Secure middleman

When one agency receives an electronic transaction created using a private

key that corresponds to a public key issued by the sender's certificate

authority (CA), the receiving agency has to determine that the certificate

carrying that public key originated from a trusted source. The Federal Bridge

Certificate Authority currently under construction allows that verification

to take place through a so-called "trust path."

Next, the recipient agency has to determine that the certificate has

sufficient trust relative to the transaction taking place — a financial

transaction might require a higher trust level than a non- classified e-mail

message, for example. The FBCA can also enable this verification by knowing

the receiving agency's trust policy.

Finally, the FBCA allows the receiving agency to determine that the certificates

being exchanged are still valid and have not been revoked.

If all three of these requirements are met — something the FBCA determines

automatically — the transaction can be completed.

The FBCA prototype uses two CA products, one from Baltimore Technologies

and the other from Entrust Technologies Inc.; both of them interoperate

within the FBCA. Any agency CAs that can interoperate with either of those

products will be able to interoperate with each other. The intent is to

include a range of CA products in the FBCA, with the goal of allowing interoperability

with any CA product or service an agency may choose to work with.

When agencies have been cleared by the PKI Policy Authority to connect

to the FBCA, the bridge will issue a certificate to the agency CA that contains

the details of the trust policy that allows the agency to interoperate with

other agencies.

All the agency then needs is the client/server software that will conduct

the certificate trust path validation and authentication on its end.

The benefit of this arrangement, according to Richard Guida, chairman

of the Federal PKI Steering Committee, is that the bridge need only be powered

up once a week to issue the certificates to agencies. That means the FBCA

will need very little maintenance and will be extremely hard to hack. The

only thing that needs to operate around-the-clock is a small directory that

supplies copies of certificates to users.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected