Washington boasts digital trust

  • By Dibya Sarkar
  • Jan 07, 2001

Washington home page

Related Links

Washington state agencies doing business electronically with the private

sector can now be sure that companies and individuals are who they say they

are.

By December, the state's new security architecture and transaction gateway

— called Transact Washington — will accept digital certificates, which are

secure electronic identities that cannot be tampered with or forged. The

gateway is designed for businesses and individuals conducting frequent Web

transactions with the state.

"A digital certificate, as we use them, is really an electronic credential;

this person is who he claims to be," said Scott Bream, a state government

spokesman.

Utah-based Digital Signature Trust Co., which is licensed by Washington

as a third-party certification authority, helped the state develop what

Bream called a process and policy of trust. DST will do background checks,

approve and register those who apply for digital certificates.

He said Washington is the first state to devise a policy by issuing

three measurable types of digital certificates — standard, intermediate

and high. "Trust is one of those things that's hard to quantify," he said.

"What we're trying to do is develop an infrastructure of trust at three

different levels."

For example, a person or business applying for a certificate at the

high- assurance level would have to appear in person, present two forms

of identification and undergo a rigorous background check, he said. That

person would be issued a hardware token, such as a smart card, and a password.

Obtaining a certificate at the standard level is "a little bit down

the food chain of absolute security," Bream said. In those cases, users

can apply via the Internet and be issued a password. When users with digital

certificates link to Washington's new business portal, they must pass through

several more layers of security. Digital certificates are checked against

a published directory of both valid and revoked or expired certificates,

created and maintained by DST. If approved, users must key in a password

for entry.

"You have this very heavy vault door that you're able to leverage very

securely but very easily with a digital certificate," Bream said. Users

can also send legally binding documents with the digital certificate, which

acts as a sort of digital signature.

State agencies can restrict access to databases depending on what type

of assurance certificate a user has. Bream said agencies dealing with medical

data would most likely only accept high-assurance certificates, whereas

businesses obtaining tax information may only need a standard certificate.

The state's new transaction gateway would allow a business or individual

with a valid digital certificate to have a single, secure entry point to

deal with multiple state agencies. Bream said the certificate would act

like a passport to access a range of government services in a seamless process.

"We wanted to create a single face of government," he said.

Featured

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.