Vendors step up PKI push

Now that public-key infrastructure technology is being accepted, information security vendors are touting their PKI solutions as a way for agencies to support new applications, rather than simply a way to increase security.

PKI solutions use digital signature, digital certificate and encryption technologies to authenticate a user's identity and to ensure that data is not tampered with during transmission across the Internet.

Until recently, agencies generally have looked at PKI as simply another component of their security strategies, although an important one for electronic commerce and other digital transactions. But that is changing, vendors said, as agencies begin to realize that PKI enables them to develop new classes of applications

"No one uses certificates or PKI for PKI's sake," said Chris Lowden, director of the National Technical Information Service's FedWorld office. "There's something you want to use it for."

The Commerce Department's NTIS, which sells scientific, technical, engineering and related business information to agencies, has been providing online services to agencies through FedWorld for years.

Recently more and more agencies have been asking for PKI services, Lowden said, so this week NTIS announced a partnership with Electronic Data Systems Corp. to jointly offer agencies customized PKI security services and products that will enable agencies to move new business applications to the Internet.

For example, many agencies are looking to develop applications that enable citizens to fill out forms or submit information electronically, rather than submitting paper forms. PKI is seen as a key technology in such applications because it ensures the security of the data.

"It's what you are trying to achieve from a business standpoint," said Kevin Durkin, director of Defense Department sales at EDS.

NTIS and EDS offer another feature that most vendors cannot, said Rich Guida, chairman of the Federal PKI Steering Committee. An agency can be in a real bind if a vendor goes bankrupt, but even if NTIS were dissolved by Congress, by law NTIS' functions would be transferred to another agency. "You have the assurance that what they have done will be continued someplace else," Guida said.

Other vendors, such as Xcert International Inc., are promoting their PKI solutions as a way to save money by enabling agencies to cut down on the amount of time and effort it takes to exchange information.

The Energy Department and Lockheed Martin Idaho Technologies are using Xcert's Sentry CA product to send and receive reports electronically on nuclear waste retrieval efforts in Idaho. Those reports must pass through several authorization levels and must be made available electronically only to certain people, said Tim Gage, the marketing manager at Xcert.

Instead of thousands of pages of paper being exchanged, the public-key technology allows the two organizations to send a single file with an electronic signature. Over the next two to three years, Lockheed Martin estimates that this approach could save the agency and the company as much as $9 million.

Making It Legal

E-Lock Technologies Inc. has developed a product called ATS that is intended to strengthen the legal validity of PKI transactions.

ATS, which is based on Microsoft Corp.'s CryptoAPI, sits on top of any vendor's PKI and provides a further level of data integrity and confidentiality that is not currently available in digital signatures.

ATS goes beyond most digital signature technology to provide time stamps and date stamps to show when a person actually signed an electronic document.

This increased assurance gives the information that is being exchanged a legal authority that is often necessary for transactions between government and the private sector, said Chris O'Connor, vice president of sales and marketing at E-Lock.

The company believes that the most important part of a PKI-enabled business process is how the applications are being used, not the PKI itself, so last week the company announced that it is giving its PKI software away for free. "We see the real value in enabling your current business applications to use the PKI," O'Connor said. "Maybe this will kick-start the whole market."

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.