  • Co-operation with teleoperators and banks to have the citizen certificates on there platforms – already with one bank and one operator

  • 64k Java chips on the first of June 2005

  • Co-operation with cities and municipalities


Porvoo group cooperation issues

Porvoo Group cooperation issues

List of issues to be overcome:

  • Open Source Card reader software? Could this be an easier way for pan European usage?

  • The collision of the RSA algorithm at the moment. What will be the next step –elliptic curve cryptography? Should we try to study this more?


More information

More information

  • Web-pages eID issues: www.fineid.fi www.vaestorekisterikeskus.fi

  • email: [email protected]

    Thank You!


  • Login