Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Port of SeattlePort of SeattleBiometric Card Access ControlBiometric Card Access ControlA Case StudyA Case Study
American Association of Port AuthoritiesInformation Technology Committee MeetingTacoma, Washington April 19, 2006
American Association of Port Authorities -Tacoma, WA April 19, 2006
Topics for todayTopics for today
•• Introduction.Introduction.•• Brief historical review.Brief historical review.•• The place of the IT Department.The place of the IT Department.•• The impact of 9/11 on our plans.The impact of 9/11 on our plans.•• Biometric project decision overview.Biometric project decision overview.•• Smart Cards 101.Smart Cards 101.•• Q& AQ& A
American Association of Port Authorities -Tacoma, WA April 19, 2006
IntroductionIntroductionBrad Jenson Brad Jenson
[email protected]@PortSeattle.org•• 25+ years with Port of Seattle 25+ years with Port of Seattle
Information TechnologyInformation Technology•• 18+ years supporting airport security 18+ years supporting airport security
systemssystems•• 3+ years supporting seaport security 3+ years supporting seaport security
systemssystems•• 1+ years supporting Police & Fire1+ years supporting Police & Fire
American Association of Port Authorities -Tacoma, WA April 19, 2006
•• SeattleSeattle--Tacoma International Tacoma International Airport (SEA)Airport (SEA)
•• Seattle Seaport HarborSeattle Seaport Harbor•• Fishing and Pleasure Boat Fishing and Pleasure Boat
MoorageMoorage•• Cruise Terminal FacilitiesCruise Terminal Facilities•• Other Commercial OperationsOther Commercial Operations
American Association of Port Authorities -Tacoma, WA April 19, 2006
Seaport Statistics Seaport Statistics -- 20052005
•• Total TEU Containers: Total TEU Containers: 2,087,929 2,087,929
•• Total Cruise Passengers: Total Cruise Passengers: 686,357 686,357
•• Total Vessel Calls:Total Vessel Calls:Container Container –– 898 Cruise 898 Cruise -- 170 170
•• 1,517 Active Cardholders1,517 Active Cardholders•• Access Control deployed March 2004Access Control deployed March 2004
American Association of Port Authorities -Tacoma, WA April 19, 2006
Airport Statistics Airport Statistics -- 20052005
•• Total Air Passengers: Total Air Passengers: 29,289,026 29,289,026
•• Total Aircraft Operations: Total Aircraft Operations: 341,470 341,470
•• Total Air Cargo (metric tons): Total Air Cargo (metric tons): 338,591 338,591
•• 20,026 Active Cardholders20,026 Active Cardholders•• Biometric Cards October 2003Biometric Cards October 2003
Security at the Airport Security at the Airport ––where it all startedwhere it all started
A brief overview of evolving A brief overview of evolving technologies…technologies…
American Association of Port Authorities -Tacoma, WA April 19, 2006
The 1980’s
Instant Camera CardsInstant Camera Cards
Camera
Laminator Die Cutter
American Association of Port Authorities -Tacoma, WA April 19, 2006
Door Access CardDoor Access Card
The late 1980’sThe early 1990’s
(Representative example)
American Association of Port Authorities -Tacoma, WA April 19, 2006
The mid 1990’s
Laminated ID CardsLaminated ID Cards
American Association of Port Authorities -Tacoma, WA April 19, 2006
The late 1990’s and through Y2K
PVC/Composite CardsPVC/Composite Cards
Magnetic Stripe
American Association of Port Authorities -Tacoma, WA April 19, 2006
The intended post Y2K plan…
Dual Technology CardsDual Technology Cards
Magnetic Stripe and 125 KHZ Proximity
American Association of Port Authorities -Tacoma, WA April 19, 2006
Security System Security System Technology ChangesTechnology Changes
•• Proprietary solutions gave way Proprietary solutions gave way to Windows desktop standards.to Windows desktop standards.
•• Use of standard SQL databases Use of standard SQL databases rather than proprietary or rather than proprietary or desktopdesktop--grade file systems.grade file systems.
•• Field devices, door readers may Field devices, door readers may be IP addressable.be IP addressable.
•• Wireless technology.Wireless technology.
American Association of Port Authorities -Tacoma, WA April 19, 2006
The Entrance of IT into The Entrance of IT into Physical Security’s TurfPhysical Security’s Turf
•• Converging network and server Converging network and server requirements and infrastructure.requirements and infrastructure.
•• High reliability servers; no High reliability servers; no longer a PC under the counter.longer a PC under the counter.
•• Complex database, server and Complex database, server and network administration.network administration.
•• Surveillance: CCTV moving to IPSurveillance: CCTV moving to IP
American Association of Port Authorities -Tacoma, WA April 19, 2006
What IT Can OfferWhat IT Can Offer
•• System integration skills. Was a System integration skills. Was a nonnon--issue in the proprietary era.issue in the proprietary era.
•• Setting technology standards to Setting technology standards to reduce maintenance costs.reduce maintenance costs.
•• Handle data privacy issues. Handle data privacy issues. Systems now require more PPI.Systems now require more PPI.
•• Best practices for cyber security Best practices for cyber security & evaluating vendor compliance.& evaluating vendor compliance.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Our Integration PlanOur Integration Plan
American Association of Port Authorities -Tacoma, WA April 19, 2006
A Few Things IT Gets A Few Things IT Gets From the Deal…From the Deal…
•• Experience and expertise with Experience and expertise with biometrics: Also use for login access biometrics: Also use for login access to enterprise PCs?to enterprise PCs?
•• Exposure to surveillance technology: Exposure to surveillance technology: A voice at the table for future IP A voice at the table for future IP implementations, digitized storage.implementations, digitized storage.
•• Engagement as they start stringing Engagement as they start stringing network and cable everywhere. network and cable everywhere.
American Association of Port Authorities -Tacoma, WA April 19, 2006
And, unless this is you…And, unless this is you…
American Association of Port Authorities -Tacoma, WA April 19, 2006
Need Partnering of IT Need Partnering of IT and Maintenance Dept.and Maintenance Dept.
•• Need to clearly define system Need to clearly define system support roles. It’s critical!support roles. It’s critical!
•• Delineate support roles where Delineate support roles where network meets field devices.network meets field devices.
•• Repair and PM of readers.Repair and PM of readers.•• Surveillance Cameras Surveillance Cameras –– Same Same
story. Does IT climb ladders?story. Does IT climb ladders?•• Consider labor relations issues. Consider labor relations issues.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Typical ImplementationTypical Implementation
September 10, 2001September 10, 2001
The Port of Seattle had plans to The Port of Seattle had plans to construct and implement a new construct and implement a new access control system at Seattleaccess control system at Seattle--Tacoma International Airport using Tacoma International Airport using standard proximity card technology. standard proximity card technology. This new system was critical to This new system was critical to completion of a $587M airport completion of a $587M airport terminal expansion project.terminal expansion project.
American Association of Port Authorities -Tacoma, WA April 19, 2006
But the world changed…But the world changed…
American Association of Port Authorities -Tacoma, WA April 19, 2006
But the world changed…But the world changed…
And so did we.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Following 9/11Following 9/11
•• Increased focus on biometrics.Increased focus on biometrics.•• Emphasis on identification and Emphasis on identification and
authentication of transportation authentication of transportation workers workers –– TWIC emerges on scene.TWIC emerges on scene.
•• Formation of the TSA, DHS, etc.Formation of the TSA, DHS, etc.•• Development of information sharing Development of information sharing
networks and systems.networks and systems.•• Grant funding for Seaport Security.Grant funding for Seaport Security.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Our directives…Our directives…
•• Reevaluate plans in light of 9/11.Reevaluate plans in light of 9/11.•• Install a forward looking solution.Install a forward looking solution.•• Identify and recommend viable, cost Identify and recommend viable, cost
effective biometric technologies.effective biometric technologies.•• Insure that it would not jeopardize Insure that it would not jeopardize
airport terminal construction project.airport terminal construction project.•• Integrate into existing project for Integrate into existing project for
access control system replacement.access control system replacement.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Five Years of TWICFive Years of TWIC
•• In late 2001… TWIC was not In late 2001… TWIC was not ready for prime time in a large ready for prime time in a large access control project like ours.access control project like ours.
•• In early 2006… (insert your In early 2006… (insert your personal views here).personal views here).
•• The Port of Seattle decided to The Port of Seattle decided to go forward and not wait for TSA.go forward and not wait for TSA.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric BasicsBiometric Basics
•• TWIC is simply one biometric TWIC is simply one biometric technology implementation.technology implementation.
•• TWIC is more about standards TWIC is more about standards authentication systems, authentication systems, process, and infrastructure than process, and infrastructure than biometrics alone.biometrics alone.
•• Many biometrics are not TWIC.Many biometrics are not TWIC.
Question: Is the Port of Question: Is the Port of Seattle System TWIC?Seattle System TWIC?
Answer: Answer:
No. But processes, technologies, No. But processes, technologies, security procedures, databases, security procedures, databases, etc., are TWIC enablers. etc., are TWIC enablers.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Levels of AuthenticationLevels of Authentication
•• What you have (Access Card)What you have (Access Card)•• What you know (PIN number)What you know (PIN number)•• Who you are (Biometric)Who you are (Biometric)
The use of biometrics adds the The use of biometrics adds the third level of security.third level of security.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometrics and Identity Biometrics and Identity TheftTheft
•• Biometrics will become more Biometrics will become more prominent in commerceprominent in commerce
•• If it is valuable to a thief, If it is valuable to a thief, biometric identities will be biometric identities will be stolen and misusedstolen and misused
•• Once it’s stolen, the victim has Once it’s stolen, the victim has no wayno way to change the biometric to change the biometric source source –– it is part of their beingit is part of their being
A Source of InformationA Source of Informationwww7.nationalacademies.org/cstb/pub_authentication.htmlwww7.nationalacademies.org/cstb/pub_authentication.html
Who Goes There? Who Goes There? Authentication Through the Authentication Through the Lens of PrivacyLens of Privacy
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric Technologies Biometric Technologies Considered by SeattleConsidered by Seattle
•• Finger ScanFinger Scan•• Hand Geometry ScanHand Geometry Scan•• Iris ScanIris Scan
A useful resourceA useful resource
Framework for Evaluating and Framework for Evaluating and Deploying Biometrics in Air Travel Deploying Biometrics in Air Travel Applications: Surveillance, Trusted Applications: Surveillance, Trusted Travel, Access ControlTravel, Access Control
International Biometric Group April 3, 2002International Biometric Group April 3, 2002
American Association of Port Authorities -Tacoma, WA April 19, 2006
Finger Scan Finger Scan -- StrengthsStrengths
•• Proven technology capable of high Proven technology capable of high accuracyaccuracy
•• Ability to enroll multiple fingers Ability to enroll multiple fingers •• Familiar as an identification methodFamiliar as an identification method•• Range of deployment environmentsRange of deployment environments•• Ergonomic, easyErgonomic, easy--toto--use devicesuse devices•• Potential alignment with background Potential alignment with background
checks, derogatory searcheschecks, derogatory searches
American Association of Port Authorities -Tacoma, WA April 19, 2006
Finger Scan Finger Scan -- WeaknessWeakness•• Performance can deteriorate over Performance can deteriorate over
timetime•• Association with forensic Association with forensic
applicationsapplications•• Users can intentionally damage Users can intentionally damage
fingerprintsfingerprints•• Need to deploy specialized Need to deploy specialized
acquisition devicesacquisition devices•• Vendor technologies not typically Vendor technologies not typically
interoperable (at the time)interoperable (at the time)
American Association of Port Authorities -Tacoma, WA April 19, 2006
Hand Scan Hand Scan -- StrengthsStrengths
•• Able to operate in challenging Able to operate in challenging environmentsenvironments
•• Established, reliable core technologyEstablished, reliable core technology•• Long deployment history in air travel Long deployment history in air travel
environmentsenvironments•• Perceived as nonPerceived as non--intrusiveintrusive•• Based on a relatively stable Based on a relatively stable
physiological characteristicphysiological characteristic
American Association of Port Authorities -Tacoma, WA April 19, 2006
Hand Scan Hand Scan -- WeaknessWeakness
•• Not highly resistant to false Not highly resistant to false matchesmatches
•• Design complicates usage by Design complicates usage by certain populations certain populations
•• Large size may limit deployment Large size may limit deployment to access control and kioskto access control and kiosk--type type applicationsapplications
American Association of Port Authorities -Tacoma, WA April 19, 2006
Iris Scan Iris Scan -- StrengthsStrengths
•• Potential for exceptionally high Potential for exceptionally high levels of accuracylevels of accuracy
•• Capable of reliable identification Capable of reliable identification as well as verificationas well as verification
•• High stability of characteristic High stability of characteristic over lifetimeover lifetime
•• HandsHands--free operationfree operation
American Association of Port Authorities -Tacoma, WA April 19, 2006
Iris Scan Iris Scan -- WeaknessWeakness
•• Acquisition of iris image requires Acquisition of iris image requires more training and attentiveness than more training and attentiveness than most biometricsmost biometrics
•• User discomfort with eyeUser discomfort with eye--based based technologytechnology
•• Glasses can impact performanceGlasses can impact performance•• Propensity for false nonPropensity for false non--matching matching
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric ComparisonBiometric Comparison
Finger Hand IrisEase HighHigh HighHigh MediumMediumAccuracy HighHigh HighHigh HighHigh
User Accept
MediumMedium MediumMedium HighHigh
Long Term
HighHigh MediumMedium HighHigh
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric ComparisonBiometric Comparison
Finger Hand IrisDecision Time
5 sec5 sec 33--5 sec5 sec 1 sec1 sec
Security Level
HighHigh MediumMedium Very Very HighHigh
Fraud MediumMedium MediumMedium LowLow
Data Size 90 90 bytesbytes
9 bytes9 bytes 512 512 bytesbytes
American Association of Port Authorities -Tacoma, WA April 19, 2006
Reasons for Our Reasons for Our Biometric SuccessBiometric Success
•• Stakeholder involvementStakeholder involvement•• Scheduled/Managed ReScheduled/Managed Re--issuanceissuance•• FAQ’s provided to cardholdersFAQ’s provided to cardholders•• Running in parallel with old ACSRunning in parallel with old ACS•• Cardholder used test reader firstCardholder used test reader first•• Skilled and dedicated teamSkilled and dedicated team
American Association of Port Authorities -Tacoma, WA April 19, 2006
Seattle’s Card Reader:Seattle’s Card Reader:BIO, PIN, LCD, MIFAREBIO, PIN, LCD, MIFARE
American Association of Port Authorities -Tacoma, WA April 19, 2006
NonNon--Bio Card Reader:Bio Card Reader:Card Only, or Card + PIN Card Only, or Card + PIN
Less ExpensiveLess ExpensiveCompatible withCompatible with
same ID cardsame ID cardNonNon--critical usescritical usesBe sure to planBe sure to plan
for both bio and nofor both bio and no--bio readerbio reader
American Association of Port Authorities -Tacoma, WA April 19, 2006
The Airport TSA The Airport TSA Biometric GuidelinesBiometric Guidelines
In my opinion, these airport TSA In my opinion, these airport TSA guidelines seem to lean towards guidelines seem to lean towards a networked centralized a networked centralized authentication without using authentication without using smartcards; and adding a smartcards; and adding a separate biometric subsystem.separate biometric subsystem.
American Association of Port Authorities -Tacoma, WA April 19, 2006
The Seaport TWIC The Seaport TWIC Guidelines, Plans, Etc.Guidelines, Plans, Etc.
Due to the increased focus on Due to the increased focus on seaport security after 9/11, seaport security after 9/11, these environments (unlike these environments (unlike airports) may be installing their airports) may be installing their very very first first access control access control systems in a post TWIC world.systems in a post TWIC world.
American Association of Port Authorities -Tacoma, WA April 19, 2006
One TSA TWIC DesignOne TSA TWIC Design
American Association of Port Authorities -Tacoma, WA April 19, 2006
““Why TWIC”, says TSAWhy TWIC”, says TSAImproves SecurityImproves Security•• Reduces risk of fraudulent or altered Reduces risk of fraudulent or altered
credentials;credentials;•• Employs biometrics for secure, positive Employs biometrics for secure, positive
match of individual to authorized facility match of individual to authorized facility access points;access points;
•• Supports ability to interface and Supports ability to interface and communicate with other agencies; andcommunicate with other agencies; and
•• Provides timely systemProvides timely system--wide revocation.wide revocation.
Source: www.tsa.gov/interweb/assetlibrary/TWIC_Brief.pdf
American Association of Port Authorities -Tacoma, WA April 19, 2006
““Why TWIC”, says TSAWhy TWIC”, says TSAEnhances CommerceEnhances Commerce•• Eliminates need for multiple Eliminates need for multiple
credentials and background checks;credentials and background checks;•• Leverages current security Leverages current security
investment and existing systems;investment and existing systems;•• Maintains process speed and Maintains process speed and
efficiency;efficiency;•• Expands eExpands e--government potential; andgovernment potential; and•• Enables publicEnables public--private partnership.private partnership.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Two Views of TWICTwo Views of TWIC
•• TWIC is:TWIC is:–– Applicant authentication, vetting.Applicant authentication, vetting.–– Visual Display ID CardVisual Display ID Card–– Access Control DeviceAccess Control Device
•• TWIC is:TWIC is:–– Applicant authentication, vetting.Applicant authentication, vetting.
•• #1 assumes national standards.#1 assumes national standards.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Your existing Access Your existing Access Control SystemControl System
•• Can it be upgraded to utilize Can it be upgraded to utilize biometric technologies?biometric technologies?
•• Is this this the mandate you Is this this the mandate you always wanted to replace a always wanted to replace a legacy system?legacy system?
•• Can the ID badge enrollment Can the ID badge enrollment system be biometrically system be biometrically empowered?empowered?
American Association of Port Authorities -Tacoma, WA April 19, 2006
Interoperability and Interoperability and TransitionTransition
•• Can your legacy access control Can your legacy access control system be run in parallel with a system be run in parallel with a new system during installation?new system during installation?
•• Would a multi technology card Would a multi technology card assist in this process?assist in this process?
•• Can your ID badge production Can your ID badge production software system produce a multi software system produce a multi technology card?technology card?
American Association of Port Authorities -Tacoma, WA April 19, 2006
Keep Legacy Access Keep Legacy Access Control System or Not?Control System or Not?
•• Wiring and PowerWiring and Power•• Administration of Smart ReadersAdministration of Smart Readers•• Proprietary or Open SystemProprietary or Open System•• Enables Information SharingEnables Information Sharing•• ID Badge SystemID Badge System
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric Readers: Biometric Readers: Wiring and Power IssuesWiring and Power Issues
•• Smart Card readers are like Smart Card readers are like small computerssmall computers
•• Higher power requirementsHigher power requirements•• Infrastructure must support Infrastructure must support
required UPS/Battery backuprequired UPS/Battery backup•• New readers New readers maymay require more require more
wire strands than you have now wire strands than you have now or maybe wire is OK as isor maybe wire is OK as is
American Association of Port Authorities -Tacoma, WA April 19, 2006
Administration of Smart Administration of Smart Card ReadersCard Readers
•• Central admin may require data Central admin may require data network cable installed to doornetwork cable installed to door
•• Local admin with a configuration Local admin with a configuration card more labor intensivecard more labor intensive
•• Network monitoring tools can Network monitoring tools can impact networked readersimpact networked readers
•• Networking of readers builds for Networking of readers builds for the future but at a price the future but at a price
American Association of Port Authorities -Tacoma, WA April 19, 2006
ID Badge SystemID Badge System
•• Can your existing ID badge Can your existing ID badge system enroll biometrics?system enroll biometrics?
•• Does the existing system meet Does the existing system meet current computing standards?current computing standards?
•• Are your able to quickly adapt Are your able to quickly adapt the system to a changing world?the system to a changing world?
•• Does it capture required data?Does it capture required data?
American Association of Port Authorities -Tacoma, WA April 19, 2006
Another decision is how to do Another decision is how to do biometric validation…biometric validation…
American Association of Port Authorities -Tacoma, WA April 19, 2006
Local or Central Local or Central Biometric Validation?Biometric Validation?
•• Local compares biometric on Local compares biometric on card to body part at readercard to body part at reader
•• Centralized authentication Centralized authentication compares body part at reader to compares body part at reader to stored biometric info; may be stored biometric info; may be dependant upon networkdependant upon network
•• Differing costs, security, and Differing costs, security, and legacy conversion tradeoffslegacy conversion tradeoffs
American Association of Port Authorities -Tacoma, WA April 19, 2006
Why Consider Local Why Consider Local Validation at Reader?Validation at Reader?
•• Cost Cost –– no data network requiredno data network required•• Does not require access control Does not require access control
system to be “biometrically system to be “biometrically enabled” (but the ID enrollment enabled” (but the ID enrollment and production system does)and production system does)
•• Granting biometric door access Granting biometric door access is not network dependantis not network dependant
American Association of Port Authorities -Tacoma, WA April 19, 2006
The smart card options The smart card options Seattle examinedSeattle examined
•• Contact Cards (ISO 7816)Contact Cards (ISO 7816)•• ContactlessContactless Cards (ISO 14443A)Cards (ISO 14443A)
Seattle uses MIFARE 4K Seattle uses MIFARE 4K ContactlessContactless Cards (ISO 14443A)Cards (ISO 14443A)
American Association of Port Authorities -Tacoma, WA April 19, 2006
Contact Smart Card Contact Smart Card ––Current US Current US Gov’tGov’t IssueIssue
American Association of Port Authorities -Tacoma, WA April 19, 2006
Contact Smart CardContact Smart Card
•• Chip takes up real estate where Chip takes up real estate where information could be printed.information could be printed.
•• Card requires contact to reader.Card requires contact to reader.
•• Possible limitations on card Possible limitations on card display: armbands, pouches, etc.display: armbands, pouches, etc.
American Association of Port Authorities -Tacoma, WA April 19, 2006
With either ¢With either ¢ardard type type your ¢your ¢o$to$t$ will $ will ri$eri$e !!!!
•• ¢¢ardard $tock i$ more $tock i$ more expen$iveexpen$ive•• Slightly longer time to enrollSlightly longer time to enroll•• Print time Print time in¢rea$ein¢rea$e$$•• More ¢More ¢han¢ehan¢e of of me¢hani¢alme¢hani¢al / /
produ¢tionprodu¢tion failurefailure•• In¢rea$edIn¢rea$ed operator error rate$operator error rate$•• More way$ to break a ¢More way$ to break a ¢ardard
American Association of Port Authorities -Tacoma, WA April 19, 2006
A new realm of card A new realm of card damagedamage
•• ID office induced problemsID office induced problems
•• Cardholder actionsCardholder actions
•• Biometric deteriorationBiometric deterioration
American Association of Port Authorities -Tacoma, WA April 19, 2006
Badge Failure pointsBadge Failure points
American Association of Port Authorities -Tacoma, WA April 19, 2006
ID Office InducedID Office Induced
•• Be sure card design allows for a Be sure card design allows for a hole punch that misses antennahole punch that misses antenna
•• Don’t use manual hole punch Don’t use manual hole punch ––too inconsistenttoo inconsistent
•• Do use electronic hole punchDo use electronic hole punch•• Choose card friendly lanyards, Choose card friendly lanyards,
pouches, etc.pouches, etc.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Cardholder ActionsCardholder Actions
•• Inform cardholder that punching Inform cardholder that punching holes in a card will damage itholes in a card will damage it
•• Educate cardholder that certain Educate cardholder that certain lanyards with metal clasps lanyards with metal clasps could damage card.could damage card.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric DeteriorationBiometric Deterioration
•• Deteriorating finger quality due Deteriorating finger quality due to abrasion, injury, hobbies, etc.to abrasion, injury, hobbies, etc.
•• If the finger (and the spare) no If the finger (and the spare) no longer match, the cardholder longer match, the cardholder will be denied accesswill be denied access
•• May require reproducing cardMay require reproducing card
American Association of Port Authorities -Tacoma, WA April 19, 2006
Ways to reduce smart Ways to reduce smart card costscard costs
•• No smart cards for public area No smart cards for public area badgesbadges
•• Solid ID office operator Solid ID office operator proceduresprocedures
American Association of Port Authorities -Tacoma, WA April 19, 2006
Option for photoOption for photo--only only cards for public accesscards for public access
•• ID Badge software discerns ID Badge software discerns whether the badge type requires whether the badge type requires smart card featuressmart card features
•• Public area badges print on Public area badges print on common inexpensive card stockcommon inexpensive card stock
American Association of Port Authorities -Tacoma, WA April 19, 2006
Operator and Office Operator and Office ProceduresProcedures
•• Operators thoroughly educate Operators thoroughly educate cardholder on proper usagecardholder on proper usage
•• Foster awareness on the expense of Foster awareness on the expense of unnecessary reprintsunnecessary reprints
•• Require proper card handling and Require proper card handling and printer maintenance proceduresprinter maintenance procedures
•• Cardholder validates card on test Cardholder validates card on test reader prior to leaving officereader prior to leaving office
American Association of Port Authorities -Tacoma, WA April 19, 2006
Approximate Airport Approximate Airport Stats; Excluding SeaportStats; Excluding Seaport•• Badges per month: 900Badges per month: 900•• Total time to enroll: 35 minutesTotal time to enroll: 35 minutes•• Biometric enrollment: 30 Biometric enrollment: 30 secssecs•• Deteriorated biometrics: 2 / mo*Deteriorated biometrics: 2 / mo*•• Approximately 500+ readersApproximately 500+ readers
* * Smart card program < 3 years oldSmart card program < 3 years old
American Association of Port Authorities -Tacoma, WA April 19, 2006
The enrollment processThe enrollment process
American Association of Port Authorities -Tacoma, WA April 19, 2006
The enrollment processThe enrollment process
American Association of Port Authorities -Tacoma, WA April 19, 2006
The enrollment processThe enrollment process
American Association of Port Authorities -Tacoma, WA April 19, 2006
Failure to EnrollFailure to Enroll
•• Certain cardholders will be Certain cardholders will be physically unable to render a physically unable to render a biometricbiometric
•• Our failure rate is 0.42%Our failure rate is 0.42%•• Not tied to any demographic Not tied to any demographic •• An alternative to biometrics An alternative to biometrics
must be providedmust be provided
American Association of Port Authorities -Tacoma, WA April 19, 2006
Require biometrics and Require biometrics and PIN code for access?PIN code for access?
•• Airport also uses PIN w/ Airport also uses PIN w/ biometric; Seaport does notbiometric; Seaport does not
•• All three levels of securityAll three levels of security•• Counteracts “fake finger”Counteracts “fake finger”•• Keeps PIN in person’s mind Keeps PIN in person’s mind ––
“use it or lose it”“use it or lose it”•• Provides future proofing for PIN Provides future proofing for PIN
enabled devices and functions enabled devices and functions
American Association of Port Authorities -Tacoma, WA April 19, 2006
Perceived cardholder Perceived cardholder comfort level w/ readerscomfort level w/ readers
(Per ID Office Mgr)
American Association of Port Authorities -Tacoma, WA April 19, 2006
Typical Reader Typical Reader Problems We’ve SeenProblems We’ve Seen
•• Ambient light on outdoor readerAmbient light on outdoor reader•• Dirty fingers or dirty read Dirty fingers or dirty read
surface surface •• Rain in Seattle !!Rain in Seattle !!•• Occasional failure of MIFARE Occasional failure of MIFARE
read unitread unit•• User error and impatienceUser error and impatience•• Broken card antennaBroken card antenna
American Association of Port Authorities -Tacoma, WA April 19, 2006
Other biometric reader Other biometric reader ““gotchasgotchas””
•• Be sure to examine reader Be sure to examine reader programming tools providedprogramming tools provided
•• Be sure to specify how to handle Be sure to specify how to handle “collisions” with other smart “collisions” with other smart cards presented simultaneouslycards presented simultaneously
•• Anticipate biometric gate Anticipate biometric gate access on varying vehicle access on varying vehicle heights heights –– biometric adds a twistbiometric adds a twist
American Association of Port Authorities -Tacoma, WA April 19, 2006
The Supermarket LineThe Supermarket Line
•• What will you will do to avoid What will you will do to avoid the “the “being in the wrong linebeing in the wrong line” at ” at the supermarket scenario?the supermarket scenario?
•• How will you handle problems, How will you handle problems, exceptions at the reader?exceptions at the reader?
•• Biometric smart cards are NOT Biometric smart cards are NOT the old “swipe and go” worldthe old “swipe and go” world
American Association of Port Authorities -Tacoma, WA April 19, 2006
Possible Exception Possible Exception Handling TechniquesHandling Techniques
•• Very short time out periodsVery short time out periods•• A “cancel” button on readerA “cancel” button on reader•• Corrective prompts on LCDCorrective prompts on LCD•• Design authentication process Design authentication process
to allow alternate entry to allow alternate entry sequences (i.e., PIN then sequences (i.e., PIN then biometric, or biometric then PIN)biometric, or biometric then PIN)
American Association of Port Authorities -Tacoma, WA April 19, 2006
Other IT IssuesOther IT Issues
•• Design and install a fully operational Design and install a fully operational test environment; stockpile spares.test environment; stockpile spares.
•• Consider portConsider port--wide ID compatibility.wide ID compatibility.•• Include cost recovery, point of sale Include cost recovery, point of sale
solutions if needed.solutions if needed.•• Do a thorough review of change Do a thorough review of change
management and planned management and planned maintenance; Impact on Security.maintenance; Impact on Security.
American Association of Port Authorities -Tacoma, WA April 19, 2006
Our Primary ID/Access Our Primary ID/Access Technology vendorsTechnology vendors
American Association of Port Authorities -Tacoma, WA April 19, 2006
Prime was responsible Prime was responsible for entire installationfor entire installation
•• Access Control SystemAccess Control System•• Smart Card ReadersSmart Card Readers•• Smart Card PrintersSmart Card Printers•• ID Badge software changesID Badge software changes•• Card StockCard Stock•• Lamination, FilmLamination, Film
American Association of Port Authorities -Tacoma, WA April 19, 2006
Access Control SystemAccess Control System
Johnson Controls1757 Tapo Canyon RoadSimi Valley, CA 93063Tel: (805) 522-5555Fax: (805) 582-7888
American Association of Port Authorities -Tacoma, WA April 19, 2006
ID Badge SystemID Badge System
WinBadge® AviationGoddard Technology Corporation7001-A Pelham RoadGreenville, SC 29615Phone: (864) 272-0065Fax: (864) 272-0066
American Association of Port Authorities -Tacoma, WA April 19, 2006
Biometric ReadersBiometric Readers
1145 Broadway PlazaSuite 200
Tacoma, WashingtonU.S.A. 98402
Toll-Free:(800) 346-2674Phone: (253) 383-3617
Fax: (253) 591-8856
American Association of Port Authorities -Tacoma, WA April 19, 2006
NonNon--Biometric ReadersBiometric Readers
Integrated Engineering – USAPO Box 32 Carmel Valley, CA 93924 Phone: 831 659 3218 Fax: 831 659 1009
American Association of Port Authorities -Tacoma, WA April 19, 2006
Smart Card PrintersSmart Card Printers
FARGO Electronics, Inc.6533 Flying Cloud DriveEden Prairie, MN 55344USA
American Association of Port Authorities -Tacoma, WA April 19, 2006
Q&A Q&A ––