Secure middleman

Featured eBooks
CDM
Read Now

Future-Ready Workforce

Read Now

Health Tech

Read Now
Insights & Reports
Redefining Mission Security
Presented By Babel Street
Download Now
Defending government cloud against advancing threats
Presented By CrowdStrike
Download Now
By Brian Robinson,
FCW

By Brian Robinson,
FCW

|

When one agency receives an electronic transaction created using a private key that corresponds to a public key issued by the sender's certificate authority (CA), the receiving agency has to determine that the certificate carrying that public key originated from a trusted source.

Related Links

"A bridge too far?"

"Citizen PKI project under way"

"Bridge players"

"How PKI works"

"Signature squabbles"

When one agency receives an electronic transaction created using a private

key that corresponds to a public key issued by the sender's certificate

authority (CA), the receiving agency has to determine that the certificate

carrying that public key originated from a trusted source. The Federal Bridge

Certificate Authority currently under construction allows that verification

to take place through a so-called "trust path."

Next, the recipient agency has to determine that the certificate has

sufficient trust relative to the transaction taking place — a financial

transaction might require a higher trust level than a non- classified e-mail

message, for example. The FBCA can also enable this verification by knowing

the receiving agency's trust policy.

Finally, the FBCA allows the receiving agency to determine that the certificates

being exchanged are still valid and have not been revoked.

If all three of these requirements are met — something the FBCA determines

automatically — the transaction can be completed.

The FBCA prototype uses two CA products, one from Baltimore Technologies

and the other from Entrust Technologies Inc.; both of them interoperate

within the FBCA. Any agency CAs that can interoperate with either of those

products will be able to interoperate with each other. The intent is to

include a range of CA products in the FBCA, with the goal of allowing interoperability

with any CA product or service an agency may choose to work with.

When agencies have been cleared by the PKI Policy Authority to connect

to the FBCA, the bridge will issue a certificate to the agency CA that contains

the details of the trust policy that allows the agency to interoperate with

other agencies.

All the agency then needs is the client/server software that will conduct

the certificate trust path validation and authentication on its end.

The benefit of this arrangement, according to Richard Guida, chairman

of the Federal PKI Steering Committee, is that the bridge need only be powered

up once a week to issue the certificates to agencies. That means the FBCA

will need very little maintenance and will be extremely hard to hack. The

only thing that needs to operate around-the-clock is a small directory that

supplies copies of certificates to users.

NEXT STORY: Reform Party to vote online