Information Briefing

1

Overview of the Common Access Card (CAC)
Public Key Infrastructure (PKI)Programproviding
network access, facility access, and personal
identification across the Department of Army
Information Briefing LTC Lehman, Product
Manager, Secure Electronic Transactions - Devices
(SET-D) 703-769-4500 greta.lehman_at_dms.belvoir.army
.mil
2
PM MISSION

• Provide the PKI and CAC technology that
  integrates with the DoD infrastructure to
  identify and authenticate Army soldiers,
  civilians, and specified contractors, allowing
  them to conduct their daily business, with
  integrity, in the unclassified sustaining base
  environment.

3
IMPETUS FOR TRANSFORMATION

21st Century Use of Smart Cards and PKI as
key EC-enabling technologies Increased
interoperability and, Improved security
20th Century Standalone, stovepiped Systems
Paper- based Systems

• Prevalence of network-centric ops
• Increased information vulnerability and
  need for assurance
• Policy Mandates
• The Clinger-Cohen Act
• FY00 Defense Authorization Act
• 10 Nov 1999 Hamre memo (CAC)
• 12 Aug 2000 ASD(C3I) memo (PKI)

Common Access Card and Public Key Infrastructure
are major Defense Department initiatives, and
the first enterprise-wide implementation of smart
cards
4
KEY CHARACTERISTICS

• Joint, DoD directed initiatives
• Mandated by DEPSECDEF
• Service PMs implement technology
• COTS infrastructure tailored to the DoD
• Standard X.509 Certificates
• LDAP Directories
• SmartCards
• Enabling technology
• Not a system, works with existing commercial
  applications
• Requires applications to be PKI enabled to use
  technology

5
SCOPE IMPACT

• By October 2002 1.4 Million CACs will be issued
  worldwide to
• Active Army personnel
• Army Guard and Reserve personnel
• Department of Army Civilian personnel
• Eligible Army Contractors
• The CAC will be required to access all DoD
  networks and to digitally sign electronic mail.
• Future total will reach 2.5 M CACs when issued to
  Family Members and Retirees
• Army fielding tied to DoD schedule
• Mission critical applications will need to
  integrate CAC and PKI technologies.

6
The CAC provides for
Armed Forces of the United States
Personnel Identification Replaces the ID Card
SAMPLE
Army Active Duty
Parker IV, Christopher J.
Rank LTCOL
Pay Grade O5
Issue Date 1999SEP03
Expiration Date 2002SEP01
Geneva Conventions Identification Card
Building Access
Systems Network Accesswith PKI Application
Provides - Digital Signature - Data Encryption
7
PKI SERVICES
Transformation

• Manning
• Deployment
• Sustainment
• Mgmt of Force Programs

TRANSPORTATION
PERSONNEL
LOGISTICS
MEDICAL
FINANCE

• Identification
• Authentication
• Confidentiality

• Data Integrity
• Non- Repudiation

ENCRYPTION DIGITAL SIGNATURE
8
COMMON ACCESS CARD

• A Credit Card-Sized Device That May Hold
• Integrated Circuit Chip (ICC)
• Magnetic Stripe
• Bar Codes
• Photo Identification
• Encryption and Authentication
• Biometrics
• Non-Contact Radio Frequency Transmitter

9
COMMON ACCESS CARD - DRAFT LAYOUT
Armed Forces of the United States

• Integrated Circuit Chip Location
• Army anticipates a 32K Chip.
• PKI Certificates will take 9.9K to 12.9K of the
  Chip.
• Future residual space for other functional and
  service applications.

• Magnetic Stripe
• Proposed use is for building and facility
  Access.
• Navy currently uses one track for ATM access

Army Active Duty
Keane, John M.
SAMPLE
Pay Grade O10
Rank GEN

• Barcode for Functional Applications
• Current Uses Include
• Army Food Management Information System (AFMIS)
  -- 3 sites
• USAREUR (Army/USAF) -- Motor Vehicle
  Registration -- 26 workstations
• USMC Flightline Access Control System -- 8 sites
• USAF Military Immunization Tracking System -- 26
  workstations
• Little Creek Naval Station VOQ/BOQ Check-in -- 1
  site

Issue Date 2000OCT23
Expiration Date 2003OCT22
Geneva Conventions Identification Card
Medical Data Shows the Blood Type and Organ Donor
Status.
SAMPLE
Medical Blood Type O Organ Donor Yes
Barcode for Personnel Data
Geneva Conv. Cat. VI
Date of Birth 19XXJAN00
Social Security Number 000-12-3456
DD Form XXX XXX 2000 Property of
the U.S. Government
10
CAC Beta Test

• Phase I Quantico, VA (October 2000)
• Capability test to allow
• CAC Issuance
• Local Registration Authority issuance of PKI
  Certificates.
• Personnel Identification Functions.
• Phase II - (April to June 2001)
• Test the CAC - PKI Ability to
• Operate in day to day environments.
• Determine the impact on day-to-day operations.

11
PK-ENABLING APPLICATIONS

• Developers Kit
• Available to PK-enable applications
• Developed by DMDC-West
• Configuration Management
• Provide strategic direction and guidance
• Ensure compliance
• Oversight in testing interoperability

12
Challenges

• COTS
• INTEROPERABILITY
• SCHEDULE
• CONFLICTING INTERESTS

13
PM SET-D POC

• LTC Greta Lehman
• PM SET-D
• 2110 Washington Blvd
• Arlington VA 22204
• comm. 703.769.4500
• fax 703.769.7605
• E-mail
• greta.lehman_at_dms.belvoir.army.mil
• Web site
• http//setdweb.belvoir.army.mil