CAC reader for iPad
iMac, Mac OS X (10.6.4), iPad
Apple Event: May 7th at 7 am PT
iMac, Mac OS X (10.6.4), iPad
The folks at AKO/DKO have been working on a solution. It's still in the certification mode, but Biometric Associats is the vendor for the hardward which can be found here:
http://www.biometricassociates.com/products-baimobile/smart-card-reader-iphone-a ndroid.html
A little costly piece of tech, but if you're looking to have CAC abilities on an iOS device, this is about it.
Try www.baimobile.com
Yes, that looks about right. I ve been using this or something that looks very cimilar to this with my Blackberry. I was issued that at work.
For anyone looking for web or VPN authenticated by CAC or PIV cards on a regular iPhone or iPad, check out
http://www.thursby.com/products/pkard_ios.html
The idea is to provide flexible and fully secure connectivity while maintaining the Apple user experience.
Take a look at the Precise Biometrics Tactivo for the iPhone at http://www.idapps.com/ and then click on the link to the PDF and you will see that they are planning support for the iPad in early 2012. The Tactivo makes use of the same Thursby PKard software all ready mentioned and is supposed to be available in the App Store now. Take a look at the video at http://www.youtube.com/watch?v=DnVkYMAU_mw to see how it works for the iPhone. If the iPad implementation is anywhere near as good as this it should be what we are all looking to find.
There is also the baiMobile 3000 BlueTooth Smart Card Reader at http://www.biometricassociates.com/products-baimobile/smart-card-reader-iphone-a ndroid.html. See the video at http://www.thursby.com/thursby_pkard_BAI_3000.html. I have some concerns about the BlueTooth adapter and the fact that the card reader is not directly attached to the iPad but if it works.....
I use a Cherry ST1044U at home on the iMac, an SCM SCR3500 reader (looks like a USB drive, but unfolds into a CAC reader) on the Macbook while TAD and actually stopped bringing my DOD laptop TAD.
I've been using CAC since 10.6.8. The best source for information on how to accomplish is http://www.militarycac.com. I believe the webmaster is an Army CWO, and is obviously very knowledgable. There are step-by-step instructions for 10.x.x and the site is updated regularly.
Once configured AKO/DKO, DTS, PKI .mil sites, and even USMC NMCI Outlook Web Access become possible. I am now deploying a dozen high-end Mac Pro workstations in my graphics department and plan to implement CLO the same way. Today I initiated another project to buy and deploy 60 iPads for the Band and use them as digital music stands.
Good luck.
"Today I initiated another project to buy and deploy 60 iPads for the Band and use them as digital music stands."
So how are you using a CAC on the iPad? (this thread)
Sorry Chris, I didn't mean to imply i had that solved yet, and, like a dumb ***, did not read the original post thoroughly. I reviewed the Business Deployment Guide form Apple, but handed it to the data shop and asked for feedback. The data used by our Band requires no protections, and we could launch without PKI in the interim, while seeking to secure. I did say I initiated the project, but it's not a finished product. Trust me, the minute I have a targeting solution, I'm handing the General an iPad.
So I saw the the BaiMobile reader (http://www.biometricassociates.com/products-baimobile/smart-card-reader-iphone-a ndroid.html) at LandWarNet up and working and it looked ok. A little more bulky that I'd like, but seems secure. I'm frustrated that Apple's SDK doesn't allow the Bluetooth to be locked down sufficently to avoid neeing the Bluetooth adapter on iOS devices (not needed with Android), but it's more of a solution than anyone else seems to have.
The Biometric folks have some information about supported applications on this page: http://www.biometricassociates.com/ios-supported-applications.html
The key ones for most I think will be Good Mobile Messaging and PKard. GMM requires some backend software on the exchange server, but allows secure mobile messaging with the ability to digitally sign and encrypt/decrypt messages as well as access (I believe) to the exchange's GAL. This will be key for mobile e-mail.
PKard for iOS will provide much of the functionality it does for the desktop and allow web browsing to PKI sites with CAC.
I talked with the folks at Thursby and they say the PKard app will be available in the next week or two on the App store, but haven't locked down pricing. They quoted me $120 for an individual license, but reduced pricing for site/bulk licensing.
The quote I got from Bai was $289 for the card reader.
I haven't seen pricing on Good for Government yet, but Good for Enterprise was free in the App store, so we might get lucky there.
Finally, DISA actually published approved STIGs for both iOS and Android last week which should finally open the gates for these apps to be used on DoD systems.
Great post.
I think it would be helpful to make one point very clearly - the difference between client-side and server-side architectures.
Briefly -
Total investment = client side investment + server side investment + ongoing costs/fees
With PKard, costs are in the first bucket. With server-based solution, they're in the 2nd and 3rd buckets.
The degree of fit for each approach (or even hybrids) is going to depend on the end users, IT infrastructures and mission requirements.
It can be quite misleading to say a server-based solution has a free app and contrast it to the special case of an end user making a direct purchase of quantity 1. As part of an agency/unit deployment, PKard can similarly be free, if that is the model chosen by the agency/unit.
More detail -
PKard is a client-sde soluton. A license is purchased one time that works for a user's iPads and iPhones and a range of approved hardware readers. It can connect to any standards based DoD / Federal system rightaway, just as a PC can hook to AKO, AWO etc. An individual might choose to buy the license directly from the Apple App Store, or it could be via a DoD/Fed App Store/MDM at a $0, or discounted price (will depend on the agency). Over time, we'll likely see other models but these are what's available today.
Other vendors, especially around Blackberry, Android etc. have server-side solutions. They aren't universal in their connectivity, each service/unit must purchase/configure over time their proprietary back-end NOC server software before any secure connectivity is available. Costs are in user access fees and infrastrucutre at the server side. In going via the NOC middleman, performance and functionality are not necessarily the same as direct connections from device to a web server, or an Exchange server.
One issue with adopting "Blackberry / BESserver" type models for iPads and iPhones is that the user experience can be less than satisfactory, given the compromises forced by using a legacy architecture.
Check out the PKard Reader. Works great and it's FIPS140-2 certified. http://www.thursby.com/PKard_Reader.html
Do you recommending buying it? I'd like to be able to replace my laptop with my iPad Mini, if I can find a CAC reader that looks promising which PKard Reader does.
There is a product out there called PKard Reader. It is developed by a company called Thursby. Check out the demo on youtube. http://www.youtube.com/watch?v=BQNBxS68SIY
militarycac.com is now displaying multiple solutions for using a CAC with iOS based devices, as well as Android.
http://militarycac.com/mobile.htm
Pricing is still steep, but it is coming down. I suspect that as these become more widespread and more readers are released prices will drop and function will improve.
I bought the PKard Reader, and plan to return it.
Sure, it's cool to visit CAC only sites, but until I can do DTS and upload from my iPhone/iPad then I will continue using my computer. I refuse to have a $150 accessory that just lets me browse CAC only sites and check emails.
CAC reader for iPad