The government agency wants other departments and commercial businesses to adopt the Protocol for Lightweight Authentication of ID (PLACID), which withstood three years of design and testing by Australian and American security agencies.
The agency has one of Australia's most advanced physical and logical converged security systems: staff can access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments.
PLACID, which will be available here, will be used in the agency's incoming fleet of contact-less smartcards that are currently under trial by staff. It will replace existing identity cards that operate on PKI encryption.
The agency says hackers cannot break the PLACID protocol because it uses two cryptographic algorithms in its scrambling process in rapid succession — typically less than a quarter of a second — whereas other systems use a single algorithm.
"PLAID is the only system that preserves the privacy of the cardholder from ID leakage. Other systems 'talk' from card to mainframe using easily captured personal information and unique identifiers in the ID-authentication process."