Strong electronic identification, electronic signatures and certificates

Strong electronic identification, electronic signatures and certificates help in identity verification, identification and data encryption in electronic information networks. Strong electronic identification and trust services are governed by law.

Strong electronic identification

Strong electronic identification means the verification of an identity by electronic means. With strong electronic identification, a consumer can safely verify his or her identity in various electronic services. The devices used in identification include the following:

  • online bank identifiers
  • citizen certificates issued by the Population Register Centre
  • mobile certificates issued by telecoms operators.

Electronic signature

Electronic signatures are used for verifying the identity of a signatory. At its simplest, an electronic signature may mean signing an e-mail with a person's name. In advanced electronic signatures, the signatory can be identified and the signature linked to some other electronic data, like an e-mail message, in such a way that any changes made to the data can be detected.

Certificate

Certificates are needed in identification, encryption and electronic signatures in information networks. A certificate is an electronic verification that is signed by a trusted organisation and confirms the identity of the certificate holder.

A certificate includes a public key with which the holder of the certificate can be identified. In addition to the public key, a certificate includes other information, such as the following:

  • the name of a person or an organisation
  • the date of issue
  • the date of expiry
  • unique serial number.

Provisions on the data content of a certificate and the activities of certification service providers are laid down in the Act on Strong Electronic Identification and Electronic Signatures.

The Act on Strong Electronic Identification and Electronic Signatures

Registers of service providers

Service providers providing strong electronic identification and certification authorities offering qualified certificates must submit a notification to FICORA before beginning their operations.

Notifications to FICORA

FICORA keeps a public register of identification service providers and certification authorities providing qualified certificates to the general public.

Registers of identification and certification service providers
Register of identification service providers

The Act on Strong Electronic Identification and Electronic Signatures

The objective of the Act on Strong Electronic Identification and Electronic Signatures is to:

  • establish common rules for the provision of strong electronic identification services;
  • promote the provision of identification services and the use of electronic signatures.

The starting point of the Act is that users must be able to trust that information security and protection of privacy are ensured in strong electronic identification.

The Act on Strong Electronic Identification and Electronic Signatures

Responsibilities of the authorities

FICORA supervises that identification service providers and certification authorities providing qualified certificates comply with the obligations laid down by law.

FICORA also acts as the supervisory authority in matters concerning operations of identification service providers and certification authorities providing qualified certificates.

The Data Protection Ombudsman monitors compliance with the personal data provisions of the Identification Act. In carrying out their supervision duties, FICORA and the Data Protection Ombudsman co-operate with the Finnish Financial Supervisory Authority and the Finnish Competition and Consumer Authority.

Data Protection Ombudsman

Key words: Information security , Data protection

Updated 29.08.2016

LinkedIn Print

logo

The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313

FI-00180 HELSINKI


Media contacts by telephone +358 295 390 248