The Department of Defence will upgrade its legacy pass office systems at 38 locations around Australia with a view to connecting each pass office to a central smartcard-type system.
Defence is seeking to engage a supplier to provide it with the new pass office system for an initial period of five years. The existing 38 systems are standalone "with no capability for network connectivity".
The initial implementation will also be standalone, but the tender for the project is mandating the ability for each pass office system to connect to a central system "at a later date".
"The current 38 Defence Pass Office systems have been in operation since the mid to late 1990s, and have reached the end of their useful life, both hardware and software wise," according to the department.
The upgrade to a smartcard-based access control infrastructure comes at a time when government and private enterprises are beginning to deploy the technology on a large scale. Most notably the Department of Human Services' Access Card and the new Queensland driver's licence.
The Defence Common Access Card (DCAC) standard documents the technical standards for cards and readers, and is intended to be used by sections of Defence involved with the planning, design and implementation of pass issue and physical access control systems.
Furthermore, the Defence Physical Access Control Environment (DPACE) is part of the Defence Identity Management framework, which includes both physical and logical access control elements.
"DPACE aims to unify the currently fragmented and uncoordinated physical access control environment within Defence," according to the department.
The DCAC will be carried by all persons requiring regular access to either or both physical and logical Defence resources, and will contain two separate computer chips - a contactless memory chip for physical access, known as a Mifare chip; and a contact processor chip with memory, known as a smartcard chip.
"Both of these chips are secured using Defence generated keys to protect the information stored on the device," according to one document. "Both of these chips can support more than one application, allowing Defence to design and implement a variety of new card-based applications in business areas such as catering, logistics, occupational health and safety, [and] payroll."
Both chips are capable of having new applications added to the card "post-issue", avoiding the situation where the rollout of a new application would require the replacement of a large number of cards.
ASIO's protective security group (ASIO T4) has advised the project that the Mifare card does not require Security Construction and Equipment Committee (SCEC) endorsement.
For its initial rollout, the DCAC is an ID and physical access control card only. Rollout of the DCAC for physical access control commenced early last year for ACT Defence staff in Russell and Campbell Park. Other Defence ACT buildings, bases, establishments followed.
Gradual Australia-wide replacement of current Watermark Defence photo-ID and access cards will continue on a priority, "as required", or "as necessary" basis, according to the department.
Initialization of the new DCAC cards occurs in a central Defence secure facility before being "securely distributed" to card issue stations (pass offices) as required.
"This process ensures that Mifare readers connected to any other systems cannot read the Mifare chip, and that only Defence encoded Mifare readers can read the chip," according to one document. "The site code is used to identify the card as belonging to Defence, and the particular physical access control systems that the card is authorized to access."