CAC Enabled Mobile Security
Geocent successfully developed a mechanism to pass and view application specific data through an Android Based Mobile Delivery platform through secure SSL connection via an approved DoD Common Access Card (CAC). The technology leverages a Bluetooth CAC reader to connect the Android Application to the secure web service.
The challenge of delivering this capability on the Mobile platform were numerous and cutting edge; simply put, it has never been done before. The Geocent team has successfully bridged the technical gap of connecting the Bluetooth CAC software, Android based application, required CAC authentication and the desired SSL based web services into a complete solution stack.
The Geocent team had to develop 5 custom components to enable the prototype capability to transition to interface with the production application:
* Bluetooth connection to the Android Application: Leveraging the same PC/SC middleware used for desktop CAC readers, Geocent had to develop custom Java and C code to interface with the Java Native Interface on the Android device.
* Secure Bluetooth connection: Geocent developed custom code to manage and help to establish the interface between the BAI Bluetooth reader and the Android application.
* Two-factor Authentication to application: Geocent developed middleware for the Mobile application. If at any time the CAC is removed from the BAI 3000MP, the user is immediately logged out of the application and must re-establish user authentication to the C4I suite using two factor authentication. The user must have their CAC inserted into the reader and provide their PIN number for authorization to the application.
* Android Application connection over SSL to the application: Once authenticated to the application, an encrypted, secure tunnel is created to allow the mobile device user to send and view data without compromising security.
* Encrypt all application related data: The displayed data is all driven by the application services and is not retained on the device. Draft reports, audio recordings, and photos generated from within the app are encrypted and are only accessible to the CAC authenticated user