As a vital next step in reinventing the government's use of information technology, the Department of Commerce's National Institute of Standards and Technology announced today that it seeks comments on a proposal for a pilot public key infrastructure program needed to implement the Digital Signature Standard.
The Digital Signature Standard makes use of public key cryptography, which relies on public and private digital keys to verify both the integrity of electronic messages and forms, and the signer's identity. The public key, used by the receiver of a signed message to verify the digital signature, must be assigned and certified by a reliable third party.
In the future, a "public key infrastructure" will manage the certification of public keys on a large-scale basis.
The government-wide standard applies to all federal departments, agencies and their contractors for the protection of unclassified information when digital signatures are required. Private and commercial organizations can choose to follow the standard voluntarily without the payment of royalties to the government. The DSS does not provide confidentiality of the file or message being signed. Additional encryption techniques can be applied to a message to provide that privacy.
In a continued effort to reassure users of the Digital Signature Standard that it does not infringe other patents, the public key infrastructure contract will contain a clause under which the government assumes liability for any patent infringement resulting from the performance of the contract, including use by private parties when communicating with the U.S. government.
As a non-regulatory agency of the Commerce Department's Technology Administration, NIST promotes U.S. economic growth by working with industry to develop and apply technology, measurements and standards.