Digital signature in Estonia

Last updated

Electronic signature allows users to electronically perform the actions for which they previously had to give a signature on paper. Estonia's digital signature system is the foundation for some of its most popular e-services including registering a company online, e-banks, the e-voting system and electronic tax filing – essentially any services that require signatures to prove their validity. [1] [2]

Contents

History and usage

The first digital signature was given in 2002. A number of freeware programs were released to end users and system integrators. All of the components of the software processed the same document format – the DigiDoc format. [3]

As of October 2013, over 130 million digital signatures have been given in Estonia. [4]

In September 2013 the European Commissioner for Digital Agenda Neelie Kroes gave her first digital signature with an Estonian test ID-card issued to her as a present. [5] [6]

In October 2014 Estonian parliament passed a bill which gives any person, regardless of their citizenship or residency, possibility to apply for Estonian digital identity (e-Residency of Estonia) to give digital signatures and use Estonian government online services [7] . The law came into force on December 1, 2014.

Legislation

The nature and use of digital signature in Estonia is regulated by the Digital Signature Act. The Estonian parliament Riigikogu passed the Digital Signature Act on March 8, 2000, and it entered into force on December 15, 2000. [8] According to this legislation, a digital signature is equal to a hand-written signature. Pursuant to the Act it is also necessary to distinguish between valid and void digital signatures, any signatures given with a void or suspended certificate are null and void. The Digital Signature Act has been superseded by the EU-wide eSignature Directive (eIDAS) since 2016. [9] It should also mandate that rest of the EU member nations accept Estonian e-signatures amongst other countries e-signatures. The eSignature Directive also specifies that member nations should use and accept signatures in the Associated Signature Containers (ASiC) format.

All Estonian authorities are obliged to accept digitally signed documents.

Prerequisites

Users can create digitally signed documents with their ID-card, digital identity card or Mobile-ID using either the DigiDoc3 program that is installed into the computer along with the ID-card software, in the signing section of the State Portal www.eesti.ee or in the DigiDoc Portal.

Digital signature support can be added to all the applications and programs where it is required.

International context

The Estonian digital signatures corresponds to the EU eIDAS (910/2014) with the strictest requirements (advanced electronic signature, secure-signature-creation device, qualified certificate, certification service provider (CSP) issuing qualified certificates). [10]

Certificates

Upon the issuance of ID-cards or mobile ID-s, every user receives two certificates: one for authentication, the other for digital signing. The certificate may be compared to the specimen signature of a person – it is public and it can be used by anyone to examine whether the signature given by the person is authentic. The certificate also holds the personal data, name and personal identification code. [11]

All certificates are different and correspond to the private keys of specific persons. The certificate can be used to examine digital signatures – if the certificate and the signature match mathematically (all the necessary calculations are performed by the computer on behalf of the user), it can be claimed that the signature has been given by the person named in the certificate.

See also

Related Research Articles

<span class="mw-page-title-main">Digital signature</span> Mathematical scheme for verifying the authenticity of digital documents

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.

In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.

<span class="mw-page-title-main">Identity document</span> Document used to identify a person

An identity document is a document proving a person's identity.

<span class="mw-page-title-main">Electronic identification</span> Digital proof of identity

An electronic identification ("eID") is a digital solution for proof of identity of citizens or organizations. They can be used to view to access benefits or services provided by government authorities, banks or other companies, for mobile payments, etc. Apart from online authentication and login, many electronic identity services also give users the option to sign electronic documents with a digital signature.

A digital identity is data stored on computer systems relating to an individual, organization, application, or device. For individuals, it involves the collection of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card on a mobile phone.

Mobile identity is a development of online authentication and digital signatures, where the SIM card of one's mobile phone works as an identity tool. Mobile identity enables legally binding authentication and transaction signing for online banking, payment confirmation, corporate services, and consuming online content. The user's certificates are maintained on the telecom operator's SIM card and in order to use them, the user has to enter a personal, secret PIN code. When using mobile identity, no separate card reader is needed, as the phone itself already performs both functions.

<span class="mw-page-title-main">Estonian identity card</span> National identity card of Estonia

The Estonian identity card is a mandatory identity document for citizens of Estonia. In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for giving one's digital signature. Within Europe as well as French overseas territories, Georgia and Tunisia the Estonian ID-card can be used by the citizens of Estonia as a travel document.

Internet in Estonia has one of the highest penetration rates in the world. In the first quarter of 2010, 75% out of 1.34 million people in the country used the Internet according to Statistics Estonia. In 2017, according to the World Bank came 13th in the world by the percentage of population using the Internet, with 88.1% people using it.

PAdES is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for advanced electronic signatures (AdES). This is published by ETSI as EN 319 142.

All European countries show eGovernment initiatives, mainly related to the improvement of governance at the national level. Significant eGovernment activities also take place at the European Commission level as well. There is an extensive list of eGovernment Fact Sheets maintained by the European Commission.

<span class="mw-page-title-main">Finnish identity card</span> National identity card of Finland

The Finnish identity card is one of two official identity documents in Finland, the other being the Finnish passport. Any citizen or resident can get an identification card. Finnish citizens will get indication of citizenship on the card. It is available as an electronic ID card, which enables logging into certain services on the Internet, local computers or adding digital signatures into LibreOffice ODF documents or creating DigiDoc formatted containers that also allows encryption during content transfer. ID card is applied at a police station and it is issued by the police.

<span class="mw-page-title-main">National identity cards in the European Economic Area and Switzerland</span> Identity cards issued by member states of the European Economic Area

National identity cards are identity documents issued to citizens of most European Union and European Economic Area (EEA) member states, with the exception of Denmark and Ireland. A new common identity card model harmonized the various formats in use from 2 August 2021 and older ID cards are currently being phased out according to EU Regulation 2019/1157.

<span class="mw-page-title-main">DigiDoc</span> File format family

DigiDoc is a family of digital signature- and cryptographic computing file formats utilizing a public key infrastructure. It currently has three generations of sub formats, DDOC-, a later binary based BDOC and currently used ASiC-E format that is supposed to replace the previous generation formats. DigiDoc was created and is developed and maintained by RIA.

DigiLocker is an Indian state-owned secure cloud based digitization service provided by the Indian Ministry of Electronics and Information Technology (MeitY) under its Digital India initiative. DigiLocker allows access to digital versions of various documents including driver's licenses, vehicle registration certificates and academic mark sheets. It also provides 1 GB storage space to each account to upload scanned copies of legacy documents.

Aadhaar eSign is an online electronic signature service in India to facilitate an Aadhaar holder to digitally sign a document. The signature service is facilitated by authenticating the Aadhaar holder via the Aadhaar-based e-KYC service.

eIDAS EU electronic identification regulation

The eIDAS Regulation is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016 and 2018.

<span class="mw-page-title-main">National Identity Card (Peru)</span> National identity card of Peru

The Documento Nacional de Identidad (DNI) (Spanish for 'National Identity Document') is the only personal identity card recognized by the Peruvian Government for all civil, commercial, administrative, judicial acts and, in general, for all those cases in which, by legal mandate, it must be presented. It is a public document, personal, and non-transferable and also constitutes the only title of right to the suffrage of the person in whose favor it has been granted. Its issuance is in charge of the National Registry of Identification and Civil Status (RENIEC).

Smart-ID is an electronic authentication tool developed by SK ID Solutions, an Estonian company. Users can log in to various electronic services and sign documents with an electronic signature.

References

  1. "Digital signature" . Retrieved 25 October 2013.
  2. Felt, Sigrid; Pappel, Ingmar; Pappel, Ingrid (2016). "An Overview of Digital Signing and the Influencing Factors in Estonian Local Governments". Future Data and Security Engineering. Cham: Springer International Publishing: 371–384. doi:10.1007/978-3-319-48057-2_26. ISBN   978-3-319-48057-2.
  3. Martens, Tarvi. "Digital signatures in Estonia and the rest of Europe – a look back and ahead". Estonian Ministry of Economics and Communication. Archived from the original on 25 October 2013. Retrieved 25 October 2013.
  4. "Digital Signature Statistics" . Retrieved 25 October 2013.
  5. "The Vice-President of the European Commission Neelie Kroes gave her first digital signature when meeting the Estonian Prime Minister Andrus Ansip". www.valitsus.ee. 2013-09-30. Retrieved 2025-02-05.
  6. "Neelie Kroes, EU Commissioner for Digital Agenda got an Estonian ID-card". Archived from the original on 25 October 2013. Retrieved 25 October 2013.
  7. "For e-residents". Estonian Tax and Customs Board. Retrieved 2025-02-05.
  8. Crahay, Allegra (2016-04-05). "eID and e-Signature in cross-border situations, the Estonian experience (Estonian eID and e-Signature)". interoperable-europe.ec.europa.eu. Retrieved 2025-02-05.
  9. "What is eSignature". ec.europa.eu. Retrieved 2025-02-05.
  10. "Estonian ID legislation" . Retrieved 22 October 2020.
  11. "Digital signing" . Retrieved 25 October 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.