GSA gives gateway app a push
- By Jason Miller
- Sep 22, 2003
'We have a lot of experience with knowledge-based authentication, but this gives us experience at a higher level,' SSA's Andre Brown says.
The General Services Administration is kicking the E-Authentication Gateway into high gear.
Four large programs will be using the certification service by next month, and a 22-member team of agency cheerleaders is promoting the gateway's use throughout the government.
So far, only the Social Security Administration has begun live use of electronic certification services through the gateway, one of the 25 Quicksilver e-government initiatives.
But over the next few weeks, three other e-government projects will begin using the prototype gateway, said David Temoshok, GSA's director of identity policy and management.
The Health and Human Services Department's E-Grants, GSA's E-Travel and the Federal Emergency Management Agency's Disaster Management Initiative are setting up systems to verify users of their services through the E-Authentication Gateway.
Additionally, GSA has begun a sort of grass-roots campaign to urge agencies to use the gateway. The gateway project leaders have formed a governance board with members from GSA and 21 other agencies to make policy and funding decisions, and, most importantly, persuade agencies to use E-Authentication.
'The steering committee needs to be the champion to bring applications to the gateway and institutionalize it in agency architectures,' Temoshok said. 'We recognize there always will be some reluctance or consideration to keep e-authentication systems in-house, and that is where the board comes in.'
The board, led by Treasury Department CIO Drew Ladner, first met in June and so far has focused mainly on helping agencies include authentication funding in the 2005 budget requests that were sent to the Office of Management and Budget early this month.
Temoshok said the board agreed to a three-year funding model. It determined each agency would pay a flat rate of $400,000 for E-Authentication use next year and in 2005. Come 2006, agencies will move to a fee model under which they will pay for gateway services based on their level of use.
'Now agencies can budget and plan for the funding,' Temoshok said. 'We also sent all CIOs a letter confirming the agreement, so there wouldn't be any misunderstandings.'
The success of SSA's use of the gateway will also encourage more agencies to use it, said Mary Mitchell, deputy associate administrator in GSA's Office of Electronic Commerce.
After testing the prototype earlier this year, GSA signed up SSA to use the gateway in a live production environment.
SSA is receiving prisoner data from seven state correctional facilities through the gateway, which verifies each sender's digital certificate for the agency.
'This data requires a higher level of security and authentication,' said Andre Brown, deputy associate commissioner in SSA's Office of Telecommunications Systems Operations. 'We have a lot of experience with knowledge-based authentication, but this gives us experience at a higher level.'
Eventually, 2,500 prisons in 30 states will use the system.
Prisons send data about newly incarcerated people to SSA because convicts cannot receive federal benefits, Brown said.
To make sure the date of notification is accurate, the system also uses the Postal Service's electronic postmark application, said James Preissner, associate commissioner for SSA's Office of Telecommunications and Systems Operations.
SSA integrates the three pieces'the prison data, certificate verifications and electronic postmarks'through Hypership Secureconnect software from Hyperspace Communications Inc. of Easton, Md.
Since June, SSA has bought digital certificates through GSA's Access Certificates for Electronic Services contracts for each prison. It also has given each correctional facility a copy of the Hypership application to install on a PC running Microsoft Windows. The certificates can reside on desktop PCs at each prison, on smart cards or in Web browsers.
When prison officials send data through a secured Internet connection via File Transfer Protocol to SSA, the Hypership software validates the digital certificate with the E-Authentication Gateway. Once the sender is verified, SSA accepts the information into its database.
When the prison submits the information, the system also stamps the data with a security hash using USPS' electronic postmark app. The 54-character mark is an electronic fingerprint, said Brad Reck, program manager for USPS' In Person Proofing Office.
'The electronic postmark system takes the hash and puts a date and time stamp on it, and it is signed by the server after the gateway validates the sender,' Reck said.
The setup for the process was not costly, SSA's Brown said. Besides buying the digital certificates, Brown said, SSA is using three servers behind its firewall: one to handle the electronic postmarks, a second to decrypt the digital certificates and a third to decrypt the prison data.
'We started with the prisons, but there are many other opportunities for states to transfer data via the gateway,' SSA's Preissner said. 'States also could send birth, death and quarterly wage data to us.'