1 / 34

ID card – vision in action

ID card – vision in action. Tarvi Martens SK , Estonia. The Vision: 1997. Let’s assign electronic identity to every Estonian and give them means for electronic signing!. Surrounding World.

vilmos
Download Presentation

ID card – vision in action

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ID card – vision in action Tarvi Martens SK, Estonia

  2. The Vision: 1997 Let’s assign electronic identity to every Estonian and give them means for electronic signing!

  3. Surrounding World • 10-year passports issued from 1992 will expire in 2002: perfect timing for introducing new type of document • SEIS specifications: 1998 • FINEID: launched 2000 • Digital Signature Act: 2000

  4. The ID-Card • Roll-out started 2002 • “Compulsory” for all residentsfrom age 15+ • October 2006: 1 000 000thcard issued (population: 1.35M) • eID part allows fore-authentication anddigital signing

  5. Card issuance Citizenship and Migration Board Ministry of Internal Affairs 7. Personalised ID Card with Certificates and PIN envelope handed over 2. Request for Personalisation CMB Regional Offices ( 15 sites ) TRÜB Baltic AS 5. ID Card with Private Keys and Certificates 1. Application 3. Request for Certificates 6. PIN codes sent by courier 4. Certificates Afterservice RA (bank office) CA ... Public Directory RA Certification Centre Ltd

  6. eID applications • E-ticketing (non-PKI) • Secure e-mail • Authentication • All internet banks • E-government • Any other major e-service • Digital signing • Universal replacement of handwritten signature • Internet voting

  7. ID-card as a ticket for public transportation Fixed-line Population Registry Mobile e-Tickets Internet Cash Person must possess and show an ID-card when buying or verifying a ticket

  8. ID-card for secure e-mail • The authentication certificate contains an e-mail address Surname.Lastname[.X]@eesti.ee • All S/MIME mailers are usable • The eesti.ee server runs a forwarding service • Usable for secure C2C, B2C and G2C communication

  9. ID-card authentication

  10. Universal Digital Signature • Public sector is obliged to accept digitally signed documents • Digital signature is universal • Open user group • Any relation – government, business, private • Focus on document concept • Equivalent to what we are doing on paper • Innumerable quantity of “applications”

  11. DigiDoc architecture Application Application Application Win32 Client DigiDoc portal COM-library WebService DigiDoc-library (Win/Unix/C/Java) MSSP CSP PKCS#11 XML Mobile-ID ID card OCSP

  12. DigiDoc for end-user • DigiDoc Client • Desktop application • Lets users sign, verify signatures etc • ID Card not needed fordocument verification • Comes with ID-card base software • DigiDoc portal • https://digidoc.sk.ee • Signing, verification,co-signing by multiplepersons

  13. Internet voting • Happened first in October 2005 • First pan-national binding occasion in the World • Used 5 times in total • ID-card as an enabling tool • Normal application vs. Rocket Science?

  14. I-voting: Main Principles • All major principles of paper-voting are followed • I-voting is allowed during period before Voting Day • The user uses ID-card or Mobile-ID • System authenticates the user • Voter confirms his choice with digital signature • Repeated e-voting is allowed • Only last e-ballot is counted • Manual re-voting is allowed • If vote is casted in paper during absentee voting days, e-vote(s) will be revoked

  15. The spread of Internet voting

  16. Flip side of the coin • 1,000,000 ID-cards • 30,000 electronic users (2006)

  17. Why won’t they go e? • Habits • Strong tradition of banks-provided authentication service • Barriers • Need for smart-card reader and software • No awareness promotion • ID-cards are perceived as merely physical documents • Unawareness about security benefits

  18. Who is driving ? Public sector service Private sector service Tax Declarations Online banking Once in a year Once in a week

  19. “Computer Security 2009” • Co-operation program between private and public sector • Aims for safe information society in general • Special target: ten-fold increase of eID users (300,000 by the end of 2009) • Achieved: February 2010

  20. Measures for CS09 • Pressure by banks • Termination of authentication service to 3rd parties • Reduction of transaction limits with passwords • Availability • Alternative PKI-based tokens/methods • Redundant service network • Wide support and usability • Support for alternative platforms (Mac,Linux,..) • Awareness and training

  21. Reader distribution - card reader - https://installer.id.ee - Price ca 6 EUR • Available at retail stores • Sold by banks • Giveaways in campaigns

  22. ID card software: 2nd generation • Multi-platform • Card drivers (CSP/PKCS#11) • Card maintenance tool • Digital signing • Libraries • Webservice • Desktop client • Launched2011 by LGPL terms.

  23. Alternative eID - MobileID • PKI-capable SIM cards • Requires replacement of SIM • Instantly ready to use • No specific software required • Equal legal power and security with ID-card • Launched: May 2007 • Available from all major GSM operators

  24. User view: entry

  25. User view: mID authentication

  26. User’s view: mobile PIN-entry Swedbank Control code 0342 Enter? Sending message... Enter PIN1 ****

  27. User view: I’m in!

  28. Digi-ID • Another PKI token for redundancy • Delivered over-the-counter • Same electronic content as ID-card • Not a travel document • Validity: 3 years • Launched: 10.2010

  29. id.ee

  30. CS2009: impact

  31. Morale (1) • PKI stands for Public Key Infrastructure • There are no services nor applications before The Infrastructure is built • Roads generate no benefit, transportation does • People do not buy cars unless there are roads • Infrastructure first

  32. Morale (2) • Roads were ready in 2006 • Since then we have been teaching people about the wonders of transportation • Car manufacturing (services) • Driving schools (promotion & awareness)

  33. The Result • 560 000 ID-card users • ~50% of cardholders • 360 000 “frequent users” • have used it within past 6 months • Around 3 Mio signatures created per month • Around 5 Mio e-authentications per month • 1/4 of votes is casted electronically (2011) • Enormous savings in time and environment

  34. PKI & CA www.sk.ee ID-card practices www.id.ee Digital signature software www.openxades.org I-voting www.vvk.ee Contact point: tarvi@sk.ee Additional Information

More Related