--- begin forwarded text From: "Dan S" <[EMAIL PROTECTED]> To: "isml" <[EMAIL PROTECTED]> Subject: IP: Pentagon gets 'smart' Date: Tue, 21 Sep 1999 22:47:07 -0400 Sender: [EMAIL PROTECTED] Reply-To: "Dan S" <[EMAIL PROTECTED]> >From CNN, http://cnn.com/TECH/computing/9909/21/pentagon.smart.card.idg/index.html - Pentagon gets 'smart' September 21, 1999 Web posted at: 12:31 p.m. EDT (1631 GMT) by Ellen Messmer From... (IDG) -- The U.S. military says it will phase out plastic identification cards in favor of a chip-based multi-application smart card that about 800,000 personnel will carry. The Defense Department smart card will hold digital certificates that will allow the holder to sign and encrypt documents or purchase orders, and will be the means to access networks managed by the Army, Navy, Air Force and Marines. This smart card ID will also eventually be the key used to physically enter restricted buildings. Corporations are bound to follow the Defense Department's smart card lead, particularly contractors that share access to government networks. Civilian employees working for the military may soon begin using the smart cards, too. For three years, the U.S. military has conducted operational testing of smart cards for network access, as well as for storing medical information and for use as digital cash. Now the Pentagon, which sets technical strategy for the armed forces, is aiming to achieve what is probably the largest smart card rollout in history. The Defense Department considers the rollout an important part of its commitment to fully adopt electronic commerce. Desktops will need a card reader into which users will insert their smart cards, which will contain digital certificates and applications such as Novell NetWare log-on scripts. While the cards provide an extra measure of security and portability, passwords will still be necessary to use the digital certificates. Those certificates also let the user digitally "sign" or encrypt applications. In addition, the Pentagon wants this smart card to be so intelligent that it can let its holder into a restricted building. The General Services Administration has been given the task of defining a government standard for the card. "We want the smart card ID card to also support building access," says Marv Langston, deputy assistant secretary of defense. "This one common card will also be for standard access to the network." One factor driving the conversion from plastic IDs to crypto-based smart cards is the fact that the Internet has made it easy to get fake military IDs. "We cannot trust the ID card anymore," says Rob Brandewie, deputy director of the Defense Manpower Data Center West in Monterrey, Calif., which maintains an Oracle database, servers and mainframes to keep track of more than 250,000 personnel changes every day. "At a site called fakeid.com, for instance, you can get military ID cards for about $75." The formidable job of converting from plastic IDs to smart cards - expected to be formally announced this week by the Defense Department's top gun on technology issues, Deputy Secretary of Defense John Hamre - has already quietly begun. The Defense Manpower Data Center provides remote access to the proprietary client-based Real-Time Automated Personnel ID System (RAPIDS), which each year churns out three million plastic ID cards, which double as passports for soldiers. RAPIDS interfaces with the Defense Enrollment Eligibility Reporting Systems (DEERS), a database that tracks 13 million current and retired personnel globally in terms of their location and benefits eligibility. Brandewie says his data center has demonstrated it can take the information from existing systems and use it to issue smart card IDs instead of the plastic ones. The DEERS database is also being used to store each military employee's fingerprint as a 500-byte compressed image. This fingerprint will go on the smart card ID as the biometric for fingerprint-based authentication in the future. The idea is that no one will get a digital certificate for their smart card until they can prove their identity by passing a network-based ID check based on fingerprint biometrics. The smart card - whether from GemPlus, Schlumberger or other vendors - has become a commodity, says Martha Neal, deputy director of the Defense Department's smart card technology office. "They're $3 apiece now, down from $5 a year ago," Neal says, adding that storing multiple applications on the cards is the way to hold down costs. The Defense Department will now establish what it calls the Configuration Management Control Board, which will define the smart card's memory and application specification and a Web-based certificate authority - a huge technical challenge. Public-key infrastructure products from Netscape, called iPlanet, are licensed to the Defense Department and will be tested at the Defense Manpower Data Center next month for issuing digital certificates on smart cards. There is an expectation that smart card IDs that can store a soldier's military records will reduce the paperwork load because networked applications will be able to upload the soldier's ID and download new information related to training or credentials. Col. Greg Miller, who works at the Air Expeditionary Force Battle Lab at Mountain Home Air Force base in Idaho, hopes "the hand-carried smart card will offer the benefit of one-time data entry." Barbara Straw, director of dispersing at the Naval Systems Command Supply, assisted in a pilot project on the USS Yorktown, which got ATM-like machines to dispense digital cash directly into a sailor's smart card in place of paper money. The digital cash is used on board to buy items in the closed world of the carrier at sea. Straw says she would like to see a standardized "electronic cash purse application" on the military smart card, too. -- Dan S ********************************************** To subscribe or unsubscribe, email: [EMAIL PROTECTED] with the message: (un)subscribe ignition-point email@address ********************************************** <www.telepath.com/believer> ********************************************** --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
