Social Security helps states adopt federal PKI

Washington is about to become the first state whose employers can digitally sign their online wage reports to the Social Security Administration ? something all 50 states will be able to offer if a Social Security pilot program to unify state and federal public key infrastructures proves successful.

Social Security will begin accepting Washington's certificates in April as part of a pilot to bring states and federal agencies under a uniform PKI system. The agency began testing digital certificates two years ago and a year ago started accepting Access Certificates for Electronic Services, the centerpiece of the General Services Administration's PKI program, issued to other federal agencies.

Although Washington has used digital certificates for several years, federal agencies weren't ready to accept them.

Washington's PKI program manager, Scott Bream, said he expects no technical glitches with Social Security's system, because Washington's certificates come from one of the federal certification authorities, Digital Signature Trust Co., Salt Lake City. The company is a holder of GSA's Access Certificates for Electronic Services contract.

"We've been tracking the federal government for a long time, and we modeled our policy after what was going on at the federal level," Bream said.

Chuck Liptz, Social Security's management analyst for the pilot, said the agency hopes eventually to accept certificates from all 50 states once interoperability problems are resolved.

"When the opportunity came to test out interoperability with the state of Washington, we thought, let's try this," he said.
About 450 Washington employers uploaded their online wage reports last year, but the files were not digitally signed, said Keren Cummins, vice president for government services at Digital Signature Trust. The businesses used personal identification numbers and pass codes instead.

A browser service called Transact Washington lets employers digitally sign documents to state agencies. Bream said the state's certificates are even more secure than the ones used by federal agencies under ACES.

"We have three levels of assurance; ACES has one level of assurance," Bream said. The lowest level, standard assurance, is a verification feature in the browser. A second level can be information on a token or smart card, and the highest level requires obtaining a certificate in person with verification by a token or a biometric identifier.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.