Electronic identification in Finland

Porvoo Group`s 18th Conference

Tuire SaaripuuHead of Registration

Certificate Authority Services Population Register Centre

Chair of the Porvoo Group

Population Register Centre

• Founded in 1969• Operates in

conjunction with the conjunction with the Ministry of Finance

• Located in Helsinki and Kokkola

• Number of personnel 120

22.5.2014

• Development of the Population Information System• Nationwide information service• Certification authority of citizens ´ electronic identity in

Population Register Centre

• Certification authority of citizens ´ electronic identity in the public sector

• Training and guidance of local authorities• Elections: compilation of the voting register and

updating the election database

• In Finland the personal identity is based on an identity created by the population register system and given to all Finns in connection with their birth and to all foreigners settling permanently in Finland in connection with their entry into the country.

Personal Identity

in connection with their entry into the country.

• In face-to-face business, identity is verified using valid official documents (personal ID card, passport or driving licence).

Individuality

The VRK creates an electronic identity for Finnish citizens when providing them with a electronic communication identifier code. The electronic communication identifier is activated when a person receives a certificate card.

Certificate authority issues• Citizen certificates• Certificates for organisational use

• Temporary cards

VRK as Certification Authority

• Temporary cards• Certificates for health care (public and private se ctor)• Server and e-mail certificates• Certificates for machine readable travel documents

• ePassports and residence permits

• An electronic identity guaranteed by the State to e very Finnish citizen or to a foreigner residing permanen tly in Finland.

• A certificate complying with the EU Directive on el ectronic signatures and the Finnish Act on Strong Authentica tion and Electronic Signatures.

Citizen certificate

• Meets the requirements of the European qualified certificate.

• Register Authority of the Citizen Certificates is t he police • Free to use and develop services for all business m odels

The reliable identification of a person in any plac e or at any time without physical documents is one of th e basic prerequisites of the information society.

Electronic identity card• health insurance

information may also be attached to it

Citizen Certificate in electronic identity card

attached to it• issued by the police• The price of the card is

53 €

The Citizen Certificate can be used on a variety of card platforms or with other technical devices.

Certificate for organisationaluse

• Log in to work station, authentication required for accessing the organisation’s information systems, e.g. remote access, single-sign-on SSO

• Signing of different forms and applications• Secure e-mail (Encrypting and signing of

emails)emails)• Access control feature (RFID)• Widely used solution for electronic

transactions requiring a high degree of data security and confidentiality within and between administrative sectors

• Enables a one card solution in official use

QUALIFIED CERTIFICATE

Certificates for Healthcaresector

• All healthcare professionals in Finland will have healthcare professional cards with certificates.

• Usage of certificates contains ePrescription and contains ePrescription and signing patient documents.

• Meets the requirements of the European qualified certificate .

• Biometric passport issuing

• VRK is also a country signing CA in Finland (since 2006)

• VRK issues the Finnish documentsigning certificates

Travel documents

signing certificates

• VRK issues the certificates for reading fingerprintsIssuing passportswith fingerprints started in June 2009

• Biometric identifiers for the citizencards and residence permits in 2011

Some figures

Valid certificates 31st April 2014• Citizen certificates 480 280 • Organisation certificates 78 844 • Certificates for healthcare

professionals 153 986

Economical situation• The finances are in balance, the incomes cover the

expenses

Current affairs in Finland (1)

• Finland is the first country in the world to have an Act on Strong Authentication and Digital Signatures (7th August 2009).(7th August 2009).

Current affairs in Finland (2)

Certificates for Social welfare sector• Social services are organized by local authorities ( the municipalities)• Social services are produced by both public and pri vate service

providers• 336 municipalities, about 2900 private social service providers, 4300

places of business• Municipal and other social services employ about 17 0 000 people• Municipal and other social services employ about 17 0 000 people

• All social service professionals in Finland will have the social welfare professional card with certificates

• Social services are widely capitalized by taxes• All client data registers are located to National C lient Data Repository

for Social Services• The Repository contains real-time client data, is accessible by all social

welfare service providers and is administered by the authorities• The Client data model consist of about 250 client documents that are

used in social services.

Current affairs in Finland

Current state: separate contracts

Objective: open square model

Executive summary• Establishing the identification core

enables combining different identification solutions.

• Common core can remove barriers from electronic services market and speed up the progress.

• The number of necessary contracts will be reduced substantially.

• The core of trust network enables • The core of trust network enables citizens to use preferred identification tool for accessing multiple electronic services.

• The aim is also flexible transition to new identification technologies.

• Decentralized solutions will increase the safety of identification services and enable parallel solutions utilizing different technologies.

• The objective is to develop a new identification core guaranteed by the government while using current solutions during the next couple of years.

Governmental solution based on a Common Root CA

VRK certificatesissued for persons,

government

Other VRK certificates,

serversetc.

Certificates issuedfor persons

CRL (RootCA )

Gov Root CA (MinFin, VRK)

VRK CA activities (Sub CA:t)

VRK: certificatesissued for

persons, on

Other CA:s (Sub CA)

18JulkICT

governmental platform

RA

persons, on mobile,

bank cardpaltform

VTJ

VRK CRLCRL (olther

CA:s)

National Identification Model

Gov AuthPortal

Creating trustservice

environment

Application

Application

Application

Gov CA Services

Gov Root CA

Applications

Basic service

Mobile

SIM Card

Identification tokens

STORK level 4

environmentbased on contracts Application

Application

Application

Application

Gov Root CA

Privateenterprise auth

service

Privateenterprise

Certificate

Privateenterprise author sign service

Certificate

?

?

?

New technology: NFC, biometrics etc.

Roleattributes

etc.

Proposal for a Regulation on "electronic identification and trust services for electronic transactions in the internal market" COM(2012)238 of 4.6.2012

• A key element that needs to be borne in mind when a ddressing this question is the internal market, with access to cross-border on-lin e services. That is, to what extent does the solution retained facilitate the developme nt of access by natural or legal persons in one Member State to on-line services pro vided by other Member States using electronic identification means.

• Chapter II on "Electronic identification" of the pr oposed Regulation sets out minimal common rules to ensure that electronic identificati on and authentication means enabling access to public services at national leve l are mutually recognised and enabling access to public services at national leve l are mutually recognised and accepted throughout the EU. How to deal in the Regu lation with the question of assurance levels for electronic identification mean s used to access notified electronic identification schemes

• Chapter III ("Trust Services") of the proposal for Regulation provides basic rules for the use and provisioning of electronic signature an d trust services to ensure legal certainty and predictability when relying on them i n electronic transactions for businesses, commerce, governmental needs, or leisur e.

• The rules in Chapter III simplify and extend the ex isting legal framework for electronic signatures (as provided in the eSignature Directive 1999/93/EC) by covering other trust services (i.e. electronic seals, time stamps, electronic documents, qualified electronic delivery service and website authenticat ion) which are either already part of national legal frameworks for eSignature or appear t o be important building block for seamless cross border interactions.

Proposal for a Regulation on "electronic identification and trust services for electronic transactions in the internal market" COM(2012)238 of 4.6.2012

•The proposal's objective is to boost trust, confidence and convenience in the digital environment, which are a prerequisite to further stimulate the development of the digital single market, by establishing minimal common rules for the EU-wide mutual recognition and acceptance of Member States' eIDs.

•Taking into account the principles of proportionality and subsidiarity , the proposed Regulation does not create a new 'European eID' . proposed Regulation does not create a new 'European eID' .

•The proposed Regulation does not foresee the introduction of any EU-wide eID-data base . The management of electronic identification schemes, and in particular the authentication phase, will remain within the Member State wherethe schemes are provided.

-safeguard to limit the spread and unauthorised collection of personal data and, as such, would contribute to protect privacy (i.e. privacy by design) .

•The proposed Regulation does not regulate the provisioning of the generic/soft/commercial electronic identification services (mostly provided by the private sector).

The Porvoo Group supports the deployment of electronic identity in Europe

• The Porvoo Group is an international cooperative network

•The primary goal is to promote a trans-national, interoperable electronic identity based on PKI technology (Public Key Infrastructure) and smart cards and chip ID cards, in order to help ensure secure public and private sector e-transactions in Europe

• The Group also promotes the introduction of interoperable certificates and technical specifications, the mutual, cross-border acceptance of identification and authentication mechanisms, as well as cross-border, online access to administrative services

•Widely recognised as a significant and relevant contributor to informed public dialogue in this area

The eEurope 2002 programme -> Smart Card Charter-> Public Identity Project -> the Porvoo Group

Qualified Certificates

• Population Register Centre is the first and the only organization to issue qualified certificates in Finland.

Thank you!

THANK YOU

Tuire Saaripuu, Head of RegistrationPopulation Register CentreChair of the Porvoo GroupPB 123, 00531 Helsinki, FinlandPB 123, 00531 Helsinki, FinlandTel. +358 295 53 5296GSM +358 505635735e-mail: tuire.saaripuu@vrk.fi

www.vaestorekisterikeskus.fiwww.fineid.fi

22.5.201424