DOD preps smart card roll out

The Defense Department will soon kick off departmentwide deployment of its Common Access Card program, after issuing more than 84,000 smart cards during the last year as part of a beta test.

The CAC program uses secure, multi-application smart cards for physical identification, building access and network access. DOD's goal is to have the 4 million eligible personnel, including those in active duty, selected reservists, DOD civilians and some contractors, be issued their unique card from more than 900 issuance centers within 15 months, said Mary Dixon, director of access card programs at DOD.

Among the initial applications for the card are public-key infrastructure functions, including authentication, encryption, decryption and digital signing, said Ken Scheflen, director of the Defense Manpower Data Center. Applications with the Defense Travel System and Warfighter Support are other short-term goals, with biometrics, logistics and medical functions possible future uses, he said.

The cards will act as "the passport to the electronic world" for users, and the digital signature capability will help DOD's "business and commerce move away from cumbersome paper-based systems," said David Chu, undersecretary of defense for personnel and readiness.

John Stenbit, DOD chief information officer, said the goal of the program is to "move toward a network-centric world" by shifting basic personnel activities — signing documents, authenticating transactions, personal identification — online.

Although personal information is involved, such applications were not likely to cause privacy concerns, Stenbit said. Information on the cards, such as the cardholder's name, picture, fingerprint and a personal identification number, are "conveniences, not intrusions."

Chu and Stenbit were issued their cards — in a process that takes about 15 minutes — during an Oct. 29 event at Electronic Data Systems Corp. in Alexandria, Va. EDS is the prime contractor on the CAC program and is working with a number of other vendors, including SchlumbergerSema, which is providing the smart card readers, and Infineon Technologies AG, which is providing the secure microcontroller chips.

The cards are good for a maximum of three years and can hold 32K of information, with a technology refresh built into the contract to keep DOD from falling behind as advancements occur or applications are added, Dixon said.

"What we're committed to doing is whatever we do in the future won't obsolete what we did in the past," she said, adding the three-year life cycle is similar to how most agencies treat their PC purchases. "The same thing will happen with the cards."

Paul Beverly, a vice president at SchlumbergerSema, North America, said his company already has a 64K card and a 128K model on its road map, but that memory isn't really the issue with DOD. "It's really [about] the policies and procedures of what information will go on the card."DOD's Common Goals

Potential uses for smart cards include:

n Public-key infrastructure functions, including authentication, encryption, decryption and digital signatures.

n Applications, including the Defense Travel System and Warfighter Support, which involves deployment readiness, personnel manifesting and tracking, food service, and property accountability.

Future uses include:

* Biometrics.

* Physical access (proximity chip).

* Logistics.

* Medical information.