General Information
Cases/Enablers
OOP Enabling Infrastructure
Appetizer
PKI or the public key infrastructure enables secure digital authentication and signing. In Estonia, this technology is used in relation with electronic identity (ID card, mobile ID, digital ID).
Short summary
PKI or the public key infrastructure enables secure digital authentication and signing. The infrastructure also allows forwarding data by using an encrypting key pair: a public encryption key and a private decryption key. In Estonia, this technology is used in relation with electronic identity (ID card, mobile ID, digital ID).
The public key infrastructure used in Estonia is the national PKI. This means that the state undertakes to assure the existence and functioning of a public key infrastructure. A large part of the services related to the PKI is purchased from the private sector, e.g. the certification, the infrastructure for making enquiries about the validity of the certificate, the infrastructure for distributing the public key (LDAP service), the key creation environment (e.g. ID card chip).
The public key infrastructure used in Estonia is the national PKI. This means that the state undertakes to assure the existence and functioning of a public key infrastructure. A large part of the services related to the PKI is purchased from the private sector, e.g. the certification, the infrastructure for making enquiries about the validity of the certificate, the infrastructure for distributing the public key (LDAP service), the key creation environment (e.g. ID card chip).
Focus
Citizens
Business
Start date
Scope
National/Federal
Country
Estonia
Nature and status of project
Rolled Out
ENABLING ASSETS OR COMPONENTS
Relevant Enablers
Political commitment
Interoperability of the State Information System. Endorsed with the Directive of the Minister of Economic Affairs and Communications 11-0377, 22.12.2011, https://www.mkm.ee/sites/default/files/interoperability-framework_2011.doc
Legal interoperability
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910
----------
Electronic Identification and Trust Services for Electronic Transactions Act.
Riigikogu, RT I 25.10.2016, 1, https://www.riigiteataja.ee/akt/125102016001
----------
Usaldusnimekirja kinnitamiseks kasutatav avalik võti ja sellele vastava
privaatvõtme kasutusala. Majandus- ja taristuminister, RT I, 23.11.2016, 9, https://www.riigiteataja.ee/akt/123112016009
----------
Public Information Act. Riigikogu, RT I 2000, 92, 597, https://www.riigiteataja.ee/en/eli/518012016001/consolide
----------
Personal Data Protection Act. Riigikogu, RT I 2007, 24, 127, https://www.riigiteataja.ee/en/eli/507032016001/consolide
COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910
----------
Electronic Identification and Trust Services for Electronic Transactions Act.
Riigikogu, RT I 25.10.2016, 1, https://www.riigiteataja.ee/akt/125102016001
----------
Usaldusnimekirja kinnitamiseks kasutatav avalik võti ja sellele vastava
privaatvõtme kasutusala. Majandus- ja taristuminister, RT I, 23.11.2016, 9, https://www.riigiteataja.ee/akt/123112016009
----------
Public Information Act. Riigikogu, RT I 2000, 92, 597, https://www.riigiteataja.ee/en/eli/518012016001/consolide
----------
Personal Data Protection Act. Riigikogu, RT I 2007, 24, 127, https://www.riigiteataja.ee/en/eli/507032016001/consolide
Socio-cultural influence factors
Benefits
Availability of e-services that require signatures
No need to visit offices to sign documents
eID allows the development of secure e-services
Can be used in any system, public or private, where electronic identification is needed
Mobile ID enables additional secure authentication and digital signatures
Mobile ID does not require a card reader or specialized software
Availability of e-services that require signatures
No need to visit offices to sign documents
eID allows the development of secure e-services
Can be used in any system, public or private, where electronic identification is needed
Mobile ID enables additional secure authentication and digital signatures
Mobile ID does not require a card reader or specialized software
DATA HANDLING / DATA EXCHANGE
Type of data sharing
Actual data
Data handler
Stakeholder name
Actors of the public administration
Stakeholder category
Government
Stakeholder name
Private sector institutions
Stakeholder category
Business
Stakeholder name
Citizens
Stakeholder category
Citizen
Architecture
Tokens used in PKI:
• ID card
• Digi-ID
• Mobile-ID
• Digital seal (issued for institutions)
• Residence permit card
• E-residency card
Organisational interoperability.
State undertakes to assure the existence and functioning of the PKI infrastructure. The main actors of PKI in Estonia are:
• Digital trust service providers issue qualified certificates and offer digital trust services. In the digital world, trust service providers are at the heart of PKI.
• Mobile operators issuing SIM cards with mobile ID capability
• The Police and Border Guard Board (PPA) is responsible for assigning and administering identity for residents.
• The Department of State Information Systems (RISO) at the Ministry of Economic Affairs and
• Communications is responsible for general ICT coordination at the state level.
• Estonian Technical Surveillance Authority (TJA) is the authorized processor of the digital trust services register.
• The Estonian Information System Authority (RIA) is responsible for developing and administration of the PKI infrastructure
• ID card
• Digi-ID
• Mobile-ID
• Digital seal (issued for institutions)
• Residence permit card
• E-residency card
Organisational interoperability.
State undertakes to assure the existence and functioning of the PKI infrastructure. The main actors of PKI in Estonia are:
• Digital trust service providers issue qualified certificates and offer digital trust services. In the digital world, trust service providers are at the heart of PKI.
• Mobile operators issuing SIM cards with mobile ID capability
• The Police and Border Guard Board (PPA) is responsible for assigning and administering identity for residents.
• The Department of State Information Systems (RISO) at the Ministry of Economic Affairs and
• Communications is responsible for general ICT coordination at the state level.
• Estonian Technical Surveillance Authority (TJA) is the authorized processor of the digital trust services register.
• The Estonian Information System Authority (RIA) is responsible for developing and administration of the PKI infrastructure
Lessons learned
Enabler 1. All certificates contain unique personal identification code
Barrier 1. Legal and organisational interoperability is crucial for implementation
Barrier 2. PPP will achieved
Barrier 3. Cross border X-Road can achieved by high level political support
Barrier 1. Legal and organisational interoperability is crucial for implementation
Barrier 2. PPP will achieved
Barrier 3. Cross border X-Road can achieved by high level political support