Federal government agency Centrelink is tendering for an agency-wide upgrade to logical and physical access identification cards.
The new smartcard will replace three existing, but separate, access cards or tokens.
The tender, part of an agency-wide managed service contract spanning five years, also includes a performance-based extension on a two by two-year basis.
It covers card issuance, distribution, application support and lifecycle management for an estimated 28,000 cards initially and an additional 2800 cards annually for the life of the contract.
The agency has already released a tender for contactless readers for all Centrelink PCs and laptops.
It totals 31,000 scanners to be used in national and local support offices, call centres and customer centres as a requirement for staff to log into the network both on-site and remotely, along with another tender for the necessary back office and physical access system upgrades.
Included in this tender are 1200 (a volume estimate) security access module (SAM) cards and devices to be released to staff over the first 18 months of the project and an additional 300 per annum over five years, as well as responsibility for packaging, loading, serial number printing and overall lifecycle management.
The SAM holds the algorithm, PLAID (Protocol for Lightweight Authentication of Identity) which uses Rijndael-256 bit encryption, an advanced encryption standard (AES) ideal for fast verification.
"The tenderer should propose a network-based and distributable hardware security module-based authentication server/s that can support 32,000 symmetric authentication processes within half an hour into the Centrelink Novell environment utilising the PLAID protocol. The proposed product should be broadly implemented as a COTS (commercial off-the-shelf) product," according to tender documents.
"Architecture for the existing logical and physical access systems (into which the card integrates) is highly complex. The back office elements are being replaced in a separate but parallel process to this tender. This tender will replace the existing one-time password-based Vasco tokens, however desktop integration into Novell Netware and Microsoft Windows logical access controls, and proprietary building access systems will not be within the scope of this tender.
"Tenderers should propose a card-based interim solution to resolve the transition requirement for physical access to doors using 125 kHz frequency identification technology (provided by vendor Indala) and 26 bit Weigand record (interface protocol) which will need to transition to the ISO/IEC 14443 (four-part standard for contactless smartcards) based PLAID record. Transition may take a number of years and will depend on the lease cycle for the various Centerlink buildings."
Centrelink is currently constructing new offices in Canberra which will open late 2007 and house 1700 staff. The site will be fitted with readers/systems at initial installation.
The system will potentially interoperate with other agencies under the Australian Government Information Management Offices' (AGIMO) IMAGE (Identity Management for Australian Government Employees) framework using the Centrelink Staff Identification Card, an individual agency card number defined within IMAGE.
The IMAGE framework, announced in 2006, is designed to build secure cross-agency identity management and due for completion in 2008.
It is a set of identity management business processes and technical architecture that complies with Australian Government Protective security manual 2005 (PSM), the Australian Government e-Authentication Framework (AGAF) and the National Identity security Strategy.