Social Security helps states adopt federal PKI

Washington is about to become the first state whose employers can digitally sign their online wage reports to the Social Security Administration ? something all 50 states will be able to offer if a Social Security pilot program to unify state and federal public key infrastructures proves successful.

Social Security will begin accepting Washington's certificates in April as part of a pilot to bring states and federal agencies under a uniform PKI system. The agency began testing digital certificates two years ago and a year ago started accepting Access Certificates for Electronic Services, the centerpiece of the General Services Administration's PKI program, issued to other federal agencies.

Although Washington has used digital certificates for several years, federal agencies weren't ready to accept them.

Washington's PKI program manager, Scott Bream, said he expects no technical glitches with Social Security's system, because Washington's certificates come from one of the federal certification authorities, Digital Signature Trust Co., Salt Lake City. The company is a holder of GSA's Access Certificates for Electronic Services contract.

"We've been tracking the federal government for a long time, and we modeled our policy after what was going on at the federal level," Bream said.

Chuck Liptz, Social Security's management analyst for the pilot, said the agency hopes eventually to accept certificates from all 50 states once interoperability problems are resolved.

"When the opportunity came to test out interoperability with the state of Washington, we thought, let's try this," he said.
About 450 Washington employers uploaded their online wage reports last year, but the files were not digitally signed, said Keren Cummins, vice president for government services at Digital Signature Trust. The businesses used personal identification numbers and pass codes instead.

A browser service called Transact Washington lets employers digitally sign documents to state agencies. Bream said the state's certificates are even more secure than the ones used by federal agencies under ACES.

"We have three levels of assurance; ACES has one level of assurance," Bream said. The lowest level, standard assurance, is a verification feature in the browser. A second level can be information on a token or smart card, and the highest level requires obtaining a certificate in person with verification by a token or a biometric identifier.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • VIDEO: Explore the 2019 M&A Trends

    Editor Nick Wakeman interviews Kevin DeSanto of the investment bank KippsDeSanto about the highlights of their annual M&A survey and trends driving acquisitions in the federal space. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.