PKI is designed to be an efficient, information security technology that, among other uses, can help expand the global Internet trust network.
Through the formation of cyber identities, PKI enables trusted electronic transactions for a variety of business, government and consumer uses. Additionally, PKI protects against identity fraud and eliminates slower and more expensive paper-based processes.
Recently, the Four Bridges Forum recognized some of the most innovative uses of high assurance digital identity solutions in both the public and private sectors. Award nominations were open to the public and judged by a panel comprised of representatives from each of the participating Four Bridges Forum PKI bridges: the Federal Bridge Authority (Federal agencies), CertiPath (Industry, aerospace and defense), SAFE-BioPharma (Biopharmaceutical and health care) and the Research and Education Bridge Certification Authority (Education and research sectors).
Innovation winner – Monitor Dynamics
Trusted FICAM platform provides PKI-based access control
Monitor Dynamics’ Trusted FICAM Platform is a physical access control system designed to deliver trust by leveraging PKI-based identity credentials and PKI Bridge infrastructure.
The FICAM Platform utilizes PKI credentials that meet the FIPS 201 federal standard. It is designed for users wishing to incorporate PIV, CAC and PIV-I with full validation support across both the Federal Bridge and CertiPath Bridge. It also supports locally validated credentials like CIV, FRAC and TWIC.
CertiPath selected it as the test platform for certification of all PIV-I credential issuers.
The Trusted FICAM Platform enables authorized credential holders to use a single enterprise-issued, digitally-certified smart card badge to gain physical access to buildings or facilities, and can use that same badge to securely log on to their personal workstation or laptop. The platform acts as the “lock” through which all users must pass, ensuring that their PIV-I credentials act as the “keys” – all while meeting the required identity and physical security requirements.
In addition to the benefits that PKI-based credentials offer to physical access control systems, Monitor Dynamics also supports Bridge PKI that enables an organization to:
- Discern if the credential has been revoked in real time
- Know if the issuer or similar authority serving as the basis for trust in a credential has been revoked
- Accept a visitor’s own credentials and receive near real time status information of visitor’s current company affiliation
The platform possesses a surveillance capability as well, combining intrusion detection, video surveillance and identity management into a centralized command and control dashboard with global management and reporting capabilities.
Business Value winner – U.S. GPO
EDOCS system enables signed electronic submissions to federal register
The U.S. Government Printing Office is tasked with printing and disseminating both hard copy and electronic versions of the Federal Register – the official journal of the U.S. federal government. The Register is published daily, not including weekends and holidays, and contains all routine publications and public notices for the more than 1,500 disparate government agencies.
By law, each document that appears in the Federal Register must carry with it an original and legally binding signature. Prior to 2006, Register documents could only be submitted on paper accompanied by a separate form containing a wet (ink) signature.
In 2011, the Federal Register’s 248 issues contained nearly 33,000 distinct documents – the equivalent of 343,000 typed pages. The process of paper submissions and wet signatures had simply become overwhelming.
“GPO operates a Shared Service Provider PKI service which is available to GPO customers in all three branches of US federal government,” reveals John Hannan, chief information security officer for GPO.
The transition began in 2006, with the introduction of electronic Register submissions – a process that saved the GPO considerable time and money. By 2011, GPO’s PKI electronic document submission system (eDOCS) was responsible for one third of all Register submissions.
Federal agencies using eDOCS convert documents to PDF format, digitally sign them, and submit them to the Federal Register via email. “The digital signature is a unique code based upon the individual user’s private key and the electronic file to be signed,” explains Hannan. “A PKI digital signature is a very strong, fraud proof method of electronic signature that meets or exceeds all U.S. federal government e-signature requirements for official documents.”
The PKI service carries with it a number of benefits, particularly with regard to operational cost. “The costs associated with the traditional, paper-based submission process using ink on paper signatures can now be avoided. The submission can now be sent via email using a digitally-signed electronic file,” explains Hannan.
By Hannan’s estimation, the PKI system pays off sooner rather than later. “Once an organization sends over five submissions in a year – the approximate break-even point – the costs of the PKI electronic submission method begin paying dividends,” says Hannan. “For organizations that send hundreds of these submissions per year or more, the savings can be significant.”
Another benefit of eDOCS is the time needed to complete submissions. “The PKI solution enables for quicker turnaround times, meaning organizations have more time to prepare their submission before it would be due prior to publication,” explains Hannan. “It makes for more efficient and effective processing of the submission itself during the publication process.”
To take part in the electronic submission process, agencies issue a medium assurance level digital certificate to personnel. This issuance requires an in-person identity-proofing process, either at GPO’s main office or through the participating agency’s Local Registration Authority.
In addition to digitally signing files, the digital certificates can also be used for file encryption, email encryption and signing in Outlook email. These are utilities that Hannan believes will be vital for many Federal agencies moving forward.
“The aspect of strengthening electronic transmission processes beyond simple password authentication is expected to become increasingly beneficial over time for U.S. federal government agencies,” says Hannan. “There are many examples of processes that could benefit from this type of solution.”
The GPO’s PKI infrastructure has been cross-certified with the Federal Bridge Certification Authority since 2005 and has been a Shared Service Provider since 2007.