The Military Cac is a smart card issued by the Department of Defense. It's primary purpose is to serve as identification for military as well as for non-military personnel who work for agencies that fall under the jurisdiction of the DoD. In some cases CAC's can also be issued to personnel of agencies that do not directly fall under the supervision of the DoD, such as defense contractors and related personnel. Apart from its primary usage as a means of identification, a CAC also serves to authenticate personnel who use defense networks, computers and communication facilities. It helps affix a digital signature onto every usage and piece of communication on defense computers and networks.
A Military CAC lets users:
- access defense networks and computers
- digitally sign messages
- uniquely encrypt communications
- gain access to secure facilities that are within their level of authorization.
- establish their identity using an authoritative and secure process
A Military CAC is a plastic card with a copy proof pattern on it. It is the same size as a credit card. Miltary CAC's carry the photograph of the holder, his/her name, purpose and rank as well as the date of expiry of their validity. On the bottom of the front side of the Cac card, you can also find a 32K microchip. The 32K microchip can only be found on the older CAC's while the latest versions of the Military CAC carry integrated microchips that offer 64K or more of storage. The back of the Military CAC has a magnetic stripe that is encoded with information that is localized and specific to the agency that uses them. The Military CAC works by using what is called a "two factor authentication" process. The physical cac card alone is not enough for access. The CAC's usage is additionally secured by adding a pin that only the user knows.
There are four kinds of Cac cards in use currently.
- "Geneva conventions ID card"" issued to military personnel
- "Geneva convention acc' forces"" given to emergency civilian personnel.
- "ID and Privilege CAC" issued to civilians who reside in military bases.
- "ID card" issued to civilian employees of the DoD and other government agencies.
These days, it is not very uncommon to find authorized personnel using Cac cards to log into government and military networks from civilian networks. In the case of civilian employees and contractors who simply have to access these networks from the outside, there is a significant risk of CAC information falling into wrong hands. Especially since such usage requires transmission over unsecured networks. Here's where a CAC reader comes into the picture. CAC readers are devices that can be used with conventional computers and operating systems. These readers can read the data on a Military CAC and make authentication a more secure process by sometimes encrypting the information before transmission. They add an additional layer of security instead of transmitting identification information directly from unsecured systems. There are a number of middleware programs and hardware that synchronize CAC readers with different computers and operating systems. As of today, the numbers of military Cac cards issued is well above 17 million. This number includes active CAC's, CAC's that have expired but not been canceled and also CAC's that have been reissued with changes.