U.S. Department of Defense Declares War on Common Access Cards
Biometrics and smart devices the new gold standard for converged access control.
ACCESS credentials could be on the verge of change with news the Defense Information Systems Agency, the Pentagon’s IT services branch, will start pushing out the first prototype replacements for its converged common access card by year’s end.
The American military’s replacement for the common access card is going to be biometric and smart phone-based to ensure it can be used effectively in the field and is likely to integrate multiple authenticators.
The DoD’s common access card is a standard ID issued to up to 2 million service personnel in the U.S. and is used for building and area access, as well as for accessing computers and networks.
DISA has been working on at least 7 authentication factors, including face recognition, voice recognition, gait recognition, hand pressure, wrist tension, device orientation, GPS location, as well as associated factors including trusted peripherals and networks.
“Prototype devices for establishing assured identity are being developed right now,” said Vice Admiral Nancy Norton, DISA’s director, at an AFCEA cybersecurity operations conference in Baltimore in May.
“The first few (reports suggest the number is 75) will arrive this summer to assist with determining the right test parameters”.
According to Nextgov, Steve Wallace, technical director at DISA, said the authentication pilot program was coming from a private company using DISA funding and that the biometric technology will be embedded in smartphones. Partner organisations using this technology will receive a risk score for a person attempting access, allowing them to make a highly informed authentication decision.
According to Wallace, the new tool will be installed on smartphone chipsets and will be able to continuously gather and verify encrypted identifying information. Wallace told Nextgov, the capability would be available in mobile devices within a couple of years and will be widely used.
There’s no official confirmation of this speculation but the decision to take authentication onto mobile devices in the future may explain some of the tension that currently surrounds the supply of 5G network hardware and services.