Arizona test-drives PKI

Arizona's Motor Vehicle Division is testing use of public key infrastructure

to secure online transactions with commercial firms, potentially setting

the stage for broader use, including, one day, smart driver's licenses,

a state official said.

In the pilot program, which started in January, MVD provided three private

investigative companies with digital certificates so they can obtain certain

motor vehicle records, bypassing the manual process, said Jamie Rybarczyk,

a systems architect with the state Department of Transportation.

PKI technology allows users to securely and privately conduct transactions

with companies or government agencies through a browser. Transactions are

encrypted, providing the decryption key only when a user's identify has

been authenticated with a digital certificate.

"We believe, along with everybody else, this is the wave of the future,"

Rybarczyk said.

Usually, private investigators — who are court-authorized to get information

from MVD — must wait in line, fill out a form requesting the specific information,

show proper identification and authorization, pay a small fee, and then

wait for the attendant to obtain the data from a mainframe terminal, he


By using digital certificates, the investigators can connect to the

MVD intranet through a Virtual Private Network, fill out an online form,

digitally sign it and get results quickly, he said. "This is the perfect

application to allow people to access this online so they can do this from

their own office," he said, adding they can do it any time of the day.

The pilot program still has several months to go, but so far it's a

success. Rybarczyk said.

To Rybarczyk's knowledge, the MVD is the first agency in Arizona testing,

but the potential for PKI is great, he said. For example, digital certificates

could be stored in a "smart" chip on driver's licenses, which could be inserted

into a card reader to initiate an online transaction. But that's in the

future, he added.

For the pilot program, MVD is beta-testing a product called eTrust PKI

2.0 from Islandia, N.Y.-based Computer Associates. Rybarczyk said the product,

scheduled for general availability in April, is user-friendly and scalable

if digital features are added to licenses.

Barry Keyes, vice president of Computer Associates' eTrust Security

Solutions division, said PKI is used in government, especially by law enforcement

agencies, because it provides a high level of confidentiality and integrity.

With PKI, he said, either a vendor can manage the technology and issue

the digital certificates, or a government agency controls the registration

and certificate issuance process. However, widespread use has not yet caught

on and one problem is the complexity in implementing and managing the technology,

he added.

It takes less than an hour to implement eTrust PKI 2.0, Keyes said,

and the bundled product contains a built-in directory and self-contained

Online Certificate Status Protocol responder, providing real-time validation

of user identities.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.