Arizona test-drives PKI
- By Dibya Sarkar
- Mar 31, 2002
Arizona's Motor Vehicle Division is testing use of public key infrastructure
to secure online transactions with commercial firms, potentially setting
the stage for broader use, including, one day, smart driver's licenses,
a state official said.
In the pilot program, which started in January, MVD provided three private
investigative companies with digital certificates so they can obtain certain
motor vehicle records, bypassing the manual process, said Jamie Rybarczyk,
a systems architect with the state Department of Transportation.
PKI technology allows users to securely and privately conduct transactions
with companies or government agencies through a browser. Transactions are
encrypted, providing the decryption key only when a user's identify has
been authenticated with a digital certificate.
"We believe, along with everybody else, this is the wave of the future,"
Usually, private investigators — who are court-authorized to get information
from MVD — must wait in line, fill out a form requesting the specific information,
show proper identification and authorization, pay a small fee, and then
wait for the attendant to obtain the data from a mainframe terminal, he
By using digital certificates, the investigators can connect to the
MVD intranet through a Virtual Private Network, fill out an online form,
digitally sign it and get results quickly, he said. "This is the perfect
application to allow people to access this online so they can do this from
their own office," he said, adding they can do it any time of the day.
The pilot program still has several months to go, but so far it's a
success. Rybarczyk said.
To Rybarczyk's knowledge, the MVD is the first agency in Arizona testing,
but the potential for PKI is great, he said. For example, digital certificates
could be stored in a "smart" chip on driver's licenses, which could be inserted
into a card reader to initiate an online transaction. But that's in the
future, he added.
For the pilot program, MVD is beta-testing a product called eTrust PKI
2.0 from Islandia, N.Y.-based Computer Associates. Rybarczyk said the product,
scheduled for general availability in April, is user-friendly and scalable
if digital features are added to licenses.
Barry Keyes, vice president of Computer Associates' eTrust Security
Solutions division, said PKI is used in government, especially by law enforcement
agencies, because it provides a high level of confidentiality and integrity.
With PKI, he said, either a vendor can manage the technology and issue
the digital certificates, or a government agency controls the registration
and certificate issuance process. However, widespread use has not yet caught
on and one problem is the complexity in implementing and managing the technology,
It takes less than an hour to implement eTrust PKI 2.0, Keyes said,
and the bundled product contains a built-in directory and self-contained
Online Certificate Status Protocol responder, providing real-time validation
of user identities.