1 / 16

The Estonian Electronic Signature Legislation and case studies

The Estonian Electronic Signature Legislation and case studies. EESSI Seminar Budapest, 2001-05-08 Taavi Valdlo Estonian Informatics Centre taavi.valdlo@eik.ee. Content of presentation. Digital Signatures Act Provisions and implementation Infrastructure for using Digital signature

Download Presentation

The Estonian Electronic Signature Legislation and case studies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, 2001-05-08 Taavi Valdlo Estonian Informatics Centre taavi.valdlo@eik.ee

  2. Content of presentation • Digital Signatures Act • Provisions and implementation • Infrastructure for using Digital signature • Case studies: • programs and projects • public initiatives • private initiatives

  3. Digital Signatures Act • Passed 8 March 2000, entered into force 15 December 2000 • A digital signature has the same legal consequences as a hand-written signature • Based on PKI Scope in terms of Directive: – advanced electronic signature – qualified certificate – secure signature creation device translation: www.riik.ee/riso/digiallkiri/digsignact.rtf

  4. A digital signature shall • enable unique identification of the person • enable determination of the time • detecting any subsequent change of the data or the meaning thereof

  5. Implementing provisions • State register of certificates established on 12 December 2000 • Bases for the document management procedures of state and local government agencies and legal persons in public law on 26 February 2001 • Procedure for the information systems audit of service providers on 3 October 2000

  6. State certification register • Registration and supervision of service providers • Maintain records of service providers • Ensure the comparability of the official time and temporal order of time stamps issued • Data entered in the register is public http://register.srr.ee

  7. State Sertification Register hardware

  8. Program of document administration • Started by State Chancellery • Record management and archiving • Pilot project of digital co-ordination of legal acts • Pilot project of document management • Standardization initiatives

  9. EstEID program • Nation-wide new personal electronic identification card • Contain both visually and electronically accessible information • Based on smartcard technology with crypto-processor • Identification and signing possibilities • Multifunctional national passport from beginning of 2002

  10. Applications using digital signature • Cabinet of Ministers Session Infosystem • first took place on Aug. 08, 2000. • ministers can e-participate • e-Office of the Tax Board • Health Insurance Fund • e-elections • e-citizen project

  11. Certification Centre Ltd • EMT, Hansabank, Union Bank and Eesti Telefon started cooperation on May 25, 2000 • Partners established joint certification center on February 16, 2001. • 12 million EEK have been invested in Certification Center equally between the partners. • Manager of Certification Center is Kalle Tarien, former area manager in Visa International (London)

  12. Certification Centre Ltd customer base • EstEID project • Needs of founders of the Certification Centre Ltd • Any additional companies, requiring similar services • State institutions

  13. Privador TrueSign solution www.privador.com

  14. Truesign standards and protocols • X.509 certificates and CRL-s profile specified in RFC 2459 • Signed document format according to Cryptographic Message Syntax defined in RFC 2630 • Downloading certificates and CRL-s from LDAPv2 (RFC 1777) and LDAPv3 (RFC 2251, RFC 2252) directories as specified in RFC 1777 (LDAP2) • Revocation message transmission, using Certificate Management Protocol messages (RFC 2510) • Time-stamping server as specified in PKIX draft • Client certificate requests compliant to RFC 2511 • Supported algorithms • encryption: RSA • hash: SHA-1 (read and write), MD5 (only read, for backward compatibility) • Supported Certificate Authorities • iD2 Certificate Manager 3.1 • Baltimore Unicert 3.0.5

  15. Digital Signature implementation awareness • Several articles published in leading newspapers and magazines • Seminars and information days • Comprehensive digital signature ABC, by Valdo Praust • Different Estonian organisations are preparing their operations to support implementation of Public Key Infrastructure • Local PC manufacturer Microlink is planning to add chip card reader to core PC

  16. Some information sources • Estonian government portal: www.gov.ee • Department of State Information Systems: www.riik.ee/infosystems/ • Legal text translations: www.legaltext.ee • Yearbooks IT in Public Administration: www.eik.ee/english/ • Research: www.cyber.ee • Solutions: www.privador.com

More Related