Royal Canadian Mounted Police
Symbol of the Government of Canada

RCMP Certificate Services Program

About Public Key Infrastructure (PKI)

The internet has become an integral part of how the world does business. However, in order to take advantage of this technology, organizations, particularly in law enforcement, need to ensure that their electronic communications are stored and transferred securely and accessible only to authorized users. The Public Key Infrastructure (PKI) is the solution that was adopted by the Government of Canada to meet these security needs.

Public Key Infrastructure is an infrastructure using public key technology (encryption and digital signature key pairs) to provide authentication, integrity, confidentiality and non-repudiation as described below:

  • Authentication - Users can securely identify themselves to other users without the need to send secret information such as passwords.
  • Integrity – Users can easily determine whether or not electronic communication has been altered or tampered with since its signature.
  • Confidentiality – Users can be assured their electronic communication sent cannot be accessed or viewed by unauthorized individuals.
  • Non-Repudiation - Users who digitally sign the electronic communication cannot successfully deny their signature.

The PKI deployed by the RCMP is referred to as the RCMP Certificate Authority (CA). It is a system of digital certificates, cryptographic modules and local registration authorities (LRA) to verify and authenticate the identity of each user.

The RCMP CA managed by the RCMP Certificate Services Program can be used to transmit, store, and protect information up to and including the Protected B level.

The RCMP CA uses two factor authentications for accessing certain NPS applications such as CPIC Web.

About the RCMP Certificate Services Program

The RCMP Certificate Services Program is responsible for deploying PKI in a cost effective manner to all police agencies outside of Ontario and Quebec . To maximize the use of financial resources and ensure lower costs, the RCMP has purchased the Entrust software licences and digital certificates for all Canadian police employees outside of Ontario and Quebec. These two provinces are responsible for their own PKI infrastructure. The only cost incurred by police agencies is the purchase of cryptographic modules.

The RCMP CA transparently manages digital certificates enabling the police community to work in a secure and trust-worthy networking environment.

The RCMP Certificate Services Program provides the following services to police agencies:

  • Encryption Services- Electronic information can be encrypted to ensure confidentiality.
  • Digital Signature Services – Information recipients can verify the identity of the sender and ensure the integrity of the electronic message.
  • Strong Identification and Authorization – Use of cryptographic modules and digital certificates are necessary to access certain NPS applications.
  • Cross Certification – Work with other certificate authorities such as Public Works and Government Services Canada (PWGSC) CA or OPP CA to grant each other access to required NPS applications.
  • Client based certificates – Provide client-user and multi-user digital certificates
  • Local Registration Authority Program – Provide free LRA training and ensure that only the approved LRA receives sensitive encrypted authorization codes for end-user at their police agency.

The RCMP Certificate Services Program and the Policing Community

Within the law enforcement community, four organizations, Public Works and Government Services Canada (PWGSC), RCMP, OPP and Canada Revenue Agency (CRA) have deployed a certificate authority. These four certificate authority provide digital certificates to the entire policing community, as illustrated below.

It is anticipated a Quebec certificate authority will be deployed. At this time police agencies in Quebec can contact the RCMP Certificate Services Program and their requests for digital certificates will be evaluated on a case by case basis.

While these four certificate authorities were successful in providing PKI support to their own organizations, there were issues of overlapping responsibilities and redundancy in the services offered to the Canadian police community at large. To overcome these problems, a partnership called the Canadian Policing Trust Model was created among the certificate authorities. The Canadian Policing Trust Model’s responsibility is to resolve issues which delay PKI deployment to police agencies, share emerging technological information, and reduce the costs associated to PKI.

The RCMP Certificate Services Program does not offer PKI service to non police federal law enforcement agencies. These agencies are served by either the PWGSC CA or CRA CA.

What it Means for Police Agencies

There are two requirements to access this service; the purchase a cryptographic module (token) for each user who needs a digital certificate, and the identification of a Local Registration Authority (LRA) from your agency.

You will need a RCMP digital certificate issued by the RCMP CA if your agency or any of its employees need access to a PKI enabled NPS application such as CPIC Web. You will also need a digital certificate to use encryption or to digitally sign electronic communications.

The only cost incurred by police agencies outside of Ontario or Quebec who wish to use this technology is the purchase of cryptographic modules.

Benefits

Through the RCMP Certificate Services Program, the police community has access to technology which allows for quicker, more efficient, and secure communication without having to pay for outdated technology. The RCMP Certificate Service also promotes interoperability and information sharing between police agencies by establishing and maintaining security standards for electronic business. Information up to and including protected B can be encrypted easily from a standard workstation and securely emailed over the internet. The use of digital signatures greatly reduces the risks of forgery, fraud or denial.