 |
The Citizen Certificate comprises two certificates, one of them being an verifying and encryption certificate and the other a so-called signature certificate, or qualified certificate. The signature certificate of a Citizen Certificate or organization certificate issued by the Population Register Centre is a qualified certificate.
The qualified certificate has to meet the requirements set forth in the Finnish Act on Electronic Signatures (Section 7(2)). The qualified certificate is issued by a certificate authority meeting the requirements in Sections 10 to 15 of the aforementioned Act. The PRC became on the 1st of April 2003 the first, and to this day only, Certificate Authority of qualified certificates in Finland. The qualified certificate operation is supervised by the Finnish Communications Regulatory Authority (FICORA).
A digital signature is an electronic signature generated using an encryption method. An electronic signature certified by a certificate authority of qualified certificates is given the legal status of a hand-written signature in all EU Member States. An electronic signature with a qualified certificate is created using the Public Key Infrastructure (PKI) method. For instance, an e-mail application generates a digital signature encrypted using the signatory's private key delivered in a message. The message’s recipient, or the party trusting the certificate, opens the signature using the sender's public key. The software performs identification and comparison checks. If the sent and received data match, the signature is authentic.
A qualified certificate has to contain:
- an indication that the certificate is a qualified certificate
- information of the certificate authority and the state in which it is established
- the name of the signatory or a pseudonym, which shall be identified as such
- signature verification data, which correspond to the signature-creation data under control of the signatory
- the period of validity of the qualified certificate
- the identity code of the qualified certificate
- the advanced electronic signature of the certificate authority
- any limitations on the scope of use of the qualified certificate; and
- specific data relating to the signatory if relevant to the purpose of use of the qualified certificate.
For more information about qualified certificates and certificate operation, please visit FICORA's web site.
Regulations concerning qualified certificates and electronic signatures:
- Directive 1999/93/EC on electronic signatures
- Act on Electronic Signatures (14/2003)
- FICORA regulation 7/2003 M on certificate authorities' obligation who provide qualified certificates to notify FICORA
- Recommendation on the application of FICORA regulation 7/2003 M (in Finnish)
- FICORA regulation 8/2003 M on the requirements for reliability and information security in the operation of certificate authorities providing qualified certificates
- Recommendation on the application of FICORA regulation 8/2003 M (in Finnish)
- Ministry of Transport and Communications Decree on FICORA charges (1126/2002, in Finnish)
- The CEN, ETSI and IETF specifications relating to electronic signatures
- Personal Data Act (523/1999)
Legislation connected with on-line services and certifying
 Back | Print text
| |
