Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.

Published byKory Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information."— Presentation transcript:

1 Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information Technology Services Branch Privacy-enhancing Technologies and Identity Management

2 2 Outline How the federal government developed and implemented a common, privacy-friendly authentication system for secure access to Government On-line (GOL) services

3 3 Government On-line Transactions: Canadians’ Concerns and Expectations l Surveys consistently revealed Canadians’ concerns that their Government On-line transactions could potentially allow their private information to become public or end up in the wrong hands l Expect the government to be more diligent than the private sector or banks in protecting the privacy and security of their information

4 4 The Solution Public Key Infrastructure to provide privacy and security for GOL transactions

5 5 GOL Authentication Services l l Ensure that on-line participants are who they claim to be l l Maintain data integrity and confidentiality of personal information l l Provide evidence for non-repudiation l l Permit differing levels of authentication for different service offerings l l Provide secure electronic signatures

6 6 GOL Authentication Strategy l To implement a common PKI authentication service for Canadians to conduct business with government that would: – be more user-friendly and manageable – support a range of functional and security needs – be extensible, scalable and interoperable – offer simple, efficient registration process – be both economic and strategic l Prerequisites: – on-line credentials must be secure and “portable” – browser is the client’s preferred on-line tool – privacy principles must be rigorously observed l Phased roll-out

7 7 Privacy by Design l GOL transactions are governed by the same privacy protections as paper-based transactions: – Federal law (Privacy Act) – Federal policies and guidelines (Privacy & Data Protection) l Developed Privacy Impact Assessment Policy to ensure that privacy is built into all federal on-line services – GOL Authentication Services served as a successful pathfinder project demonstrating PIA is an essential architectural tool when initiated early and updated as required – 4 iterative PIAs undertaken prior to initial launch to progressively assess conceptual models, build requirements and design throughout development l National focus testing of user experience

8 8 PKI – Privacy-Enhancing, But … l Binds identity to a digital certificate (distinguished names) l Potential to reveal information about user from use of certificate (inference) l Question of collection and sharing of information between government services – registration, directory

9 9 epass – An Elegant (and Revolutionary) Solution l Access to GOL services is via “epass” – a secure electronic credential l Differs from traditional PKI implementations: – epass certificate is anonymous – it is not bound to the identity of an individual or entity – the only identifying data in an epass is a randomly generated, unique number (MBUN – Meaningless But Unique Number) – Impossible to deduce anything about the epass holder l Developed in strict adherence with privacy laws and policies

10 10 How epass Enhances Privacy l Registration process – User creates unique user ID and password – Encryption and signing keys are generated and stored in double-encrypted profile accessible only to the user – The user identifies recovery questions and answers during registration process – epass is issued – NO identifying information is contained in the epass – only the MBUN

11 11 l The program is responsible for authenticating the epass holder’s identity l The authentication process is as rigorous as nature of the transaction dictates l Once the program is satisfied as to the identity of the epass holder, the epass MBUN is mapped to the program information How epass Enhances Privacy … 2

12 12 epass-enabled GOL Services l CRA Address Change On-line l HRSD/SDC Record of Employment l CRTC filings (applications) l Health Canada’s electronic regulatory system for pesticide applications One-quarter million epasses issued!

13 13 Coming Soon l Atlantic Canada Opportunities Agency l Passport Office l PWGSC - My Services l Veterans Affairs medical records system l CRA expanding use of “MyAccount”

14 14 Recognition GOLD MEDALS TO ROE AND SECURE CHANNEL l For the fourth year in a row, Accenture has ranked Canada #1 in e-government maturity – specifically mentioning epass as a contributing factor l Four GTEC gold medals since 1999 – two this year: – Record of Employment – Secure Channel Project 2003: for epass 1999: for first implementation of a national government PKI policy l Federal Privacy Commissioner acknowledgement: “…the creative approach they have taken in addressing many of the privacy risks associated with more conventional on-line client authentication models.”

15 15 REGISTRATION DEMONSTRATION

Download ppt "Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information."

Similar presentations

3SKey 3SKey.

3SKey 3SKey.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
PKI Implementation in the Real World

PKI Implementation in the Real World
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.

Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
Security Controls – What Works

Security Controls – What Works
Page 1 ©2000 Bull Major Challenges in e-Government Value System in modern IS’s for Public services Claude Boulle, European Affairs FP 6 Consultation Meeting.

Page 1 ©2000 Bull Major Challenges in e-Government Value System in modern IS’s for Public services Claude Boulle, European Affairs FP 6 Consultation Meeting.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google