Department of Defense Biometrics Management Office1
Department of Defense (DoD) Common Access Card (CAC)
and Biometrics Integration (CBI) Overview
http://www.biometrics.dod.milPhone: (703) 604-2096
Fax: (703) 604-3031DSN: 761-2096
Min ChongISS Program ManagerDepartment of Defense Biometrics Management [email protected]
Spring 2004 ADP IT and Acquisition Training Conference27-29 April 2004
Department of Defense Biometrics Management Office2
To provide an overview of the CAC-Biometric Working Group (CAC-BWG) efforts in pursuing the inclusion of biometrics technology with the CAC
Purpose
Department of Defense Biometrics Management Office3
Agenda
1. Background
2. CAC-Biometrics Technology Demonstrations
3. Road Ahead
Department of Defense Biometrics Management Office4
Biometrics
Biometrics is the automated recognition
of a person using distinguishing characteristics
1. Background
Department of Defense Biometrics Management Office5
Biometrics and DoD
Changes in today’s military… Global operations Distributed working & warfighting scenarios Increased reliance on information technology Dependence on extensive electronic situational awareness in the battle space
…require a paradigm shift in identity assurance. Connect identity to biometrics Link actions with identity Employ a “human-centric” approach
Department of Defense Biometrics Management Office6
Biometrics Addresses the Gap
Claimed Identity “Official” Documents Tokens & Keys PINs & Passwords
Status Quo
100% Identity Management Biometrics Enterprise Solution
Objective
Deficiencies in Identity Authentication Access Control
The Gap
Department of Defense Biometrics Management Office7
Personnel IdentificationReplaces the “ID” CardPersonnel IdentificationReplaces the “ID” Card
Building AccessBuilding Access
Systems & Network Accesswith PKI Application Provides:
- Digital Signature- Data Encryption
Systems & Network Accesswith PKI Application Provides:
- Digital Signature- Data Encryption
Issue Date1999SEP03
Geneva Conventions Identification Card
Army Active Duty
Parker IV,Christopher J.
RankLTCOL
Pay GradeO5
Expiration Date2002SEP01
Armed Forcesof the
United StatesSAMPLE
Common Access Card
CAC is a Smart Card that serves as…CAC is a Smart Card that serves as…
Department of Defense Biometrics Management Office8
1. Coordinate and analyze requirements for CAC-Biometrics.
2. Seek commonality and interoperability in applications.
3. Assist combatant commands, Services, Agencies, and Functional Community Panels. 4. Evaluate biometrics alternatives.
5. Develop and recommend a CAC-Biometrics integration solution.
6. Recommend related CAC-biometrics hardware and software.7. Recommend related CAC-biometrics policy and legal Issues.
8. Develop the business case.9. Develop the roadmap for successful integration of biometrics with the CAC.
“CAC-BWG Objectives”Smart Card Senior Coordinating Group (SCSCG) Establishes
the CAC-Biometrics Working Group (CAC-BWG) Identity Management Senior Coordinating Group
(26 Sept 2001)
Department of Defense Biometrics Management Office9
The strategy to achieve a DoD Enterprise CAC-Biometrics solution is a two-phased approach– Phase I: Technology Demonstrations– Phase II: Demonstrate suitable Enterprise Solution
The three Technology Demonstration Concepts are:
1. CAC-A: Biometrics/PIN
2. CAC-B: Template on CAC Application
3. CAC-C: Contactless with CAC
Inclusion of Biometrics Technology
2. CAC-Biometrics TD
Department of Defense Biometrics Management Office10
Four scenario proof-of-concept:1. Store on Server-Match on Server
2. Store on PC-Match on PC
3. Store on CAC-Match on server
4. Store on CAC-Match on CAC
Phase I of CAC-A has two distinct parts:– Part 1: develop biometrics
solutions– Part 2: DMDC develops an
applet (“Access Control Applet”) that supports a generic PIN/key solution
Technology Demonstration CAC-A (Biometric/PIN)
RankLTC
Armed Forces of the United States
Army Active Duty
Parker IV,Christopher J.
SAMPLEPay GradeO5
Issue Date1999SEP03
PIN
Access to CAC
CAC-A
Biometrics as an Alternative to the
PIN
Department of Defense Biometrics Management Office11
Access the CAC
Next Generation CAC– 64k smart cards– Contactless capability
(TBD)– Version 2 Applet– Utilizes the Access Control
Applet (ACA)– Set Access Control Rules
to access the CAC Current Status– Version 1 Applet– Must utilize the PIN – Users often forget their PIN– Interim CAC PIN Reset
(CPR) Solution
Issue Date1999SEP03
Geneva Conventions Identification Card
Army Active DutyParker IV,
Christopher J.RankLTCOL
Pay GradeO5
Expiration Date2002SEP01
Armed Forcesof the
United States
SAMPLE
Integrated Circuit Chip
(ICC)
Department of Defense Biometrics Management Office12
CAC-B is a follow on effort from CAC-A Scenario 3
CAC-B focuses on placing the Biometric Attribute Certificate on the CAC– Logical Access
1. Log on to Windows 20002. Secure Website
– Physical Access1. CAC + Biometric2. Biometric + PIN
Technology Demonstration CAC-B (Template on CAC Application)
RankLTC
Armed Forces of the United States
Army Active Duty
Parker IV,Christopher J.
SAMPLEPay GradeO5
Issue Date1999SEP03
BiometricOn CAC
CAC-B
LogicalPhysical
The CAC as a carrier for the
Biometrics
Department of Defense Biometrics Management Office13
CAC-C focuses on three biometrics contactless solution:– Physical Access System– Portable Physical Access
System– Physical Access System that
uses a turnstile Provide an interoperable
contactless physical security solution
Evaluation in progress
Technology Demonstration CAC-C (Contactless with CAC)
RankLTC
Armed Forces of the United States
Army Active Duty
Parker IV,Christopher J.
SAMPLEPay GradeO5
Issue Date1999SEP03
Contactless
CAC-CMifare and DESFire
Contactless Technology
Department of Defense Biometrics Management Office14
Proposed CAC-A /B Phase II Efforts
Merge CAC-A and CAC-B into one Phase II effort
CAC-A/B Phase II effort is a two parts process:
– Part 1: Concept Refinement
– Part 2: Technology Development
3. Road Ahead
Department of Defense Biometrics Management Office15
Part 1: Concept Refinement
Focus the scope and evaluate two distinct capabilities– Store Biometrics on Card and perform Match-On-Card
Capability – Store Biometrics on Card and perform Match-Off-Card
Capability
Coordinate the Match-On-Card development effort between the CAC-BWG and the DMDC-West
Conduct further analysis and study to determine the optimal capability for DoD
Department of Defense Biometrics Management Office16
Part 2: Technology Development
Leverage the results and lessons learned from the CAC-Biometrics Phase I efforts
Develop prototype capability that reflects the optimized CAC-Biometrics solution for DoD– Identify operational and security requirements– Demonstrate the business process and systems
architecture– Recommend appropriate standards
Department of Defense Biometrics Management Office17
Summary
Biometrics on or with the CAC may open the door to enterprise use of biometrics throughout the DoD
The use of CAC with the biometrics authentication capability is vital to achieving a secure Information Assurance posture for the Defense Information Infrastructure
Department of Defense Biometrics Management Office18
Questions ?Questions ?
Department of Defense Biometrics Management Office19
Department of Defense Biometrics Management Office
Biometrics Fusion Center
http://www.biometrics.dod.mil/
BFC Help Desk:(304) 842-0730 x 2233