Agenda10.45-11.00 Arriving to RIA (Pärnu mnt 139A, 7th floor)
11.00-12.00 First slot: Norway presentation about their e-solutions
12.00-12.30 Lunch (Pärnu Cafe Amps, cafe and bistro, 1st floor)
12.30-14.00 Second slot:
12.30-13.15 eID, Vallo Veinthal/Mark Erlich 40min presentation + 20min discussion
13.15-14.00 RIHA, Priit Parmakson 30min presentation + 15min discussion
14.00-14.15 Coffee break
14.15-15.30 Third slot: X-Road, Heiko Vainsalu - 30min presentation + 15min discussion
History in short 1
19941994
First ideas about eID
19981998
SEIS final eID standard
19991999
FINEID card launch
20002000
Directive 1999/93/ECLegal framework
History in short 2
20012001
Estonian CA (SK)
20022002
Estonian ID-Card (eID) – copy of FINEID
20072007 20102010 20142014
Facts About Estonia
● eID is a part of national identity document
● Population ca. 1.34 M
● Valid eID tokens ca. 1.27 M
● Since 2002– Online authentication: 443 M– Given digital signatures: 290 M
(today around 6M per Month)
● Mandatory to have (but not to use)●
●
●
– Win-win concept, where state takes hardest part: responsibility
Critical factors for high usage of eID
● Document is mandatory from age of 15● Personal Identification Code (PIC)
xYYMMDDyyyz
●
Identity in Estonia
● State issued eID are accepted by all public services and most private services
● Authentication (and not authorization)– Identifying the natural person only.
– Roles and rights are stored in registries
● Legally binding signature of a natural person– Qualified e-Signature: equal with handwritten signature
● Legally binding stamp (seal) of a legal entity– Same as for natural person but with legal entity certificate
– Replaces rubber stamp from paper world
● File encryption – decryption for secure delivery
Use cases
● Separate CA service for state issued eID– Qualified Certificates
Certificates
● Issued by Estonian Police ● Technically same for ID-Card, Residence Permit Card,
Digi-ID and eResidence Card ● 2 pairs of keys with corresponding X.509 certificate:
– Authentication: SSL is used– Signing: Middleware software with end user application and
web browser plugins
● Validity: – 5 years: ID-card and Residence Permit Card– 3 years: Digi-Id and eResidentce Card
eID Cards
● 2 pair of keys w corresponding X.509 certificate– Certificate stored in public repository only
● Central Security Service ● Validity: 3 years
Mobile-ID: system
Mobile-ID: issuing process
● State fee:– Covers production, issuing and maintenace– https://www.politsei.ee/en/teenused/riigiloivud/riigiloivu-
maarad/isikut-toendavad-dokumendid/index.dot
● Signing– Local computer: each individual can give 10 signatures per
month for free– Webservice: service provider pays
https://sk.ee/en/services/pricelist/certificate-validation-services
Pricing
...more generic view
eID (document & hardware)eID (document & hardware) Digital use (implementation)Digital use (implementation)
● To sign and seal any data in digital format● Container based signature file using PKI for
signing– XAdES and ASiC– eSignatures and eStamps (e-seal)
● PDF?– Limited use only– User interface – problem with trust
Digital signatures / Qualified e-Signatures
Impact on e-Society (i-Voting)
Impact on e-Society (Company registrartion)
● eIDAS regulation– National law for eIDAS implementation– Qualified e-Signature definition = Estonian Digital Signature– State issued eID schemes has same level - High
● Private sector:– May apply eIDAS regulation– Already accepts Digital Signatures– Already accepts state issued eID
Legal Basis
● Technical issues (trojans, phishing) only with private sector solutions (Bank eID solution – password based)
● State issued eID had only few issues where a close person shares his credential with PIN codes – This is users responsibility to not allow this.
● Since State issued eID is issued only through Police, the very high identification procedure is applied – all attempts has been discovered before issuing eID
Risks and Cases of misuse
● Smartcard in mobile devices: mid of 2017● eSIM
– Investigation is going on– Unclear which eIDAS classification will apply
● Keyless Signatures– Existing solution from GuardTime– As signature it survives Quantum computers– State keeps eyes open and cooperates– Still issue with authentication: today is the most reliable
solution PKI based eID
Future solutions
– http://www.id.ee/public/The_Estonian_ID_Card_and_Digital_Signature_Concept.pdf
● General information and documentation– http://id.ee/?lang=en
– https://sk.ee/en/useful/digitalsigning/
– http://eid.eesti.ee/index.php/EID_application_guide
– http://open-eid.github.io/
Top Related