Secure Pre-Pass is currently designed as a NIST Special Publication 800-63B “AAL2” authenticator which provides “high confidence” of conditions required for correct identity verification. However, for AIE Next, the Army intends to require Authentication Assurance Level 3 (AAL3), the highest of 3 levels and which provides “very high confidence in conditions required for correct identity verification. Therefore, Secure Planet is exploring cost-effective, user-friendly ways to push Secure Pre-Pass to AAL3.
Currently, access to our military installations is very focused on a credential like the common access card (CAC) which, itself, is highly secure. Unfortunately, there is still a security hole because the person presenting the card (the “claimant”) is not necessarily the card owner, and many guards have difficulty detecting impostors. However, that’s exactly the problem addressed by the NIST SP 800-63 series of documents. By having an authenticator device known to be under the control of the owner, we can be appropriately certain that the claimant is the same as the owner.
Until recently, an AAL3 authenticator device implied special, costly security hardware, but a major push by big tech and the security industry since 2013 has contributed to improvements in smart phones that enable them to serve as authenticators. There are many other requirements, beyond the authenticator, to ensuring reliable identity verification, but Secure Planet welcomes and is taking advantage of emerging technology to bring new capability to physical access control to better secure our military installations. Already, Secure Pre-Pass closes the security hole mentioned above with high confidence. By moving Pre-Pass from AAL2 to AAL3, we can meet the AIE Next requirement while providing an optional pathway for those with older hardware accessing installations with less-stringent requirements.
