Implementation and Management Approach
During the 4th Ministerial eGovernment Conference, it was decided by the Estonian Minister of Justice Mr Rein Lang and Portuguese Minister of Justice Mr Alberto Costa that two countries should learn from each otherâ€™s experience and try to develop some added value to the existing solutions. Consequently the project on mutual recognition of digital signatures within the process of online company registration took off.
The project had a great interest of both countries political leaders and also chancellors as seen in presentation video: http://www.youtube.com/watch?v=4hNg5i4i3oU&feature=channel_page
The Cross-border digital signature project in Estonia is managed in Ministry of Justice. Ministry of Economy and Communications is also a member of the working group and soon the project will be implemented to all the internet portals in Estonia (those that need to authenticate foreign ID-card users) including private sector (for example internet banks).
The project is operational and wider implementation is in planning phase. The initiative is the result of good cooperation between private and public sector from all participating countries.
The Estonian company registration and management portal can be accessed at https://ettevotjaportaal.rik.ee/. The Portuguese company registration portal can be accessed at http://www.portaldaempresa.pt
Major barriers to cross-border access to electronic services of public administrations are linked to the use of electronic identification and of electronic signatures. Like in the ondigital environment, certain electronic procedures may require identification and signatures.
Thus access to public administrationsâ€™ electronic procedures often implies the need for the individuals involved to identify themselves (i.e. allowing the administration to make sure that the persons are who they claim to be by checking their personal credentials1) and the need to provide an electronic signature allowing the administration to identify the signatory as well as to make sure that the data submitted has not been altered during transmission). The main barrier is the lack of interoperability, be it legal, technical or organisational.
Estonian Company Registration Portal is an Internet portal that uses common web technology. Legal certainty is guaranteed with national PKI system (www.id.ee) and qualified digital signatures that are integrated into national ID-cards smart chip. The PKI system uses X.509 standard and services like CLR, OCSP, LDAP. The IETF (Internet Engineering Task Force) Working Group PKIX, in its Reference document RFC 3647 â€œInternet X.509 Public Key Infrastructure Certificate Policy and Certifications Practices Frameworkâ€.In Estonia the documents are digitally signed with special software called Digidoc (http://www.sk.ee/pages.php/020305010101). The outcome of the signing process is file *.ddoc, similar to zip container.
Technical sketch can be seen in apendix: OCSP.pdf
To solve this cross-border interoperability problem the system lets applicants to sign documents inside our Internet portal (https://ettevotjaportaal.rik.ee/). This way the system can control the signing process with trusted digital signature creation application and this way the output format is also controlled (.ddoc). Signing process also includes time stamping (in OCSP response).
Moreover, the reason why this kind of technical solution (schema in appendix) was used, were the different document types. In Estonia a document format called *.DDOC is used. This type needs special freeware software to see the content and qualified signaure. In EU there are many different types of digital signature document types (PDF, ODF, DOC etc.). For the user the selection is puzzlement. Every type has different structure and sometimes different legal value (time stamping). CReP lets the users to sign documents inside the internet portal thus the outcome is in readable format (known format for Estonian user) DDOC.
In principal, the signing process in web application contacts Estonian CA (Certification Authority) OCSP responder service that in turn contacts foreign CA to receive the signature validation confirmation. See schema in appendix (OCSP.pdf).
In addition, one of the biggest complexities was the absence of unique personal identification code inside the certificate (Finland). To make possible cross/border digital signature use in CReP a web service between Finnish Population register and CReP had to be developed. This way it is possible identify and relate a person to entry in Estonian commercial register.
The technical interoperability issue is one of the biggest challenge. To develop systems of this complexity, high level PKI system developers are needed. During the development phase many changes were made to CA services. Direct communication between specialists is essential. The result is validation service that has both technical and juridical support.
More info about cross-border interoperability: http://ec.europa.eu/idabc/en/document/6485