Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 02/09/04 issue

Common Access Card ready for update

By Joab Jackson, GCN Staff

Now that the Defense Department is issuing the last of its first-generation Common Access Cards, the inevitable upgrade cycle is under way.

Mary Dixon, director of the Common Access Card Office at the Defense Manpower Data Center, said the second-generation smart cards may be ready as early as this fall for new entrants and replacement of lost, stolen or worn-out cards.

The cards will have expanded memory and the ability to work with biometric software. They might also be contactless—acting when held near a reader, rather than passing physically through the reader.

So far, the CAC program has issued more than 3.8 million of an estimated 4.5 million cards. With about 12,000 to 15,000 going out each day, the initial round of deliveries should be done by March, Dixon said.

She estimated that the military services have installed up to 2 million PC readers for users to digitally sign e-mail and documents and submit passwords for applications and Web portals. The cards also serve as identification at facilities such as dining halls.

SCM Microsystems Inc. of Fremont, Calif., has delivered 1.5 million card readers to the program, said Jason Schouw, vice president and general manager of American sales.

Both hardware and software upgrades are under consideration, Dixon said. On the hardware side, the office wants cards with 64K of electrically erasable, programmable read-only memory. The cards now have only 32K.

Next summer, the office will seek final approval from DOD’s Smart Card Senior Coordinating Group to purchase new cards, Dixon said. The extra memory could be used for public-key infrastructure certificates or for storing revoked encryption certificates a user might still need. Another proposal is to store digital photographs of the card-holders.

“That would be another way to counteract the threat of somebody counterfeiting the card,” Dixon said.

Last summer, the National Institute of Standards and Technology issued the governmentwide Smart Card Interoperability Specification Version 2.1 for contactless cards. But, despite the standard, Dixon said her office still has “some concerns about using contactless cards for physical access.”