European electronic identity practices
1 / 27

European Electronic Identity Practices - PowerPoint PPT Presentation

  • Uploaded on

European Electronic Identity Practices. Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005. CA organisation. Responsible CA organisation : Population Register Centre (PRC) The background of the organisation : PRC operates under Ministry of the Interior

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'European Electronic Identity Practices' - tadeo

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
European electronic identity practices

European Electronic Identity Practices

Country Update of Finland

Speaker: Päivi Pösö

Date: 26.5.2005

Ca organisation
CA organisation

  • Responsible CA organisation: Population Register Centre (PRC)

  • The background of the organisation: PRC operates under Ministry of the Interior

  • Description of the existing CA infrastructure: PRC is the CA in public sector. We have outsourced the ICT-technology.

Status of national legislation on eid
Status of National legislation on eID

The position of PRC as the CA is based on the Population Register Act

PRC shall ensure that the parties of certified electronic transactions can be authenticated

and that messages and document can be electronically signed and enciphered

Status of national legislation on eid1
Status of National legislation on eID

  • In Finland the police issues the ID cards and PRC the citizen certificates in these

  • PRC may issue citizen certificates also for other cards or technical means.

  • Certificates are quality certificates based on the Act of Electronic Signatures

Status of national legislation on eid2
Status of National legislation on eID

  • Are eID specific regulations enacted and in place? Yes

    - The Population Information Act and Decree (1993)

  • The Identity Card Act (1999)

  • Act on Electronic Services and Communication in the Public Sector (2003)

  • Directive on Electronic Signatures

  • Act on Electronic Signatures (2003)

Status of national deployment of eid
Status of National deployment of eID

  • Co-operation with telecommunication operators

  • Citizen certificate in Sim-card

  • Easy to use, no additional equipments

Status of national deployment of eid1
Status of National deployment of eID

  • Is the card obligatory? No

  • Starting date of issuance:1.12.1999

Status of national deployment of eid2
Status of National deployment of eID

  • Number of citizen certificates issued by 30-04-2005 : 78.000 issued, at the moment 65.000 valid cards

  • Number of inhabitants: 5.235.000

  • Yearly growth rate (percentage): 35.000

  • Expected number of cards/eID certs by end of 2007: 135.000

Status of national deployment of eid3
Status of national deployment of eID

  • Basic functionalities of the eID card:- official ID document: Yes- European travel document: Yes- support of on-line access to e-Services: Yes- social security information on the card: Yes

  • Validity period of the card/certificates: 5 years

Status of national deployment of eid4
Status of national deployment of eID

  • Price in Euros of the cards:- for the citizen:40 €

    - for the card issuer: 40 €

    - price for the card reader and software: 20 – 40 €- any additional costs for the user/relying party:No additional costs

  • From whom and how may the citizen obtain the end/user packages: PC-stores

Basic id function
Basic ID function

  • What cardholder data is electronically stored in the card: - national identifier- family name, given name - email (optional)

Basic id function1
Basic ID function

  • Are these data elements in a dedicated data file? No - Is the file ’openly accessible’? No - If not, how is the file protected? PIN - Does the data file comply with the ICAO LDS? Yes

  • Is the personal data (also) held in a certificate? Yes

Basic authentication function
Basic Authentication function

  • What Cardholder Verification mechanism is used: - PIN? Yes - Biometrics?No- Is introduction of biometrics envisioned? Under survey, not active

  • Is there a PKI supported cardholder authentication mechanism? Yes

  • Is there a mutual device authentication mechanism? No

Basic signing function
Basic Signing function

  • Is a PKI supported signing mechanism (certificate and key pair) present for e-transaction services (non –repudiation)? Yes

  • - The card holder´s authentication certificate

  • - The card holder´s digital signature certificate

  • - PRC´s CA certificate

Eid based services
eID based services

  • What kind of services (include examples) are accessible to cardholders based on acceptance of the cards / eID Certificates:

Eid based services1
eID based services

Examples of Sevice provider using the Fineid Card

  • Tax administration

  • Several Cities

  • Several Insurance Companies

  • OKO Bank

  • Social Insurance Institution

  • Electronic Forms Finland – service

  • The Finnish Defence Forces

Eid based services2
eID based services

Total number of eID based services accessible by cardholders by 30.04.2005: Over 50

  • Goal (in numbers/ percentage) of eID based services to be accessible to cardholders by the end of 2007: At least 200

Eauthentication business models financial
eAuthentication Business models; financial

  • What are the Charging/Revenue mechanisms? eID card costs 40 €

  • What charges are levied for use of the card? Free of charge

  • Is there a charge for checking certificates? No

  • Has a cost benefit analysis been compiled for the eID scheme? This is the basic infrastructure in Finland

  • Is there a studyreportavailable? No

Eauthentication business models public private partnership
eAuthentication Business models; public/private partnership

  • Are non government bodies allowed to use the IAS or other card functions in support of their services? Yes

  • Is the card a multi-application smart card? No

    • If No, are there any plans for this and in what timeframe?

    • Co-operation with cities and municipalities

Eauthentication business models public private partnership1
eAuthentication Business models; public/private partnership

  • What is the level of usage of supported services (number of transactions per card per year)?

    - No reliable studies of this

  • What is the approach to and experience with card branding? There are information and logos of theSocial Insurance Institute of Finland and cities/municipalities

Eauthentication business models cross border usage
eAuthentication Business models; cross border usage

  • Are there agreements with other national smart card issuers for mutual recognition of cards? (Status of Memorandum of Understanding (MOU) with other CAs):

  • MOU was made with Estonia in 2003.

  • Co-operation is under preparation in TIFI-project with many countries.

Other interoperability issues
Other Interoperability issues

  • What is the level of Current Compliance with each of the following international standards or group activities (Full/Planned/None):

    • CWA eAuthentication (under development):planned

    • CWA 14890 Secure Signature creation device:planned

    • CEN 224 –15 European Citizen Card (under development):none

    • ISO/IEC JTC1 SC 37 biometric standards:none

    • ICAO recommendations: all

Current use and plans in biometrics if applicable
Current use and plansin Biometrics (if applicable)

  • Technical solution(s):

  • Type of project(s):

  • Application areas:

    • Under survey, based on the experiences coming from the biometric passport.

Lessons learned so far
Lessons learned so far

Prerequisites for success

  • easy to use

  • social and health care services

  • broad, cross-administrative co-operation

  • co-operation with the private sector

  • supporting and guiding service providers

Next plans
Next plans

  • Biometric passport in co-operation with the Ministry of Interior, Police Department

  • Co-operation with teleoperators and banks to have the citizen certificates on there platforms – already with one bank and one operator

  • 64k Java chips on the first of June 2005

  • Co-operation with cities and municipalities

Porvoo group cooperation issues
Porvoo Group cooperation issues

List of issues to be overcome:

  • Open Source Card reader software? Could this be an easier way for pan European usage?

  • The collision of the RSA algorithm at the moment. What will be the next step –elliptic curve cryptography? Should we try to study this more?

More information
More information

  • Web-pages eID issues:

  • email:

    Thank You!