WidePoint Corp (WYY)

[TheMonolith]

DoD piloting over-the-air mobile derived certificates

http://www.fiercemobilegovernment.com/story/dod-piloting-over-air-mobile-derived-certificates/2015-02-18

February 18, 2015 | By Molly Bernhart Walker
SHARE





TOOLS
Comment
Print
Contact Author
Reprint
The Defense Department is running a small-scale mobile device security pilot that could enable the department to move away from common access card readers for mobile devices by July.

The pilot of 14 iOS devices uses soft certificates, which place a digital certificate on a device via a registry or file system, in the native keystore, said Greg Youst, chief mobility engineer at the Defense Information Systems Agency.

"We had a PKI implementation memorandum come out from DoD CIO that basically said we are going to put all our focus on doing derived certificates into the keystore," said Youst, who spoke Feb. 18 at the Federal Mobile Computing Summit in Washington, D.C.


Sign up for our FREE newsletter for more news like this sent to your inbox!
Youst said the DoD has more public key infrastructure, or PKI, reliant applications than any other department.

"We've got to break this nut," said Youst.

"Doing what we're doing now won't work. CAC readers are expensive. We've got to keep them charged up, they've got to be connect to the device and the cost," said Youst.

DISA received authorization from the DoD Chief Information Officer in August 2014 to run the pilot and was instructed to halt other mobile projects, such as DISA's work on near field communication, or NFC,-enabled identity management, he said.

In addition to the mobile soft cert pilot, DISA is developing an over-the-air PKI provisioning process. Youst said DISA plans to demonstrate the use of over-the-air certificates to iOS devices by mid-March.

"According to the PKI implementation memorandum from DoD CIO, we're supposed to be operational with this system by the end of July. I'm not going to comment on whether we're going to make it or not, but we are pushing toward operational," he said.

Youst said DISA is working with iOS first because the platform is better prepared for doing soft certs on to the device, but he also indicated DISA had a lengthy meeting with Samsung to start putting certificates into the trusted execution environment or an extended secure element on their phones.

"The OSes vary so much, we're probably going to have a core system but the interface to the devices will be based on the OS," he said.

"So, if you're going to do a certificate for iOS, well that's going to have a different process. For Windows, it will have a different process. For BlackBerry, it will have a different process, but they're all going to talk to a core and that's what's going to be important. And this is going to be over the air," said Youst.