GSA, NSA test app to bridge the gap between agency PKIs

GSA, NSA test app to bridge the gap between agency PKIs

By Christopher J. Dorobek

GCN Staff

Digital signature certificates issued by one agency could be exchanged with other agencies through a prototype application that the General Services Administration and the National Security Agency tested this month.

Under the auspices of the Federal Public-Key Infrastructure Steering Committee, GSA successfully tested the first version of a bridge certificate authority, said Richard Guida, the committee's chairman.

If applied on a wider scale, the bridge could eventually result in interoperable digital certificates, overcoming what has been a major hurdle for the development of PKI applications within agencies, Guida said.

The bridge could let citizens use digital certificates issued by one agency at other agencies.

Digital signatures let users sign documents electronically; the digital certificates granted by certificate authorities tie a specific digital signature to a specific individual. But so far, certificates issued by one agency can't be used by other agencies. Without the bridge, each agency would create stovepipe PKI apps and citizens would need multiple certificates for electronic transactions with the government.

The goal of the bridge project is to avoid the certificate redundancies.

'Everyone is going to have a certificate for their own internal business,' said Judith A. Spencer, director of the Center for Governmentwide Security in GSA's Federal Technology Service. 'This will allow us to take those certificates and use them for interagency commerce.'

GSA has created a certificate authority that will let agencies share digital certificates and conduct secure communications over the Internet.

Bridge builders

The FTS center and Mitretek Systems of McLean, Va., developed the bridge prototype.

For the test, FTS used a digital certificate issued by GTE Cybertrust of Needham Heights, Mass., and NSA used a certificate issued by Entrust Technologies Inc. of Plano, Texas.

The FTS certificate resides in a Microsoft Windows NT environment; at NSA, the agency is using workstations running SunSoft Solaris for its certificate work.

During the test, the two agencies exchanged the digital certificates.

At that point, a user at GSA and a user at NSA were able to send electronically signed messages securely over the Internet using their individual digital certificates.

The steering committee plans to expand the bridge to include other agencies' certificate authorities, including those of the Defense Department and the National Institute of Standards and Technology. GSA also plans to let the Canadian government use the bridge.

One daunting task is establishing a policy for the use of the certificates, Guida said. The steering committee must make sure that participants are comfortable with the level of security.

Upper and lower

Invariably, certificates will have different levels of assurance. Some certificates can be obtained online without any proof of the person's identity. Others, especially those proposed by organizations that demand higher levels of security, require that an individual's information be verified before granting a certificate.

The Federal PKI Steering Committee has drafted a certificate policy. The draft, which is more than 60 pages, sets out how certificates will relate to one another.

Under the policy, there would be four levels of security: high, medium, basic and rudimentary. The plan is to incorporate the four levels into later versions of the bridge, Guida said.

Meanwhile, the steering committee is working to establish a committee of volunteers from organizations that want to use the bridge, Guida said. The committee, he said, would be similar to a condominium association.

But no matter what policies are set, an agency will always have the option not to accept a certificate, Guida said.


  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.