Delivering a World-Class Digital Identity Solution for a National Defense Organization

National defense organizations operate in some of the most demanding and security-sensitive environments in the world. As cyber threats grow more sophisticated and operational requirements evolve, maintaining a secure, flexible, and standards-compliant digital identity infrastructure becomes mission-critical. 

A government advisory body within a defense organization recognized the need to modernize its aging identity and access management systems. To meet this challenge, Entrust, a global leader in identity-centric security, partnered with Intercede, a specialist in credential management systems. Together, they delivered a next-generation digital identity solution tailored to the organization’s unique operational and security needs.

The defense organization was undertaking a critical technology refresh to modernize its digital identity infrastructure. Key components – including its Public Key Infrastructure (PKI), Credential Management System (CMS), and end-user device ecosystem – were outdated and approaching end-of-life.

Key challenges included:

• Enhanced Security: Addressing the need for advanced security mechanisms to counter evolving cyber threats
• Improved User Experience: Integrating biometric authentication to streamline access while maintaining strict security standards
• Standards Compliance: Achieving full compliance with the FIPS 201 Personal Identity Verification (PIV) standard
• PKI Modernization: Replacing legacy PKI components that posed security and support risks
• Vendor Flexibility: Reducing vendor lock-in to allow for future adaptability and support for emerging technologies
• Accelerated Deployment: Meeting a tight timeline for design, implementation, and deployment to align with internal governance requirements

These challenges set the stage for a collaborative solution that would not only support immediate needs but also lay the groundwork for long-term resilience.

Entrust led the delivery of a modern, integrated PKI solution that formed the cryptographic backbone of the new identity infrastructure. Working closely with Intercede, the team delivered a comprehensive solution that included:

• Scalable Architecture: A robust CMS was deployed to support multiple air-gapped environments and manage tens of thousands of end-user devices. The system was initially configured for smartcards but designed to scale to mobile platforms, USB tokens, and virtual smartcards.
• Modern PKI Integration: A new PKI solution was seamlessly integrated, providing a secure and modern cryptographic foundation.
• Custom Applet Support: Smartcards were enabled with custom applets to meet specific operational requirements.
• Biometric Authentication: Match-on-Card biometric authentication was introduced, enhancing both security and user convenience.
• Secure Key Storage: A new CA-independent key storage solution was implemented, enabling secure generation, access, and recovery of sensitive cryptographic keys in line with strict security policies.

This tightly integrated solution not only helped meet the organization’s technical and compliance requirements but also introduced new capabilities that would support future innovation.