Can mobile devices work as ID cards, thin clients on a secure net?
The Defense Information Systems Agency is looking for software that will let personnel use their mobile devices as thin clients to access Defense Department networks.
DISA has issued a Broad Agency Announcement requesting proposals for “Common Access Card (CAC)-enabled virtual thin client solutions for managed and unmanaged mobile devices.” The agency is looking for innovative approaches that authenticate via Defense Department Class-III certificates on a CAC for access to DOD networks.
That’s quite a lot to take in, so let’s break it down to find out what DISA is asking for:
Managed and unmanaged mobile devices. To be able to authenticate a device whether or not it is already managed by a network server will be more difficult, but not insurmountable. The recent “bring you own device” (BYOD) craze and cloud-based network management has made this easier than it would have been in the past.
Virtual thin client solutions. Of course, a physical thin client is essentially a box that allows a user to connect to the network and use enterprise versions of applications that use data that sits on a server. The box itself is usually nothing more than some ports for network, monitor, and input devices. A virtual thin client is a piece of software that allows a regular computer to function as a thin client for a certain network. So, in effect, your mobile device would have access to network services as if it were a client connected through a LAN port. As you can imagine, this opens up the network considerably, so strict authentication is paramount.
Common Access Card. For those not in DOD, this is the identification card that is issued to all DOD employees, military personnel and some contractors. It has a photo of the employee, some printed information, a strip of scanner code and an integrated circuit. This card is used in conjunction with a PIN to provide two-factor authentication. Currently, DOD uses it for physical access and authentication on some networked computers. So what DISA is asking for is software that will let a DOD user’s mobile device scan their CAC and have them enter the PIN in order to allow that device access to DOD networks.
Of course, that isn’t all. DISA also requires that no data transferred from the network will stay on the mobile device once the connection is terminated (that’s the thin-client aspect). In addition, it wants the capability to digitally sign and encrypt e-mails just as users can when at a DOD workstation. And data needs to be encrypted as it goes back and forth between the mobile device and server.
Providing secure access to DOD networks from mobile devices would help the department’s push toward mobile computing. And such software could prove useful to other agencies as well.
Companies interested in coming up with this software can peruse the BAA notice here. There are still a couple weeks to get a proposal abstract in.