estonian experience electronicid, mobileid
Post on 13-May-2015
1.157 Views
Preview:
TRANSCRIPT
Electronic-ID > Digital-ID > Mobile-ID Estonian experience
Moldovan ICT Summit May 18, 2011
Holger Haljand
Development Manager EMT AS / TeliaSonera Estonia
Phone: +372 502 8814 E-mail: holger@emt.ee
2
TeliaSonera - in brief
• Europe’s 5th largest telecom operator
• Employees: 28,945
• 2010 net sales: EUR 11,9 billion
• Subscriptions: 157m
• In 19 countries: Azerbaijan, Belarus, Denmark , Estonia, Finland, Georgia, Kazakhstan, Latvia, Lithuania, Moldova, Nepal, Norway, Russia, Spain, Sweden, Tajikistan, Turkey, Ukraine, and Uzbekistan.
3
Republic of Estonia
Facts about Estonia
• Part of EU / Eurozone / NATO
• Population: 1,340,000
• Mobile: 118%
• Internet: 57%
• Broadband: 48,5%
• Mobile Internet: 22%
Estonia in 2010: e-Country
• ID-card (1,000,000 cards, 75% of population)
• mobile-ID (25,000 m-ID SIM-cards)
• e-Government
• e-Elections (140,000 e-voters, 24% of all voters)
• m-Elections (3,000 m-voters)
• e-Tax and Customs Board (90% of all declarations)
• e-Banking (90% transactions)
• e-Shool (300,000 users)
• e-Health project (e-prescription)
Mobile services in Estonia - impact on everyday lives
Different electronic ID types
ID card (smartcard with foto)
• Widely used physical identification document (75%)
• Enables authentication and digital signatures
• Needs smart card reader & software
• Support for selected web browsers (IE, Mozilla)
Digital ID (smartcard without foto)
• Digital signatures and digitala authorization only
• No physical identification (no photo)
• Very fast application (same day)
• Can be used simultaneosly in multiple electronic devices
Mobiil-ID (mobile SIM card)
• Digital signatures and digitala authorization only
• Doesn’t need SW / HW installed on PC or mobile
• Doesn’t need web browser support
• No physical identification (no photo)
Organization for PKI and Mobile-ID
SP (Bank, City portal)
Service Provider
Mobile Operator
(EMT)
Certification
Authority
Trusted
Service
Provider
Registration
Authority
(EMT)
Client
Mobiil-ID customer service Certificate issuing
2. Signature
validation
Web service that
requires authentication
or digital signatures
OK!
1. Certificate and
validity control
Digital signature
(PIN protection)
Autentication
or digital
signature
request
ORDER
(ID-card audentication)
m-ID Service
Certificate
generation
request
Esto
nia
n C
ert
ific
ation
Ce
nte
r
Mobile ID usability - security vs simplicity (1)
Server based model (Austria):
• Existing mobile SIM cards, where the everything is stored at the certification center server. The operator is really just a channel where the user is identified by his mobile subscription (phone number);
Advantages:
• Easy to adopt (no need to replace SIM, special registration, etc)
• Easy to use (SMS / PIN for authentication)
Drawbacks:
• Security – as it is a server based system, it is relying on the security of the GSM network (authenticated by phone number + info over GSM network)..
• Legislation / banking may require SIM encryption for sent info and PIN
9
Mobile ID usability - security vs simplicity (2)
Client based model (Estonia, Lithuania):
• Special STK on SIM card with encryption algorithms on the SIM.
Advantages:
• The customers private key is under his/her control and the PIN code is not sent over the air.
• Messages to and from the SIM are encrypted and decrypted only for the mobile user to see
• High security - EAL4+ certification applicable (SIM card as a signature creation device). Accepted by governments and banks.
• Easy to use – special software for interaction
Drawbacks
• Adoption – new SIM cards and certification registration needed
10
• Service can be connected only with private person subscription
• One SIM, two subscriptions – if you are a corporate client then you can have two subscriptions on one SIM
• You can choose what services are billed to the corporation (for example mobile-ID) and what to your personal account (calls, SMS, data)
• It is possible to bill also chosen calls and other services to different accounts – everything is under the users control!
Mobiil-ID as your personal subscrition
Mobile-ID usage
• Access authorization
– e-Government portals
– mobile operators
– Banks
• Payment authorization
– internet payments
– transportation tickets
• Digital signatures
– digidoc P2P
– digidoc web portal
• Personal identification
– digital ID
– elections / voting
12
Mobile-ID case study
• TeliaSonera has been running a successful WPKI “ecosystem - testbed” in Estonia since 2007
• Biggest uage is generated by banks
• First m-voting in the world!
• Estonian Parliament Elections Feb 24 - Mar 6, 2011
– 140 000 e-voters (ID card + mobile-ID):
– 24% from all votes (+40% increase)
– e-votes from 106 countries
– 3 000 mobile-ID votes
– 2% from all e-voters
– 10% of all mobile-ID users
Lessons learned (1)
• Activate process simplicity is key for wide adoption
• Balance between simplicity and required trustworthiness
• Usability - the simplicity and convenience (no computer, special SW or smart card readers needed)
• M-ID can be identical (usage, security, etc) to other digital-ID’s
• Strong stakeholders are needed in order to get mass usage and de facto standard status (internet banking, public transportation)
Lessons learned (2)
• Simple and motivating pricing for end users and service providers:
– One time subscription fee for SIM card
– Monthly fee incl unlimited transactions on the SIM
– Monthly fee for the service provider based on transaction bulks
• Solution to provide service for business customer end users (company telephone users):
– Challenge: national identity (Mobile ID) contract can be connected only to private individual (Mobil-ID PIN codes are strictly private)
– Solution: virtual EMT private mobile subscription (slave account) is connected to EMT business customer subscription (master account).
– Private persons can make personal mobile subscription connected to his company subscription (company MSISDN) without company authorization
Conclusions – the future is mobile
• Strong ecosystem for mobile-ID usage - all e-services (login/signing) are available also with mobile-ID.
– e-Government, parliament voting service, tax and customs board, citizen portals, digidoc (web service to sign and share documents), company registration portal, ticketing portals (public transportation, entertainment), energy companies, banks, telecoms, insurance and other e-service providers, etc…
• Internet banking - driving force for Mobile-ID - PIN calculators, Password Cards and even ID-cards are being replaced
• ID cards can`t be connected to smartphones and ipad`s
• Possibility to extend Estonian ecosystem and technological infrastructure operated by TeliaSonera in Estonia (EMT + Certification Centre) to other TeliaSonera markets
Thank you!
Holger Haljand
Development Manager EMT AS / TeliaSonera Estonia
Phone: +372 502 8814 E-mail: holger@emt.ee
top related