Defense looks to the next wave of PKI and smart-card use

Defense looks to the next wave of PKI and smart-card use

The Defense Department's public-key infrastructure program manager will meet with CIO John Stenbit early next month to detail an evolutionary strategy for the department's further development of PKI technologies.

Just months away from an October mandate that requires over 4 million active-duty, civilian, contractors and some reservists to use the department's PKI-ready Common Access Card program for network authentication and digital signatures, the Defense PKI Office is looking ahead to the next wave of PKI for securing e-mail, said Jim Degenford, PKI program management office advocate. The office is also wants to add biometrics to the smart cards.

The cards currently use the Java Card run-time environment on 32K chips. The next-generation of cards will carry 64K chips, Degenford said yesterday at a conference in Alexandria, Va., sponsored by Silanis Technology of St. Laurent, Quebec.

"Right now we have a baseline PKI. It's functional," he said.

The next version will have more functions and be more secure, Degenford said. The department has run interoperability tests of a dozen applications at the Joint Interoperability Test Command at Fort Huachuca, Ariz., to make sure they conform with Defense's PKI requirements. Several more apps will be tested, he added.

New Common Access Cards will be 'more hardened, more robust'to provide more functionality for DOD PKI users," he said.

Degenford identified five challenges facing Defense's expansion of PKI use:

  • Validating PKI certificates

  • Setting a strategy for tactical and Secret IP Router Network use

  • Assuring funding

  • Approving applications

  • Staying abreast of the technology's evolution.

Two earlier hurdles, settling on smart-card readers and middleware, are no longer issues, he said.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected