1 / 27

European Electronic Identity Practices

European Electronic Identity Practices. Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005. CA organisation. Responsible CA organisation : Population Register Centre (PRC) The background of the organisation : PRC operates under Ministry of the Interior

tadeo
Download Presentation

European Electronic Identity Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005

  2. CA organisation • Responsible CA organisation: Population Register Centre (PRC) • The background of the organisation: PRC operates under Ministry of the Interior • Description of the existing CA infrastructure: PRC is the CA in public sector. We have outsourced the ICT-technology.

  3. Status of National legislation on eID The position of PRC as the CA is based on the Population Register Act PRC shall ensure that the parties of certified electronic transactions can be authenticated and that messages and document can be electronically signed and enciphered

  4. Status of National legislation on eID • In Finland the police issues the ID cards and PRC the citizen certificates in these • PRC may issue citizen certificates also for other cards or technical means. • Certificates are quality certificates based on the Act of Electronic Signatures

  5. Status of National legislation on eID • Are eID specific regulations enacted and in place? Yes - The Population Information Act and Decree (1993) • The Identity Card Act (1999) • Act on Electronic Services and Communication in the Public Sector (2003) • Directive on Electronic Signatures • Act on Electronic Signatures (2003)

  6. Status of National deployment of eID • Co-operation with telecommunication operators • Citizen certificate in Sim-card • Easy to use, no additional equipments

  7. Status of National deployment of eID • Is the card obligatory? No • Starting date of issuance:1.12.1999

  8. Status of National deployment of eID • Number of citizen certificates issued by 30-04-2005 : 78.000 issued, at the moment 65.000 valid cards • Number of inhabitants: 5.235.000 • Yearly growth rate (percentage): 35.000 • Expected number of cards/eID certs by end of 2007: 135.000

  9. Status of national deployment of eID • Basic functionalities of the eID card:- official ID document: Yes- European travel document: Yes- support of on-line access to e-Services: Yes- social security information on the card: Yes • Validity period of the card/certificates: 5 years

  10. Status of national deployment of eID • Price in Euros of the cards:- for the citizen:40 € - for the card issuer: 40 € - price for the card reader and software: 20 – 40 €- any additional costs for the user/relying party:No additional costs • From whom and how may the citizen obtain the end/user packages: PC-stores

  11. Basic ID function • What cardholder data is electronically stored in the card: - national identifier- family name, given name - email (optional)

  12. Basic ID function • Are these data elements in a dedicated data file? No - Is the file ’openly accessible’? No - If not, how is the file protected? PIN - Does the data file comply with the ICAO LDS? Yes • Is the personal data (also) held in a certificate? Yes

  13. Basic Authentication function • What Cardholder Verification mechanism is used: - PIN? Yes - Biometrics?No- Is introduction of biometrics envisioned? Under survey, not active • Is there a PKI supported cardholder authentication mechanism? Yes • Is there a mutual device authentication mechanism? No

  14. Basic Signing function • Is a PKI supported signing mechanism (certificate and key pair) present for e-transaction services (non –repudiation)? Yes • - The card holder´s authentication certificate • - The card holder´s digital signature certificate • - PRC´s CA certificate

  15. eID based services • What kind of services (include examples) are accessible to cardholders based on acceptance of the cards / eID Certificates: www.etu-klubi.fi

  16. eID based services Examples of Sevice provider using the Fineid Card • Tax administration • Several Cities • Several Insurance Companies • OKO Bank • Social Insurance Institution • Electronic Forms Finland – service • The Finnish Defence Forces

  17. eID based services Total number of eID based services accessible by cardholders by 30.04.2005: Over 50 • Goal (in numbers/ percentage) of eID based services to be accessible to cardholders by the end of 2007: At least 200

  18. eAuthentication Business models; financial • What are the Charging/Revenue mechanisms? eID card costs 40 € • What charges are levied for use of the card? Free of charge • Is there a charge for checking certificates? No • Has a cost benefit analysis been compiled for the eID scheme? This is the basic infrastructure in Finland • Is there a studyreportavailable? No

  19. eAuthentication Business models; public/private partnership • Are non government bodies allowed to use the IAS or other card functions in support of their services? Yes • Is the card a multi-application smart card? No • If No, are there any plans for this and in what timeframe? • Co-operation with cities and municipalities

  20. eAuthentication Business models; public/private partnership • What is the level of usage of supported services (number of transactions per card per year)? - No reliable studies of this • What is the approach to and experience with card branding? There are information and logos of theSocial Insurance Institute of Finland and cities/municipalities

  21. eAuthentication Business models; cross border usage • Are there agreements with other national smart card issuers for mutual recognition of cards? (Status of Memorandum of Understanding (MOU) with other CAs): • MOU was made with Estonia in 2003. • Co-operation is under preparation in TIFI-project with many countries.

  22. Other Interoperability issues • What is the level of Current Compliance with each of the following international standards or group activities (Full/Planned/None): • CWA eAuthentication (under development):planned • CWA 14890 Secure Signature creation device:planned • CEN 224 –15 European Citizen Card (under development):none • ISO/IEC JTC1 SC 37 biometric standards:none • ICAO recommendations: all

  23. Current use and plansin Biometrics (if applicable) • Technical solution(s): • Type of project(s): • Application areas: • Under survey, based on the experiences coming from the biometric passport.

  24. Lessons learned so far Prerequisites for success • easy to use • social and health care services • broad, cross-administrative co-operation • co-operation with the private sector • supporting and guiding service providers

  25. Next plans • Biometric passport in co-operation with the Ministry of Interior, Police Department • Co-operation with teleoperators and banks to have the citizen certificates on there platforms – already with one bank and one operator • 64k Java chips on the first of June 2005 • Co-operation with cities and municipalities

  26. Porvoo Group cooperation issues List of issues to be overcome: • Open Source Card reader software? Could this be an easier way for pan European usage? • The collision of the RSA algorithm at the moment. What will be the next step –elliptic curve cryptography? Should we try to study this more?

  27. More information • Web-pages eID issues: www.fineid.fi www.vaestorekisterikeskus.fi • email: paivi.poso@vrk.intermin.fi Thank You!

More Related