Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
UNCLASSIFIED – FOR OFFICIAL USE ONLY (FOUO)
UNCLASSIFIED – FOR OFFICIAL USE ONLY (FOUO)
Defense Biometric
Identification System
(DBIDS)
Overview
September 2018
Scott UlrichDefense Manpower Data Center (DMDC)
What is DBIDS?
UNCLASSIFIED
UNCLASSIFIED
• Physical Access Control System developed by the Department of Defense’s
DMDC agency in the late 1990’s
• Fully integrated Identity Management and Force Protection capability
• Electronic verification of personnel via interoperable operations
• Largest physical access system in DoD; installed at over 350 sites worldwide
with 6 million registered personnel.
DBIDS Benefits
UNCLASSIFIED
UNCLASSIFIED
• Real-time authentication against verified databases via IMESA that
increases available data used for intelligent access decisions
• Real-time recording of 800K+ daily base accesses (CONUS)
• Electronically flags and tracks personnel with adverse status across
system—already 55,000+ people with adverse status known in system
• Uses all existing DoD-issued credentials, digital photos, and digital
fingerprints and issues badges for individuals not authorized DoD
credentials
• Rules-driven—configurable by local authorities
• Supports individual or joint base constructs
DBIDS Interactions With IMESA
UNCLASSIFIED
UNCLASSIFIED
• DBIDS is a Physical Access Control System (PACS)
o Sites directly interact with DBIDS by:
• Creating person records and issuing visitor passes and DBIDS cards
• Performing Access Transactions
• Inputting data into the DBIDS database by:
o Scanning a DoD-affiliated credential at an access control point
o Manually creating a record (that is stored in the Local Population)
o DBIDS broadcasts data from the database into IMESA
• Identity Matching Engine for Security and Analysis (IMESA) is an identity
matching system
o It is a service, consisting of servers and software
• It is intangible; there is no direct utilization by sites or personnel (you cannot “see”
IMESA)
o Takes data broadcasted from PACS for DoD-affiliated and Local Population persons,
matches it against derogatory information, and, if there is a match, sends back to PACS
o Permits information sharing between connected PACS
IMESA Process
UNCLASSIFIED
Coming Soon
Serving Those Who Serve Our Country
Serving Those Who Serve Our Country
NCIC: Total Number of Matches
This report shows total counts of persons with an NCIC sourced alert consumed by IoLS since August 2014. *Data as of 4 September 2018
Type of Offense Count
Obstruction of Justice 17,897
Assault 3,508
Larceny 3,082
Fraudulent Activity 2,650
Dangerous Drugs 2,647
Burglary 1,584
Military Desertion 1,282
Family Offenses 1,096
Sexual Assault 1,105
Traffic Offenses 971
Sex Offenses 870
Forgery-Counterfeiting 750
Weapon Offense 676
Stolen Vehicle 635
Robbery 583
Stolen Property 445
Flight-Escape 473
Damage Property 414
Kidnapping 330
Homicide 343
Other 1,173
Total 42,514
Obstruction of Justice
AssaultLarceny
Faudulent Activity
Dangerous Drugs
Burglary
Military Desertion
Family Offenses
Sexual Assault
Traffic Offenses
Sex Offenses
Forgery-Counterfeiting
Weapon Offense
Stolen Vehicle Robbery
Stolen PropertyFlight-Escape
Damage Property
Kidnapping
Homicide
Other
Serving Those Who Serve Our Country
All Time DBIDS Alerts - Credential
Categories
*Data as of 1 March 2018
This report shows counts of persons with a DBIDS sourced alert consumed by IoLS. If the person has multiple credentials, they are grouped under the 'Multiple Credential' category. If the person does not have ANY credential defined in DBIDS, they are grouped into the 'NO CREDENTIAL' category.
Persons with a DBIDS sourced alert and no credential can occur when Base Security Officers or Law Enforcement Operators pre-emptively create a profile with a local base status.
Category Count
MULTIPLE CREDENTIALS 19,613
NO CREDENTIAL 16,565
Other DoD Category 11,211
Active Duty 10,755
Visitor Pass 10,529
DBIDS Card 7,805
Retiree 2,452
CIV CAC 1,376
DoD Contractor CAC 474
PIV Credential 15
Grand Total 80,795
Active Duty, 10755CIV CAC, 1376
DBIDS Card, 7805
DoD Contractor CAC,
474
MULTIPLE
CREDENTIALS, 19613
NO CREDENTIAL,
16565
Other DoD Category,
11211
PIV Credential, 15
Retiree, 2452Visitor Pass, 10529
• The DBIDS Configuration consists of:
• Enrollment Workstations
• Access Control Workstations
• Handheld devices
• Wireless Access Points (if necessary)
DBIDS Footprint
UNCLASSIFIED
UNCLASSIFIED
Enrollment WKS (ENR)
Located at Visitor Centers
Access Control WKS
(ACW)
Located at 24-7 Gate
Handheld
DBIDS Capabilities
UNCLASSIFIED
UNCLASSIFIED
Persons:• Register person information:
o Biographic
o Biometric: Fingerprint, Face, Iris
o Contact information
o Designation of emergency essential personnel (if applicable)
• Immediate vetting against IMESA/IolS during initial registration
• Continuous vetting against IMESA while of interest
• Interaction with other participating installations using DBIDS or IMESA to assist in
determining suitability (fitness) for access
• Sharing of all adverse statuses from other PACS, military branches, FBI, and
other LE databases
• Pre-enrollment: Web application to allow an applicant to pre-enroll their
biographic data into the system before going to the installation in order to speed
up the enrollment process (new feature)
DBIDS Capabilities
UNCLASSIFIED
UNCLASSIFIED
Organizations*: Register Organizations who can sponsor individuals or own
assets on your base
Assets*: Register a Vehicle, Bicycle, Weapon, or Pet to a person or organization.
Can search for Asset by Asset Identification or Owner
Permissions*: Ability to assign individuals, categories, and organizations explicit
or affiliation-based implicit permissions to an installation by day or time of day. Can also
assign permissions based on FPCON level, Emergency Essential, and POTUS
situations.
Base Pass: Create temporary paper visitor pass or long-term local base pass on
card stock.
* BSO enabled (recommend tailored setup during initial installation)
DBIDS Capabilities Cont.
UNCLASSIFIED
UNCLASSIFIED
Access Control:• Use of a mobile device and/or stand-alone computer to scan any credential
known to DBIDS for access (manned ECP)
• Automatic reach-back to search for any DoD-affiliated scanned credential
unknown to DBIDS and register with DBIDS (infrastructure dependant)
• Use of a stand-alone computer to search for an individual who does not have a
credential to determine access suitability
• Ability to verify a person’s identity by biometric; automatically prompts for
biometric in situations of suspected identity fraud (rule based)
• Ability to use access control reliably during network outages and other
communication difficulties from the stand-alone computer and the mobile device (Note: The mobile device must have reliable connectivity to the stand-alone computer for
this feature to function. Reach back off-site is truncated)
Roles: Ability to refine operator functionality to the DBIDS application based on the
following operator roles—Base Security Officer, Law Enforcement Officer, Registrar,
and Access Control Operator
DBIDS Capabilities Cont.
UNCLASSIFIED
UNCLASSIFIED
Access Areas: Ability to define access areas as Installation/Joint Access, Perimeter,
and Access Control Points and set access permissions at any access area type.
Unmanned Gates: Ability to make separate access decisions based on unmanned
scenarios (i.e., pedestrian gates allow driving suspended people through and vehicle
gates deny access for driving suspended) (standardized interface)
Credential:• Automatic Enrollment of DoD credentials at the gate
• Enrollment of PIV credential into system
• Associate 3rd party credential token to a person:
oTransportation Worker Identification Card (TWIC)
oReal ID compliant driver’s license (as required)
oPassport (US or other compliant country passports)
Reports: Data available on a variety of activity within the installation including Access
Transactions, Adverse Statuses, Denies, and Operator Logons
Enrollment Workstation Interface
UNCLASSIFIED
UNCLASSIFIED
DBIDS Web Portal
UNCLASSIFIED
UNCLASSIFIED
Access Control Workstation Interface
UNCLASSIFIED
UNCLASSIFIED
Handhelds
UNCLASSIFIED
UNCLASSIFIED
DBIDS Card—Categories & Colors
UNCLASSIFIED
UNCLASSIFIED
Green
Conveyance
Facilities Service
Maintenance
U.S. Government Contractor (non-CAC)
U.S. Government Civilian (non-CAC)
Blue
Foreign Civilian Visitor
Facilities Service
Foreign Government Civilian
Foreign Government Contractor
Foreign Military Dependent
Foreign Military Retiree
Foreign Military
Yellow
Facility Use
Long Term Visitor
Other
Personal Delivery
Personal Services
Privatized Housing
Volunteer
Red
Emergency Essential Civilian (non-CAC)
Visitor Pass
UNCLASSIFIED
UNCLASSIFIED
DBIDS Operation(typical)
UNCLASSIFIED
UNCLASSIFIED
1
John Doe approaches gate and ID credential is scanned with handheld
device
2 3
4 5
If not registered on base,DoD Credential can be automatically
Registered(no trip to visitor center=manpower savings)
Identity sent to DMDC from handheldOver the network (450-500K/day)
DMDC:1. Validates credential2. Sends back picture/identity3. Checks IMESA (FBI files,
Revocation, others)4. Sends RED/GREEN status
(in less than 1 second)
1. GUARD sees person + credential + remote database validation2. DMDC FBI interface is transmitted to all connected locations3. All base alerts are transmitted in the region or across
enterprise4. Provides common interoperable status to all DoD installations
SAMPLE ACTIONS1. If credential lost/stolen/invalid= confiscated2. If FBI warrant=sent to secondary screening
and message sent to base law enforcement3. If US Military BOLO (Be on the Lookout) for
base traffic infraction or barred = local handling
Approved=Entry
Issues=Message
5. Proven security benefit to help gate personnel6. Proven that reduces required manpower at gates7. Maintains info/status on vehicles, visitors, local workers
DMDC DBIDS Contacts
UNCLASSIFIED
UNCLASSIFIED
Scott UlrichDBIDS Program Manager
Visit the DBIDS Website:
https://dbids.dmdc.mil/(CAC ENABLED)
UNCLASSIFIED
UNCLASSIFIED
Questions?
DBIDS Complies With…
UNCLASSIFIED
UNCLASSIFIED
• DoD policies, including but not limited to:o DoD 5200.08-R, Physical Security Program
o DoD Instructive 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling
o DTM 09-012, Interim Policy Guidance for DoD Physical Access Control
o Directive-type Memorandum (DTM) 14-005, DoD Identity Management Capability
Enterprise Services Application (IMESA) Access to FBI National Crime Information Center
(NCIC) Files
• Federal policies, including but not limited to:o FIPS 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors
o Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common
Identification Standard for Federal Employees and Contractors
o M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD)
12 Policy for a Common Identification Standard for Federal Employees and Contractors
*Full list of standards for DBIDS compliance is available on DBIDS website*