Using PKI for the Census
MSIS 2004, Geneva
Mel Turner, Lise Duquet
• Government of Canada common infrastructure
• Census of Population, Census of Agriculture
– Business requirements
– Security/Confidentiality requirements
• A new common service – SEAL
(Session Encryption with Automated Login)
– Application flows
• Why is SEAL appropriate for statistical data
• Offer all Canadians the option to complete their
Census forms using the Internet
– Census of Population and Census of Agriculture are
conducted every 5 years.
– 13.5 million households and 300 000 farms in May 2006.
• Conduct a Census Dress Rehearsal
– 300 000 households and 20 000 farms in May 2004.
• Target Internet take-up rate of 20% to 25%
– Peak period on or around Census day.
• Provide the most secure way to connect Canadians
to protect confidentiality of data.
• Simple and single-step access
– Need to authenticate a form, not a person
– No pre-registration required
• Convenient and ease of use
– Accessible anytime, anywhere
– Supported Web browsers
– Ability to suspend and resume a session for long forms
– Nothing left behind the user’s workstation
• Capable of securely handling large volumes
– Highly visible application
– Response window focused on “Census day”
• Confidentiality protection of data submitted on-line
– PKI technology provides confidentiality and digital signature.
– SEAL uses PKI for confidentiality protection only.
• Strong encryption using an anonymous PKI
– Bi-directional, end-to-end encryption.
– Need to securely return instructions, sensitive data captured
in a previous session or real-time updates to the user.
• Security interface transparent to the user
– The steps taken by SEAL to maintain a secure session are
invisible to the user.
• Pool of anonymous PKI Certificates
– PKI certificates bulk generated in advance.
– PKI certificate recycled at the end of each session.
– No user maintenance.
• Anonymous PKI User ID, Password and
Distinguished Names (DN)
– Automatic login and logoff from SEAL, invisible to the user
• Dedicated Certificate Authority
– Not cross-certified with other authorities.
• End-to-end bi-directional encryption with Entrust®
Attempt to access User enters User completes User
Census site Access Code Census Form Browser
Frameset Retrieve a random Infrastructure
Prompt user for Get encrypted
Reverse proxy Establish user Census
Access Code Access Code
confirmation session Application
(printed on form) and validate
User submits data
“Submit” User continues
TruePass™ applet TruePass™ applet
encrypts decrypts data Anonymous
user data transparently certificates
encrypted until Userid and Common
Reverse proxy PKI
it reaches Census certificate are
pass thru Infrastructure
Data is decrypted Response is Encrypt response
On logout Census
using Statcan processed using respondent
or timeout Application
private key (edit checks) public key
Re-use of SEAL?
• Designed as a “service”, not an application.
• Bi-directional encryption using anonymous PKI certificates.
– Secure exchange of confidential or sensitive information on-line where
the identity of the individual is not relevant.
– Secure exchange of data based on an access code (e.g. e-file)
– Secure online forms or e-transactions where there is a need to
securely return real-time updates, approvals or instructions to the
– Confidential (but not digitally signed) e-mail.
• Transparent certificate management to department
– No individual data observed or retained by SEAL
– No pre-registration; invisible and non-intrusive to the user
– Ease of deployment.