160 likes | 272 Views
The Estonian Electronic Signature Legislation and case studies. EESSI Seminar Budapest, 2001-05-08 Taavi Valdlo Estonian Informatics Centre taavi.valdlo@eik.ee. Content of presentation. Digital Signatures Act Provisions and implementation Infrastructure for using Digital signature
E N D
The Estonian Electronic Signature Legislation and case studies EESSI Seminar Budapest, 2001-05-08 Taavi Valdlo Estonian Informatics Centre taavi.valdlo@eik.ee
Content of presentation • Digital Signatures Act • Provisions and implementation • Infrastructure for using Digital signature • Case studies: • programs and projects • public initiatives • private initiatives
Digital Signatures Act • Passed 8 March 2000, entered into force 15 December 2000 • A digital signature has the same legal consequences as a hand-written signature • Based on PKI Scope in terms of Directive: – advanced electronic signature – qualified certificate – secure signature creation device translation: www.riik.ee/riso/digiallkiri/digsignact.rtf
A digital signature shall • enable unique identification of the person • enable determination of the time • detecting any subsequent change of the data or the meaning thereof
Implementing provisions • State register of certificates established on 12 December 2000 • Bases for the document management procedures of state and local government agencies and legal persons in public law on 26 February 2001 • Procedure for the information systems audit of service providers on 3 October 2000
State certification register • Registration and supervision of service providers • Maintain records of service providers • Ensure the comparability of the official time and temporal order of time stamps issued • Data entered in the register is public http://register.srr.ee
Program of document administration • Started by State Chancellery • Record management and archiving • Pilot project of digital co-ordination of legal acts • Pilot project of document management • Standardization initiatives
EstEID program • Nation-wide new personal electronic identification card • Contain both visually and electronically accessible information • Based on smartcard technology with crypto-processor • Identification and signing possibilities • Multifunctional national passport from beginning of 2002
Applications using digital signature • Cabinet of Ministers Session Infosystem • first took place on Aug. 08, 2000. • ministers can e-participate • e-Office of the Tax Board • Health Insurance Fund • e-elections • e-citizen project
Certification Centre Ltd • EMT, Hansabank, Union Bank and Eesti Telefon started cooperation on May 25, 2000 • Partners established joint certification center on February 16, 2001. • 12 million EEK have been invested in Certification Center equally between the partners. • Manager of Certification Center is Kalle Tarien, former area manager in Visa International (London)
Certification Centre Ltd customer base • EstEID project • Needs of founders of the Certification Centre Ltd • Any additional companies, requiring similar services • State institutions
Privador TrueSign solution www.privador.com
Truesign standards and protocols • X.509 certificates and CRL-s profile specified in RFC 2459 • Signed document format according to Cryptographic Message Syntax defined in RFC 2630 • Downloading certificates and CRL-s from LDAPv2 (RFC 1777) and LDAPv3 (RFC 2251, RFC 2252) directories as specified in RFC 1777 (LDAP2) • Revocation message transmission, using Certificate Management Protocol messages (RFC 2510) • Time-stamping server as specified in PKIX draft • Client certificate requests compliant to RFC 2511 • Supported algorithms • encryption: RSA • hash: SHA-1 (read and write), MD5 (only read, for backward compatibility) • Supported Certificate Authorities • iD2 Certificate Manager 3.1 • Baltimore Unicert 3.0.5
Digital Signature implementation awareness • Several articles published in leading newspapers and magazines • Seminars and information days • Comprehensive digital signature ABC, by Valdo Praust • Different Estonian organisations are preparing their operations to support implementation of Public Key Infrastructure • Local PC manufacturer Microlink is planning to add chip card reader to core PC
Some information sources • Estonian government portal: www.gov.ee • Department of State Information Systems: www.riik.ee/infosystems/ • Legal text translations: www.legaltext.ee • Yearbooks IT in Public Administration: www.eik.ee/english/ • Research: www.cyber.ee • Solutions: www.privador.com