1. Electronic-ID > Digital-ID > Mobile-ID
Estonian experience
Moldovan ICT Summit
May 18, 2011
Holger Haljand
Development Manager
EMT AS / TeliaSonera Estonia
Phone: +372 502 8814
E-mail: holger@emt.ee

2. TeliaSonera - in brief
• Europe’s 5th largest telecom operator
• Employees: 28,945
• 2010 net sales:
EUR 11,9 billion
• Subscriptions: 157m
• In 19 countries:
Azerbaijan, Belarus, Denmark , Estonia, Finland,
Georgia, Kazakhstan, Latvia, Lithuania, Moldova,
Nepal, Norway, Russia, Spain, Sweden, Tajikistan,
Turkey, Ukraine, and Uzbekistan.
2

3. Republic of Estonia
Facts about Estonia
• Part of EU / Eurozone / NATO
• Population: 1,340,000
• Mobile: 118%
• Internet: 57%
• Broadband: 48,5%
• Mobile Internet: 22%
3

4. Estonia in 2010: e-Country
• ID-card (1,000,000 cards, 75% of population)
• mobile-ID (25,000 m-ID SIM-cards)
• e-Government
• e-Elections (140,000 e-voters, 24% of all voters)
• m-Elections (3,000 m-voters)
• e-Tax and Customs Board (90% of all declarations)
• e-Banking (90% transactions)
• e-Shool (300,000 users)
• e-Health project (e-prescription)

5. Mobile services in Estonia - impact on everyday lives

6. electronic-ID > digital-ID > mobile-ID

7. Different electronic ID types
ID card (smartcard with foto)
• Widely used physical identification document (75%)
• Enables authentication and digital signatures
• Needs smart card reader & software
• Support for selected web browsers (IE, Mozilla)
Digital ID (smartcard without foto)
• Digital signatures and digitala authorization only
• No physical identification (no photo)
• Very fast application (same day)
• Can be used simultaneosly in multiple electronic devices
Mobiil-ID (mobile SIM card)
• Digital signatures and digitala authorization only
• Doesn’t need SW / HW installed on PC or mobile
• Doesn’t need web browser support
• No physical identification (no photo)

8. Organization for PKI and Mobile-ID
Mobiil-ID customer service Certificate issuing
Certificate
Estonian Certification Center
Registration generation Certification
request
Authority Authority
ORDER
(ID-card audentication)
(EMT)
1. Certificate and
validity control
m-ID Service Autentication 2. Signature
or digital validation
signature
Mobile Operator request Trusted
Client (EMT) Service
Digital signature Provider
(PIN protection)
Web service that SP (Bank, City portal)
requires authentication Service Provider
or digital signatures
OK!

9. Mobile ID usability - security vs simplicity (1)
Server based model (Austria):
• Existing mobile SIM cards, where the everything is stored at the
certification center server. The operator is really just a channel where
the user is identified by his mobile subscription (phone number);
Advantages:
• Easy to adopt (no need to replace SIM, special registration, etc)
• Easy to use (SMS / PIN for authentication)
Drawbacks:
• Security – as it is a server based system, it is relying on the security of
the GSM network (authenticated by phone number + info over GSM
network)..
• Legislation / banking may require SIM encryption for sent info and PIN
9

10. Mobile ID usability - security vs simplicity (2)
Client based model (Estonia, Lithuania):
• Special STK on SIM card with encryption algorithms on the SIM.
Advantages:
• The customers private key is under his/her control and the PIN code is
not sent over the air.
• Messages to and from the SIM are encrypted and decrypted only for
the mobile user to see
• High security - EAL4+ certification applicable (SIM card as a signature
creation device). Accepted by governments and banks.
• Easy to use – special software for interaction
Drawbacks
• Adoption – new SIM cards and certification registration needed
10

11. Mobiil-ID as your personal subscrition
• Service can be connected only with private
person subscription
• One SIM, two subscriptions – if you are a
corporate client then you can have two
subscriptions on one SIM
• You can choose what services are billed to
the corporation (for example mobile-ID) and
what to your personal account (calls, SMS,
data)
• It is possible to bill also chosen calls and
other services to different accounts –
everything is under the users control!

12. Mobile-ID usage
• Access authorization • Digital signatures
– e-Government portals – digidoc P2P
– mobile operators – digidoc web portal
– Banks
• Payment authorization • Personal identification
– internet payments – digital ID
– transportation tickets – elections / voting
12

13. Mobile-ID case study
• TeliaSonera has been running a successful WPKI
“ecosystem - testbed” in Estonia since 2007
• Biggest uage is generated by banks
• First m-voting in the world!
• Estonian Parliament Elections Feb 24 - Mar 6, 2011
– 140 000 e-voters (ID card + mobile-ID):
– 24% from all votes (+40% increase)
– e-votes from 106 countries
– 3 000 mobile-ID votes
– 2% from all e-voters
– 10% of all mobile-ID users

14. Lessons learned (1)
• Activate process simplicity is key for wide adoption
• Balance between simplicity and required trustworthiness
• Usability - the simplicity and convenience (no computer, special
SW or smart card readers needed)
• M-ID can be identical (usage, security, etc) to other digital-ID’s
• Strong stakeholders are needed in order to get mass usage
and de facto standard status (internet banking, public
transportation)

15. Lessons learned (2)
• Simple and motivating pricing for end users and service providers:
– One time subscription fee for SIM card
– Monthly fee incl unlimited transactions on the SIM
– Monthly fee for the service provider based on transaction bulks
• Solution to provide service for business customer end users
(company telephone users):
– Challenge: national identity (Mobile ID) contract can be connected
only to private individual (Mobil-ID PIN codes are strictly private)
– Solution: virtual EMT private mobile subscription (slave account) is
connected to EMT business customer subscription (master
account).
– Private persons can make personal mobile subscription connected
to his company subscription (company MSISDN) without company
authorization

16. Conclusions – the future is mobile
• Strong ecosystem for mobile-ID usage - all e-services (login/signing)
are available also with mobile-ID.
– e-Government, parliament voting service, tax and customs board, citizen
portals, digidoc (web service to sign and share documents), company
registration portal, ticketing portals (public transportation, entertainment),
energy companies, banks, telecoms, insurance and other e-service
providers, etc…
• Internet banking - driving force for Mobile-ID - PIN calculators,
Password Cards and even ID-cards are being replaced
• ID cards can`t be connected to smartphones and ipad`s
• Possibility to extend Estonian ecosystem and technological
infrastructure operated by TeliaSonera in Estonia
(EMT + Certification Centre) to other TeliaSonera markets

17. Thank you!
Holger Haljand
Development Manager
EMT AS / TeliaSonera Estonia
Phone: +372 502 8814
E-mail: holger@emt.ee