Washington boasts digital trust

Washington home page

Related Links

Washington state agencies doing business electronically with the private

sector can now be assured companies and individuals are who they say they

are.

By December, the state's new security architecture and transaction gateway — called Transact Washington — will accept digital certificates, which are

secure electronic identities that cannot be tampered with or forged. The

gateway is designed for businesses and individuals conducting frequent Web

transactions with the state.

"A digital certificate, as we use them, is really an electronic credential;

this person is who he claims to be," said Scott Bream, state government

spokesman.

Utah-based Digital Signature Trust Co., which is licensed by Washington

as a third-party certification authority, helped the state develop what

Bream called a process and policy of trust. DST will do background checks

on, approve and register those who apply for digital certificates.

Bream said Washington is the first state to devise such a policy by

issuing three "measurable" types of digital certificates — standard, intermediate

and high. "Trust is one of those things that's hard to quantify. What we're

trying to do is develop an infrastructure of trust at three different levels,"

he said.

For example, a person or business applying for a certificate at the

high-assurance level would have to appear in person, have two forms of identification,

and be subject to a rigorous background check, he said. That person would

be issued a hardware token, such as a smart card, along with a password.

Obtaining a certificate at the standard level is "a little bit down

the food chain of absolute security," Bream said. In those cases, users

can apply over the Internet and be issued a password. When users with digital

certificates link to Washington's new business portal, they must pass through

several more layers of security. The digital certificates are checked against

a published directory of both valid and revoked or expired certificates,

created and maintained by DST. If approved, users must key in a password

for entry.

"You have this very heavy vault door that you're able to leverage very

securely, but very easily with a digital certificate," said Bream. Users

can also send legally binding documents with the digital certificate, which

acts as a sort of digital signature.

State agencies can restrict access to databases depending on what type

of assurance certificate a user has. Bream said agencies dealing with medical

data would most likely only accept high-assurance certificates, whereas

businesses obtaining tax information may only need a standard certificate.

The state's new transaction gateway would allow a business or individual

with a valid digital certificate to have a single, secure entry point to

deal with multiple state agencies. Bream said the certificate would act

like a "passport" to access a range of government services in a seamless

process.

"We wanted to create a single face of government," he said.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.