The Defense Information Systems Agency is working on a series of pilot programs that would allow the military and its contractors to confirm an employee’s identity, in part, by taking advantage of the sensors built into their phone, tablet or other device.
The new identification method would be available — and potentially even standard — in commercially available devices and could quickly replace the need for common access cards in some cases. Those cards are used to grant physical and digital access to military properties.
But as more workers rely on mobile devices for their day-to-day tasks, the standard issue identity card becomes less useful. For years, DISA leaders have said transitioning away from that card and to a new technology is one of the agency’s top priorities. Newer technology would promote greater mobility among the workforce and add a layer of security in identity management.
“We have to move away from the CAC as a form factor,“ Steve Wallace, a technical director at DISA, said during a media roundtable May 16.
The CAC card “doesn’t plug into this thing,” he said, holding up his phone. “It doesn’t plug into tablets.”
The new identification process, which would make use of how an employee carries his or her phone and the gyroscopes inside, could begin to show up at DoD agencies within a year or two, Wallace said.
In the fall, the agency plans to distribute 75 devices with the new technology.
Wallace said DISA faces two problems in solving problems of identity management. The first is having a user prove their identity to a device. The second is having that device prove its identity to the network. But by using hardware built into the devices, DISA may be able to help solve the problem and have users continuously prove their identity to the system.
Hardware and handset manufacturers would help work with the agency to ensure the technology worked as expected.