Report calls PKI key to a digital U.S. government

A fledgling technology built on public key infrastructure (PKI) will be key to the government's success in achieving the digital government envisioned by the Clinton administration, according to a report released today.

A fledgling technology built on public key infrastructure (PKI) will be key to the government's success in achieving the "digital government" envisioned by the Clinton administration, according to a report released today.

The report, called "Access With Trust," lays out a plan for agencies to begin building a PKI foundation to secure electronic transactions. It also describes a partnership between the government and the private sector to design and build a PKI to improve the public's access to government services and information, and to tighten the security of unclassified government information systems.

PKI, a framework of technology and policy regarding the use of digital signatures, will be a foundation to support trusted communication among federal government agencies and between agencies and the private sector, according to the report.

"We're looking at this document...as a means to an end," said Richard Guida, security champion for security of the Government Information Technology Services Board. "The end we're trying to achieve is...the appropriate use of digital signature technology by federal agencies for their internal transactions and their external transactions. PKI is never going to jell until you apply a stimulus to it. You've got to go out and use the technology and maybe take a few bruises in the process."

The report outlines several agency pilot projects testing PKI technology, including the Agriculture Department's use of PKI technology to secure electronic benefits transfer between the department and various states.

Guida said the report is designed to provide agencies guidance and some examples of other government uses. "We don't want to have...a situation where you have disparate uses of the technology...that creates stovepipes," Guida said. "[We are] bringing agencies together that are working on this so agencies can learn from each other."

According to the report, PKI will provide four security services: authentication, data integrity, nonrepudiation (verification that an electronic message has been sent) and confidentiality. It will be designed not with a "government-only approach" but as part of the evolving private-sector PKI being built using commercial products.

The report was published by the Federal Public Key Infrastructure Steering Committee, GITS and the Office of Management and Budget.

It is available online at gits.gov.