DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Similar documents
GLOBALPLATFORM CASE STUDY. Overview. Development of the Solution. The Standard for Smart Card Infrastructure

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Strategies for the Implementation of PIV I Secure Identity Credentials

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Helping Meet the OMB Directive

FiXs - Federated and Secure Identity Management in Operation

Secure Government Computing Initiatives & SecureZIP

Federated Access. Identity & Privacy Protection

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Single Secure Credential to Access Facilities and IT Resources

US Federal PKI Bridge. Ram Banerjee VP Vertical Markets

Cryptologic and Cyber Systems Division

Dissecting NIST Digital Identity Guidelines

Keith Ward Northrop Grumman IT Smart Card Security Solutions June 04, 2002

Smart Cards & Credentialing in the Federal Government

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Put Identity at the Heart of Security

Strong Authentication for Physical Access using Mobile Devices

HID goid Mobile ID Solution

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

Certification Authority

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

Trust Services for Electronic Transactions

ECA Trusted Agent Handbook

Interagency Advisory Board Meeting Agenda, February 2, 2009

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Biometrics. Overview of Authentication

No More Excuses: Feds Need to Lead with Strong Authentication!

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

HID goid Mobile ID Solution

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

DoD Identity & Access Management (IdAM) Portfolio Overview

Solution. Imagine... a New World of Authentication.

FPKIPA CPWG Antecedent, In-Person Task Group

Overview of cryptovision's eid Product Offering. Presentation & Demo

TWIC Transportation Worker Identification Credential. Overview

Leveraging HSPD-12 to Meet E-authentication E

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Services Directorate Dual Persona User Guide for DoD Enterprise Portal Service Military Sealift Command Version September 8, 2016

About MagTek. PIN Entry & Management

Adobe Sign and 21 CFR Part 11

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

GLOBAL PKI TRENDS STUDY

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

Leveraging the LincPass in USDA

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Version 3.4 December 01,

Mobile: Purely a Powerful Platform; Or Panacea?

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Physical Access End-to-End Security

Intra-ASEAN Secure Transactions Framework. Pitinan Kooarmornpatana Director of IT Infrastructure Office of ETDA Jun 2015

Using the Prototype TWIC for Access A System Integrator Perspective

TWIC / CAC Wiegand 58 bit format

Authentication Technology for a Smart eid Infrastructure.

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

PKI Credentialing Handbook

Mobile Driver s License Region IV May 24, 2017 Seattle, WA

eid Applications Cross Border Authentication

hidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL

Higher Education PKI Initiatives

Axway Validation Authority Suite

CPET 581 E-Commerce & Business Technologies. References

The Benefits of EPCS Beyond Compliance August 15, 2016

CISCO SHIELDED OPTICAL NETWORKING

The Open Protocol for Access Control Identification and Ticketing with PrivacY

TWIC Readers What to Expect

cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Base Access. Smart Identity Card Program. November 16, Jay Orgeron. BISA Program Manager

Java Card Technology-based Corporate Card Solutions

Measuring Authentication: NIST and Vectors of Trust

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

New Paradigms of Digital Identity:

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

1. Federation Participant Information DRAFT

Singapore s National Digital Identity (NDI):

Interagency Advisory Board Meeting Agenda, February 2, 2009

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

State of the Industry and Councils Reports. Access Control Council

Verizon Software Defined Perimeter (SDP).

Trusted Computing Group

Digital Identity Trends in Banking

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Symantec To Acquire VeriSign s Identity and Authentication Business. May 19, 2010

Network Security Essentials

Credentialing Project Technical Architecture

Canadian Access Federation: Trust Assertion Document (TAD)

CERN Certification Authority

2016 Global Identity Summit Pre-Conference Paper Biometric Interoperability 2021

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

National Transportation Worker ID Card (TWIC) Credentialing Direct Action Group Functional Requirements DRAFT

Transcription:

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics IDENTITY Mary Dixon February 12, 2003 1

A Short Review and Update 2

DoD is issuing 4 million smart cards to: Active Duty Military Selected Reserve/National Guard DoD civilian employees DoD contractors inside the firewall To provide the ENABLERS to support: E-Commerce (non-repudiation via PKI) Improve and Re-engineer Business Processes Improve and Re-engineer Physical Security Reengineer Logical and Network Access 3

Initial (1999) Requirement Converged Three Separate Initiatives Smart Card Pilot Studies Business Process Re-engineering No $ Common Access Card (CAC) E-Business Non-repudiation for digital signatures PKI Hardware token Secure network log-on Common Access Card (CAC) 4

Common Access Card (CAC) Status of Convergence Today 1.75 Million Cards Issued 9-12 thousand cards being issued per day Piloting Contactless Technologies (14443A) Photograph U.S. Navy Active Last name First name, Initial Pay Grade Chip Armed Forces of the United States Rank Issue Date Expiration Date Geneva Conventions Identification Card 150,000+ workstations with logical access/log-on 1300 issuance workstations Issuing in 15+ countries worldwide Applications: Food Service Manifesting PKI Signing PKI Encrypt BETA Testing: Remote Update & Card Maintenance via Web Smart Card Standards GSA NIST ISO/ANSI FEDERAL 5

CAC Implementation Timeline FY01 FY02 FY03 FY04 Planning /Development Upgrade existing issuing Infrastructure Issue cards Field readers / middleware Contactless Pilots and Decisions Add biometrics to card 6

New Developments 7

The Real Issue Shifting Paradigms Identity NOT Technology 8

Case for a New Paradigm The world has changed - Identity theft is an emerging problem - identified as fastest growing white collar crime Credentialing has not recognized new realities - fakes are everywhere with both wholesale and retail options Political as well as financial motivations - no longer benign rite of passage What s at stake is huge - identity is key to financial systems and logical and physical access to corporate/government assets 9

Case for a New Paradigm How much progress have we made? Credentials in DoD have not kept pace More similarities than differences New card computer generated - only an advantage if that power is used to authenticate the individual 10

Issuance: Strong Identity Proofing Paper credentials w/1-2 picture NOT SUFFICIENT Check presence in PDR Verify biometric Person Data Repository PDR What do I know: All civilians go through National Agency Check (NAC) before hiring All military go through NAC/background checks before being sworn in All contractors on our networks go through NAC before given access 12 personnel databases 11

Usage Token binds the confirmed identity to the digital credentials Authenticate and sign 12

Biometrics on the Token can raise the bar Optional methods Store on: Matched on: A. Server B. Workstation C. CAC D. CAC Server Workstation Server CAC Evaluating multiple options and uses Biometric in lieu of PIN (probably not) Biometric with contactless chip Potential CAC applications using biometric 13

Case for a New Paradigm Biometrics have an important role... Early recognition of the importance of biometrics - but how easy is it to use as identity authentication? - many biometric solutions today are not much more accessible 14

Case for a New Paradigm Credit card industry has long recognized the issue: 1960 s - The card looks good - use the embosser 1970 s - I need to get authorization for this purchase - central system verification Present - all transactions authenticated - network based always on connection to central system Physical Access is at the 1960 s stage - it looks like a good card 15

Case for a New Paradigm Summary Photograph Parker IV, Christopher J. Armed Forces of the United States Organization Seal U.S. Navy DoD Civilian Fakes are a big problem DoD has high risk assets Existing technology not used Physical Security solutions have not kept pace with technology Biometrics are collected enterprise wide but not used for physical access Issue Date Chip September 30 2001 Expiration Date October 1 2001 Identification Card These are the issues BIDS addresses 16

Biometric Identification System (BIDS) Application of the Paradigm Identity management and force protection system: Uses Existing DoD Issued Identification Credentials Issues badges for other individuals (visitors/vendors) Covers a building, an installation, or an entire theater of operations Contains person information, digital photo, digital fingerprint, motor vehicle info, and privately owned weapons info Configurable by force protection level and local business rules 17

BIDS, Fully Deployed and Operational in Korea Theater-wide Implementation 150K registrations 90K active YONGSAN AG CP RED CLOUD CP STANLEY CP HOWZE CP HOVEY US Embassy, Seoul Hannam Village, Seoul CP CASEY CP MOBILE SEOUL CP JACKSON CP PAGE CP LONG CP EAGLE OSAN AB CP CARROLL CP HUMPHREYS KUNSAN AB CP HENRY Pass & ID = 37 TAEGU CP WALKER CP GEORGE Law Enforcement = 15 Visitor Centers = 24 Gates = 48 KWANG JU PUSAN CHINHAE NB CP HIALEAH 18

BIDS, Other Locations US Army Europe Defense Language Institute (Monterey, CA) US Forces Japan Biometrics Fusion Center (Bridgeport, WV) 19

DCIS Pilot Defense Cross-credential Identification System DoD can strongly identify it s core members via the DoD Personnel Data Repository (ID+Biometric) DoD does not have a chain of trust for outside members EX: Contractors or Delivery and Repair Personnel Need for a federated system to identify and assign privilege to personnel but maintain privacy Raise the bar on security while making access easier for companies and employees 20

DOD DOD Personnel Personnel & Identity DCIS CONCEPT Certificate Authority COMMERCIAL ENTITIES Company A Employees Company B Employees DoD ID CARD Verification Verification Verification Company Registry (A/B) DoD Cross Credential System/Server Internet Node DoD Access Control DoD Gate Access Vendor A Gate Access Vendor B Bldg Access If Internet Access is available, any access point can receive a digitally signed (by the US Govt), certificate containing identity, status, photo, privilege, etc 21

Common Access Card (CAC) Future Convergence-Beyond DoD? Other Federal Agencies considering Smart Card issuance Federal Contactless (14443A) Standard Proposal Via NIST Photograph U.S. Navy Active Last name First name, Initial Pay Grade Chip Armed Forces of the United States Rank Issue Date Expiration Date Geneva Conventions Identification Card Emphasis on IDENTITY SECURE TOKENS BIOMETRICS MACHINE READABLE Federal Agencies Working Common Standards CHANGING PARADIGMS What is ENTERPRISE? Department or the Federal Government? Smart Card Standards GSA NIST ISO/ANSI FEDERAL WE ARE A FEDERAL COMMUNITY What common processes can we share? 22

What are the Weak Links? Standards Smart Cards Physical Access Interoperability Standards Policies for reciprocity of credentials Emphasis on Identity = Bridge 23

DoD Strategy Standards Embrace standards where they exist and stretch requirements so that standards work for the application Adopt industry best practices as defacto standards ex: Global Platform & Javacard Publish specifications and distribute freely ex: the card edge specifications for our applets Develop interfaces that are provided to anyone interested in developing or adapting applications to work with our card system ex: Basic Services Interface (BSI) 24

Interoperability Most interoperable solution in industry Requires commercial involvement Good partner relationships a necessity CAC Goal: any operating system, any card, any reader 25

Physical Access Dept. of Interior (DOI) is taking the lead Agencies learning from/working with each other with interoperability as the focus across the entire government enterprise Reviewing contactless technologies 26

Summary: Where Are We Going? DoD Complete rollout of cards and infrastructure Continue to improve w/technology Shift focus to usage Physical access Logical access e-business initiatives Federal Govt Common policy on identity proofing Interoperability Physical access 27

Questions? Mary Dixon (703) 696-7396 dixonmm@osd.pentagon.mil 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback