SSA testing digital certificates

The Social Security Administration has taken another step forward in its efforts to make wage reporting easy and electronic for the nation's 6.5 million employers.

SSA this month began testing a new software application from Digital Signature Trust Co. (DST) that enables employers to sign electronically the wage reporting forms -- W-2s and W-3s -- they file with the agency. This pilot project builds on a program tested last year that allows employers to file the forms online using a personal identification number and password.

The new application, called SimpleSign, uses digital certificates to bind the employer's identity to the file uploaded to SSA, said Keren Cummins, DST vice president of government services. The certificates store a user's authentication and authorization information, and any attempt to alter the data in a file after it leaves the employer's control automatically triggers an electronic query of whether the certificate is valid. If it isn't, the file will not be accepted, Cummins said.

"This is like a numeric fingerprint," she said. SimpleSign, which DST announced Jan. 7, creates "not just a higher measure of authentication for the document employers are sending [to SSA], but also higher measure of protection for the document."

Even though the PIN-and-password system provides a high level of security, SSA decided to try digital certificates in order to re-assure employers still squeamish about online transactions.

"We're trying to encourage [even] those people to report to us electronically," said Marti Eckert, a computer specialist in SSA's Office of Electronic Services. "This new service allows a data file to be signed prior to sending it to us, and allows us when we receive it to verify that nothing happened to the file along the way.... We didn't do that as part of our pilot last year."

The digital certificates that SimpleSign relies on are provided through the General Services Administration's Access Certificates for Electronic Services (ACES) contract, designed to provide public-key infrastructure products and services to agencies doing business with the public. DST holds an ACES contract, as do AT&T and Operational Research Consultants Inc.

In addition to testing the popularity of digital certificates among employers filing wage data, SSA also has mounted a pilot program in which it will accept the digital certificates issued by Washington state, said Chuck Liptz, SSA management analyst.

The pilot program is designed to investigate the interoperability of the certificates -- whether one government agency, state or federal, can accept security certificates issued by another agency, Liptz said. SSA is accepting the Washington digital certificates during the tax-filing season, which runs until April 1.

"Everyone talks about interoperability, so we wanted to see for ourselves whether it works as easily as the vendors have said it would," Liptz said.

Washington officials began issuing digital certificates late last year to businesses and individuals conducting frequent Web transactions with state agencies.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected