Defense program spurs wider government use of smart cards

Defense program spurs wider government use of smart cards

SAN FRANCISCO'With the number of Common Access Cards in use approaching the 2 million mark, the Defense Department has opened the way for smart-card use throughout government.

Issuing the cards at a rate of 12,000 a day, 'DOD is leading in identity management,' said Brett Michaels, head of government sales for RSA Security Inc. of Bedford, Mass. 'Their effort, funding and conviction have blazed a trail for the rest of the public sector.'

Government smart-card use was a hot topic at the RSA 2003 Security Conference this week.

The CAC program is 'far and away the largest U.S. government application of smart-card technology,' said Dave Ludin, North American vice president of sales and solutions at Gemplus Corp. of Redwood City, Calif. 'It has spurred interest throughout the government. You can see it in the Transportation Security Administration.'

Defense hopes to have about 4 million cards issued to active duty military personnel and contractors behind its firewall by the end of this year, said Mary Dixon, director of the Common Access Card Office of the Defense Manpower Data Center.

That does not mean that the job of issuing cards will be over, she said. DOD will continue issuing about 1.3 million cards a year to replace existing cards and accommodate incoming personnel. But the department is now shifting its focus to applications, Dixon said.

The cards, which DOD began work on in 1999, are used as standard ID cards, and their embedded chips also can be used for logical access to IT systems and for other types of authentication.

'This summer we will be piloting some contactless technology," Dixon said. "We hope in fiscal 2004 to be able to add biometrics.'

She said the type of biometric has not been decided, although "it is most likely fingerprints or iris scans. We are designing the card so it will be vendor neutral and biometric type neutral.'

Government officials would like to see more widespread use of smart cards, but a lack of interoperability has been the largest barrier to sweeping adoption, said Jim Dray, principal scientist for the National Institute of Standards and Technology's smart-card program.

'The government has been trying for some time to do this, and it has turned out to be a problem," Dray said. "There are many attempted rollouts of smart-card technology over the years. The real roadblock is that there has not been enough interoperability between products.'

NIST is working to change that with its Government Smart-Card Interoperability Standard. Version 1 of the standard was issued in August 2000. NIST now is working on Version 2.1.

The new version will include provisions for contactless use and biometrics. 'DOD has been proactive in feeding information to us" for biometric specifications, Dray said.

Gemplus' Ludin said smart cards would be among the technologies tested this year for the Transportation Workers ID Credentials at the Philadelphia-Wilmington port on the East Coast and the Los Angeles-Long Beach port on the West Coast.

In addition to TWIC, the State and Treasury departments also are rolling out smart-card programs using the same card stock as the Common Access Cards, said Neville Pattinson, director of business development and technology for Schlumberger Ltd. of New York.

'Many other government agencies are using the experience of the DOD and the Common Access Card Office,' Pattinson said.

Smart cards for years have been on the brink of acceptance in the United States but have been slow to catch on. DOD's decision to forge ahead with its program was a watershed for the industry.

As military personnel enroll they are issued cards at 900 sites around the world. The number of sites speeds up the issuing process but creates management difficulties.

TSA is looking at a more centralized system to save money, Pattinson said. Transportation workers, including truck drivers and port and airport employees, would be able to enroll for TWIC locally, but cards probably would be issued from a central site.

Even before the TWIC pilot is complete, DOD will begin issuing its first round of replacement Common Access Cards late this year.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group