DoD to Pilot Qualcomm Technology for Passive Authentication

The Department of Defense is going ahead with Qualcomm Technologies in its quest for a passive authentication mechanism for users of its internal IT infrastructure. The Qualcomm subsidiary’s Qualcomm Cyber Security Solutions division has been selected to provide DoD users with a new authentication system based on device attestation and multi-factor authentication, with a strong emphasis on biometric factors.

It’s part of a longstanding effort to replace the DoD’s Common Access Card, with the Pentagon’s CIO having asserted in mid-2016 that the agency is aiming to move to a more sophisticated authentication mechanism within two years. That was followed with a report last summer that the DoD’s Defense Information Systems Agency, or DISA, was pursuing a ‘patterns of life‘ authentication system that would be able to authenticate users by monitoring various behavioral patterns and metadata.

Now, Qualcomm Technologies has confirmed that it’s providing technology for a DISA-led pilot program that will combine features from the Qualcomm Snapdragon Mobile Platform with DISA’s Purebred and Public Key Infrastructure platforms. For participants, that means logging into IT systems using mobile devices based on the Snapdragon Mobile Platform and using “a combination of soft and hard biometric factors”, according to a statement from the company. The authentication mechanisms will be designed to operate “continuously and transparently”, and will replace the need for card- or password-based security.

The company has not offered a timeline for the pilot program, but given the two-year timeframe outlined by Pentagon’s top tech officer in June of 2016, it seems likely that the DoD is looking to roll this out more broadly by summer of this year.