Along with its support for smart cards, the federal government is making a pitch for digital certificates.
On March 16 the General Services Administration issued a draft request for proposals for what it calls ACES-Access Certificates for Electronic Services. It was "intended to result in a proof-of-concept contract with anticipated multiple rewards," according to documents posted on the agency's Internet site.
Marty Wagner, associate administrator of the General Services Administration's office of governmentwide policy, said banks are encouraged to apply.
"I would think that a bank would be very well-positioned to participate," he said. "The technology is usually relatively straightforward."
Not many banks have gotten directly involved in digital certificates, a method based on data encryption technology for authenticating parties to an electronic transaction.
Zions Bancorp. of Salt Lake City took the lead by establishing Digital Signature Trust Co. to specialize in the technology and provide support services to other institutions. The American Bankers Association has declared its intention to play the central role of certificate authority and designated the Zions subsidiary as its vendor.
Among the companies that have indicated interest in the GSA proposal are Certco LLC, Cybercash Inc., and AT&T Corp.
The government has not decided whether it wants to get into the authentication business itself. "We would say that for a very large class of applications, the way to handle electronic signature and certification technologies is to buy it as a service from the private sector," Mr. Wagner said. "ACES is the best articulation of how it is working."
Under the ACES model, digital certificates would be free to computer users. The vendor would get paid each time a certificate was used in a transaction with a government Web site.
"Everybody needs electronic signature, but nobody wants to be the first person to do it, because once you've done it, then everybody else rides it," he said. "We are trying to share the costs."
Digital certificate technology could dovetail with smart cards, which are seen as a way to make a certificate portable-it would not just be valid with a specific personal computer.
Jerome Svigals of Jerome Svigals Inc., a smart card consultant in Redwood City, Calif., said the "concept is great" but the immediate prospects are dubious because identity theft is just too easy.
The government's smart card plan is "highly dependent on certificates, and certificates have some very serious problems," Mr. Svigals said. "You don't know who has submitted it, and you don't know who may have misdirected it."
Mr. Svigals said some agencies-like the Defense and Treasury departments-already use certificates for intragovernment payments. The potential for serious fraud and identity theft is far greater outside of these "protected environments," for instance, in taxpayer dealings with the Internal Revenue Service, he said.
"I'm delighted that the government is taking progressive steps," Mr. Svigals said. "I wish somebody would put an effort together to solve the system issues related to certificates. Unless you solve the whole problem, it could create more problems."