GSA promotes new tools to encourage PKI use

GSA promotes new tools to encourage PKI use


The newest public-key infrastructure offerings under the General Services Administration's Access Certificates for Electronic Services program are unlikely to kick-start wide acceptance of PKI in the government, a GSA official contends.

Although agencies are under the gun to meet the Government Paperwork Elimination Act's 2003 deadlines calling for electronic services for most government interactions with the public, they have yet to achieve the mind-set, said David Temoshok, PKI policy manager in GSA's Governmentwide Policy Office.

Agencies 'are just not going to be able to flick a switch and go from a paper-based process to an electronic one,' Temoshok said.

Judith Spencer
Judith Spencer, chairwoman of the federal PKI committee, says she is optimistic.
But agencies are steadily adopting electronic processes, said Judith Spencer, chairwoman of the Federal PKI Steering Committee. Its next PKI status report, due this fall, will probably show an improvement in adoption since last year, she said.

'The obstacle is that this is business process re-engineering,' Temoshok said. Agencies' back-end technologies are not ready for complete conversion from paper to electronic processes, and systems have to be developed to accept the ACES applications, he said.

'The more vendors learn about agencies' needs, the easier and more efficient it's going to be for us,' Temoshok said.

New ACES offerings came out this month from Digital Signature Trust Co. of Salt Lake City, E-Lock Technologies Inc. of Fairfax, Va., and PureEdge Solutions Inc. of Seattle. The three vendors' FedSign signature application adds digital signing capability to ACES.

Digital Signature Trust, a certification authority and PKI application provider, also introduced the $50,000 ACES ekit [GCN, July 2, Page 10]. And the company brought out a service under ACES, the Electronic Transaction Risk Assessment.

Three elements, one from each vendor, make up FedSign for workflow routing and approval. FedSign uses PureEdge's Certificate Validation Module (CAM), which integrates with the ACES certificate arbitrator module. The CAM makes keys interoperable and tracks use.

PKI triumvirate

Assured Office, a server validation module from E-Lock, integrates with Microsoft Corp. operating systems to validate the locations of keys with the appropriate servers. It verifies that a key is coming from a valid destination.

Digital Signature Trust's SimpleSign, the final element, is an application for citizens to digitally sign transactions with the government. Keren Cummins, vice president of government services for Digital Signature Trust, said users could upload digitally signed tax forms to the IRS, for example.

FedSign is only for digital document signatures. If agencies simply want PKI to control access to computers, the ACES ekit is all they need.

Damage control

The Social Security Administration recently piloted Digital Signature Trust's risk assessment service, and other agencies can now buy the service under ACES.

'It's not your traditional penetration test,' Cummins said. 'It's an assessment of the degree of risk in choosing to accept an electronic credential.'

The service estimates the types of damage agencies might incur in finances, privacy or public reputation.

'Is it a $500 contract or a $500,000 contract someone is signing?' Cummins asked. 'If someone's name and phone number are exposed, or if someone screws the system, are you a little bit embarrassed or a lot embarrassed?'


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected