Abstract
All branches of federal government are required to change their business practices to a paperless operation. Privacy and information security are critical for the protection of information shared over networks internally between the U.S. government agencies and externally with nonfederal organizations (businesses; state, local, and foreign governments; academia; etc.) or individuals. The public-key infrastructure (PKI) is the simplest, most widely used architecture for secure data exchange over unsecured networks. It integrates computer hardware and software, cryptography, information and network security, and policies and procedures to facilitate trust in distributed electronic transactions and mitigate the associated risks. Federal PKI (FPKI) is PKI designed for implementation and use by government agencies. Federal PKI research was under way since 1991, and by the end of 2005, the federal PKI included 13 cross-certified federal entities, three approved shared service providers (SSPs; Verisign, Cyber- Trust, National Finance Center/U.S. Department of Agriculture [USDA]), one state, and three foreign countries (Canada, UK, and Australia; Alterman, 2005). Initially envisioned as an interoperability mechanism for federal organizations exclusively, the federal PKI is now positioned for trust interoperability and cross-certification internally among federal agencies and externally with other organizations.
Key Terms in this Chapter
Digital Signature: An encrypted message digest created with a private key to authenticate the sender of a computer file or a message.
Federal PKI: FPKI is PKI for secure data exchange over unsecured networks and is used in support for statutory mandates for e-government and implementing electronic-signature technology.
Public Key: In PKI, the public key is a publicly known key used with a corresponding private key to encrypt and decrypt messages.
Personal Identity Verification (PIV) Card: The PIV card is a form of identification for U.S. federal government employees and contractors to meet the requirements of Homeland Security Presidential Directive 12 and Federal Information Processing Standard 201.
Private Key: In PKI, the private key is a privately known (secret) key used with a corresponding public key to encrypt and decrypt messages.
Federal PKI Policy Authority: This is an authority in a network that determines participants and levels of cross-certification among participating individual agency PKIs, and administers a certificate policy.
Registration Authority (RA): An RA is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority to issue it.
Federal Bridge Certification Authority (FBCA): The certification authority designed to create trust paths among individual agency PKIs by allowing discrete PKIs to trust digital certificates issued by other entities whose policies have been mapped and cross-certified with the FBCA.
Public-Key Infrastructure (PKI): PKI is a technical and organizational infrastructure for secure data exchange over unsecured networks using an asymmetric encryption scheme (public and private keys) with public-key certificates to protect confidentiality, integrity, and nonrepudiation of transmitted messages.
Certification Authority (CA): An authority trusted by one or more users to create and assign certificates.