National defense is generally considered essential to the security and economic prosperity of a society and to the well-being of its people. The ability to efficiently and securely access and share sensitive information is critical. Many defense organizations rely on smart-card–based PKI solutions to enable their personnel to encrypt and sign e-mail messages, to access restricted areas, and to log on to internal computer networks. The adoption of identity and access management (I&AM) solutions, on the other hand, is lagging behind its adoption by businesses, due to scalability challenges as well as unique security requirements; the sophistication and determination of attackers are higher than in enterprise environments (typical attackers include terrorists and state-sponsored hackers) and the stakes are much higher.

The U-Prove™ technology provides unprecedented security features of interest to national defense I&AM:

• Monitoring-resistant access: With centralized and federated enterprise I&AM solutions, the insiders of administrative domains are all-powerful: they can monitor in real time which user is accessing what resources, and can deny access to targeted users and users of targeted resources. The U-Prove technology enables the removal of these unwanted powers. More generally, the U-Prove technology permits any degree of access privacy vis-à-vis resource providers and central parties, even in the face of collusions, while preserving the ability to instantly deactivate enrollment accounts and to revoke access rights.
• Offline access: I&AM solutions that centralize all identity management functionality into one or more central “identity providers” are vulnerable to massive denial-of-service attacks; attackers may resort not only to network flooding attacks but also to more drastic measures (such as the bombing of core operations). The U-Prove technology enables secure offline access to protected defense resources on the basis of long-lived identity and attribute information issued to authorized users in protected form. Offline access capability is also important for protected resources in the field.
• Fine-grained access control: Coarse-grained access control mechanisms allow authorized resource users to do more with resources than they strictly need to. National defense networks typically consist of millions of protected documents and other sensitive resources, and must accommodate large numbers of resource users. The access rights of authorized resource users depend not only on security clearance, rank, and role, but also on resource sensitivity levels. The U-Prove technology enables defense organizations to electronically provide authorized users with privileges and entitlements in protected form, enabling fine-grained access control decisions at the point of access; users can selectively disclose only the minimal information needed to gain access.
• Secure access devices: In light of the sophistication of attackers and the sensitivity of many of the resources, reliance on tamper-resistant access devices is critical. The current standard for identification in most national defense networks is an X.509 certificate that is pre-stored on a hardware token protected by a PIN and/or a biometric. The U-Prove technology can build on this solution by enabling defense organizations to electronically bind privileges and entitlements over open networks to previously issued tamper-resistant user devices (such as a Trusted Computing chips or smart cards). A highly constrained user device can protect an unlimited supply of such assertions.
• User-authenticated audit trails: The U-Prove technology enables resource providers to collect user-authenticated transcripts that prove every access request. These transcripts can prove not merely which resources have been accessed but also what actions have been performed following access. At the same time, resource providers can hide intelligence (such as the identities of their users) from third parties, by censoring the transcripts prior to forwarding them.