Defense Department tackles mobile authentication

http://hamptonroads.com/2013/12/defense-department-tackles-mobile-authentication

Defense Department tackles mobile authentication
By Jared Serbu, Federal News Radio
The Associated Press
© December 2, 2013

WASHINGTON

The Defense Department says it's committed to a future in which service members and civilians can use the latest and greatest mobile technology to get their work done, regardless of the device manufacturer. But it's still struggling mightily with one of the biggest challenges for mobility in the government: identity management.

While the Pentagon thinks it's gone a long way toward making sure its security approval processes for mobile devices, apps and infrastructure can keep up with the pace of commercial technology, there's one enormous nut the department still hasn't cracked — how to make sure Defense Department users can securely authenticate themselves on the network via mobile devices, the same way they do today from desktop and laptop computers. On those computers, users slide their common access cards into a smart card reader in order to do multi-factor authentication.

Using that same method on a mobile device defeats the purpose of having a mobile device.

"To date, the solutions have been Bluetooth or corded card readers that are very difficult to use, they have separate power sources, they're not really in favor with generals and senior executives," said Devon O'Brien, the lead mobile engineer for public key infrastructure at the Defense Information Systems Agency. "The user experience is awful and because we're such a niche market, the cost per device is awful. That's sort of what prompted the look for alternate credentials."