Included in this tender are 1200 (a volume estimate) security access module (SAM) cards and devices to be released to staff over the first 18 months of the project and an additional 300 per annum over five years, as well as responsibility for packaging, loading, serial number printing and overall lifecycle management.

The SAM holds the algorithm, PLAID (Protocol for Lightweight Authentication of Identity) which uses Rijndael-256 bit encryption, an advanced encryption standard (AES) ideal for fast verification.

"The tenderer should propose a network-based and distributable hardware security module-based authentication server/s that can support 32,000 symmetric authentication processes within half an hour into the Centrelink Novell environment utilising the PLAID protocol. The proposed product should be broadly implemented as a COTS (commercial off-the-shelf) product," according to tender documents. "Architecture for the existing logical and physical access systems (into which the card integrates) is highly complex. The back office elements are being replaced in a separate but parallel process to this tender. This tender will replace the existing one-time password-based Vasco tokens, however desktop integration into Novell Netware and Microsoft Windows logical access controls, and proprietary building access systems will not be within the scope of this tender.

"Tenderers should propose a card-based interim solution to resolve the transition requirement for physical access to doors using 125 kHz frequency identification technology (provided by vendor Indala) and 26 bit Weigand record (interface protocol) which will need to transition to the ISO/IEC 14443 (four-part standard for contactless smartcards) based PLAID record. Transition may take a number of years and will depend on the lease cycle for the various Centerlink buildings."

Centrelink is currently constructing new offices in Canberra which will open late 2007 and house 1700 staff. The site will be fitted with readers/systems at initial installation.