Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.6: Study on ID Documents
 |
Title: FINEID CARD |
 |
Introduction
Finland was the first country in Europe to issue an electronic identity card, the FINEID card. It is a pioneer in the implementation of the electronic identity concept. The project started early in 1998 and the first card was presented to the Finnish Prime minister on 7 December 1999, as a way of starting the application phase. The card is based on Public Key Infrastructure (PKI) and certificates. The certificate consists of a pair of keys comprising the public key and the private key. The identity card can be granted to any citizen of Finland or a permanent resident. The FINEID project aims at the creation of an infrastructure, providing secure means of conducting official business in open and insecure networks.
Description of the card
The card is the same size and thickness as an ordinary credit card. It is 86 x 54 mm (3.4 x 2.1 in.) in size and 0.75 mm (0.03 in.) thick. The card chip, which is an electronic component could break due to mechanical stress when the card is bent or the chip is in contact with a metal object. Touching the chip’s contact surface should be avoided because of static electricity.
Information included in visual form is the person’s picture, name, date of birth/social security number, time it is valid for, the registrar and the serial number of the card.
Information on the chip of the ID card: In addition to technical data, the card chip contains the Population Register Centre’s (PRC) so-called Certification Authority certificates (explained later) and the cardholder’s identification and signature certificates.
The only personal data included in the cardholder certificates are first name, family name and a unique electronic client identifier (SATU). In other words, the holder’s personal identity number, home address, date of birth or other similar information is not stored on the chip. If the cardholder has notified that his or her e-mail address is to be inserted in the certificate when filing the card application, it will be a part of the information content of the certificate.
Security and PKI
The PRC issues PKI-based certificates. In the PKI method, a person has a pair of keys comprising a public and a private key. The two parts of the key pair are mathematically interdependent. The first key pair is used for authentication and encryption, the second one for electronic signature. Use of the keys is possible only with the related PIN codes. The PIN codes activate the keys, after which the chip is able to provide the required calculation operations.
Private keys are held only by the certificate holder (e.g. on the ID card chip) and can be utilised only after inputting the PIN codes, but even then they cannot be read from the card. The PIN codes are known only to the cardholder, and he or she can change them, when necessary. Three false attempts at inputting the PIN code locks the card.
Public keys are, as their name suggests, public. Certificates containing the public keys are stored in an open directory, where they are freely available.
The Public Key Infrastructure (PKI) can be utilised directly between two points (e.g. a workstation and a server), so there is no need to transfer any identifying information to any central system. The PRC has no need, nor is it even technically possible, to monitor the use of the card or certificates, or, e.g., break the encryption or signature made with the card.
Misuse of the card requires BOTH the physical card AND the disclosure of the PIN codes.
Certification Authority
The Population Register Centre shall act as the Certification Authority and issue FINEID Certificates. This FINEID certificate policy has been registered by the Population Register Centre (PRC). The PRC shall be responsible for the administration and up-dating of the policy.
Authenticating the identity of the Certificate Applicant:
An electronic identification card shall be applied for by personally visiting the police authority acting as the Local Registration Authority or an entity authorised by it. The electronic identification card shall be personally picked up from the Local Registration Authority, at which time the identity of the applicant is once again ascertained.
Application areas of the certificates: Certificates issued in accordance with FINEID certificate policy are intended to authenticate the identity of the certificate holder, to verify the digital signature and the authenticity of digital documents or other digital objects as well as to secure the confidentiality of electronic communication, electronic transactions or electronic data transfer.
The Identity Card Act (Henkilökorttilaki 829/1999) concerns the Finnish identity cards, both conventional and electronic versions.
The card can be cancelled by the authority who granted it or by the police in these cases: 1. if the owner wishes so; 2. the information on the card has been changed; 3.it is missing or has been stolen; 4.someone else is using the ID card unjustifiably; or 5.certificates have been tampered.
Cancelling the card causes the data or applications on the card to become inoperable. The applicant has to be told about the consequences of cancelling the identity card. The electronic client identifier is activated as a Citizen Certificate when an ID card is issued by the police, for instance. Then the Citizen Certificate is embedded in the ID card’s chip. The Citizen Certificate may also be attached to a bank debit card and/or the SIM card of a mobile device
A given person may have several valid Citizen Certificates simultaneously. However, they all have the same electronic client identifier. The certificate’s information content and its authenticity is verified with the electronic signature of the Certification Authority.
The Population Register Centre’s 
(etu) trademark helps consumers to find and identify the online services that use the Public Citizen Certificate. If desired, health insurance information also may be included in the ID card, in which case it replaces the separate KELA card. In online services, the ID card is used with a reader device attached to the computer and card reader software. The ID card costs € 40 and is valid for five years.
Services available using the FINEID card
There are a host of services available using the FINEID card. A few examples are -
State public sector applications for individuals:
Filling out forms online
Checking all registered data
Change of address notifications
Tax returns
Housing allowance services
Checking pension and employment history
Public sector services for companies:
Electronic Reporting between authorities and companies
Online Services for Patent Applications
Electronic funding application to National Technology Agency of Finland
Municipality application: Applications for day-care, school, housing, library services, public transportation, reservations of sports facilities.
Take up and Response
The initial take up of the FINEID card was very slow. Since its launch in 2000, only around 16,000 of Finland’s roughly 5 million citizens had purchased the card, by mid 2003. By the end of December, Citizen Certificates had been issued to a total of 96,100 people. Of these, 81,300 Citizen Certificates were valid. 14,900 people had integrated their health insurance information into their ID cards.
The goal of the Finnish government is to have 200 eID services available by the end of 2007.
| |
   |
|
| Denis Royer | 30 / 56 |
