GSA to kick off public-key pilot with 250 users

After earlier failed starts, the General Services Administration
this month expects to get a public-key infrastructure pilot project off the ground with
tests involving about 250 federal employees and a few citizens.


The participants in the Paperless Transactions for the Public pilot all will receive a
special World Wide Web browser and a public-key encryption card that fits into the floppy
drive of any PC. The encryption cards will be issued by the Postal Service.


Phil Mellinger, a GSA employee who serves as chief engineer of the multiagency Federal
Security Infrastructure Program, said that two agencies, to be announced in the next few
weeks, will participate in the tests over the summer. More than 2,000 people are expected
to take part eventually.


The project, which the government wants to use as a springboard for broader electronic
commerce applications, initially was in the hands of the National Institute of Standards
and Technology. GSA took it over when Congress refused to fund the project, but GSA then
passed it back to NIST. Finally, last year, GSA settled on a test plan and began seeking
agencies to take part.


The infrastructure project was chartered by the Defense Department and Vice President
Al Gore's National Information Infrastructure program, which has outlined a glowing
scenario in which citizens can apply for the cards by filling out a form and giving two
forms of identification. The card can be used at home PCs or public kiosks to check out
tax information, Medicaid or Social Security benefits and other private information.


Each test participant will connect to a secure server at GSA and enter a personal
identification number. The client machine and the server must confirm each other's digital
signatures before any business is transacted.


"This sets up a secure pipe and lets you fill out a form and digitally sign it as
you send it," Mellinger said. "The response back to you also will be digitally
signed so you can confirm it came from the agency."


Once the connection is made, any application with a Web interface can be launched.


The GSA tests, originally slated to start last winter, will fill in a previously
missing link for conducting federal business securely over the Internet.


"I'd be lying to you if I said there would not be bugs or that it won't be rough
initially," Mellinger said. "But if we can show people they can take the disk
home, load the browser and call up a site without necessarily dealing with an application,
that they can make a secure connection and that their data's safe, it could turn the
Internet into a real business tool."


The Crypto SmartDisk used in the tests comes from Fischer International Systems Corp.
in Naples, Fla. GCN, May 13, Page 42]. The SmartDisk is sized like a floppy disk,
but it contains circuitry instead of disk media.


Like a PC Card, it can support several encryption schemes, including the government's
Digital Signature Standard and Data Encryption Standard as well as its SkipJack algorithm
used in Fortezza cards. The SmartDisk also works with the widely used crytpo applications
from RSA Data Security Inc. in Redwood City, Calif.


The cost for each disk and an associated toolkit is about $205. GSA is using a secure
server and client from Frontier Technologies Corp. of Mequon, Wis., and other encryption
technologies from Atalla Corp. of San Jose, Calif.


Frontier's SuperTCP Web browser has been enhanced for the GSA tests with application
programming interfaces that talk to the Crypto SmartDisk. Frontier's Windows NT SuperWeb
Server also received special enhancements for the tests.



About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.

inside gcn

  • Phishing

    Phishing is still a big problem, but users can help shrink it

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above