Current Technology and the TWIC Program

Current Technology and the TWIC Program

Walter HamiltonWalter Hamilton

Chairman, International Biometric Industry AssociationChairman, International Biometric Industry AssociationSr. Consultant, Identification Technology Partners, Inc.Sr. Consultant, Identification Technology Partners, Inc.

Walter HamiltonWalter Hamilton

Chairman, International Biometric Industry AssociationChairman, International Biometric Industry AssociationSr. Consultant, Identification Technology Partners, Inc.Sr. Consultant, Identification Technology Partners, Inc.

2010 NAWE Semi-Annual Meeting – Charleston, SCApril 14, 2010

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

TWIC Card and Biometric ReadersTWIC Card and Biometric Readers

• Purpose is to read TWIC card and perform automated validation of card authenticity and biometric verification of card holder

• Purpose is to read TWIC card and perform automated validation of card authenticity and biometric verification of card holder

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Types of TWIC ReadersTypes of TWIC Readers

• Fixed mount outdoor• Fixed mount indoor• Portable (handheld)

• Fixed mount outdoor• Fixed mount indoor• Portable (handheld)

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Examples of TWIC ReadersExamples of TWIC Readers

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

TWIC Reader Technical RequirementsTWIC Reader Technical Requirements

• Defined by TSA• TWIC Reader Hardware and Card Application

Specification– Version 1.1.1 May 30, 2008– Still considered as a “working” document– Will likely undergo changes as a result of

• Lessons learned during environmental and expanded functional testing

• Lessons learned during field pilot tests

• Defined by TSA• TWIC Reader Hardware and Card Application

Specification– Version 1.1.1 May 30, 2008– Still considered as a “working” document– Will likely undergo changes as a result of

• Lessons learned during environmental and expanded functional testing

• Lessons learned during field pilot tests

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Key Maritime Reader RequirementKey Maritime Reader Requirement

• Outdoor readers must operate in all weather conditions

• Temperature• Humidity• Sunlight• Dirt• Rain• Snow• Salt spray

• Outdoor readers must operate in all weather conditions

• Temperature• Humidity• Sunlight• Dirt• Rain• Snow• Salt spray

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Use of TWIC Readers TodayUse of TWIC Readers Today

• Policies for reader use will be set through future USCG rule making– Current requirement is for visual inspection of

TWIC even for voluntary users of TWIC readers– Exception is reader field pilot participants– Final reader rule is likely many months away

• Policies for reader use will be set through future USCG rule making– Current requirement is for visual inspection of

TWIC even for voluntary users of TWIC readers– Exception is reader field pilot participants– Final reader rule is likely many months away

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Interim Use of TWIC ReadersInterim Use of TWIC Readers

• USCG expected to implement interim policy measures to leverage biometric capabilities– Expect new Policy Advisory Council policy to replace PAC

08-09 within two months– Largely driven by pending expiration of ‘05 & ‘06 grant

funding targeted for purchase of TWIC readers– Expected to define interim voluntary reader use without

requirement for visual inspection

• USCG expected to implement interim policy measures to leverage biometric capabilities– Expect new Policy Advisory Council policy to replace PAC

08-09 within two months– Largely driven by pending expiration of ‘05 & ‘06 grant

funding targeted for purchase of TWIC readers– Expected to define interim voluntary reader use without

requirement for visual inspection

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

TWIC Reader Operating ModesTWIC Reader Operating Modes

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Reader Mode (Contactless)Reader Mode (Contactless)

• Place card in close proximity to reader• Three approaches based on security needs

– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric

• Requires previous registration of TWIC Privacy Key (TPK) to decrypt biometric stored on card

• No PIN entry required

• Place card in close proximity to reader• Three approaches based on security needs

– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric

• Requires previous registration of TWIC Privacy Key (TPK) to decrypt biometric stored on card

• No PIN entry required

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Reader Mode (Mag Swipe & Contactless)Reader Mode (Mag Swipe & Contactless)

• Swipe magnetic stripe– To obtain TPK for decrypting biometric on card

• Place card in close proximity to reader• CHUID + card authentication + biometric• No pre-registration of TPK required• No PIN entry required

• Swipe magnetic stripe– To obtain TPK for decrypting biometric on card

• Place card in close proximity to reader• CHUID + card authentication + biometric• No pre-registration of TPK required• No PIN entry required

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Reader Mode (Contact)Reader Mode (Contact)

• Insert card into contact reader slot• Three approaches based on security needs

– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric

• Not recommended for outdoor fixed mount operation

• No PIN entry required

• Insert card into contact reader slot• Three approaches based on security needs

– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric

• Not recommended for outdoor fixed mount operation

• No PIN entry required

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Reader Mode (Contact with Face Image)Reader Mode (Contact with Face Image)

• Insert card into contact reader slot• Enter PIN• Three approaches based on security needs

– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric

• Display facial image• Most suitable for portable readers• PIN required

• Insert card into contact reader slot• Enter PIN• Three approaches based on security needs

– CHUID only– CHUID + card authentication– CHUID + card authentication + biometric

• Display facial image• Most suitable for portable readers• PIN required

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

TWIC Card registered into Physical Access Control System (PACS) with no TWIC Reader at Entry Points

TWIC Card registered into Physical Access Control System (PACS) with no TWIC Reader at Entry Points

• Read TWIC card at PACS administrative workstation• Verify fingerprint matches to stored fingerprint on

card• Check TWIC card validity and expiration dates• Add TWIC card holder unique identifier (CHUID) into

PACS server database• Link TWIC CHUID to existing record in PACS• PACS server periodically checks TSA TWIC hot list

– Revokes PACS entry privilege if found on hot list– Disables existing badge

• Read TWIC card at PACS administrative workstation• Verify fingerprint matches to stored fingerprint on

card• Check TWIC card validity and expiration dates• Add TWIC card holder unique identifier (CHUID) into

PACS server database• Link TWIC CHUID to existing record in PACS• PACS server periodically checks TSA TWIC hot list

– Revokes PACS entry privilege if found on hot list– Disables existing badge

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Operational BiometricsOperational Biometrics

• Register biometric in access control system– Biometric not read from card during entry

• No need to store TPK or decrypt biometric data

– Could be fingerprint, iris, face, vein, etc.

• Card ID is pointer to biometric in database• No need for PIN entry

• Register biometric in access control system– Biometric not read from card during entry

• No need to store TPK or decrypt biometric data

– Could be fingerprint, iris, face, vein, etc.

• Card ID is pointer to biometric in database• No need for PIN entry

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

What do Readers Cost?What do Readers Cost?

• Estimated price ranges:– Fixed mount outdoor readers - $2,500 to $4,000– Fixed mount indoor readers – $2,000 to $3,500– Portable mobile readers - $4,000 to $6,000

• Typical warranty is one year• Useful life is 5 to 7 years• Software, installation, integration, physical

access control system, field control panels, etc. are not included in the above price estimates

• Estimated price ranges:– Fixed mount outdoor readers - $2,500 to $4,000– Fixed mount indoor readers – $2,000 to $3,500– Portable mobile readers - $4,000 to $6,000

• Typical warranty is one year• Useful life is 5 to 7 years• Software, installation, integration, physical

access control system, field control panels, etc. are not included in the above price estimates

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Next Steps for TWIC Reader CertificationNext Steps for TWIC Reader Certification

• TSA is working with the National Institute of Standards and Technology (NIST) to define an on-going TWIC reader test and certification process– Workshop to be held on September 21

• To be implemented after publication of final reader rule• Testing to be performed by accredited independent

laboratories• Will result in published TWIC reader Qualified

Products List (QPL)

• TSA is working with the National Institute of Standards and Technology (NIST) to define an on-going TWIC reader test and certification process– Workshop to be held on September 21

• To be implemented after publication of final reader rule• Testing to be performed by accredited independent

laboratories• Will result in published TWIC reader Qualified

Products List (QPL)

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

• Field test Sep 09 – Jan 10– Datastrip and MAXID deployed to 51 field units

– 5,000+ TWICs inspected

– Not used for enforcement

– User feedback being reviewed

• Field deployment– All 42 Captain of the Port (COTP) Zones

– Deployment schedule – Summer 2010

• Expected mission use– Law enforcement boardings

– Facility inspections / spot checks

– Vessel inspections

• Field test Sep 09 – Jan 10– Datastrip and MAXID deployed to 51 field units

– 5,000+ TWICs inspected

– Not used for enforcement

– User feedback being reviewed

• Field deployment– All 42 Captain of the Port (COTP) Zones

– Deployment schedule – Summer 2010

• Expected mission use– Law enforcement boardings

– Facility inspections / spot checks

– Vessel inspections

USCG Handheld Readers for EnforcementUSCG Handheld Readers for Enforcement

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

DemonstrationDemonstration

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

More InformationMore Information

• TSA website – www.tsa.gov/twic–TWIC Reader Specification–Pilot Program–FAQs

• USCG website – http://homeport.uscg.mil-Final Rulemakings, Compliance Notices & Framework-Navigation & Vessel Inspection Circular (NVIC) 03-07-Policy Advisory Council (PAC) Decisions-FAQs

• Biometric information – www.biometrics.gov or www.ibia.org

• Smart card information – www.smartcardalliance.org

Questions?

2010 NAWE Semi-Annual Conference2010 NAWE Semi-Annual Conference

Contact InformationContact Information

Walter Hamilton

whamilton@idtp.com

(727) 938-2704

(425) 503-0985 (cell)

Walter Hamilton

whamilton@idtp.com

(727) 938-2704

(425) 503-0985 (cell)