Welcome Login

For current information from GSA about COVID19 please click HERE

You are here

Education Campaign Series: Digital Certificates and Digital Signatures

Future Government Payment Solutions Education Campaign Series

Throughout the next several weeks, the Office of Charge Card Management (OCCM) will be providing background information on key topics or explaining difficult concepts related to GSA SmartPay. Please note that the information provided relates to general GSA SmartPay program related topics. Information provided during this series does not include SP3 requirements. OCCM will not engage in any discussions regarding potential SP3 requirements within this forum. If you have any general questions about the program, please let us know!

Digital Certificates/ Digital Signatures

What is a digital certificate?

A simplified way to understand a digital certificate is to envision a traditional certificate.  Like a traditional certificate, a digital certificate includes an issuing authority (such as IdenTrust or Operational Research Consultants (ORC)), a specific person in an organization the certificate was assigned to, an expiration date, and a signature/seal.  The digital signature within a certificate works similar to an official wax seal on a letter because it can be used to check if the document has been altered in any way.  

But unlike a traditional certificate, a digital certificate contains an additional feature. Each digital certificate contains a unique public and private key, used to securely encrypt and decrypt data.  The public key is stored with a trusted issuing authority/certificate provider and the private key is stored in the user’s Internet browser, ID badge or memory stick.     

How does a digital signature work?

Each digital signature contains a unique hash, which is a mathematical value of that certificate.  The hash value is put through a complex mathematical function using the private key to generate a digital signature on the document.  To check if the document has been altered or damaged, the issuing authority puts the digital signature through a mathematical function using the public key and checks that the hash values match.  If the hash values match, the document is valid.  If the hash values do not match, it means the document has been tampered with or is corrupt.  

What are the benefits of digital certificate?

Digital certificates are relatively easy to use and in many cases more secure than a traditional signature because they are virtually impossible to forge. Within the US, digital signatures have the same legal significance as traditional signed documents.  

Digital Certificates:

  • Verify the identity of all parties involved,

  • Securely encrypt or decrypt data, and

  • Create a verifiable digital signature      

Every Federal Government employee is already set up with a digital certificate and signature.  All GSA Schedule vendors are required to have a digital certificate for access into the eOffer/ eMod applications and be able to sign the final contract document electronically.  GSA requires an ACES Business Representative Certificate because this certificate ties the individual with the certificate to the company they work for; however, DOD ECA certificates may also be used in place of the ACES Business Representative Certificate.  

How to obtain a digital certificate?

Your organization can obtain a digital certificate by purchasing it through either IdenTrust or Operational Research Consultants (ORC).  It will take between 7 and 14 days for a digital certificate to be issued after you have notarized you paperwork and submitted it to the company.  Digital certificates must be updated every two (2) years at a cost of $119.

More information about digital signature can be found on the eMod/ eOffer webpage: http://eoffer.gsa.gov/

How do digital signatures relate to GSA SmartPay?

Although digital certificates and digital signatures were not required for the GSA SmartPay 2 contractors, the trend in Federal Government has been moving toward these new technologies.  GSA is planning on opening the digital certificate program to non-Schedule vendors ,as well as, all Federal Government agencies in the near future.  Therefore, you may see the adoption of digital signatures at the GSA SmartPay master contract or task order levels.   

Currently, within the GSA SmartPay 2 contact, employees are given the option of electronically accepting cardholder agreements when submitting an application. As digital signature trends continue, agencies may also require the use of digital signatures when submitting charge card applications for their cardholders or other situations throughout the charge card program, such as filling out official dispute or fraud forms.  It is important for the charge card program to adapt to emerging trends in the purchasing market.      



Views: 1427

Significant evolution in the charge card and payments market has occurred since the beginning of the GSA SmartPay contracts.   GSA's Office of Charge... More

Subscribe here to stay informed on the group's latest updates.

  • acceptanceai's picture
  • Kellinmorris's picture
  • jtaylor's picture