GSA, FAA move on PKI initiatives

The General Services Administration announced plans to have a prototype for its e-government authentication and digital signature initiative running by the end of the year, said Steve Timchak, GSA manager for the program, during a presentation at the FOSE 2002 Trade show.

"We want to put something out there for business to try and use and abuse, so we can get a feeling of what works and what doesn't," Timchak said March 21.

GSA leads the initiative on authentication and digital signatures, one of the Office of Management and Budget's 24 e-gov initiatives to build electronic channels for agencies to work with citizens, businesses, state and local governments and each other.

The authentication and digital signatures initiative will establish a public key infrastructure that government employees and the federal community could use to ensure secure communications and transactions.

GSA's authentication management teams plan to have a prototype in place by the end of the year, said Timchak. He said it will be linked into the GSA-run FirstGov portal, that it will handle multiple authentication protocols and that it will link into at least one of the other 23 initiatives.

Timchak said it has not been decided which of the other initiatives the program will partner with. "Everyone is just getting started," he said. He noted he had meetings with members from 10 other initiatives and didn't get a "warm and fuzzy" feeling from any of them in regarding whether their projects are far enough along to interface with authentication services.

Timchak also talked about broader deployment that would be pursued after the prototype. He predicted businesses will be the first to use the services, as widespread roll out of citizen use of authentication services seems further off.

In a separate announcement, e-business security provider, Certicom Corp., Hayward Calif., signed a license agreement with the Federal Aviation Administration to provide public-key infrastructure security solutions for the development of next-generation air traffic control networks, the company announced March 26. Terms were not disclosed.

For this agreement, Certicom is partnering with systems engineering company Basic Commerce and Industries Inc., Moorestown, N.J., to integrate public-key infrastructure with the FAA's Aeronautical Telecommunications Network data link program, a next-generation data link network being developed by the International Civil Aviation Organization.

"Data link and ATN are significant improvements to our air traffic control networks. The networks must address security issues in order to realize their potential," said Vic Patel, Information System Security Manager for the agency.

? Additional reporting by Gail Repsher Emery, Patience Wait