To secure the Common Access Card program data, he said the Department of Defense also used PKI technology for transactions.

"Australians are sensitive to privacy concerns, but what data goes on the card is really a policy issue," he said.

"The level of authentication you do on the identity has nothing to do with the card."

Brandewie suggested a system could have three stages of identity assurance, high, medium and low linking the value of the actual transaction to the level of identity assurance required.

"We [ActiveIdenity] have a big advantage because we know where the potholes are in the road," Brandewie said.