SSA testing digital certificates
- By Graeme Browning
- Jan 24, 2002
The Social Security Administration has taken another step forward in its efforts to make wage reporting easy and electronic for the nation's 6.5 million employers.
SSA this month began testing a new software application from Digital Signature Trust Co. (DST) that enables employers to sign electronically the wage reporting forms -- W-2s and W-3s -- they file with the agency. This pilot project builds on a program tested last year that allows employers to file the forms online using a personal identification number and password.
The new application, called SimpleSign, uses digital certificates to bind the employer's identity to the file uploaded to SSA, said Keren Cummins, DST vice president of government services. The certificates store a user's authentication and authorization information, and any attempt to alter the data in a file after it leaves the employer's control automatically triggers an electronic query of whether the certificate is valid. If it isn't, the file will not be accepted, Cummins said.
"This is like a numeric fingerprint," she said. SimpleSign, which DST announced Jan. 7, creates "not just a higher measure of authentication for the document employers are sending [to SSA], but also higher measure of protection for the document."
Even though the PIN-and-password system provides a high level of security, SSA decided to try digital certificates in order to re-assure employers still squeamish about online transactions.
"We're trying to encourage [even] those people to report to us electronically," said Marti Eckert, a computer specialist in SSA's Office of Electronic Services. "This new service allows a data file to be signed prior to sending it to us, and allows us when we receive it to verify that nothing happened to the file along the way.... We didn't do that as part of our pilot last year."
The digital certificates that SimpleSign relies on are provided through the General Services Administration's Access Certificates for Electronic Services (ACES) contract, designed to provide public-key infrastructure products and services to agencies doing business with the public. DST holds an ACES contract, as do AT&T and Operational Research Consultants Inc.
In addition to testing the popularity of digital certificates among employers filing wage data, SSA also has mounted a pilot program in which it will accept the digital certificates issued by Washington state, said Chuck Liptz, SSA management analyst.
The pilot program is designed to investigate the interoperability of the certificates -- whether one government agency, state or federal, can accept security certificates issued by another agency, Liptz said. SSA is accepting the Washington digital certificates during the tax-filing season, which runs until April 1.
"Everyone talks about interoperability, so we wanted to see for ourselves whether it works as easily as the vendors have said it would," Liptz said.
Washington officials began issuing digital certificates late last year to businesses and individuals conducting frequent Web transactions with state agencies.