Washington boasts digital trust
- By Dibya Sarkar
- Nov 19, 2000
Washington home page
Washington state agencies doing business electronically with the private
sector can now be assured companies and individuals are who they say they
By December, the state's new security architecture and transaction gateway — called Transact Washington — will accept digital certificates, which are
secure electronic identities that cannot be tampered with or forged. The
gateway is designed for businesses and individuals conducting frequent Web
transactions with the state.
"A digital certificate, as we use them, is really an electronic credential;
this person is who he claims to be," said Scott Bream, state government
Utah-based Digital Signature Trust Co., which is licensed by Washington
as a third-party certification authority, helped the state develop what
Bream called a process and policy of trust. DST will do background checks
on, approve and register those who apply for digital certificates.
Bream said Washington is the first state to devise such a policy by
issuing three "measurable" types of digital certificates — standard, intermediate
and high. "Trust is one of those things that's hard to quantify. What we're
trying to do is develop an infrastructure of trust at three different levels,"
For example, a person or business applying for a certificate at the
high-assurance level would have to appear in person, have two forms of identification,
and be subject to a rigorous background check, he said. That person would
be issued a hardware token, such as a smart card, along with a password.
Obtaining a certificate at the standard level is "a little bit down
the food chain of absolute security," Bream said. In those cases, users
can apply over the Internet and be issued a password. When users with digital
certificates link to Washington's new business portal, they must pass through
several more layers of security. The digital certificates are checked against
a published directory of both valid and revoked or expired certificates,
created and maintained by DST. If approved, users must key in a password
"You have this very heavy vault door that you're able to leverage very
securely, but very easily with a digital certificate," said Bream. Users
can also send legally binding documents with the digital certificate, which
acts as a sort of digital signature.
State agencies can restrict access to databases depending on what type
of assurance certificate a user has. Bream said agencies dealing with medical
data would most likely only accept high-assurance certificates, whereas
businesses obtaining tax information may only need a standard certificate.
The state's new transaction gateway would allow a business or individual
with a valid digital certificate to have a single, secure entry point to
deal with multiple state agencies. Bream said the certificate would act
like a "passport" to access a range of government services in a seamless
"We wanted to create a single face of government," he said.