Two years after Centrelink opened its smart card and ID-authentication protocol to external organisations, government agencies are getting on-board. However, progress is slow.
The Protocol for Lightweight Authentication of Identity (PLAID) smart-card authentication was designed by the welfare agency back in 2008 for use on Centrelink ID cards, to allow staff to access Centrelink buildings and IT systems.
The method of encryption in the PLAID protocol protects the communication between smart cards and the readers, but it still allows authentication of smart-card functions to occur between 200 and 300 milliseconds, according to Centrelink.
The agency views the protocol as being "cryptographically stronger, faster and more private than most or all equivalent protocols currently available either commercially or via existing standards". As such, it made the protocol freely available to other agencies, governments and organisations to use on an open, free and non-discriminatory basis, while still retaining ownership of the intellectual property. The agency believes that other government agencies adopting one standard protocol for reading smartcards will reduce costs for deploying readers and security-card systems across the government. Additionally, if enough companies adopt the standard, and vendors develop commercial off-the-shelf products that use the protocol, this would further reduce costs.
In 2010, the PLAID protocol was formalised as an Australian standard, but two years down the track, the Department of Human Services (DHS) — which Centrelink was folded into at the end of 2009 — and the Department of Defence are still only trialling the protocol.
"The Department of Human Services is undertaking a limited pilot of the protocol within the DHS security branch. Staff within the branch will have the PLAID applet injected onto their smart cards, and existing proximity readers on non-essential, internal doors will be replaced with smart-card readers," the department told ZDNet Australia.
"The Department of Defence has also successfully tested our PLAID technology as a means of secure access, and are conducting their own hard token trial, where PLAID will be used as an authentication mechanism for perimeter security."
Despite the slow start, the department has high hopes for the PLAID protocol getting wider use. DHS is currently working with Standards Australia to have PLAID recognised as an international standard through the International Organisation for Standardisation.