US military plays the smartcards

The US Department of Defense (DoD) has this month started issuing smartcards to more than four million users around the world in what is the largest single...

The US Department of Defense (DoD) has this month started issuing smartcards to more than four million users around the world in what is the largest single installation of digital identity.

The cards will be used for a wide range of applications, including building access and financial services, as well as access to government information. The card will serve as the authentication token for the DoD's computerised public key infrastructure (PKI).

The Java-based "common access" cards, which the department estimates will cost about $6 each, will be used in more than 900 locations, including the DoD's headquarters at the Pentagon. The implementation will be seen as a test case for multi-application smartcards by companies around the globe.

The DoD wants the smartcards, based on ActivCard's digital identity technology, to replace active and reserve component military ID cards. They will also be issued to civilians and certain contractors with access to DoD facilities.

Paul Brubaker, deputy chief information officer at the DoD, said: "The common access card and its role in our public key infrastructure are critical to the successful implementation of many key programmes that we have here in the world of DoD and service technology."

Among possible activities being considered on a department-wide basis are processing food service charges in military mess halls and updating important manifest and deployment data. Local commands are also evaluating placing individual medical and dental information on the card, as well as student status, armoury and property accountability, training and rifle range performance.

Bernard Rostker, under secretary of defence (personnel and readiness), whose office assisted in developing the card, said: "I applaud the fact that this card gives our people a key technological tool to improve performance while protecting individual privacy."

To protect privacy, the card is designed with minimum information to support its identification, access and management features. While the card will not include a personal hand-written signature, it will store certificates to enable cardholders to digitally sign documents such as e-mail, encrypt information and establish secure Web sessions to access and update information via the Internet.

The cards will initially be issued at selected sites in Virginia, US and in Germany and South Korea.

The target date for completing the initial issuing of the new card is the end of September 2001.

Technology behind DoD card roll-out

  • The smartcards are based on Java 2.1 architecture. The cards are inserted into a smartcard reader that is attached to a PC. A user's personal identification number authorises access to card credentials and data.

  • ActivCard digital identity infrastructure software was embedded into 1,300 Real Time Automated Personal Identification System workstations.

  • The ActivCard software provides simultaneous connection to two systems, from which user applications and data are required. In this case, the systems are the DoD's Defense Enrolment Eligibility Reporting System and the Defense Information System Agency's public key infrastructure Certificate Management System.

  • Read more on IT for small and medium-sized enterprises (SME)