Biometric Associates smart card reader

Mobile authentication for CAC, PIV cards could get easier

Military and civilian agencies have been approving and/or adopting smart phones by the bushel, but the surge into mobile computing can be complicated by matters of authentication. Many smart phones don’t yet work with the authentication agencies require — Personal Identity Verification cards for civilian agencies, Common Access Cards for Defense agencies.

It’s not that security is being ignored. The National Institute of Standards and Technology in July 2012 issued a draft of Special Publication 800-124, Revision 1, "Guidelines for Managing and Securing Mobile Devices in the Enterprise" that offers recommendations for selecting and managing mobile devices, whether provided by an agency or personally owned.

And the Defense Department, which recently OK’d Android, iPhone and BlackBerry models for military use, won’t actually use new devices until the Defense Information System Agency implements a mobile device management system later this year.

Manufacturers, meanwhile, are working to make their devices more ID-friendly. Although the BlackBerry 10.0 line of phones, recently approved by DOD, don’t work with CACs, subsequent versions, 10.1 and 10.2, are expected to, NextGov reported.

Agencies also could find authentication getting easier with baiBrowser, a Bluetooth-enabled app just released by Biometric Associates that lets users with iPhones and iPads — and, soon, Android devices — use CAC, PIV, PIV-I (Personal Identity Verification-Interoperable) or Commercial Identity Verification cards for authentication.

The baiBrowser has been tested with Army Knowledge Online sites, Air Force portals, the Defense Finance and Accounting Services’ myPay site and most Defense Outlook Web Access sites, company president Scott Johnson said in an announcement. The app supports both the baiMobile 3000MP Bluetooth Smart Card Reader, a sleeve that fits over the phone, and the forthcoming baiMobile 301MP attached reader. 

The iOS version is available as a free download from the iTunes App Store (users have to buy the reader). The company said the Android version is being tested with U.S. agencies and is expected to be released soon via the Google Play Store.

Mobile device management is a growing issue for public-sector agencies, as smart phones, tablets and other portable devices make their way into enterprises, leading some industry experts to wonder if the days of smart-card IDs are numbered.  Some say they think hardware authentication tokens such as CAC and PIV cards will give way to on-board biometric readers or other software options.

The real key is two-factor authentication — whether via hardware or software — so that users need more than just a password to verify their identities. There are a growing number of soft tokens available, each with their strengths and weaknesses. NetworkWorld just reviewed eight such services.

Whether, or when, agencies move away from smart ID cards is anybody’s guess. But even with CAC and PIV cards, their options for mobile authentication are expanding.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Sat, Mar 1, 2014 Otto Ledee Gainesville, Florida

Can I purchase a CAC/PIV Card Reader for my personal computer and laptop? If so, where can I purchase one and the installing program? Thank you

Sat, Jun 1, 2013 Apples to Organges!

If you can get an iPad/iPhone reader and app for $29, with FCC, Apple, FIPS, GSA yada yada approval on hardware and software, you should buy it right away! If something sounds too good to be true... should raise red flag of is this apples to apple and what is not being disclosed or accurately represented? $29 is more like a generic USB PC reader and depending on what version of Windows you have, you'll spend $29 again on Active Identity (HID) software to make it do something useful. Nothing's real free, just depends on whether the taxpayer footed the bill, or it's built into the mobile device cost, the OS cost, the hardware cost etc.

Sun, May 26, 2013

@... keep in mind standardization and ergonomy... did you extend your iphone or ipad with this reader? and inserted a CAC card in it...? this is not ergonomic at all, and don't be naive the market price of this reader is US$29... means the app is not free ;-) @Craig it is true, and the ergonomy of it is a real added value ! the point is that the fingerprint reader is to slow and so long fingerprint data are not stored on the smartcard, why should men pay for non-usable reader ? next generation will be certainly more trustable ! conclusions: for each use case exist an appropriate form factor, and if competitors starts competition, the winner will be the end-users !

Fri, May 24, 2013 Caveat Emptor

Recommend looking for market neutral information at a site such as Military CAC. That site lists *all* of the reader and software solutions, clearly identify what has shipped for months or years, what is new and what is roadmap / futures / vaporware. A few minutes there and with Google reveals... iTunes lists BAI support just for the 3000MP device. BAI offers that at $338.20, the most expensive reader in the marketplace. There are mandatory annual fees of $57.80 on top of that. No other vendor charges these fees. For developer and technical support, iTunes names a private individual (also known as "STI-Consult" or "Identiy") from a government rental unit in Belgium ("ICAB"). It is not clear whether the registration goes to BAI or to the individual/company in Belgium.

Thu, May 23, 2013

There is also a great IOS solution already in the field--the Thursby PKard Reader. We have 14 here where I work and the solution is elegantly easy to set up and use by our non-techie users. The Thursby reader looks like it is about 1/3 the size of the baiBrowser shown in the article's photo. I'm using my CAC as a reference for that estimate. Size matters for mobile users. Like this new device, the app to use it is free, the device is not. There will likely be a flood of these devices from different sources as we move to more mobile solutions. Hopefully the price per unit will plummet when that happens.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group