Battle-tested tech: security and data mining

The wars in Afghanistan and Iraq have been a proving ground for the deployment of security technology, allowing the military to push the boundaries of technologies created for the enterprise. The Department of Defense is now a hothouse of activity as it focuses on a massive smart-card deployment aiming to issue 4.3 million cards in the coming months. At the same time, the department's TIA (Terrorism Information Awareness) project is bringing together scores of research and commercial companies to develop new collaborative privacy and security applications.

Smart cards get smarter

The Defense Department's ambitious CAS (Common Access Card) project started in small pilot programs in 2000. In one such program in Hawaii, the Army successfully tested the cards for deployment readiness by having soldiers insert the card into a reader, which verified personal, medical, and financial records. CAS's relevance in a time of heightened security has focused industrywide attention on what has become the largest smart-card implementation of its kind.

Using existing smart-card infrastructure, the cards were made available at 90 sites, says Mary Dixon, director of the Defense Department's Access Card Office, an Army office charged with spearheading the smart-card program. The cards became the basis for an integrated authentication and access device that incorporated a PKI (Public Key Infrastructure) system for digital certificates to verify and authenticate the user for business transactions and email use.

The cards include a chip with 32K of memory and open standards based on Sun's Java Card to encourage multiple vendors and users. Java programmable, multiapplication smart cards can be configured to provide additional complex services beyond the PKI application. Bar codes and magnetic stripes were included to take advantage of legacy systems.

Previously segregated databases that organized military groups were unified, and systems were designed to determine levels of access for users. The project integrated the department's Defense Manpower Data Center database system, which holds more than 23 million records, into two redundant Sun ONE/Oracle powered datacenters, putting together an enormous database that can deal with more than 1.3 million queries and more than 250,000 updates a day.

The cards use a government interoperability standard that allows multiple vendors to provide card readers, software, and middleware. Data is being unified from more than 75 disconnected military systems worldwide.

Mobilization for Iraq pushed the Defense Department to roll out the smart card quickly, Dixon says. "We had to issue a lot of cards in a very short period of time."

As a battlefield identity device, the card appears to have passed with flying colors, experts say. Every soldier mobilized for the war received a smart card with PKI capability that authorized them to receive weapons, detailed their financial and medical records, and recorded their transportation routines for logistical purposes. At the highest security levels, battlefield leaders used the cards to access encrypted email and communications within secure networks, saysNeville Pattinson, Schlumberger director of business development and technology for smart ID cards.