- By William Jackson
- Jul 18, 2002
DOD sets a time line for biometric cards
'Some people believe in it, and some people don't, so we have to set the bar.'
'Lt. Gen. Peter M. Cuviello
'We've got a road map' for incorporating biometric identifiers into the Common Access smart card, Army CIO Lt. Gen. Peter M. Cuviello said last month. The Army is the lead service in the Defense Department's Biometrics Management Office.
The card already supports the government's largest public-key infrastructure. All active-duty military and civilian personnel are set to have the cards with digital certificates by the end of next year. After that, DOD plans to demonstrate initial operational capability for the chosen biometric identifier and roll out the full capability by 2005.
The Secure Installation Access Control System will be the government's first enterprisewide use of biometrics. But before it can happen, industry must develop interoperable commercial biometric products and the middleware to link them with databases and other applications.
'We need your help, industry, for sure,' Cuviello said at the Armed Forces Communications and Electronics Association TechNet International Conference in Washington last month.
The National Institute of Standards and Technology is developing a Common Biological Exchange File Format, an umbrella format for other information exchange standards.Products must comply
The American National Standards Institute in February has approved a biometrics application programming interface, and DOD's Biometrics Management Office requires products to comply with it. The International Standards Organization also is developing a standard for biometric smart cards.
'Biometrics is not a finished development' but has reached the practical stage, said Joseph Atick, chief executive officer of Visionics Corp. of Jersey City, N.J. Recent trials of the company's FaceIt facial recognition product at Dallas-Fort Worth International Airport picked out from airport crowds 85 percent to 94 percent of faces on a watch list, he said. The false alarm rate was 1.2 percent.
Results were similar at Boston's Logan Airport, he said. In both trials the product's sensitivity level was set at medium. A low-level setting at the West Palm Beach, Fla., International Airport dropped the accuracy rate to 55 percent but eliminated false positives, he said.Ongoing evaluation
DOD's biometrics program now has become a line item in DOD budget proposals for fiscal 2004 through 2009, which are in the programming phase.
Product evaluation is going on at the Biometrics Fusion Center, colocated with the FBI's fingerprint center at Bridgeport, W.Va. The Biometrics Management Office has not decided what types of biometric identifiers to add to the Common Access card.
The center has assessed 56 products'25 for fingerprints, eight for facial recognition, two each for iris, hand geometry and speaker recognition, and one each for signature and retina verification, plus 14 middleware products and a Web portal. It also has conducted field tests of nine fingerprint products, two iris products and one hand geometry product.Bigger challenge
A bigger hurdle than settling on an identifier will be putting together an enterprisewide system for storing, accessing and retrieving biometric templates in a timely manner.
'It's not that the Common Access card isn't good,' Cuviello said. 'It's that scaled architectures aren't adequate at local posts, camps and bases.'
The card currently used is the Cyberflex Access card from SchlumbergerSema, a division of Schlumberger Ltd. of New York. It uses the Java Card runtime environment on a 32K chip and has received FIPS-140-1 Level 2 certification.
DOD has purchased 1 million of the Cyberflex cards.Setting the bar
Some authorizations using biometric identifiers will require enterprise connectivity. Others, for local building or network access, will not.
Setting up networks and an architecture for rapid biometric authentication will be DOD's job. Providing the products and middleware is industry's.
As the first enterprisewide biometrics program, the Secure Installation Access Control System will become the model for future government implementations, Cuviello predicted.
'Some people believe in it and some people don't, so we have to set the bar,' he said.
William Jackson is freelance writer and the author of the CyberEye blog.