[ISN] Wheels turning with secret keys

From: InfoSec News (isnat_private)
Date: Wed Dec 19 2001 - 00:13:46 PST

  • Next message: InfoSec News: "[ISN] Task force will work to plug leaks with technology"

    The E-government unit of the State Services Commission has opted for
    an open Public Key Infrastructure (PKI) standard it hopes will lead to
    rapid adoption of encryption technology by Government agencies.
    The unit has called for New Zealand and international certification
    authorities to apply for accreditation to supply keys or digital
    certificates to departments.
    "This is an open standard so departments can use a number of smart
    cards or USB tokens and certificates from any number of See-accredited
    certification authorities," said Secure Electronic Environment (See)  
    project manager Mike Pearson.
    "Digital certificates can come from several suppliers, as opposed to
    requiring them to adopt a proprietary system."
    He said the E-government unit would accept the credentials for
    certification authorities audited for similar schemes overseas, such
    as the Australian Tax Office Gatekeeper project.
    "Now we've defined a standard, we are encouraging agencies to adopt
    this when they are using web-based applications which need secure
    authentication," Mr Pearson said.
    The See keys will allow departments to more easily create systems
    which share sensitive information across agency boundaries.
    By using smart cards of USB tokens, staff will not need to remember
    more than one password.
    "We think there will be savings because about 40 per cent of helpdesk
    calls are normally password related - and usually on Monday morning -
    so there will be savings from consolidating log-ins," Mr Pearson said.
    "People won't be able to claim someone looked over their shoulder and
    stole their password, because the token is needed for access as well."
    The first Government application to use See keys will be the
    Treasury's CFISnet (Crown Financial Information System).
    It is also seen as a key part of the Shared Workspace, a secure
    electronic environment for project and policy development across
    Government agencies.
    "By limiting the scope to authentication of public servants, the
    accreditation framework is intended to be low cost for certification
    authorities compared with similar frameworks in other countries," Mr
    Pearson said.
    He said the experience PKI agencies should get using See keys should
    help the development of a digital signature standard for government,
    which is on the agenda for next year.
    Ian Hight, the general manager of Baycorp ID Services, said his
    company would apply to become a certification authority.
    Baycorp ID Services has a close relationship with Baltimore, one of
    the leaders in the digital certificate industry.
    Mr Hight said the E-government unit had done a good job developing a
    "It's entirely suitable for the New Zealand marketplace."
    The corporate sector was also moving to PKI systems.
    "Historically, secure communications has focused on issues such as
    intrusion protection, firewalls, virus protection and so on. People
    are now asking if that is enough."
    Mr Hight said that although PKI systems had mainly been bought by
    large organisations, "we are starting to see interest from smaller
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 13:31:26 PST