Public-key committee to meet with CIOs
- By Heather Harreld
- Jul 12, 1998
The Federal Public Key Infrastructure Steering Committee has approved its action plan to develop an interoperable public-key infrastructure (PKI) for governmentwide use.
Members of the committee, which is composed of representatives from all federal agencies either using or considering the use of public-key technology, this summer will visit the chief information officer of each federal agency to receive comments on the use of the technology for electronic interactions.
A PKI is a framework for the use of digital signatures for secure communications and electronic commerce, which agencies need in order to conduct more of their business electronically. It is generally believed that secure Internet transactions, such as agencies providing the public with access to data via the Internet, will not be possible without the use of digital signatures. The plan calls for the completion of a PKI operational plan and the development of a policy group to manage the launch of the PKI by the end of this year.
Under the plan, a new Federal Policy Management Authority would be formed to draft, approve and maintain digital certificate policies to support the core mechanism of the federal PKI, called a Bridge Certification Authority. Certificates carrying digital signatures are issued to users to allow them to participate in a PKI. These digital signatures authenticate the identity of the user and validate that data has not been altered during transmission. A certificate authority issues and manages the certificates.
According to Richard Guida, chairman of the steering committee, the government PKI will be based on the Bridge Certification Authority, which will serve as a single hub for each agency to use for interoperability of certificates.
"I want to make sure we provide the fundamental building blocks needed for these electronic transactions to occur," Guida said. "The goal is— in addition to promoting PKI within the agencies— to promote their interest. If each agency has its own PKI, each agency PKI would have to cross-certify."
The plan also calls for the members to secure funding and launch a second phase of key-recovery pilot projects in the federal government no later than October. About a dozen key-recovery projects were launched at various agencies in 1996 as part of an $8 million project to test the viability of using key-recovery technology, which provides a mechanism to retrieve the keys needed to unscramble encrypted data.