Tuesday, August 7, 2007

Palm CAC Solution -- Mobile Smartcards for the DoD

Recently, Palm announced the availability of a Common Access Card solution for their Treo smartphone line. For those of you not familiar with the CAC, it is a smartcard designed for use within the U.S. Department of Defense. The CAC acts as an individuals ID card, with photos and information about the user's identity, as well as a smartcard with PKI credentials for logging into a network, encrypting e-mail, etc.

Palm's CAC solution is quite interesting, particularly with respect to how the smartphone interacts with the smartcard. Palm has developed a Bluetooth-enabled smartcard reader that also acts as a badge holder. The photo, name, and expiration information is still visible, but the smartcard chip itself makes contact with a reader. This allows your smartphone to make use of the credentials on the card when sending e-mail or accessing a network.

This is a truly innovative way to handle smartcards, and with more and more enterprises evaluating the use of PKI and strong authentication, I can see this being a viable solution for the commercial world, as well. The phone itself doesn't have any bulky externally-attached readers. This makes it possible to maintain the phone's current usability and mobility, without sacrificing the security that smartcards provide.

The possibilities are endless when discussing how this technology could be used within the enterprise. Users can login to the corporate VPN from anywhere in the world, using mobile broadband connections or even WiFi (provided you have an adapter for your phone). E-mails can be digitally signed and encrypted prior to being sent. Given the lack of security in public WiFi hotspots, this is a capability that is long overdue. In addition, being able to encrypt the data on the phone itself, or lockdown access to it without the smartcard, provides the user with confidence that a lost phone will not result in data compromise.

For more information on how this product works, see Palm's Flash demo.

No comments: