Pa. adopts VeriSign's managed PKI service for JNET

Find opportunities — and win them.

Pennsylvania's Integrated Justice Network now uses digital certification services from VeriSign Inc.

Pennsylvania's Integrated Justice Network now uses digital certification services from VeriSign Inc., the Mountain View, Calif.-based company announced May 13.

The digital certificates, available to all network users, set the stage for collaboration, encrypted e-mail and other advanced functionality, according to Barry Leffew, vice president of VeriSign's public-sector group.

Initiated in 1997, the Integrated Justice Network, or JNET, allows federal, state and local government agencies to share criminal records from legacy systems. It has about 11,000 users from 51 federal, state and local government agencies.

For VeriSign, the deal is a victory for managed public key infrastructure services. The company is offering PKI services as an alternative for agencies that are considering building PKI systems in-house. The company claims that outsourcing PKI services saves in capital costs, as well as keeps the agencies up to date with the latest technologies. Agencies pay no up-front installation costs, instead paying for the number of times the service is used.

In the case of this network, a typical in-house user validation system for 11,000 users might cost between $5 million and $10 million, including employing experts and purchasing or leasing physical security centers, equipment and software, according to Leffew. He said he expects Pennsylvania will pay about $500,000 in user fees per year for VeriSign's managed service.

VeriSign began working with Pennsylvania two years ago on a pilot project, Leffew said. Last December, the state started making the managed service available across the entire network, a project it completed recently.

Digital certificates are electronic credentials that identify computer users to other parties online. Instead of entering a password, a system user can be identified by a digital certificate, which may be stored on the user's computer or network or on a smart card. VeriSign's service confirms these certificates are legitimate.