TKK | Tietoverkkolaboratorio | Opetus

[intro] [cryptography] [schemes] [protocols] [implementations] [authors]

The Finnish Electronic Citizen Card The Finnish government has seen the need for an electronic identity and means for proving this identity. As a result, an electronic citizen card is now available to the public. The card can be used in various net services and is not limited to transactions with officials. Similar projects have been lauched in e.g. Denmark, USA and Sweden. The system is administered by the  population register centre. Figure: the Electronic Citizen Card. (Source Population register centre, A. Saapunki). How it works The system is based on public key encryption and consequently the keys are stored on the card. The card is a processor card that carries a small microprocessor and memory. All operations that need the private key are run in the card´s processor and the private keys cannot be extracted from the card. For security reasons one key pair is used for identification and encryption and another for digital signature. Certificates are used to verify the public keys. The certificates are stored on certificate servers. Figure: The principle of authentication with the electronic citizen card. (Source JI). When connecting to a net service, the card is first placed into a card reader. The user identificates himself to the card with a PIN (secret number). Fingerprint identification could also be used later. The user's terminal then connects to a remote server. The server fetches the user's certificate from a certificate server and user's terminal fetches the server's certificate. The certificates are examined. Authentication information is sent. What is it used for The Citizen Card is meant to be a general purpose device for safe personal transactions in electronic networks. Its main purpose, however, is to enable secure handling of affairs with officials of national and local administration. This could be for example submitting tax forms, applying for permissions, checking what is stored about oneself in registers, etc. Additional applications are making payments through the Internet net shopping sending secure e-mail The Finnish OKO bank and Leonia bank have launched pilot projects where the card is used for making payments. At the time (Oct 1999) Merita bank frowns upon the the "officials attempt to monopolize user authentication". What if it is stolen? A thief can cause tremendous damage to a person by stealing the card if he also finds out the PIN code. The authors´ view is that the system is not ready as such for extensive use.

Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan laitosta. Tällä sivulla oleva tieto voi olla vanhentunutta.

Kurssien ajantasainen tieto on MyCourses-palvelussa.