Army Futures Command has entered the long-fought battle to modernize the Defense Department’s identity and access management system, saying it’s developing a product that would let soldiers log in from the battlefield with wearable tokens replacing the CAC cards currently used.
The tokens, which could be worn like a watch or sewn into a sleeve, would give solders a way to connect when plugging in a smartcard to access a network is not an option. In concept, the devices could prompt a login when a solider approaches a system.
The DOD primarily uses a credit card-sized device called the Common Access Card (CAC), a system that the Pentagon has long wanted to replace. The wearable tokens could integrate beyond just computers and servers, offering credentialed access to weapons systems and handheld devices.
“Soldiers should not have to take out a smartcard, insert it into a card reader and then remember to remove the card from the reader when they are done,” Ogedi Okwudishu, project lead for the Tactical Identity and Access Management program, said in a news release.
This is not the first attempt at changing the common access card. Last year, a New York-based artificial intelligence startup signed an other transaction agreement with the Defense Information Systems Agency to explore new options for identity, credentialing and access management. The company’s “deep learning” tools could be used to develop “continuous multifactor authentication,” according to the company’s limited-info release about the contract.
Before that, top DOD officials had pledged to replace the CAC card on timelines that have long since passed. Last fall, however, DOD CIO Dana Deasy said: “the CAC will remain the department’s principal authenticator for the foreseeable future.”
Improving biometric and personalized credentialing could be a major step in implementing a zero-trust network. The DOD’s Silicon Valley advisory group, the Defense Innovation Board, has been pushing the department to a zero-trust system, which only grants access to what specific users need. With continuous authentication through AI or a wearable login, individualizing a user’s network access could be easier to achieve.
The device Army Futures Command is working on would also be coupled with a second factor of authentication, such as a biometric login or a personal identification number. Okwudishu noted in the release that the technologies the command is working with are developments in public key-based credentials, wireless payments and flexible hybrid electronics.
Army Futures Command, which became fully operational in July, is tasked with developing technology for future warfare, as the name suggests.