3. El perfil de los jóvenes de justicia juvenil
3.4. Los jóvenes que han finalizado una medida socioeducativa
3.4.1. Los jóvenes que han finalizado una medida de libertad vigilada
Having examined the prevalence of authentication policies, we will next examine the countries which have deployed some form of PKI system to authenticate a group of entities as a key part of their eIDM policy. Only functioning systems are described; not planned ones.
As noted above, it is not uncommon for a signature certificate to be used to achieve authentication functionality. When the correspondent has reported that such signature certificates are used as an important means of entity authentication, such certificates have also been included in the tables below.
A distinction is made between public sector controlled PKI systems and public/private partnerships. For the purposes of this report, the distinction lies in the allocation of the function of the registration authority who verifies the identity of the party requesting the PKI token. It should thus be noted that it is perfectly possible (and in fact quite common) that a system is classified as ‘public sector controlled’ in the tables below despite the fact that the certification authority is a private entity. The reason for this distinction lies in the fact that offline authentication tends to rely on documents that originate from public sector bodies. In offline situations, the trust that is accorded to such documents does not depend on the actual producer of the document (which might e.g. be a private sector printing company which does not enjoy any specific trust relationship), but rather on the fact that the verification and issuing procedure is in the hands of a public sector body. For the same reason, this is the criterion that was also withheld for these systems. For the same reason, the tables also indicate the entity which issues the authentication token.
In order to determine the scope of each token, the tables also indicate whether or not the PKI system is accessible to private sector partners, i.e. whether the token, hardware and middleware has been designed with use by private sector partners in mind, or whether the PKI system was only designed for use within one or more specific eGovernment applications. This is of course relevant because systems which are open to uptake in the private sector should also be usable by foreign public authorities, i.e.
there is no imperative legal/policy objection towards cross border use (although technical considerations might still be a barrier).
4.3.2.1 Public sector controlled PKI systems
Country Description Entity issuing the
authentication token
Accessible to private
sector?
Belgium Authentication certificate in the
eID card Issued through communes upon
identification in person. Yes, through freely
disseminated software modules.
Croatia Authentication certificate on a
smart card (FINA eID card) Financijska agencija (FINA), the Croatian Financial Agency Yes.
Authentication certificate on the
CIHI (health care) card Croatian Institute for Health
Insurance No.
Estonia Authentication certificate in the
eID card Citizenship and Migration Board
(CMB) Yes.
Finland Authentication certificate in the
eID card FINEID Issued through local police
stations. Yes.
France Authentication certificate in the
Daily Life card Local authorities No.
Greece Syzefxis system for civil servants using signature certificates, either on smart cards or as soft certificates
The appropriate Ministry, depending on the civil servant. No.
Hungary Education cards containing signature certificates (only for teachers and administrators; not for students)
Minister of Education No.
Iceland Soft authentication certificates A number of administrations, including the Tax Revenue Directorate and the Directorate of Customs. In the future, bank issued smart cards will contain
both signature and
authentication certificates.
Yes.
Italy Authentication/ attestation
certificate in the eID card Issued through municipalities upon identification in person. Yes.
Authentication/ attestation
certificate in the CNS card Depends on the local authority who has decided to issue the card
No.
Authentication or signature certificate in the CMD (public servant card)
The issuing civil service (depends on the card; e.g.
Ministry of Defense)
No.
Latvia Authentication and qualified State Revenue Service. Yes.
certificates in private sector
smart cards Requires a passport to request.
Liechtenstein Authentication certificate in the
eID card Issued through communes upon
identification in person. Yes.
Lithuania Authentication certificate in the
eID card Issued through communes upon
identification in person. Yes.
Authentication certificate in the
Civil servant eID card The issuing civil service (depends on the card). Yes.
Malta Soft nonqualified signature
certificates Maltese government; see
http://repository.ca.gov.mt Yes.
Portugal Authentication certificate in the
national eID card INCM (Portuguese Mint) Yes.
Slovenia Qualified signature certificate containing a unique identifier linked to a database managed by the Ministry
Certification authority at the Ministry of Public Administration Yes.
Spain Authentication certificate in the national eID card (or electronic residents card in the future)
eID card Technical Office (Oficina Técnica del DNI electrónico)
Yes (several banks have announced their take-up of the eID card).
Signature certificates issued by certain publicly controlled accredited CSPs, either soft or on a smart card.
FNMT (Spain’s Royal Mint);
CATCERT (Certification Authority of the Regional Government of Catalonia);
IZENPE (Certification Authority of the Regional Government of the Basque Country); ACCV (Certification Authority of the Regional Government of the Valencia Region)
Typically yes.
Turkey Soft authentication certificates Ministry of Justice No.
4.3.2.2 Public / private partnerships
Country Description Issuing entity Accessible
to private sector?
Austria Qualified signature
certificate in Citizen Card Depends on the implementation
of the Citizen Card Yes. Private
Belgium Qualified and nonqualified software signature certificates
Recognised CSPs (all Belgian
in practice) Yes.
Bulgaria Signature using qualified
soft certificates CSPs registered at the Bulgarian Communications Regulation Commission
Yes.
Czech Republic Signature using qualified certificates (either soft (the typical case) or exceptionally on a smart card)
Recognised CSPs. The certificate contains the social security number, which is used for authentication purposes
Yes.
Signature using qualified certificates (either soft (the typical case) or exceptionally on a smart card)
Recognised CSPs. The signature is used to sign an electronic document containing other unique identifiers, such as the personal identity number, which is then used for authentication.
Yes.
Denmark OCES advanced electronic signature (soft certificate;
may include hardware token in the future)
TDC, a recognised private CSP. The certificate contains a unique identifier, which is linked to the national register number
Estonia Mobile-PKI/Mobile-ID PKI system based on mobile phones, as described in section 4.1.5.
Yes.
Iceland Authentication certificates under a common Icelandic company in the financial sector.
Yes.
France Authentication certificate in
the Vitale card Health insurance funds. The identification number is the ADELI and/or SIRET number.
Yes.
28 www.islandsrot.is
Liechtenstein Certificates issued by A-Trust (Austria) for use within the National Public Administration
Austrian CSP A-SIT Yes
Lithuania Qualified signature certificates, either soft or on a smart card.
Three qualified CSPs are presently available in Lithuania Yes Mobile-PKI/Mobile-ID PKI system based on mobile
phones, as described in section 4.1.5.
Yes.
The Netherlands Certificates issued under
the PKIoverheid
Norway Authentication and
signature certificates (qualified and nonqualified) issued by private CSPs.
These can be stored on smart cards or server side.
A number of private sector partners, including certain banks (notably Buypass and members of the BankID group)
Yes
Poland Qualified signature
certificates, either soft or on a smart card.
Three qualified Certification Authorities in Poland: Certum (www.certum.pl), Sigillum (www.sigillum.pl.com.pl) and Szafir (www.kir.com.pl)
Yes
Portugal Qualified soft signature certificates for lawyers, solicitors or notaries public.
The Ordem dos Advogados (Lawyers Bar Association,) the Câmara dos Solicitadores (Solicitors Association) and the Ordem dos Notários (Notaries Order).
Yes
Romania Qualified and nonqualified
soft signature certificates Private CSPs Trans sped, Certsign, Digisign and Internet DomReg
Yes
Slovakia Qualified soft signature certificates, issued after personal identification (since certificates may not use the birth number)
Accredited private sector CSPs Yes
Slovenia Qualified signature
certificate; usually containing an official identifier (like the tax number or the Personal Registration Number)
Three accredited private sector
CSPs Yes
Spain Qualified signature
certificate, soft or on a smart card, following prior
Accredited and recognised
CSPs Yes
personal identification.
Uses the national identifier.
Sweden Advanced certificates, either soft or hard. Two separate certificates on each token, one for authentication and one for signature. Issuance based on a compulsory prior identification in person and information in national population register.
Certificates issued by private sector partners (eight banks in a consortium forming BankID, the Nordea bank, the telecom company TeliaSonera and the computer company Steria). The National Swedish identity card issued by the police (deployed but still not fully initiated for electronic use).
Yes.
Turkey Qualified signature
certificates on a smart card. Four accredited CSPs. Yes Mobile-PKI/Mobile-ID PKI system based on mobile
phones, as described in section 4.1.5.
Yes.
United Kingdom Soft qualified signature
certificates British Chamber of Commerce
and Equifax Yes.
4.3.2.3 Conclusions with regard to PKI based authentication systems Based on the tables above, the following conclusions can be drawn:
• A total of 17 countries out of 32 (53%, 3 more countries than in 2007) reported using public sector controlled PKI systems as defined above, with a total of 22 systems being reported (+6 compared to 2007). Of these 22 systems, 15 were open to private sector use (68%).
• 20 countries out of 32 (62,5%, 4 more countries than in 2007) reported using public/private sector controlled PKI systems as defined above. Given the involvement of the private sector, it is unsurprising that all of these could also be used in the private sector.
• Combining both tables, a sizable majority of 27 out of 32 countries (84%, three more than in 2007) have reported using PKI systems (either public or public/private controlled) for the purposes of entity authentication.
It is important to note that the public sector controlled PKI systems which were not open to private sector use are only certificates or smart cards which have been issued for a very specific user group (such as civil servants) or for use within a very specific sector (such as a specific ministry/department).
All of the general eID cards deployed so far (see section 4.1.1.6.) are open to private sector use without further restriction. This is relevant from an interoperability perspective on account of the large number of countries presently deploying/planning to deploy such eID cards: there is no objection in principle to the cross border use of such authentication means. Thus, the number of PKI systems which is open to private sector use (and thus also to cross border use) can be expected to increase as the number of eID cards increases.
A secondary conclusion is that, at least for PKI systems, private sector involvement has the interesting side-effect of improving interoperability, as the systems by definition have been developed with a broad use in mind, and are not inherently restricted to use within one or several services.