The new features of Estonia’s eID-based identity cards will enable the country to launch a wide range of new e-services.
The Estonian eID card system, one of the most advanced in the world, underpins all digital services available in the country.
Celebrating 15 years of service in 2017, the eID card is far more than a simple piece of plastic bearing a photograph; it is a highly sophisticated digital access card for all of Estonia’s secure e-services. The chip embedded in the card contains files which, through 2,048-bit public key encryption, allow it to serve as definitive proof of identity in an electronic environment.
It is used as the national health insurance card, as proof of identity when logging into bank accounts from a home computer, for digital signatures, online voting, access to government databases for checking medical records, filing taxes and collecting e-prescriptions.
Most importantly, the vast majority of the Estonian population uses the eID card. More than 98% of bank transactions are carried out online, and 98% of prescriptions are issued electronically. The eID card also makes filing tax returns far easier, with 98% of tax declarations submitted online.
Estonia’s well-established ID card system also made possible the launch of its e-residency programme in 2014, allowing non-citizens to benefit from the country’s digital authentication infrastructure. Yet the development of the Estonian eID has not stood still. According to the Information System Authority (RIA), the system continues to be steadily upgraded.
“RIA is constantly improving the eID software, based on users’ feedback and technological advances. eID is a crucial field – the security requirements raised towards national identity cards are very high and could not be alleviated for convenience or user experience reasons, while browser vendors are continuing to unexpectedly modify the standards to achieve higher security,” said Margus Arm, RIA’s eID domain manager.
Users shift to mobile and smart devices
Arm said users were increasingly moving to mobile and smart devices, which are now widely used for e-services and everyday transactions, including the signing of digital documents. In response, RIA began supporting Android and iOS alongside its desktop platforms – Windows, Mac and Linux.
“Both Android and iOS apps (RIA DigiDoc) are now available for download at Google Play and App Store. It is possible now to sign documents using the certificates provided both by eID cards – including e-resident cards – and mobile phone based mID, as well as to check the validity of existing digitally signed documents,” Arm explained.
For eID cards to work in a smart-device environment, special card readers are still required, including mini-USB and Bluetooth devices, although near-field communication (NFC) is in development.
“NFC solution is still in the planning phase because the current eID cards do not possess NFC interface. It has been rather challenging to maintain strong security standards while adding NFC interface to our national identity cards. However, we have already succeeded in the pilot project. NFC-capable eID cards will be issued starting late 2018 or early 2019. A very natural follow-up will be the integration of NFC capable eID cards to both Android and iOS phones,” Arm said.
Security remains the priority
Arm acknowledged that significant challenges still lay ahead and, as ever, security remained paramount.
“A very challenging development direction is to enable authentication capabilities for Android and iOS operating systems, too. While eID cards provide the strongest authentication capabilities, their integration with mobile devices has traditionally been weak. There are complex technical reasons behind the problem. For desktop computers, browsers are responsible for the authentication layer but in the case of smart devices, browsers lack that functionality, thus an extra layer has to be created for strong online authentication to succeed.”
He stressed that RIA’s aim was to bring the strongest security features of Estonia’s eID-based identity cards into the smart-device environment, paving the way for service providers to launch a new generation of e-services.
Meanwhile, other countries, including Singapore, have expressed interest in building digital identity programmes inspired by Estonia’s model.
