Common, It Isn't
Now in its second version, the CAC is basically a smart card which the government uses for its workers to verify identity, buy goods and logon to office and field computers.
There are about 4.3 million active service men and women, with another 20 million dependents. Earlier this past summer, the government hit a milestone one millionth card issued.
Expansion of ConceptWhile the CAC is extremely important to military and defense users, the program’s impact will surely expand beyond these users and into business and security applications. At last month’s American Society for Industrial Security (ASIS) International Exhibition and Seminar in Philadelphia, numerous electronic access control manufacturers were talking about the CAC and its financial-application sister standard, the mifare card. The CAC could also spin into a states-adopted drivers license; the American Association of Motor Vehicle Administers, for example, is very interested in CAC.
At its microchip heart, the CAC will store a variety of computer-readable data, ranging from name, rank and Social Security number to blood type and benefits eligibility. It could also store value, like a debit card, as well as a biometric and other data for computer access and even encrypted email.
The overall CAC plan replicates consumer credit cards by authenticating identity but goes further thanks to the embedded chip, which itself is partitioned to handle a multiple of application.
The transition has been slow going. The changeover for cards, for example, has a significant cost. The older bar code cards cost about $2.50 per person issued, while the new smart cards cost about $10. There is the cost of new types of readers to accommodate the smart cards as well as the cost on the computer side for databasing and transaction processing. There are the sheer numbers of potential end users. And then there is the challenge related to getting the various branches of the military and defense structure to sign on to the plan.
Current applications often center on online transactions, such as supply contracting and travel authorization.
Door Access AppUpcoming applications include physical access control. Depending on a facility and level of security, for instance, the CAC may combine with a PIN number and biometric, probably a fingerprint, for entrance to a building or office.
Still, the developers of the CAC stress the cards are primarily intended for business applications and not for command and control uses.
Various technology companies are involved in the CAC program. These firms include smart card companies, software companies and systems integrators. SchlumbergerSema, a unit of Schlumberger Ltd., is involved in the smart card and reader end of the program. Electronic Data Systems Corp. works with the Department of Defense (DoD) as a systems integrator on installation, while ActivCard Inc. provides the software for card issuance and use. The DoD uses ActivCard’s open standards-based IDM system, known by the DoD as the “issuance portal,” to initialize, personalize and manage user credentials and applications.
At the time of a CAC card’s issuance, ActivCard’s IDM system consolidates multiple credentials and applications on a single card into the ActivCard applets—special applications designed for smart cards stored in the cards, which are PIN, PKI and
Generic Container (GC). CAC users are then enabled to digitally sign and encrypt/decrypt email, approve electronic purchases, provide user authentication for network access and their demographic data and PKI certificates are stored in the GC. After issuance, ActivCard’s IDM system can add or update applications or information on the CAC card securely, in military locations around the world.
At this point, CACs boast 32 kilobytes of memory and use the Java programming language.
Spreading the WordGovernment agencies other than the military are taking a close look at the CAC program, thanks in part to the aftermath pressure from September 11th.
The Common Access Card is still a work in progress.
Just weeks ago, for example, the Defense Department announced that is adding smart card middleware for Linux systems to its Common Access Card program, expanding capabilities beyond Microsoft Windows platforms for the first time.
The CAC program, at least in part, has also encouraged numerous manufacturers to form alliances and partnerships. Among the most important, Fargo Electronics, Inc., the card printer maker, has an ongoing program that recently welcomed Texas Instruments Radio Frequency Identification Systems, Plastic Card Systems, Inc. and ITC Systems to the Fargo Technology Alliance, a global technology group that promotes effective, advanced smart card solutions.
“The Fargo Technology Alliance now unites 29 smart card solution providers with Fargo’s international and domestic network of distribution partners. With the Alliance members—the very best smart, optical and proximity card application software developers and manufacturers—working together with our global distribution system, Fargo is able to provide a wider range of complete solutions for end users. This generates sales for all companies involved, and builds Fargo’s competitive advantage,” says Gary R. Holland, president and CEO of Fargo.
“The use of advanced technology, such as smart, proximity or optical cards, is creating new opportunities for distributed card personalization systems,” Holland notes. “The U.S. Department of Defense Common Access Card project, which uses over 1,500 Fargo printers, is a prime example of the implementation of this technology.
Texas Instruments Radio Frequency Identification Systems is a leading developer and manufacturer of field-proven (RFID) solutions used in a broad range of applications worldwide. TI RFID Systems’ line of ISO 15693 contactless 13.56 MHz cards and readers brings a new level of security to the access control market with 2,000 bits of memory, faster data transfer speeds, a unique and secure ID and at-the-door read-write programmability.