Federal PKI bridge gets private peer

The Federal Bridge Certification Authority in May recognized an aerospace industry bridge for validating digital certificates, enabling secure communications between government agencies and contractors that issue their own certificates.

The bridge, operated by CertiPath LLC of Herndon, Va., is the first private-industry bridge to link with the FBCA. Cross-certification extends the federal public-key infrastructure and helps enable e-government, said Peter Alterman, chair of the Federal PKI Policy Authority.

“The government has got to get out of the business of issuing credentials to users of its systems and get into the business of trusting credentials issued by others,” he said.

Digital certificates act as electronic IDs, but the party or application accepting the certificate must have a way of validating it. When a foreign certificate is submitted to an application, it’s passed along to the federal bridge, which verifies that it was issued by an organization whose policies have been accepted by the bridge. The bridge also can check with the issuing authority to ensure the certificate is still valid.

The relationship between the federal bridge and CertiPath is unique because CertiPath itself is a bridge that cross-certifies certificates issued by aerospace contractors. CertiPath is a joint venture of ARINC Inc. of Annapolis, Md., Exostar LLC of Herndon, Va., and SITA of Geneva, Switzerland. VeriSign Inc. of Mountain View, Calif., issues certificates to the CertiPath bridge for bridge-to-bridge trust.

The organization spent three years trolling for money and defining the technology and policies needed, said president and CTO Jeff Nigriny.

“We had a large number of companies that wanted to be the source of authority for their employees’ identities,” he said. But employees on government contracts needed certificates issued by an agency trusted by the federal bridge. “It would be much better if we could have a single credential.”

It also would be better for the government. “The federal government is not in a position to cross-certify every company out there,” Nigriny said.
Boeing Co. was the first company to receive bridge-to-bridge certification through CertiPath. The company’s 153,000 employees now can use digital certificates from Boeing’s PKI to access federal resources.

Other certificate authority bridges are being developed, including one for the pharmaceutical industry and one for the higher education community. Both would like to cooperate with government, but so far neither has cross-certified with the federal bridge.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.