Docstoc

UNECE Confidentiality Forms

Document Sample
UNECE Confidentiality Forms Powered By Docstoc
					                Using PKI for the Census

MSIS 2004, Geneva
Mel Turner, Lise Duquet
Statistics Canada




                                           1
                                              Agenda

• Government of Canada common infrastructure
• Census of Population, Census of Agriculture
   – Business requirements
   – Security/Confidentiality requirements
• A new common service – SEAL
  (Session Encryption with Automated Login)
   – Attributes
   – Components
   – Application flows
• Why is SEAL appropriate for statistical data
  collection?

                              2
                                                       2
                                 Business objectives

• Offer all Canadians the option to complete their
  Census forms using the Internet
   – Census of Population and Census of Agriculture are
     conducted every 5 years.
   – 13.5 million households and 300 000 farms in May 2006.
• Conduct a Census Dress Rehearsal
   – 300 000 households and 20 000 farms in May 2004.
• Target Internet take-up rate of 20% to 25%
   – Peak period on or around Census day.
• Provide the most secure way to connect Canadians
  to protect confidentiality of data.

                             3
                                                              3
                             Business requirements

• Simple and single-step access
   – Need to authenticate a form, not a person
   – No pre-registration required
• Convenient and ease of use
   –   Accessible anytime, anywhere
   –   Supported Web browsers
   –   Ability to suspend and resume a session for long forms
   –   Nothing left behind the user’s workstation
• Capable of securely handling large volumes
   – Highly visible application
   – Response window focused on “Census day”


                               4
                                                                4
                   Confidentiality requirements
• Confidentiality protection of data submitted on-line
   – PKI technology provides confidentiality and digital signature.
   – SEAL uses PKI for confidentiality protection only.
• Strong encryption using an anonymous PKI
  certificate
   – Bi-directional, end-to-end encryption.
   – Need to securely return instructions, sensitive data captured
     in a previous session or real-time updates to the user.
• Security interface transparent to the user
   – The steps taken by SEAL to maintain a secure session are
     invisible to the user.


                               5
                                                                      5
                                          SEAL Attributes
• Pool of anonymous PKI Certificates
   – PKI certificates bulk generated in advance.
   – PKI certificate recycled at the end of each session.
   – No user maintenance.
• Anonymous PKI User ID, Password and
  Distinguished Names (DN)
   – Automatic login and logoff from SEAL, invisible to the user
• Dedicated Certificate Authority
   – Not cross-certified with other authorities.
• End-to-end bi-directional encryption with Entrust®
  TruePass 7.0
                                6
                                                                   6
                                                        Census Login

Attempt to access    User enters                        User completes      User
   Census site      Access Code                          Census Form       Browser



                                      Anonymous
                                      certificates

    Establish                                                               Common
   TruePass™                                                                  PKI
    Frameset                        Retrieve a random                    Infrastructure
                                        userid and
                                        auto-login




 Prompt user for    Get encrypted
                                     Reverse proxy      Establish user     Census
  Access Code       Access Code
                                      confirmation         session        Application
(printed on form)    and validate




                                      7
                                                                                          7
                                               User submits data
    “Submit”                         User continues
                                                                            User
                                                                           Browser
TruePass™ applet                    TruePass™ applet
    encrypts                          decrypts data    Anonymous
    user data                         transparently    certificates


   (data remains
  encrypted until                                       Userid and          Common
                                     Reverse proxy                            PKI
it reaches Census                                      certificate are
                                       pass thru                         Infrastructure
    application)                                         recycled




Data is decrypted   Response is     Encrypt response
                                                        On logout          Census
 using Statcan       processed      using respondent
                                                        or timeout        Application
   private key      (edit checks)       public key




                                       8
                                                                                          8
                                            Re-use of SEAL?
• Designed as a “service”, not an application.
• Bi-directional encryption using anonymous PKI certificates.
    – Secure exchange of confidential or sensitive information on-line where
      the identity of the individual is not relevant.
    – Secure exchange of data based on an access code (e.g. e-file)
    – Secure online forms or e-transactions where there is a need to
      securely return real-time updates, approvals or instructions to the
      user.
    – Confidential (but not digitally signed) e-mail.
• Transparent certificate management to department
    – No individual data observed or retained by SEAL
    – No pre-registration; invisible and non-intrusive to the user
    – Ease of deployment.



                                   9
                                                                               9

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:7/14/2012
language:
pages:9