4 million at DOD to use biometrics

Within two years, all Defense Department workers will enter their facilities via fingerprint or iris authentication.

The biometric technologies will become part of a redesigned Common Access smart card, said Linda Dean, chief of DOD's Biometrics Management Office.

Dean said DOD plans to issue the smart cards to all active-duty and civilian personnel, as well as military reservists and contractors working in secure DOD facilities. She also said the agency eventually would issue cards to retired employees and family members of active-duty personnel, bringing the total number of cards in circulation to about 4 million.

'We just finished the beginning of mass issuance for the Common Access card, and this is going to take us through the end of 2003,' said Dean, who is also director of enabling technologies for command, control, communications and computers for the Army.

'We'll be carrying a biometric on the card, or we'll be accessing a biometric using the card,' she said. 'Right now, the biggest challenge is to define the requirement for biometrics. What do you need to use it for?'

Dean's team is working on six biometric types: facial, iris, fingerprint, hand and finger geometry, signature verification and voice recognition.

The likeliest identifier on the smart cards will be fingerprints. 'The iris is probably stronger for security, but the fingerprint is more mature,' Dean said.

Testing products

Several commercial biometric products, selected in a competitive acquisition process with help from the General Services Administration, are undergoing tests at DOD's Biometrics Fusion Center in Bridgeport, W.Va. The center, which opened in October 2000, until now has tested biometrics for smaller and simpler applications.

Although the center maintains a repository of DOD biometrics evaluations and test results, Dean's office still has to figure out where employees' biometric data will be stored.

Instead of developing a separate biometrics infrastructure, DOD will implement biometrics in its public-key infrastructure through the Defense Enrollment Eligibility Reporting System and Real-time Automated Personnel Identification System.

DEERS, managed by the Defense Manpower Data Center, is a personnel system. RAPIDS workstations link to DEERS to generate identification cards.

'We have the DEERS-RAPIDS infrastructure that issues the card,' Dean said. 'We have a way to access and retrieve PKI certificates through the certificate authority run by the Defense Information Systems Agency, and we have a way to use those certificates in our computers for digitally signing and encrypting e-mail. We have to do the same thing for biometrics.'

When DOD defined requirements in 1999 for its Common Access card, Dean said, it included plans for eventually merging the smart cards with the department's PKI. Now the Biometrics Management Office is working with the military services to put biometrics on their versions of the smart cards.

Dean said the project is highly cooperative, with her group working regularly with the service's liaison staff officers. The management office is now awaiting final approval from DOD brass of its first draft of a DOD biometrics policy.

Robert Lentz, director for information assurance for the assistant secretary of Defense for command, control, communications, computers and intelligence, will issue the policy to a coordination team of biometrics experts from each service.

By establishing everyone's roles and responsibilities for using biometrics, the department can head off any problems before they arise, Dean said.

Defense organizations need to begin deciding how they should use biometrics, Dean said, because different operations have different security requirements.

Dave Wennergren, the Navy's deputy CIO and chairman of the DOD Smart-Card Senior Coordinating Group, said he expects to see biometrics on Navy smart cards within a year.

Smart-card readers

'You just have to figure out how to take advantage of the smart cards,' he said. He said every Navy end-user system will be equipped with middleware and a smart-card reader.

Wennergren also is thinking about adding an antenna to the Navy smart card so it can work with wireless devices'for example, BlackBerry e-mail devices from Research in Motion Ltd. of Waterloo, Ontario.

'It's important to think this through,' he said. 'It's not enough just to issue cards, you have to have an enterprise solution in mind.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above