Strong electronic identification, electronic signatures and certificates
Strong electronic identification means the verification of an identity by electronic means. With strong electronic identification, a consumer can safely verify his or her identity in various electronic services. The devices used in identification include the following:
- online bank identifiers
- citizen certificates issued by the Population Register Centre
- mobile certificates issued by telecoms operators.
Electronic signatures are used for verifying the identity of a signatory. At its simplest, an electronic signature may mean signing an e-mail with a person's name. In advanced electronic signatures, the signatory can be identified and the signature linked to some other electronic data, like an e-mail message, in such a way that any changes made to the data can be detected.
Certificates are needed in identification, encryption and electronic signatures in information networks. A certificate is an electronic verification that is signed by a trusted organisation and confirms the identity of the certificate holder.
A certificate includes a public key with which the holder of the certificate can be identified. In addition to the public key, a certificate includes other information, such as the following:
- the name of a person or an organisation
- the date of issue
- the date of expiry
- unique serial number.
Provisions on the data content of a certificate and the activities of certification service providers are laid down in the Act on Strong Electronic Identification and Electronic Signatures.
Service providers providing strong electronic identification and certification authorities offering qualified certificates must submit a notification to FICORA before beginning their operations.
FICORA keeps a public register of identification service providers and certification authorities providing qualified certificates to the general public.
The objective of the Act on Strong Electronic Identification and Electronic Signatures is to:
- establish common rules for the provision of strong electronic identification services;
- promote the provision of identification services and the use of electronic signatures.
The starting point of the Act is that users must be able to trust that information security and protection of privacy are ensured in strong electronic identification.
FICORA supervises that identification service providers and certification authorities providing qualified certificates comply with the obligations laid down by law.
FICORA also acts as the supervisory authority in matters concerning operations of identification service providers and certification authorities providing qualified certificates.
The Data Protection Ombudsman monitors compliance with the personal data provisions of the Identification Act. In carrying out their supervision duties, FICORA and the Data Protection Ombudsman co-operate with the Finnish Financial Supervisory Authority and the Finnish Competition and Consumer Authority.