How is Estonian e-government built?

In Estonia, 'e-ID' is used as a digital gateway for citizens to access public services. Privacy International, a privacy protection organization, has posted a blog about what technologies are used to realize this e-ID mechanism.

ID systems analysed: e-Estonia (X-Road) | Privacy International

The basis of e-ID is the data exchange layer ' X-Road ' developed by the Estonian government in 2001. With this technology, it has become possible to safely exchange highly confidential data between organizations via the Internet. It was open sourced in 2016 and has been introduced into systems in other countries such as Finland.

The data held by the Estonian government is decentralized and is stored not only in Estonia but also in data centers located outside the country. However, the data center is completely under the control of the Estonian government and is called the 'data embassy' because it can exercise diplomatic immunity equivalent to that of a physical embassy.

The X-Road infrastructure design is shown in the figure below. 'Central Services' and 'security server' are the main, and the source and destination of data are connected to the outside, and the time certificate authority ( TSA ) and certificate authority are used to ensure reliability. ( CA ) is being used. As you can see from this configuration, X-Road was developed by combining existing technologies, and Privacy International analyzes that it is one of the reasons why X-Road was successful as an ID system.

Looking at the detailed contents of each, it looks like this. The Central Service has a Central Server, which stores a list of members connected to X-Road and their security servers, as well as a list of trusted TSAs and CAs. The security server is a server for actually exchanging data, and is connected to the central server using HTTP.

When a member who provides data on X-Road

exposes a REST or SOAP- accessible system to a security server, X-Road communicates that information to other members. Instead of directly accessing the provider's system, the data user can sign and authenticate via the security server, communicate securely, add a time stamp, and save it in the log. It is possible to prove that there was communication from.

The cryptographic algorithms used by X-Road are publicly available and are all widespread. Therefore, it seems that the cryptographic algorithm itself is not a problem. However, when the government distributed the physical card of e-ID in 2011, there was a mistake that the private key that should be generated in the card chip was generated on the manufacturer's server and copied to the card. There remains the possibility of problems with other parts of the system, such as discovering that.

At the time of writing the article, only Finland and Iceland share data with the Estonian government through such an X-Road system, but the X-Road system itself is widely used in Japan and other countries. It is said that it has been done.

The principles of Estonian electronic governance represented by X-Road are disclosed as follows.

・ Decentralization
Instead of centrally managing databases, government departments, ministries, and businesses can now select and manage their own systems.

・ Interoperability
All systems can exchange data safely and work together smoothly.

・ Consistency
All data exchanges, M2M communications, stored data and log files are independent and fully responsible.

・ Open platform
Infrastructure is available to any institution and is open source.

・ No legacy
Continuously improve law and technology.

・ One time only
The data is collected only once from the institution and there is no duplication of data.

Citizens have the right to verify their personal information and to see how the government uses it through log files.

in Software, Posted by log1d_ts