Current Status

1
Information and Technology for Better Decision
Making
US DOD Launch of GlobalPlatform/PIV card
Presented ByLynne PrinceDefense Manpower
Data Center
May 2007
2
On October 27, 2006, DoD Issued its 1st
HSPD-12 Compliant CAC
SAMPLE
3
Federal Interoperability, physical and logical
access, applications gaining momentum
OCT 2006
Start issuing CAC compliant with PIV
TransitionalJAVA 2.2/GP 2.1
10 Millionth CAC issuedJAVA 2.1/ GP 2.01
JUL 2006
JAN 2006
JTF GNO Tasking Order to expedite deployment of
PKI based log-on to UNCLAS networks and web
applications
AUG 2004
HSPD-12 released
AUG 2002
1 Millionth CAC issuedJava 2.1/GP 2.01
Release of GSA Government Smart Card
Interoperability Specification (GSC IS) 1.0
DoD select a Java card Global Platform
AUG 2000
NOV 1999
DEPSECDEF establishment of the Common Access Card
(CAC)
JUN 1999
Secretary of Navy certifies the successful
outfitting of 2 Carrier Battle Groups and ARGs
with smart card technology
APR 1999
DEPSECDEF assignment of Program Office
Responsibilities for the DoD PKI
Growth of DoD Identity Management
4
What is the Standard?
5
HSPD-12 Challenges for the US Federal Government

• Intent of FIPS 201 is positive
• Standardizes identity proofing and registration
• Promotes standards for interoperable objects
• Contactless
• Photograph
• Biometrics
• Card Edge
• Interoperability within the Federal Government
  still in infancy
• Limited number of commercial products meet
  standard
• Levies a certification on vendor community
• Gaps between mandatory and optional objects in
  data model
• DoD CAC program migrating to new Standard
• Legacy card population and infrastructure
• Reverse engineer CAC to be PIV II compliant
• Forces changes sooner than DoD had anticipated

6
(No Transcript)
7
Impact on DoD Issuance and Usage
Ten print bio 1 many bio Initiate
NACI Complete NAC
VO training Breeder docs Hard copy
CA interfaces IP software Key management PKI
Keys CHUID Security Object Biometric Template
FIPS certification Card topology Add customized
fields Add contactless interface
Accreditation C A Privacy Policy Vetting
Policy Security Policy
Vetting
Registration
Card Technology
Issuance Post Issuance
Policy
Issuance
Usage
Authentication
Physical Access
Registration
Logical Access
Authenticate card Cardholder And
Credentials PKI Back end Transactions
Readers Local access system
Middleware changes Local authorization
Transactions
8
DoD Steps to PIV Compliance
PIV
Topology Security
PKI
Biometrics
GlobalPlatform
APDU Calls
Java Card
Data Model
Platform Structure
Identity Proofing Vetting
9
CAC Topology Changes
SAMPLE
CAC TOMORROW
CAC TODAY
10
Security Options

• Fine Line Guilloche Printing
• Ultra Violet Images
• Gradient Micro-Printing
• Holographic Magnetic Stripe
• Color Shifting Ink

October
September
SAMPLE
Gradient Micro-printing
Holographic Magnetic Stripe
Color Shifting Ink
SAMPLE
Guilloche
Ultra Violet
11
CAC Transitional Implementation
DoD CAC CAC Applets PIV
Applets
Access Control Applet PIN, Secure
Channel, External Authority
CCC
Dual Interface Infrastructure
CAC ID
CAC Sign
CAC Encrypt
CAC Prsnl
CAC Prsn
OP Domain API
GlobalPlatform 2.1
JavaCard Runtime 2.2
Please refer to notes for further explanation
Please refer to notes for more information
12
CAC End State Implementation
DoD CAC CAC Applets
PIV Applets
Access Control Applet PIN, Secure
Channel, External Authority
CCC
Dual Interface Infrastructure
CAC ID
CAC Sign
CAC Encrypt
CAC Prsnl
CAC Prsn
OP Domain API
GlobalPlatform 2.2
JavaCard Runtime 2.2
Please refer to notes for further explanation
Please refer to notes for more information
13
Vision for the Future CAC

SAMPLE

• GP Features
• Security domains
• Directory Access Protocol (DAP)
• Secure Messaging

• New Apps
• E-Purse
• ICAO
• Secure Contactless

FUTURE

14
Future CAC Implementation
DoD CAC CAC Applets
PIV Applets
Access Control Applet PIN, Secure
Channel, External Authority
CCC
PIV End State
Dual Interface Infrastructure
CAC ID
CAC Sign
CAC Encrypt
CAC Prsnl
CAC Prsn
OP Domain API
Local Pin
GlobalPlatform 2.2
JavaCard Runtime 2.2
Please refer to notes for further explanation
Please refer to notes for more information
15
Summary

• Met HSPD-12 compliance as defined in approved
  DoD Implementation Plan
• Next Generation CACs (PIV transitional compliant)
  is being phased in over the next 12 months
• Enhanced Security
• Promotes physical and logical interoperability
• Continue to make progress toward future
  initiatives with CAC and GlobalPlatform

Progress today provides assurance for tomorrow
16
Lynne PrinceAccess Card OfficeDefense Manpower
Data CenterFor more information please
visitwww.dmdc.osd.mil/smartcard
17
HSPD-12 Challenges for the DoD

• Large installed infrastructure base
• Monitoring transition progress for project of
  this magnitude
• Backward compatibility requirements
• Maintain open communication and accountability of
  stakeholders
• Maintain DoD security but enhance with HSPD-12
• Optimize identity authentication

18
HSPD-12 The President Said

• Mandatory
• Government-wide
• Secure/Reliable forms of identification
• Issued by Federal government
• Issued to employees and contractors

Please see notes for more explanation