In spite of a reputation for being a technological laggard in some respects, the U.S. military is on the leading edge of one high-tech revolution: the use of smart cards.
Unlike other photo identifications or conventional financial cards, smart cards have an embedded chip – not a magnetic stripe – that allows the cards to hold data such as health records or and even run applications such as public key encryption. Although French and Canadian citizens have long used chip cards to pay for goods and services, smart cards in the United States have for the most part been relegated to a few highly publicized pilot programs and a handful of proprietary implementations over the last two decades – until the military decided to embrace smart cards for their all-in-one I.D. in 2001.
Since 2002, 3.2 million members of the U.S. armed forces and Department of Defense civilian workers have been issued smart cards that allow building and computer network access and enable workers to encrypt email.
Right now, each basic military chip card contains data on the individual cardholder – name, social security number, rank – and three separate public key infrastructure-based digital certificates (one for identity; one to sign email; and one to encrypt email), according to Mike Butler, the director of the Access Card Office at the Defense Manpower Data Center, which oversees the military and Defense Department’s smart card program.
Defense personnel need to insert their cards into readers to gain entrance to certain buildings, and insert them into card readers to sign on to computers. (All 2.2 million Defense Department workstations now have card readers, Butler says.)
Many troops and defense personnel also use their cards to sign and encrypt unclassified email – ensuring tighter computer security and making it more difficult for other people to sniff those unclassified, but possibly sensitive emails that may forecast military movements. Each card also has about 7K of space that each armed forces branch may use as they see fit.
For example, some Navy cards can be used to gain entry to the mess hall.
While the widespread rollout is quite large, it’s not the first foray into smart cards for the government and armed forces. Isolated, smaller projects launched at individual bases by the Army and Navy date back 10 years, says Butler, who ran one of the Navy’s first smart card programs. Back then, he says “there was no real money for smart cards” – and with just 2K of memory on some of those early cards, not much room for more ambitious applications or even much data.
Today’s smart cards sported by the military are, well, smarter.
Aside from having 32K – hardly whopping by current measures of computing power – these cards run on a small, basic Java operating system. JavaCard gives the identification a standard with which software developers and card manufacturers can work. And, that has elicited more competition from would-be vendors, which has caused prices for cards and systems to drop.
“We can enable programs that sit on top of a more open commodity,” says Butler. “(I)t’s always nice to have alternative sources, this makes them compete for business.”