View
215
Download
0
Category
Tags:
Preview:
Citation preview
Current Technology and the TWIC Program
Current Technology and the TWIC Program
Walter HamiltonWalter Hamilton
Chairman, International Biometric Industry AssociationChairman, International Biometric Industry AssociationSr. Consultant, Identification Technology Partners, Inc.Sr. Consultant, Identification Technology Partners, Inc.
Walter HamiltonWalter Hamilton
Chairman, International Biometric Industry AssociationChairman, International Biometric Industry AssociationSr. Consultant, Identification Technology Partners, Inc.Sr. Consultant, Identification Technology Partners, Inc.
2010 NAWE Semi-Annual Meeting – Charleston, SCApril 14, 2010
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
TWIC Card and Biometric ReadersTWIC Card and Biometric Readers
• Purpose is to read TWIC card and perform automated validation of card authenticity and biometric verification of card holder
• Purpose is to read TWIC card and perform automated validation of card authenticity and biometric verification of card holder
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Types of TWIC ReadersTypes of TWIC Readers
• Fixed mount outdoor• Fixed mount indoor• Portable (handheld)
• Fixed mount outdoor• Fixed mount indoor• Portable (handheld)
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Examples of TWIC ReadersExamples of TWIC Readers
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
TWIC Reader Technical RequirementsTWIC Reader Technical Requirements
• Defined by TSA• TWIC Reader Hardware and Card Application
Specification– Version 1.1.1 May 30, 2008– Still considered as a “working” document– Will likely undergo changes as a result of
• Lessons learned during environmental and expanded functional testing
• Lessons learned during field pilot tests
• Defined by TSA• TWIC Reader Hardware and Card Application
Specification– Version 1.1.1 May 30, 2008– Still considered as a “working” document– Will likely undergo changes as a result of
• Lessons learned during environmental and expanded functional testing
• Lessons learned during field pilot tests
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Key Maritime Reader RequirementKey Maritime Reader Requirement
• Outdoor readers must operate in all weather conditions
• Temperature• Humidity• Sunlight• Dirt• Rain• Snow• Salt spray
• Outdoor readers must operate in all weather conditions
• Temperature• Humidity• Sunlight• Dirt• Rain• Snow• Salt spray
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Use of TWIC Readers TodayUse of TWIC Readers Today
• Policies for reader use will be set through future USCG rule making– Current requirement is for visual inspection of
TWIC even for voluntary users of TWIC readers– Exception is reader field pilot participants– Final reader rule is likely many months away
• Policies for reader use will be set through future USCG rule making– Current requirement is for visual inspection of
TWIC even for voluntary users of TWIC readers– Exception is reader field pilot participants– Final reader rule is likely many months away
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Interim Use of TWIC ReadersInterim Use of TWIC Readers
• USCG expected to implement interim policy measures to leverage biometric capabilities– Expect new Policy Advisory Council policy to replace PAC
08-09 within two months– Largely driven by pending expiration of ‘05 & ‘06 grant
funding targeted for purchase of TWIC readers– Expected to define interim voluntary reader use without
requirement for visual inspection
• USCG expected to implement interim policy measures to leverage biometric capabilities– Expect new Policy Advisory Council policy to replace PAC
08-09 within two months– Largely driven by pending expiration of ‘05 & ‘06 grant
funding targeted for purchase of TWIC readers– Expected to define interim voluntary reader use without
requirement for visual inspection
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
TWIC Reader Operating ModesTWIC Reader Operating Modes
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Reader Mode (Contactless)Reader Mode (Contactless)
• Place card in close proximity to reader• Three approaches based on security needs
– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric
• Requires previous registration of TWIC Privacy Key (TPK) to decrypt biometric stored on card
• No PIN entry required
• Place card in close proximity to reader• Three approaches based on security needs
– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric
• Requires previous registration of TWIC Privacy Key (TPK) to decrypt biometric stored on card
• No PIN entry required
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Reader Mode (Mag Swipe & Contactless)Reader Mode (Mag Swipe & Contactless)
• Swipe magnetic stripe– To obtain TPK for decrypting biometric on card
• Place card in close proximity to reader• CHUID + card authentication + biometric• No pre-registration of TPK required• No PIN entry required
• Swipe magnetic stripe– To obtain TPK for decrypting biometric on card
• Place card in close proximity to reader• CHUID + card authentication + biometric• No pre-registration of TPK required• No PIN entry required
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Reader Mode (Contact)Reader Mode (Contact)
• Insert card into contact reader slot• Three approaches based on security needs
– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric
• Not recommended for outdoor fixed mount operation
• No PIN entry required
• Insert card into contact reader slot• Three approaches based on security needs
– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric
• Not recommended for outdoor fixed mount operation
• No PIN entry required
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Reader Mode (Contact with Face Image)Reader Mode (Contact with Face Image)
• Insert card into contact reader slot• Enter PIN• Three approaches based on security needs
– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric
• Display facial image• Most suitable for portable readers• PIN required
• Insert card into contact reader slot• Enter PIN• Three approaches based on security needs
– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric
• Display facial image• Most suitable for portable readers• PIN required
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
TWIC Card registered into Physical Access Control System (PACS) with no TWIC Reader at Entry Points
TWIC Card registered into Physical Access Control System (PACS) with no TWIC Reader at Entry Points
• Read TWIC card at PACS administrative workstation• Verify fingerprint matches to stored fingerprint on
card• Check TWIC card validity and expiration dates• Add TWIC card holder unique identifier (CHUID) into
PACS server database• Link TWIC CHUID to existing record in PACS• PACS server periodically checks TSA TWIC hot list
– Revokes PACS entry privilege if found on hot list– Disables existing badge
• Read TWIC card at PACS administrative workstation• Verify fingerprint matches to stored fingerprint on
card• Check TWIC card validity and expiration dates• Add TWIC card holder unique identifier (CHUID) into
PACS server database• Link TWIC CHUID to existing record in PACS• PACS server periodically checks TSA TWIC hot list
– Revokes PACS entry privilege if found on hot list– Disables existing badge
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Operational BiometricsOperational Biometrics
• Register biometric in access control system– Biometric not read from card during entry
• No need to store TPK or decrypt biometric data
– Could be fingerprint, iris, face, vein, etc.
• Card ID is pointer to biometric in database• No need for PIN entry
• Register biometric in access control system– Biometric not read from card during entry
• No need to store TPK or decrypt biometric data
– Could be fingerprint, iris, face, vein, etc.
• Card ID is pointer to biometric in database• No need for PIN entry
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
What do Readers Cost?What do Readers Cost?
• Estimated price ranges:– Fixed mount outdoor readers - $2,500 to $4,000– Fixed mount indoor readers – $2,000 to $3,500– Portable mobile readers - $4,000 to $6,000
• Typical warranty is one year• Useful life is 5 to 7 years• Software, installation, integration, physical
access control system, field control panels, etc. are not included in the above price estimates
• Estimated price ranges:– Fixed mount outdoor readers - $2,500 to $4,000– Fixed mount indoor readers – $2,000 to $3,500– Portable mobile readers - $4,000 to $6,000
• Typical warranty is one year• Useful life is 5 to 7 years• Software, installation, integration, physical
access control system, field control panels, etc. are not included in the above price estimates
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Next Steps for TWIC Reader CertificationNext Steps for TWIC Reader Certification
• TSA is working with the National Institute of Standards and Technology (NIST) to define an on-going TWIC reader test and certification process– Workshop to be held on September 21
• To be implemented after publication of final reader rule• Testing to be performed by accredited independent
laboratories• Will result in published TWIC reader Qualified
Products List (QPL)
• TSA is working with the National Institute of Standards and Technology (NIST) to define an on-going TWIC reader test and certification process– Workshop to be held on September 21
• To be implemented after publication of final reader rule• Testing to be performed by accredited independent
laboratories• Will result in published TWIC reader Qualified
Products List (QPL)
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
• Field test Sep 09 – Jan 10– Datastrip and MAXID deployed to 51 field units
– 5,000+ TWICs inspected
– Not used for enforcement
– User feedback being reviewed
• Field deployment– All 42 Captain of the Port (COTP) Zones
– Deployment schedule – Summer 2010
• Expected mission use– Law enforcement boardings
– Facility inspections / spot checks
– Vessel inspections
• Field test Sep 09 – Jan 10– Datastrip and MAXID deployed to 51 field units
– 5,000+ TWICs inspected
– Not used for enforcement
– User feedback being reviewed
• Field deployment– All 42 Captain of the Port (COTP) Zones
– Deployment schedule – Summer 2010
• Expected mission use– Law enforcement boardings
– Facility inspections / spot checks
– Vessel inspections
USCG Handheld Readers for EnforcementUSCG Handheld Readers for Enforcement
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
DemonstrationDemonstration
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
More InformationMore Information
• TSA website – www.tsa.gov/twic–TWIC Reader Specification–Pilot Program–FAQs
• USCG website – http://homeport.uscg.mil-Final Rulemakings, Compliance Notices & Framework-Navigation & Vessel Inspection Circular (NVIC) 03-07-Policy Advisory Council (PAC) Decisions-FAQs
• Biometric information – www.biometrics.gov or www.ibia.org
• Smart card information – www.smartcardalliance.org
Questions?
2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference
Contact InformationContact Information
Walter Hamilton
whamilton@idtp.com
(727) 938-2704
(425) 503-0985 (cell)
Walter Hamilton
whamilton@idtp.com
(727) 938-2704
(425) 503-0985 (cell)
Recommended