Are You Who You Say You Are?

Pentagon tells DOD workers to prove it.

Under a department of Defense policy in place for about five years, personnel have been required to use smart cards and public-key infrastructure credentials to access the Pentagons network. Now that the Joint Task Force for Global Network Operations backed up the policy in January, they really have to do it.

Today, 3.1 million DOD personnel—including all active military, active reserve and civilian personnel, plus contractors who work within the firewall—use common access cards designed to protect both physical and virtual infrastructure, said Michael Butler, director of the DOD Access Card Office. It took three years to issue the cards to such a large group of holders, largely because they all had to appear in person at an issuing point to verify that they were who they said they were.

"Were trying to lay out a chain of trust," said Butler in Arlington, Va.

Embedded in the smart card is technology from Activ-Identity that formats and provisions the card, delivers PKI certificates and maintains security. Personnel use the card to log on to their computers and to add digital signatures to documents.

"This sets up the legal foundation for someone to do business over the Internet with public-key infrastructure certificates," Butler said. "We could do none of the business that we do every day without this technology approach provided in our card management system."

In the future, the ActivIdentity technology will allow the department to make "post-issuance" changes to cards without requiring holders to return to the issuing point, as they now do. The technology could even be used outside the department, Butler said. For example, if officials at the Washington subway system, called the Metro, were to agree, cards could be used for subway fare.

The DOD smart-card deployment serves as a model for what is beginning to become a trend at other large organizations, said Ed MacBeth, senior vice president of business development at ActivIdentity, in Fremont, Calif. "They really set the template that was followed by other government agencies, and its now extending to the enterprise," MacBeth said.

ActivIdentity combined several credential management capabilities into one offering to help federal and commercial organizations drive down deployment time and costs.

ActivIdentity launched on April 10 an updated version of its SSO (single sign-on) product, called SecureLogin, that the company is touting as the first enterprise SSO with integrated smart-card support. With SSO, users dont have to remember different credentials for different applications, making access to electronic resources faster and easier. SecureLogin Version 6.0 comes with a new user interface, beefed-up security capabilities, support for the Mozilla Foundations Firefox and new administrator tools, among other features.