Pentagon Sets the Stage for Advanced Smart-Card Use

The deployment of the DOD's smart-cards, embedded with ActiveIdentity technology, is serving as a model for identity management at other large organizations.

Under a Department of Defense policy that has been in place for about five years, personnel are required to use smart cards and public-key infrastructure credentials to access the Pentagons network. Now that the policy was recently backed up by the Joint Chiefs of Staff, they really have to do it.

Today, 3.1 million DOD personnel--including all active military, active reserve and civilian personnel, plus contractors who work within the firewall--use common access cards designed to protect both physical and cyber-infrastructure, said Michael Butler, director of the DOD Access Card Office. It took three years to issue the cards to such a large group of holders, largely because they all had to appear in person at an issuing point to verify that they were who they said they were.

"Were trying to lay out a chain of trust," Butler said, in Arlington, Va.

Embedded in the smart card is technology from ActivIdentity, which formats and provisions the card, delivers PKI certificates, and maintains security. Personnel use the card to log on to their computers, and they can use it to add digital signatures to documents.

"This sets up the legal foundation for someone to do business over the Internet with public-key infrastructure certificates," Butler said. "We could do none of the business that we do every day without this technology approach provided in our card management system."

In the future, the ActivIdentity technology will allow the department to make "post-issuance" changes to cards without requiring holders to return to the issuing point, as they must do today. The technology could even be leveraged to add functions for use outside the department, Butler said. For example, if the D.C. subway system, called the Metro, were to agree to it, common access cardholders could use their cards for subway fare.

The DOD smart-card deployment serves as a model for what is beginning to become a trend at other large organizations, said Ed MacBeth, senior vice president of business development at ActivIdentity, in Fremont, Calif. "They really set the template that was followed by other government agencies, and its now extending to the enterprise," MacBeth said.

ActivIdentity combined several credential management capabilities into one offering to help federal and commercial organizations drive down deployment time and costs. "We have consciously assembled in one complete framework all of the capabilities we think are needed to address identity management," MacBeth said. "The beauty is that it allows them to address whatever solution that is a priority, but theyre investing in a solution that they can grow with."

ActivIdentity is launching April 10 an updated version of its SSO (single sign-on) product, called SecureLogin, which the company is touting as the first enterprise SSO with integrated smart-card support. With SSO, users do not have to remember different credentials for different applications, making access to electronic resources faster and easier. SecureLogin Version 6.0 comes with a new user interface, beefed-up security capabilities, support for the Mozilla Foundations Firefox and new administrator tools, among other features.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.