Home' Defense Systems : July and August 2014 Contents DefenseSystems.com | JULY/AUGUST 2014 15
it s especially inconvenient for soldiers
in the eld.
So what does the future hold for mo-
bile authentication? Here are three tech-
nologies that could come into play.
1. Derived credentials.
e basic idea here is to take, or derive, the
credentials on the chip inside a CAC---
which contains a PIN, a digital certi cate
and biometric data---and put them on a
hardware or so ware token that goes in-
side an approved smartphone or tablet.
e National Institute of Standards and
Technology earlier this year released a
dra special publication detailing new
guidelines for using derived credentials
with Personal Identity Veri cation cards,
the civilian agency equivalent of CACs (in
April, DOD announced it was switching
to NIST security standards). And DISA
has piloted a small program using derived
credentials on tokens within DOD s pub-
Using this "di erent type of token
greatly improves the usability of elec-
tronic authentication from mobile de-
vices to remote IT resources," NIST said
in the guidance. In March, then-DOD
CIO Teri Takai said suggested derived
credentials could be the way to go,
though using them could require new
identity management procedures---for
one thing, current regulations require
that a credential be separate from the
device it s authenticating.
And derived credentials, like any
other CAC alternative, would have to
be compatible with the Defense Enroll-
ment Eligibility Reporting System, the
database used by the Defense Manpow-
er Data Center to manage the identities
of about 42 million people.
DOD added biometrics, in the form of
a digital photo and two index nger-
prints, to CACs in 2007. Last year, NIST
laid out a speci cation for using iris
scans as well.
Biometrics, of course, o er a unique
identi er that always stays with a per-
son and provides solid proof that the
user is who he says he is. Although n-
gerprints, iris scans or other identi ers
could constitute an alternative to CACs,
DOD has generally looked at biometrics
as an opportunity for a third authenti-
cation factor, adding "who you are" to
"what you have" (token) and "what you
know" (password). However, in its most
recent Strategic Plan, DISA suggested
that biometrics could replace CACs.
3. Near eld communications.
NFC isn t an alternative to a CAC but
an alternate way of transmitting derived
credentials or biometric data. e tech-
nology, which allows two devices to ex-
change data when touching or in close
proximity, is touted as the next wave
in transactions, replacing credit cards,
transit cards and event tickets by put-
ting those functions on your phone. Tap
a phone to a contactless terminal and
the transaction is done.
NFC is a low-power, short-range
technology that already exists on newer
smartphones. With derived credentials,
it could replace the way building access
is handled, for example. And down the
road, it could dovetail with federal plans
for CACs and PIV cards to be used as
credit or transit cards. Transit authori-
ties in Washington, D.C., and Philadel-
phia, for example, are adding PIV-In-
teroperable cards to their systems, and
DOD and the Transportation Security
Agency are developing a pilot to use the
cards to get through airport security.
e next step could be moving those
functions to a phone.
If the commercial world does move to
a phone-centric environment, govern-
ment and the military will likely follow
eventually. A er all, one of DOD s goals
is to give personnel the technology ex-
perience they ve become familiar with
in their private lives.
But security will have to come rst.
One thing about putting all those func-
tion on a device is the potential single
point of failure it creates. at will
make DISA s job of remote manage-
ment---from security and con gura-
tion to wiping data from a phone that is
lost or stolen---paramount. For users, it
also makes everything dependent on a
charged battery, a smaller but perhaps
not insigni cant concern, and some-
thing they don t have to worry about
with a CAC. ■
As smartphones become
more common on military
Links Archive September and October 2014 May and June 2014 Navigation Previous Page Next Page