Java code can integrate apps with CAC
- By Dawn S. Onley
- Jan 06, 2005
The Army will improve the security and utility of its Common Access Cards this month when it releases an open-standards-based Java Applet interface for the smart cards.
The J-CAC software, part of the Defense Department's 2004 Rapid Acquisition Incentive-Net Centricity pilot program, provides secure, encrypted communications and digital signature capabilities for any Defense application that uses a Web browser and a smart card.
The card, which integrates DOD's public-key infrastructure, is available to developers who want to integrate the cards into an application, said Robert Hairfield, deputy product manager for the Army's secure electronic transactions and devices.
'It's an exciting time for us. The code base is stable. We're ready to go out and talk to developers. For us, the big part of the effort is letting the community know this tool is out there and can be used,' Hairfield said. 'To get power to the edge, you have to get trust to the edge.' [For more information about the code, go to www.gcn.com
and enter 345 in the GCN.com/search box.]Applications lag
But one challenge is integrating the Common Access Card into applications, said Eric Hildre, engineering project lead for the Java Applet interface. Hildre works for prime contractor Maden Technologies of Arlington, Va. The subcontractor is Technology Industries of Williamsburg, Va.
'DOD has invested a lot of money, $600 million to $700 million, in establishing a PKI infrastructure to protect information and information systems,' Hildre said. 'There's been a big lag in apps that are actually using the technology. Our theory is it's complex to get down to using this kind of technology. It requires pretty sophisticated engineering expertise and a skill set that just isn't readily available across the department.'
In response to the obstacles, the Army has created an open-source software development kit to help DOD developers integrate their apps with the smart cards.
The Office of the Secretary of Defense for Network and Information Integration funded J-CAC as a pilot for $750,000 in October 2003. Developers who want to use the software must integrate the 15,000 lines of code with their apps.
'J-CAC is an innovative and unique approach to solving a complex software engineering challenge and will help the Army achieve its vision,' said Greta Lehman, the Army's director of information assurance programs. She said J-CAC will save money and reduce security risks.
Hildre said feedback showed the average app would save $125,000 in development costs using the software.
During developmental testing, the contractor developed three apps that showcase the capabilities of J-CAC. The apps are a Java-based chat capability that allows for point-to-point encryption as well as identification; records implementation for digital signatures and Web forms; and an information assurance app for identification and authentication.