Military Plays Its 'Smart' Card

Continued from page 1

Neville Pattinson, director of technology and government affairs for Axalto, a company that has supplied more than five million smart cards to the Defense Department over the years, says that JavaCard provides card makers and developers -- as well as users -- with a set of "firewalled sandboxes" to ensure greater security.

Rest oAccording to Aaron Zitzer, director of solutions marketing for ActivCard, which supplies software for the cards, each applet only takes up about 3K or 4K of space.

The Defense Department's smart card program seems to be setting a standard that other federal agencies will soon be following. The number of smart cards used by government workers could more than double in the next two years on the heels of a February federal mandate that will soon require all federal employees and contractors to use smart cards to carry biometric and cryptographic identification.

The Federal Information Processing Standard 201 mandate came from the National Institute of Standards and Technology Computer Security Division, in response to a Homeland Security Presidential Directive issued last August, which demanded a "common identification standard" for federal employees and contractors in order to enhance security, increase efficiency, and reduce identity fraud.

The goal is to have smart cards serve as the common platform by which "every [federal] agency that authenticates you will do so in the same manner," says Frederick Ziegel, a security technology analyst for New York City-based Soleil Securities Group.

Ziegel says this will encompass 6.5 million federal employees and at least two million more contractors.  Ziegel says that, under this new mandate, government agencies will be expected to have a plan for smart card adoption by June, and start putting in procedures to use them by October. 

At the same time, the Defense Department is upping the ante on its program. In less than two months, Butler says, military and Pentagon workers will be issued 64K cards instead of the previous 32K ones.  The greater capacity is necessary to incorporate the biometrics applications that the federal mandate requires.

While the new mandate to use smart cards as a federal identifier is an endorsement of the technology, smart card technology still has its share of hurdles to overcome. Without an infrastructure of smart card readers in place outside of defense headquarters, the cards often end up being used as a standard picture I.D. -- a rather expensive picture I.D. if it can't be used for its other authentication and encryption features.

"Infrastructure has been a challenge," says Ziegel. "If you're in a battlefield somewhere, and not near a reader, your card's probably going to be used like your driver's license."

Even Butler agrees, "You're not going to find [readers] out on the back of Humvees yet...they're not out on the tip of the sword in Iraq."

Randy Vanderhoof, executive director for the Smart Card Alliance, says that while the military has been critical to expanding the use of smart cards in the United States, the scope and breadth of military services presents a host of logistical issues -- from being able to replace spare parts in readers, to ensuring the same cards that work in Washington D.C. are rugged enough for the deserts of Iraq and Afghanistan.

As the military puts more capabilities on a single card, Ziegel points out, they have to be ever mindful particularly during the issuing process that they're actually authenticating and provisioning the right cards to the right people.

Ultimately, Vanderhoof says, the initial Defense Department program "has broken barriers...because they went first and took the arrows in the back and set the standard for other agencies to follow."f the article