|
![,](/web/20071219031126im_/http://www.tbs-sct.gc.ca/cioscripts/images/Spacer18px.gif) |
The epass Solution |
![](/web/20071219031126im_/http://www.tbs-sct.gc.ca/cioscripts/images/icon-pki-icp.gif) |
![,](/web/20071219031126im_/http://www.tbs-sct.gc.ca/cioscripts/images/line450x1.gif) |
Challenges and Requirements of On-Line Authentication:
The "epass" Solution
May 23, 2003
Abstract
The Government of Canada's Government On-Line service has been
established to provide Canadian residents with secure on-Line access to
government services. With proper safeguards, this provision of access has
been extended to areas in which government departments allow individuals and
businesses to fill out forms and update personal information on-line, e.g.,
their addresses. Clearly this is only feasible when users can securely and
uniquely identify themselves to the system. They must be confident that no
other persons can gain access to, or change, their personal information. To
permit this level of personal security, the government has implemented the
"epass" system, which allows secure authentication of individuals
wishing to gain on-line access to government programs and services. Epass
also allows other categories of secure access, e.g., access for authorized
employees of businesses dealing with government departments on-line.
Secure and workable authentication systems must meet stringent
requirements and yet not be cumbersome to use. They must allow users to
substantiate their identities with unique information, but must also make
provision for re-establishment of authentication if users forget or lose
unique identifiers or passwords. It must be possible for users to rapidly
revoke their authenticated on-line access if their passwords or electronic
credentials have been lost, stolen, or otherwise compromised. Very
importantly, government-operated authentication systems must meet the needs
of citizens in a democracy to restrict the use of personal information
available to the government and its employees, so that personal privacy is
not compromised. Authentication systems must be designed to avoid using
informational items such as the social insurance number as on-line
identifiers. They must also prevent on-line identifiers being used as a
means of cross-linking information in diverse government program databases
in order to form a comprehensive dossier on users. As additional safeguards
to prevent correlation of personal data, users should be able to establish
multiple, independent access credentials, and, where feasible, to have
pseudonymous on-line access.
Well designed on-line authentication systems are a form of infrastructure
and may be relatively complex, potentially using sophisticated technologies
such as digital signatures. They are best designed when they meet both
privacy concerns and practical business criteria such as user-friendliness,
efficiency and scalability. Both for these purposes and to allow
maximization of security and confidentiality, it is best that they be
designed in a comprehensive way, rather than being cobbled together out of a
patchwork of smaller, ad hoc systems. The epass system meets all of these
criteria, and also has the potential to interact successfully with
interlinked provincial, territorial and municipal systems.
|