Electronic Identity eID
Electronic identity (eID) – a collection of data that connects the person with his/her physical identity in an electronic environment. In Estonia, each person has one physical identity and the same applies to electronic identity.
A person may have several carriers of electronic identity (places where his/her eID data collection has been saved to), but the identity on these carriers is always the same. Carriers of eID in Estonia are ID-cards, residence cards, diplomatic IDs, mobile-ID, digital ID, and an e-Resident’s digital ID (hereinafter collectively referred to as ‘ID-card’).
Electronic identity operates on the basis of a public key infrastructure (PKI). The PKI model is based on two keys – a secret key and a public key. As is evident from the names of the keys, the secret key must be protected and can only be used by the person to whom it has been issued. The public key, on the other hand, is available to everyone and there is a specific link between the two keys.
This model with a secret and public key enables safe entry into e-services, i.e. digital authentication and giving digital signatures. It also allows transferring data securely/confidentially.
All operations performed with means of eID (authentication, signing, and decryption) are PIN-protected. This prevents the misuse of eID means when PINs are not known.
- Identity Documents Act »Passed 15.2.1999
- Electronic Identification and Trust Services for Electronic Transactions Act »Passed 12.10.2016
- ID-software »Website for downloading the software
- ID-card help centre »Guidlines for electronic use of the ID-card
- ID-card website »Information about ID-card and how to use it
- Police and Border Guard Board »Information about applying for an ID-card, a digital ID and a mobile-ID
- Electronic Identity – How It Works in Estonia »Videos on YouTube
Activities necessary for the functioning of electronic identity
For the functioning of electronic identity, the state must ensure the existence and functioning of the public key infrastructure. The state sources much of the PKI-related services from the private sector (SK ID Solutions AS, skidsolutions.eu »), e.g. the certification service, the infrastructure for checking the validity of certificates, the infrastructure for sharing the public key (the LDAP service), and the environments for creating keys (e.g. the ID-card’s chip).
The state organises the most important eID-related activities:
- The field of eID in Estonia is developed by the state’s Information System Authority (RIA) and the Ministry of Economic Affairs and Communications in cooperation with the Police and Border Guard Board, the Ministry of the Interior, and other partners from the public as well as the private sector.
- RIA is responsible for the collection of software applications (ID-card’s basic software) necessary for using eID.
- RIA is responsible for the quality and safety requirements of eID services.
- The Department of State Information Systems (RISO) at the Ministry of Economic Affairs and Communications » is responsible for the legislation related to the security requirements of PKI services.
- The tools of secure authentication and signature (ID-card, etc.) are procured and issued by the Police and Border Guard Board » in accordance with the Identity Documents Act.
What does the Information System Authority (RIA) do?
- develops the vision and strategy for the field of eID and is the advocate for and the developer of positions in the field of eID in Estonia;
- is responsible for the security and compliance of the secret key carrier of eID tools and the software on them;
- is responsible for the functioning, development, and management of ID-software (the DigiDoc application) designated for the end user;
- is responsible for the development, functioning, and management of eID’s software components designated for the developers and providers of e-services;
- is responsible for the interoperability of international electronic identities, e.g. the functioning, development, and management of transnational software solutions;
- shapes the vision and the strategy for the development of the field;
- participates in national and transnational work groups and is involved in the national development of the field of PKI;
- insures users in-service support for the ID-card’s basic software (www.id.ee »);
- ensures support for developers.
Police and Border Guard Board
- issues identity documents (ID-card, residence card, digital ID, and e-Resident’s digital ID) in accordance with the Identity Documents Act www.politsei.ee »;
organises public procurements for identity documents, part of which is also eID (cooperating with the Information System Authority);
is responsible for the security of physical documents (security elements);
organises the personalisation of documents;
ensures a reliable issuing process for the documents;
resolves technical issues and problems related to ID-cards in cooperation with the Information System Authority.
Ministry of Foreign Affairs
Issues diplomatic IDs, including eIDs.
The e-residency team at Enterprise Estonia
Responsible for the e-residency programme.
SK ID Solutions AS
Issues eID certificates and validity information of the certificates.