ELECTRONIC SIGNATURE AND PUBLIC KEY INFRASTRUCTURE (PKI) 1-3 June 2005, Miedzyzdroje, Poland INTEROPERABILITY OF PKI SYSTEMS IN FINLAND Mr Kaarlo Korvola Chief Information Officer Ministry of the Interior, Finland THEMES • Identification of citizens (ID card and mobile identification) • Identification of civil servants • Identification in e-services and the common identification portal • Legislation ID CARD FOR FINNISH CITIZENS ELECTRONIC ID CARD FOR CITIZENS A key for online services which require: • strong identification of a person • digital signature • encryption of data. Finnish citizens can also use an electronic ID card as an official travel document in the Schengen area (in EU and Nordic countries; that is, in a total of 29 countries). ELECTRONIC ID CARD AND MOBILE CERTIFICATE • In Finland, the local police issue citizens with electronic ID cards and the Population Register Centre supplies certificates used in these cards. • People can also have their personal health insurance details on the same ID card (health insurance card). • The card can be used for identification in e-services and for normal identification. Further, the card can be used as an official travel document in 29 European countries and for making an electronic signature. CITIZEN CERTIFICATE IN DIFFERENT FORUMS Electronic ID card Bank card Electronic Municipal health insurance card card Organisational card, civil servant identity card Mobile Citizen certificate INTEROPERABILITY Certificate for organisational use CERTIFICATION AUTHORITY (CA ) / CARD Pois Application information Process database Pregeneration of anonymous ID cards (RSA keys + PIN) Request Certificates Certificate VRK Certificate services Bull Manual information Matti Meikäläinen Caisse Primaire d'Assurance Maladie de CARPENTRAS sécurité sociale X.500+ CRL Registration authority services Application PIN codes Meikäläinen Matti Matti Meikäläinen Face-to-face identification 12345 Card delivery MOBILE CERTIFICATE • Certain Finnish telecommunication operators are issued with qualified electronic identity certificates to be used in mobile phones. • These certificates are also issued to the Population Register Centre. • TeliaSonera already offers this service to its customers, and Elisa Corporation (as of June 2005) and DNA Finland Ltd will start offering this new service by the end of this year. CIVIL SERVANT ELECTRONIC ID CARD AND CERTIFICATE • The Ministry of the Interior issued State and local administration with guidelines on a civil servant ID card on 3 November 2000. • FINEID (Finnish electronic ID card) or comparable solution (interoperability!) • The Ministry of the Interior and its administrative sector will introduce a civil servant ID card and certificate together with a common user rights system (about 18,000 people) in 2005. We are also developing e-services where we can use our own ID systems and electronic ID cards. IDENTIFICATION IN E-SERVICES • The Ministry of Finance issued public administration with guidelines on the identification of a person in e-services on 29 September 2003. • If identification is needed in e-services, the following ways could be used: - Strong identification and a digital signature; qualified certificate such as an electronic ID card - Banks’ identification systems (username, password and changing number) - Password and changing number issued by a State or municipal agency COMMON IDENTIFICATION PORTAL • The Social Insurance Institution of Finland, the Ministry of Labour and the Finnish Tax Administration have already used the common identification portal for two years to identify their own customers. • Now the Ministry of Finance and big cities will also start to apply the same solution. • In this portal, customers can use three different ways of identifying themselves as introduced by the Ministry of Finance. LEGISLATION IN FINLAND • Identity Card Act, in force since 1 December 1999 • Section 23 of the Population Information Act laying down provisions on certification authority services, in force since 1 December 1999 • Act on Electronic Signatures, in force since 1 February 2003 • Act on Electronic Service in the Administration, in force from 1 January 2000 to 31 January 2003 • As a result of certain changes caused by the EU Electronic Signatures Directive, the Act on Electronic Services and Communication in the Public Sector came into force on 1 February 2003. • The Finnish Communications Regulatory Authority (FICORA) supervises the CAs (certification authorities). • The Population Register Centre is the Government’s CA and also the first to issue qualified certificates in Finland. SERVICE PROVIDERS USING THE FINEID CARD Mutual insurance companies Fennia and Pension Fennia OKO Bank LEL Employment Pension Fund Tapiola General Mutual Insurance Company City of Vantaa, Tampere, Riihimäki and Lappeenranta Finnish Centre for Pensions Finnish Tax Administration Ministry of Labour Advisory Committee on Information Management in Public Administration, JUHTA Population Register Centre Statistics Finland Finland Post Academy of Finland Several internal solutions in various organisations Finnish National Board of Education Municipality of Tuusula Social Insurance Institution of Finland Association National Technology Agency of Finland, TEKES of Finnish Local and Regional Authorities National Board of Patens and Registration of Finland IMPORTANT •Easy to use • Social and health care services • Broad intersectoral cooperation • Cooperation with the private sector • Appropriate content for the services • Supporting and guiding service providers MORE INFORMATION • email@example.com • www.vaestorekisterikeskus.fi • www.fineid.fi THANK YOU!