Security comprises several factors

Citizen certificate

The ID card is a picture ID issued by the police proving the holder’s identity. Integrated into it is the citizen certificate located in a chip corresponding to the ISO specification. Launched in 1999, the citizen certificate is a national certificate offering the best possible features for the use of electronic services.

In accordance with the eIDAS regulation (910/2014) of the EU, electronic identification systems and electronic signatures are categorized according to three assurance and/or security levels. The citizen certificate is a High Level of Assurance (LoA High) identification token used to implement Qualified Electronic Signatures (QES) that have an undeniable legal effect within the EU (EU 910/2014, article 25).

Identification token

The National Cyber Security Centre of the Finnish Transport and Communications Agency maintains a register of service providers located in Finland who provide strong electronic identification services as well as the services they provide. Megical Oy’s hightrust.id was added to said register on November 16, 2023.

Audited by KPMG, the hightrust.id mobile application is the only mobile electronic identification service in Finland that conforms to the LoA High requirements in accordance with the eIDAS regulation. When linked to the citizen certificate, it forms a LoA High identification token. Therefore, the identification token has the same level of assurance as a physical ID card.

The hightrust.id mobile app is a digital wallet that stores and manages the user’s personal data and certificates. The aim is to enable secure access to this data managed by the user themselves.

Identification and signature

The hightrust.id digital wallet linked to a citizen certificate enables the user to perform the following functions on a mobile device:

  1. Strong electronic identification at the highest Level of Assurance
  2. The most reliable possible QES that is legally binding and undeniable within the European Union.


Security:

  • Multi-Factor Authentication (MFA): Using the digital wallet requires a device containing the digital wallet and the user’s confidential data.
  • User control: The user controls what data is shared and with which services. This provides more control over the use of the data.
  • Certification and regulation: As the digital wallet is part of the European digital identity pursuant to the eIDAS regulation, its data security and privacy standards are extremely high. The EU imposes strict requirements regarding data encryption and the trustworthiness of service providers.
  • Local data storage: In the digital wallet, the data may be stored locally on the user’s device, which reduces the dependence on a centralized database and the risk of data leak.