id card – vision in action
DESCRIPTION
ID card – vision in action. Tarvi Martens SK , Estonia. The Vision: 1997. Let’s assign electronic identity to every Estonian and give them means for electronic signing!. Surrounding World. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/1.jpg)
ID card – vision in action
Tarvi MartensSK, Estonia
![Page 2: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/2.jpg)
The Vision: 1997
Let’s assign electronic identity to every Estonian and give them means for
electronic signing!
![Page 3: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/3.jpg)
Surrounding World
• 10-year passports issued from 1992 will expire in 2002: perfect timing for introducing new type of document
• SEIS specifications: 1998• FINEID: launched 2000• Digital Signature Act: 2000
![Page 4: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/4.jpg)
The ID-Card
• Roll-out started 2002• “Compulsory”
for all residents from age 15+
• October 2006: 1 000 000th card issued (population: 1.35M)
• eID part allows fore-authentication anddigital signing
![Page 5: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/5.jpg)
Card issuance
CMB Regional CMB Regional Offices ( 15 sites )Offices ( 15 sites )
CACA
RARA
RARA(bank office)(bank office)
Certification Centre LtdCertification Centre Ltd
Public Directory
6. PIN codes sent by courier
2. Request for Personalisation
5. ID Card with Private Keys and Certificates
7. Personalised ID Card with Certificates and PIN envelope handed over
4. Certificates
...
TRÜB Baltic ASTRÜB Baltic AS
3. Request for Certificates
Citizenship and Migration BoardMinistry of Internal Affairs
Afterservice
1. Application
![Page 6: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/6.jpg)
eID applications
• E-ticketing (non-PKI)• Secure e-mail• Authentication
All internet banks E-government Any other major e-service
• Digital signing Universal replacement of handwritten
signature
• Internet voting
![Page 7: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/7.jpg)
ID-card as a ticket for public transportation
e-Tickets
Population Registry
Mobile
Internet
Cash
Person must possess and show an ID-card when buying or verifying a ticket
Fixed-line
![Page 8: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/8.jpg)
ID-card for secure e-mail
• The authentication certificate contains an e-mail address Surname.Lastname[.X]@eesti.ee
• All S/MIME mailers are usable• The eesti.ee server runs a
forwarding service• Usable for secure C2C, B2C and G2C
communication
![Page 9: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/9.jpg)
ID-card authentication
![Page 10: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/10.jpg)
Universal Digital Signature
• Public sector is obliged to accept digitally signed documents
• Digital signature is universal Open user group Any relation – government, business, private
• Focus on document concept Equivalent to what we are doing on paper
• Innumerable quantity of “applications”
![Page 11: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/11.jpg)
DigiDoc architecture
DigiDoc-library (Win/Unix/C/Java)CSP
PKCS#11
OCSP
XMLID card
Win32 Client
DigiDoc portal
Application
COM-library WebService
ApplicationApplication
Mobile-ID
MSSP
![Page 12: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/12.jpg)
DigiDoc for end-user
• DigiDoc Client Desktop application Lets users sign, verify
signatures etc ID Card not needed for
document verification Comes with ID-card
base software
• DigiDoc portal https://digidoc.sk.ee Signing, verification,
co-signing by multiplepersons
![Page 13: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/13.jpg)
Internet voting
• Happened first in October 2005• First pan-national binding occasion
in the World• Used 5 times in total• ID-card as an enabling tool
• Normal application vs. Rocket Science?
![Page 14: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/14.jpg)
I-voting: Main Principles
• All major principles of paper-voting are followed• I-voting is allowed during period before Voting
Day• The user uses ID-card or Mobile-ID
System authenticates the user Voter confirms his choice with digital signature
• Repeated e-voting is allowed Only last e-ballot is counted
• Manual re-voting is allowed If vote is casted in paper during absentee voting days,
e-vote(s) will be revoked
![Page 15: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/15.jpg)
The spread of Internet voting
47
62
44
61 63
9 317
30 275
58 669
104 413
140 846
0
10
20
30
40
50
60
70
80
2005 local 2007 national 2009 EP 2009 local 2011 national
0
20000
40000
60000
80000
100000
120000
140000
160000
Overall turnout Internet voters
![Page 16: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/16.jpg)
Flip side of the coin
• 1,000,000 ID-cards
• 30,000 electronic users (2006)
![Page 17: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/17.jpg)
Why won’t they go e?
• Habits Strong tradition of banks-provided
authentication service
• Barriers Need for smart-card reader and software
• No awareness promotion ID-cards are perceived as merely
physical documents Unawareness about security benefits
![Page 18: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/18.jpg)
Who is driving ?
TaxDeclarations
Public sector service
Once in a year Once in a week
Online banking
Private sector service
![Page 19: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/19.jpg)
“Computer Security 2009”
• Co-operation program between private and public sector
• Aims for safe information society in general
• Special target: ten-fold increase of eID users (300,000 by the end of 2009)
• Achieved: February 2010
![Page 20: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/20.jpg)
Measures for CS09
• Pressure by banks Termination of authentication service to 3rd
parties Reduction of transaction limits with passwords
• Availability Alternative PKI-based tokens/methods Redundant service network
• Wide support and usability Support for alternative platforms
(Mac,Linux,..)
• Awareness and training
![Page 21: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/21.jpg)
Reader distribution
- card reader- https://installer.id.ee- Price ca 6 EUR
• Available at retail stores• Sold by banks• Giveaways in campaigns
![Page 22: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/22.jpg)
ID card software: 2nd generation
• Multi-platform Card drivers (CSP/PKCS#11) Card maintenance tool Digital signing
• Libraries• Webservice• Desktop client
• Launched 2011 by LGPL terms.
![Page 23: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/23.jpg)
Alternative eID - MobileID
• PKI-capable SIM cards Requires replacement of
SIM
• Instantly ready to use No specific software
required
• Equal legal power and security with ID-card
• Launched: May 2007• Available from all major
GSM operators
![Page 24: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/24.jpg)
User view: entry
![Page 25: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/25.jpg)
User view: mID authentication
![Page 26: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/26.jpg)
User’s view: mobile PIN-entry
SwedbankControl code
0342Enter?
SwedbankControl code
0342Enter?
Enter PIN1
****Enter PIN1
****Sending
message...Sending
message...
![Page 27: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/27.jpg)
User view: I’m in!
![Page 28: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/28.jpg)
Digi-ID
• Another PKI token for redundancy• Delivered over-the-counter• Same electronic content as ID-card• Not a travel document• Validity: 3 years
• Launched:10.2010
![Page 29: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/29.jpg)
id.ee
![Page 30: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/30.jpg)
CS2009: impact
0
50000
100000
150000
200000
250000
300000
350000
400000
450000
500000
2005
VII
2005
X
2006
I
2006
IV
2006
VII
2006
X
2007
I
2007
IV
2007
VII
2007
X
2008
I
2008
IV
2008
VII
2008
X
2009
I
2009
IV
2009
VII
2009
X
2010
I
2010
IV
2010
VII
2010
X
2011
I
2011
IV
![Page 31: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/31.jpg)
Morale (1)
• PKI stands for Public Key Infrastructure
• There are no services nor applications before The Infrastructure is built Roads generate no benefit, transportation
does People do not buy cars unless there are
roads
• Infrastructure first
![Page 32: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/32.jpg)
Morale (2)
• Roads were ready in 2006• Since then we have been teaching
people about the wonders of transportation Car manufacturing (services) Driving schools (promotion &
awareness)
![Page 33: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/33.jpg)
The Result
• 560 000 ID-card users ~50% of cardholders
• 360 000 “frequent users” have used it within past 6 months
• Around 3 Mio signatures created per month• Around 5 Mio e-authentications per month• 1/4 of votes is casted electronically (2011)
• Enormous savings in time and environment
![Page 34: ID card – vision in action](https://reader035.vdocument.in/reader035/viewer/2022062221/56813949550346895da0e6cc/html5/thumbnails/34.jpg)
Additional Information
• PKI & CA www.sk.ee• ID-card practices www.id.ee• Digital signature software
www.openxades.org• I-voting www.vvk.ee
Contact point:[email protected]