Digital signature in Estonia

Last updated

Electronic signature allows users to electronically perform the actions for which they previously had to give a signature on paper. Estonia's digital signature system is the foundation for some of its most popular e-services including registering a company online, e-banks, the e-voting system and electronic tax filing – essentially any services that require signatures to prove their validity. [1]

Contents

History and usage

The first digital signature was given in 2002. A number of freeware programs were released to end users and system integrators. All of the components of the software processed the same document format – the DigiDoc format. [2]

As of October 2013, over 130 million digital signatures have been given in Estonia. [3]

In September 2013 the European Commissioner for Digital Agenda Neelie Kroes gave her first digital signature with an Estonian test ID-card issued to her as a present. [4]

In October 2014 Estonian parliament passed a bill which gives any person, regardless of their citizenship or residency, possibility to apply for Estonian digital identity (e-Residency of Estonia) to give digital signatures and use Estonian government online services. The law came into force on December 1, 2014.

Legislation

The nature and use of digital signature in Estonia is regulated by the Digital Signature Act. The Estonian parliament Riigikogu passed the Digital Signature Act on March 8, 2000, and it entered into force on December 15, 2000. According to this legislation, a digital signature is equal to a hand-written signature. Pursuant to the Act it is also necessary to distinguish between valid and void digital signatures, any signatures given with a void or suspended certificate are null and void. The Digital Signature Act has been superseded by the EU-wide eSignature Directive (eIDAS) since 2016. [5] It should also mandate that rest of the EU member nations accept Estonian e-signatures amongst other countries e-signatures. The eSignature Directive also specifies that member nations should use and accept signatures in the Associated Signature Containers (ASiC) format.

All Estonian authorities are obliged to accept digitally signed documents.

Prerequisites

Users can create digitally signed documents with their ID-card, digital identity card or Mobile-ID using either the DigiDoc3 program that is installed into the computer along with the ID-card software, in the signing section of the State Portal www.eesti.ee or in the DigiDoc Portal.

Digital signature support can be added to all the applications and programs where it is required.

International context

The Estonian digital signatures corresponds to the EU eIDAS (910/2014) with the strictest requirements (advanced electronic signature, secure-signature-creation device, qualified certificate, certification-service-provider issuing qualified certificates). [6]

Certificates

Upon the issuance of ID-cards or mobile ID-s, every user receives two certificates: one for authentication, the other for digital signing. The certificate may be compared to the specimen signature of a person – it is public and it can be used by anyone to examine whether the signature given by the person is authentic. The certificate also holds the personal data, name and personal identification code. [7]

All certificates are different and correspond to the private keys of specific persons. The certificate can be used to examine digital signatures – if the certificate and the signature match mathematically (all the necessary calculations are performed by the computer on behalf of the user), it can be claimed that the signature has been given by the person named in the certificate.

See also

Related Research Articles

<span class="mw-page-title-main">Digital signature</span> Mathematical scheme for verifying the authenticity of digital documents

A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.

In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.

An identity document is any document that may be used to prove a person's identity. If issued in a small, standard credit card size form, it is usually called an identity card, or passport card. Some countries issue formal identity documents, as national identification cards that may be compulsory or non-compulsory, while others may require identity verification using regional identification or informal documents. When the identity document incorporates a person's photograph, it may be called photo ID.

An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created.

<span class="mw-page-title-main">Electronic identification</span> Digital proof of identity

An electronic identification ("eID") is a digital solution for proof of identity of citizens or organizations. They can be used to view to access benefits or services provided by government authorities, banks or other companies, for mobile payments, etc. Apart from online authentication and login, many electronic identity services also give users the option to sign electronic documents with a digital signature.

Digital identity is the phrase referring to the data that computer systems use to represent external agents, which can be individuals, organizations, applications, or devices. For individuals, it involves an aggregation of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card on a mobile phone.

Mobile identity is a development of online authentication and digital signatures, where the SIM card of one's mobile phone works as an identity tool. Mobile identity enables legally binding authentication and transaction signing for online banking, payment confirmation, corporate services, and consuming online content. The user's certificates are maintained on the telecom operator's SIM card and in order to use them, the user has to enter a personal, secret PIN code. When using mobile identity, no separate card reader is needed, as the phone itself already performs both functions.

<span class="mw-page-title-main">Estonian identity card</span> National identity card of Estonia

The Estonian identity card is a mandatory identity document for citizens of Estonia. In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for giving one's digital signature. Within Europe as well as French overseas territories, Georgia and Tunisia the Estonian ID-card can be used by the citizens of Estonia as a travel document.

PAdES is a set of restrictions and extensions to PDF and ISO 32000-1 making it suitable for advanced electronic signatures (AdES). This is published by ETSI as EN 319 142.

<span class="mw-page-title-main">Finnish identity card</span> National identity card of Finland

The Finnish identity card is one of two official identity documents in Finland, the other being the Finnish passport. Any citizen or resident can get an identification card. Finnish citizens will get indication of citizenship on the card. It is available as an electronic ID card, which enables logging into certain services on the Internet, local computers or adding digital signatures into LibreOffice ODF documents or creating DigiDoc formatted containers that also allows encryption during content transfer. ID card is applied at a police station and it is issued by the police.

The Lebanese identity card is a compulsory Identity document issued to citizens of the Republic of Lebanon by the police on behalf of the Lebanese Ministry of Interior or in Lebanese embassies/consulates (abroad) free of charge. It is proof of identity, citizenship and residence of the Lebanese citizens.

<span class="mw-page-title-main">National identity cards in the European Economic Area</span> Identity cards issued by member states of the European Economic Area

National identity cards are issued to their citizens by the governments of most European Economic Area (EEA) member states, the exceptions are Denmark and Ireland. Ireland however issues a passport card which is a valid document in the EEA and Switzerland. Denmark issues simpler identity cards that are not valid as travel documents. From 2 August 2021, new identity cards are harmonized as a common identity card model replaced the various formats already in use. There are approximately 200 million national identity cards in use in the EU/EEA, including 53 million of the new EU-standard cards. They are compulsory in 15 EEA/EFTA countries, voluntary in 11 countries and in 5 countries they are semi-compulsory. Where the card is compulsory, in some member countries it is required to be carried at all times, while in other countries the mere possession of the card is sufficient.

<span class="mw-page-title-main">DigiDoc</span> File format family

DigiDoc is a family of digital signature- and cryptographic computing file formats utilizing a public key infrastructure. It currently has three generations of sub formats, DDOC-, a later binary based BDOC and currently used ASiC-E format that is supposed to replace the previous generation formats. DigiDoc was created and is developed and maintained by RIA.

DigiLocker is a digitization service provided by the Indian Ministry of Electronics and Information Technology (MeitY) under its Digital India initiative. DigiLocker allows access to digital versions of various documents including driver's licenses, vehicle registration certificates and academic mark sheets. It also provides 1 GB storage space to each account to upload scanned copies of legacy documents.

Aadhaar eSign is an online electronic signature service in India to facilitate an Aadhaar holder to digitally sign a document. The signature service is facilitated by authenticating the Aadhaar holder via the Aadhaar-based e-KYC service.

eIDAS EU electronic identification regulation

eIDAS is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016 and 2018.

<span class="mw-page-title-main">Documento Nacional de Identidad (Peru)</span> National identity card of Peru

The Documento Nacional de Identidad (DNI) (Spanish for 'National Identity Document') is the only personal identity card recognized by the Peruvian Government for all civil, commercial, administrative, judicial acts and, in general, for all those cases in which, by legal mandate, it must be presented. It is a public document, personal, and non-transferable and also constitutes the only title of right to the suffrage of the person in whose favor it has been granted. Its issuance is in charge of the National Registry of Identification and Civil Status (RENIEC).

Smart-ID is an electronic authentication tool developed by SK ID Solutions, an Estonian company. Users can log in to various electronic services and sign documents with an electronic signature.

References

  1. "Digital signature" . Retrieved 25 October 2013.
  2. Martens, Tarvi. "Digital signatures in Estonia and the rest of Europe – a look back and ahead". Estonian Ministry of Economics and Communication. Archived from the original on 2 February 2015. Retrieved 25 October 2013.
  3. "Digital Signature Statistics" . Retrieved 25 October 2013.
  4. "Neelie Kroes, EU Commissioner for Digital Agenda got an Estonian ID-card". Archived from the original on 28 October 2013. Retrieved 25 October 2013.
  5. "Introduction to e-signature". ec.europa.eu. Archived from the original on 2019-07-11.
  6. "Estonian ID legislation" . Retrieved 22 October 2020.
  7. "Digital signing" . Retrieved 25 October 2013.