By Daphne Allen and Carol Cole, Automated Standard Application for Payments (ASAP) Program Office
ASAP.gov is a web-based electronic payment application that disburses over $450 billion annually. ASAP.gov is used by federal agencies to make payments to grantee organizations and to financial agents performing financial services for the federal government. With ASAP.gov’s implementation of Public Key Infrastructure (PKI) technology in May 2008, Federal Agency Certifying Officers are required to use hardware-based digital certificates for system access using two-factor authentication and for digitally signing account funding transactions.
Two-factor authentication provides strong security by ensuring that the person logging in is, in fact, who they say they are. This is achieved by requiring the user to physically possess something (i.e., a Datakey iKey token) in addition to knowing something (i.e., pin or password). A digital signature takes the place of a written signature for an electronic transaction and captures a legal binding document which provides non-repudiation. Non-repudiation means that an individual cannot successfully deny involvement in a transaction.
All ASAP Certifying Officers will be provisioned with a digital certificate on an iKey token by early fall. As FMS integrates PKI in multiple web-based applications, we are working to ensure that Certifying Officers can use the same digital certificate for all FMS applications.
With the integration of PKI, ASAP has achieved the strong level of authentication and non-repudiation critical for large dollar payment applications.
If you have questions about ASAP.gov’s implementation of Public Key Infrastructure (PKI), please contact Daphne Allen at 202-874-7146 or Carol Cole at 202-874-6542.
Viewing PDF files requires the free Acrobat Reader.
You can sign up for your free subscription to The Financial Connection [here].
|