USB 3.0 Smart Card Reader, Rocketek DOD Military USB Common Access CAC Memory Card Reader compatible with Windows, Mac OS X-Build in SDHC/SDXC/SD Card Reader & Micro SD Card Reader for SIM, MMC RS&4.0. Secure CAC/PIV web, email & VPN. A short demo of how PKard® for Mac software meets the needs of US DoD, Federal Government and corporate Mac users for simple and straightforward two-factor authenticated CAC, PIV, PIV-I and CIV smart card access to secure web sites, web VPN and secure S/MIME Apple email signing and encryption.
A Common Access Card (CAC).
The Common Access Card, also commonly referred to as the CAC is a smart card about the size of a credit card.[1] It is the standard identification for Active Duty United States Defense personnel, to include the Selected Reserve and National Guard, United States Department of Defense (DoD) civilian employees, United States Coast Guard (USCG) civilian employees and eligible DoD and USCG contractor personnel.[1] It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to defense computer networks and systems. It also serves as an identification card under the Geneva Conventions (esp. the Third Geneva Convention). In combination with a personal identification number, a CAC satisfies the requirement for two-factor authentication: something the user knows combined with something the user has. The CAC also satisfies the requirements for digital signature and data encryption technologies: authentication, integrity and non-repudiation.
The CAC is a controlled item. As of 2008, DoD has issued over 17 million smart cards. This number includes reissues to accommodate changes in name, rank, or status and to replace lost or stolen cards. As of the same date, approximately 3.5 million unterminated or active CACs are in circulation. DoD has deployed an issuance infrastructure at over 1,000 sites in more than 25 countries around the world and is rolling out more than one million card readers and associated middleware.
Issuance[edit]
The CAC is issued to Active United States Armed Forces (Regular, Reserves and National Guard) in the Department of Defense and the U.S. Coast Guard; Coast Guard Auxiliary;, DoD civilians; USCG civilians; non-DoD/other government employees and State Employees of the National Guard; and eligible DoD and USCG contractors who need access to DoD or USCG facilities and/or DoD computer network systems:
Future plans include the ability to store additional information through the incorporation of RFID chips or other contactless technology to allow seamless access to DoD facilities.
The program that is currently used to issue CAC IDs is called the Real-Time Automated Personnel Identification System (RAPIDS). RAPIDS interfaces with the Joint Personnel Adjudication System (JPAS), and uses this system to verify that the candidate has passed a background investigation and FBI fingerprint check. Applying for a CAC requires DoD form 1172-2 to be filled out and then filed with RAPIDS.
The system is secure and monitored by the DoD at all times. Different RAPIDS sites have been set up throughout military installations in and out of combat theater to issue new cards.
Design[edit]
On the front of the card, the background shows the phrase 'U.S. DEPARTMENT OF DEFENSE' repeated across the card. A color photo of the owner is placed on the top left corner. Below the photo is the name of the owner. The top right corner displays the expiration date. Other information on the front include (if applicable) the owner's pay grade, rank and federal identifier. A PDF417 stacked two-dimensional barcode is displayed on the bottom left corner. And, an integrated circuit chip (ICC) is placed near the bottom-middle of the card.
There are three color code schemes used on the front of the CAC. A blue bar across the owner's name shows that the owner is a non-U.S. citizen. A green bar shows that the owner is a contractor. No bar is for all other personnelâincluding military personnel and civil workers, among others.
The back of the card has a ghost image of the owner. And if applicable, the card also contains the date of birth, blood type, DoD benefits number, Geneva Convention category, and DoD Identification Number (also used as the Geneva Convention number, replacing the previously used Social Security Number). The DoD number is also known as the Electronic Data Interchange Personal Identifier (EDIPI). A Code 39 linear barcode, as well as a magnetic strip is placed on the top and bottom of the card. The DoD ID/EDIPI number stays with the owner throughout his or her career with the DoD or USCG, even when he or she changes armed services or other departments within the DoD or the USCG. For retired U.S. military personnel who subsequently become DoD or USCG civilians or DoD or USCG contractors, the DoD ID/EDIPI Number on their CAC will be the same as on their DD Form 2 Retired ID Card. For non-military spouses, unremarried former spouses, and widows/widowers of active, Reserve or Retired U.S. military personnel who themselves become DoD or USCG civilians or DoD or USCG contractors, the DoD ID/EDIPI Number on their CAC will be the same as on their DD 1173 Uniformed Services Privilege and Identification Card (e.g., Dependent ID card).
The front of the CAC is fully laminated, while the back is only laminated in the lower half (to avoid interference with the magnetic stripe).[2]
The CAC is said to be resistant to identity fraud,[3] tampering, counterfeiting, and exploitation and provides an electronic means of rapid authentication.
There are currently four different variants of CACs.[1] The Geneva Conventions Identification Card is the most common CAC and is given to active duty/reserve armed forces and uniformed service members. The Geneva Convention Accompany Forces Card is issued to emergency-essential civilian personnel. The ID and Privilege Common Access Card is for civilians residing on military installations. The ID card is for DOD/Government Agency identification for civilian employees.
Encryption[edit]
Until 2008, all CACs were encrypted using 1,024-bit encryption. Starting 2008, the DoD switched to 2,048-bit encryption.[4] Personnel with the older CACs had to get new CACs by the deadline.[4] On October 1, 2012, all certificates encrypted with less than 2,048-bits were placed on revocation status, rendering legacy CACs useless except for visual identification.[4]
Usage[edit]
The CAC is designed to provide two-factor authentication: what you have (the physical card) and what you know (the PIN). This CAC technology allows for rapid authentication, and enhanced physical and logical security. The card can be used in a variety of ways.
Visual identification[edit]
The CAC can be used for visual identification by way of matching the color photo with the owner. This is used for when the user passes through a guarded gate, or purchases items from a store, such as a PX/BX that require a level of privileges to use the facility. Some states allow the CAC to be used as a government-issued ID card, such as for voting or applying for a drivers license.
Magnetic stripe[edit]
The magnetic stripe can be read by swiping the card through a magnetic stripe reader, much like a credit card. The magnetic stripe is actually blank when the CAC is issued. However, its use is reserved for localized physical security systems.[5] Hp photosmart printer download windows 10.
Integrated circuit chip (ICC)[edit]
The integrated circuit chip (ICC) contains information about the owner, including the PIN and one or more PKI digital certificates. The ICC comes in different capacities, with the more recent versions issued at 64 and 144 kilobytes (KB).[citation needed]
The CAC can be used for access into computers and networks equipped with one or more of a variety of smartcard readers. Once inserted into the reader, the device asks the user for a PIN. Once the PIN is entered, the PIN is matched with the stored PIN on the CAC. If successful, the EDIPI number is read off the ID certificate on the card, and then sent to a processing system where the EDIPI number is matched with an access control system, such as Active Directory or LDAP. The DoD standard is that after three incorrect PIN attempts, the chip on the CAC will lock.
The EDIPI number is stored in a PKI certificate. Depending on the owner, the CAC contains one or three PKI certificates. If the CAC is used for identification purposes only, an ID certificate is all that is needed. However, in order to access a computer, sign a document, or encrypt email, signature and encryption certificates are also required.
A CAC works in virtually all modern computer operating systems. Besides the reader, drivers and middleware are also required in order to read and process a CAC. The only approved Microsoft Windows middleware for CAC is ActivClientâavailable only to authorized DoD personnel. Other non-Windows alternatives include LPS-Publicâa non-hard drive based solution.
DISA now requires all DoD-based intranet sites to provide user authentication by way of a CAC in order to access the site. Authentication systems vary depending on the type of system, such as Active Directory, RADIUS, or other access control list.
CAC is based on X.509 certificates with software middleware enabling an operating system to interface with the card via a hardware card reader. Although card manufacturers such as Schlumberger provided a suite of smartcard, hardware card reader and middleware for both Linux and Windows, not all other CAC systems integrators did likewise. In an attempt to correct this situation, Apple Federal Systems has done work for adding some support for Common Access Cards to their later Snow Leopard operating system updates out of the box using the MUSCLE (Movement for the Use of Smartcards in a Linux Environment) project. The procedure for this was documented historically by the Naval Postgraduate School in the publication 'CAC on a Mac'[6] although today the school uses commercial software. According to the independent military testers and help desks, not all cards are supported by the open source code associated with Apple's work, particularly the recent CACNG or CAC-NG PIV II CAC cards.[7] Third party support for CAC Cards on the Mac are available from vendors such as Centrify and Thursby Software.[8] Apple's Federal Engineering Management suggest not using the out-of-the-box support in Mac OS X 10.6 Snow Leopard[9] but instead supported third party solutions. Mac OS X 10.7 Lion has no native smart card support. Thursby's PKard for iOS software extends CAC support to Apple iPads and iPhones. Some work has also been done in the Linux realm. Some users are using the MUSCLE project combined with Apple's Apple Public Source Licensed Common Access Card software. Another approach to solve this problem, which is now well documented, involves the use of a new project, CoolKey,[10] to gain Common Access Card functionality. This document is available publicly from the Naval Research Laboratory's Ocean Dynamics and Predictions Branch.[11] The Software Protection Initiative offers a LiveCD with CAC middleware and DoD certificate within a browser-focused, minimized Linux OS, called LPS-Public[12] that works on x86 Windows, Mac, and Linux computers.
Bar codes[edit]
The CAC has two types of bar codes: PDF417 in the front and Code 39 in the rear.
PDF417 Sponsor Barcode[edit]
PDF417 Dependent Barcode[edit]
RFID technology[edit]
There are also some security risks in RFID. To prevent theft of information in RFID, in November 2010, 2.5 million radio frequency shielding sleeves were delivered to the DoD, and another roughly 1.7 million more were to be delivered the following January 2011.[13] RAPIDS ID offices worldwide are required to issue a sleeve with every CAC.[13] When a CAC is placed in a holder along with other RFID cards, it can also cause problems, such as attempting to open a door with an access card when it is in the same holder as a CAC. Despite these challenges at least one civilian organization, NOAA, uses the RFID technology to access facilities nationwide. Access is usually granted after first removing the CAC from the RF shield and then holding it against a reader either mounted on a wall or located on a pedestal.[14] Once the CAC is authenticated to a local security server either the door will release or a signal will be displayed to security guards to grant access to the facility.
Common problems[edit]
The ICC is fragile and regular wear can make the card unusable. Older cards tend to de-laminate with repeated insertion/removal from readers, but this problem appears to be less significant with the newer (PIV-compliant) cards. Also, the gold contacts on the ICC can become dirty and require cleaning with either solvents or a rubber pencil eraser.
Fixing or replacing a CAC typically requires access to a RAPIDS facility, causing some practical problems. In remote locations around the world without direct Internet access or physical access to a RAPIDS facility, a CAC is rendered useless if the card expires, or if the maximum number of re-tries of the PIN is reached. Based on the regulations for CAC use, a user on TAD / TDY must visit a RAPIDS facility to replace or unlock a CAC, usually requiring travel to another geographical location or even returning to one's home location. The CAC PMO[15] has also created a CAC PIN Reset workstation capable of resetting a locked CAC PIN.
For some DoD networks, Active Directory (AD) is used to authenticate users. Access to the computer's parent Active Directory is required when attempting to authenticate with a CAC for a given computer, for the first time. Use of, for example a field replaced laptop computer that was not prepared with the user's CAC before shipment would be impossible to use without some form of direct access to Active Directory beforehand. Other remedies include establishing contact with the intranet by using public broadband Internet and then VPN to the intranet, or even satellite Internet access via a VSAT system when in locations where telecommunications is not available, such as in a natural disaster location.
See also[edit]
References[edit]
External links[edit]
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Common_Access_Card&oldid=942202784'
(The CHESS website has scheduled outages: Saturdays between 0200-0500 EST and the 2nd & 4th Tuesday of the month between 0700-1200 EST) Cac Reader For Mac SoftwareIf you are having problems accessing the Lotus Forms software download link outside of the hours listed above, please contact CHESS for support. Installation Steps: Download / Save this page as single / printable PDF
1. Go to the Army CHESS website at: https://chess.army.mil
2. Click the Login button (located on the black bar across the top of the page)
NOTE: If you are CAC enabled through CHESS you will see your information displayed. Click the Login button to fully access the website. If you are NOT CAC enabled on the Army CHESS website you will prompted for your email address and password. This is the email address and password you used when you registered at the CHESS website. If you have not registered you need to click the Registration (button) on the black bar on the top of the page.
3. Once logged in (verified by it saying Welcome your name in the upper right corner) you can to to Army Software Downloads (button) listed under the greenSoftware (tab).
4. Click the link titled: Silanis eSign
5. Click the upper right corner link titled: Download Silanis eSign
You may be prompted at the bottom of your screen asking if you want to Save or Save As, select Save or Save As.
Alternate download (directly from AKO): https://www.us.army.mil/suite/doc/39474482 (42.9 MB)
6. Once the file is downloaded, Right click the file titled: e-Sign_6.6.zip, and select Extract All,
7. Once the files are extracted, open the foldertitled: eSign_6.6 and select setup.exe (82 KB Application file), followed by Yes.
NOTE: If you receive: 'The module 'C:Program Files (x86)ApproveItADTMSOADDIN.dll' was loaded but the call to DIIRegisterServer Failed with error code 0x08007005.' This generally means a lack of administrative privileges. You'll need to 'Run as Administrator' to install the program, or login as an administrator to install.
NOTE: Look under the Compressed size column, IF you see a 30KB setup file, this means you are in the zipped folder, and not the new extracted folder. Review step 6 above
NOTE: If you are prompted for a serial number, it means you did not extract the files in step 6 above, or you did not select the correct setup file in step 7 above
8. Select Next, Accept the license, Next,
eSIGN / APPROVEIT INSTALLATION PROBLEMS AND SOLUTIONS
9. The program does not inform you when it finishes installing, so [my personal recommendation] is to verify the software installed by going to Control Panel: Uninstall a Program (Windows 7 / 8 / Vista), Programs and Features (Vista), or Add / Remove Programs (XP) look for e-Sign Desktop 6.6.
10. Restart your computer, then come back to this page to use the Sample Form below OR save it to your desktop now.
NOTE: IF my instructions confused you above, an individual sent the below instructions that may be easier for you to follow.
Older ApproveIt 6.5 download: https://www.us.army.mil/suite/doc/36567209
Video Installation Instructions (for ApproveIt 6.5), new version coming soon Test your digital signature with the below links: Note, if you are not seeing the digital signature on the PDF, make sure you have Adobe Reader installed. The Windows 8 / 8.1 built in PDF reader will not work for digitally signing. NOTE: Internet Explorer 8, 9, 10 & 11 users need to look at slides 19-20 of this guide If not, they along with: Firefox, Chrome, Safari, and Opera web browser users will receive 'gibberish' when clicking the Lotus Forms .xfdl link above. You need to right click the 'sample form' link and select Save Link As / Download Linked File As / Save to Download Folder. Save it to your desktop, then test from your desktop. If your computer downloads it as a .txt file, right click it and change it to .xfdl IE 9 & 10 users look here for other options Compatibility view for IE 8, 9, & 10 This can also remedy problems using Forms (on AKO) for digitally signing and routing forms. If you are not familiar with signing forms with your CAC? Look here for instructions. Visual steps, or Watch Video CONGRATULATIONS, YOU HAVE NOW SUCCESSFULLY INSTALLED ALL NEEDED PROGRAMS ON YOUR COMPUTER. The ideas on this website are from my personal experience. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306 , Webform, or If you are having problems accessing the CHESS website, contact theCHESS help desk at: [email protected] or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday - Friday 0800-1700 Eastern). Alternate install instructions: ![]() After making the first attempt to install the Silanis E-Sign software Look at image below. Military Cac Card Software Downloadhttps://heavenlygray.weebly.com/blog/essential-mac-os-x-apps-2015.
If you are interested in knowing how to digitally sign a memorandum, this is how to do it (Word 2003 & 2007 only) (Word 2010 & 2013) read the sentence below.NOTE: If you have Office 2010 or 2013 installed you may need to configure eSign / ApproveIt to get the ApproveIt tabs back. Follow this page. If you need to completely uninstall eSign / ApproveIt, follow this information.Military Cac Card Software For Mac Free DownloadTo download blank DA forms, go to the Army Publishing Directorate website http://www.apd.army.mil/ , click on the Forms (tab) DA Forms button. Find the form you want (in the range of form numbers). Right click the XFDL link to the right of the form you want, Select Save Target As. Save it to your computer and you will have the form for later. You can also click the link, it will open up your Lotus Forms or Pure Edge software automatically (only if using Internet Explorer 6, 7, or 8). All other browsers will have to use the Right click, Save As option to save your form. Digitally signing a form is simple when following these instructions With your form open and your CAC inserted in the card reader Single click the button with the slanted pen with 'Click to Approve' typed after it (see image) Read the Electronic Signature Notice, then OK Click the word Sign (not OK) Select your name (the one without the word email in it), then OK You should see your name, once you do, click the word Sign It will prompt you to type in your PIN, then select OK https://heavenlygray.weebly.com/blog/mac-won-t-update-apps. Once you see Signature is valid, select OK You have now signed your form If the word Sign is GRAY, please look here for some known solutions Military Cac For Mac OsFix the ePersona message when trying to sign Watch Silanis Electronic Signatures 2-minute Presentation Military Cac Card Software For Mac Reviews
This is the email I received from APD on 25 August 2010 when I asked for permission to have an alternate download location for people when the CHESS website is down.
'In regards to your email, As I am sure you are well aware APD is the Enterprise provider of Lotus Forms Viewer and Silanis ApproveIt software. There are only two channels that are authorized to be the authoritative distributor of the fore mentioned software, 1. AGM (Army Gold Master) for GFE (Government Funded Equipment) installation / use and 2. CHESS (Computer Hardware, Enterprise Software Solutions) for PFE (Personal Funded Equipment) installation / use. APD does not authorize any other body (i.e. AKO) to distribute its Enterprise Software. Your request to have this software hosted in your files has been dually noted. At this time your request to host / provide the Lotus Forms Viewer and Silanis ApproveIt software is Denied. You will be advised if APD's stance on this request changes in the future.'
For issues obtaining the software from the CHESS website, utilize the Official Army channels for assistance.
The ideas on this website are from my personal experience. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306 , Webform, or If you are having problems accessing the CHESS website, contact the Military Cac For MacCHESS help desk at: [email protected] or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday - Friday 0800-1700 Eastern).Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |