Biometric Airport Security Interoperability Consortium (BASIC) Early Adopter Program

highpitchedteamΑσφάλεια

30 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

67 εμφανίσεις

5/6/09


1

Biometric Airport Security Interoperability Consortium (
BASIC
)


Early Adopter

Program


INTRODUCTION


The TSA wants to strengthen security at the nation’s airports through the strategic application of
proven secure identity authentication (biometrics) and
related access management concepts and
technologies (interoperability). The BASIC group has been working together to strategically
develop biometrically enabled airport badges with interoperability capability, for the aviation
industry. The BASIC program w
as established to show that an interoperable biometric can be
produced by a central source(s) while allowing the airport to use any method of physical access
control, biometric or otherwise. The biometric interoperability is for identity verification and
does not necessarily have to include Physical Access Control Systems (PACS) interoperability.
Airports, along with AAAE have put together a early adopter program that allows individual
airports to model different approaches to achieving interoperable, biom
etrically enabled badges.


Airports currently submit two messages to the Transportation Security Clearinghouse (TSC) in
order to issue a badge for an individual. These are the fingerprint based CHRC and biographic
-
based Security Threat Assessment (STA) inf
ormation. The results from these two different
messages are posted at different locations and require airport operators to manually gather results
and update their internal systems with those results. The BASIC program will use the concept of
“one submissi
on, one result.” The number of messages overall will increase, however the
number of vetting submissions is decreasing.


The main benefits for an airport to become an Early Adopter now is the automation of certain
STA requirements, ability to build on exis
ting airport infrastructure (particularly for those
airports that already are using biometrics) and credit with the TSA for moving down the
biometric path and helping the TSA achieve the biometric goal at many airports and as quickly
as possible.


EARLY AD
OPTER

OVERVIEW


There are four primary elements to interoperable biometric airport badges. There are two levels
of Messaging; Biographic Information and a Reference Biometric, Badge/Card structure and
finally, integration with PACS. These four elements are

the initial phases of the early adopter
program.


The BASIC project will streamline the process for the airport and provide a biometric payload,
based on the information submitted for vetting, back to the airport to be used as a reference
biometric and if

applicable, as a biometric method for access control. The reference biometric
will be used in identity verification interoperability. Identity verification interoperability gives
airports the ability to know that the person who presents a valid airport is
sued credential has
successfully cleared a CHRC and STA, and is biometrically matched to the active badge/card.




5
-
11
-
09


2



Phase 1


Biographic Messaging



BASIC recommends a web service message structure to submit data into and receive data from a
Central Stat
us Service Provider (CSSP). BASIC early adopter airports will use AAAE’s TSC for
the CSSP. After a BASIC early adopter airport signs a Non
-
Disclosure Agreement (NDA) with
the TSC, the airport is provided the interface documentation for the web service mes
sages.


Messaging has multiple subcomponents; biographic messaging into CSSP, biographic messaging
from CSSP. Airports have three options for developing and sending the BASIC messages to
CSSP. The airport can use the specifications published by the TSC to

have their vendors update
to the interface, airports can use airport resources to write the code or they can use a new early
adopter application called Airport Credential Management System (ACMS).


The Airport Credential Management System (ACMS) is avai
lable to the airport after the NDA is
signed. The application allows STA information to be submitted to CSSP using the BASIC web
services.



Phase 1 BASIC early adopter airports will send STA data to XML web services hosted at the
TSC. When an STA is com
pleted, the TSC in turns sends STA results to XML web services
hosted at the airport. All communications continue to leverage existing secure communications.
A return message will be sent back to the airport over the same transport as the submission
messa
ge. This return message will provide the result of the STA to the airport. Multiple
messages will be created, one for each STA result.


Once the biographic messaging and conformance testing is completed the airport will move to
live production and remain
in a live production test mode for 30 days. At the end of the 30
-
day
period the airport will be ready to move into Phase 2. Live production means sending real
-
time
data into the system.



Phase 2


Biometric Messaging


The next phase will consist of biogra
phic messaging from Phase 1 and

the addition of payload
request messaging to the CSSP and reference biometric messaging from the CSSP. The BASIC
message supports the information for the STA as well as incorporating the EFT file used for the
CHRC.


The BAS
IC message will also be used to obtain the reference biometric. The message will only
return a reference biometric if the candidate has been approved for a badge. The approval
process is determined locally based on the STA and CHRC results as well as any
other checks
individual airports want to perform.


The BASIC message already supports the upload of CHRC information and return of the CHRC
results so that airports can have all data necessary for adjudication in a single message format.
5
-
11
-
09


3


For the purpose o
f the program the early adopter airports will still send CHRC requests as
normal and process CHRC results via the TSA website. At the point that the TSA can provide
the CHRC back to the TSC, airports would be able to move this portion of the process over
to
BASIC messaging. In the interim, the TSC will use the fingerprints within the CHRC to create
the biometrics used in this phase.


Reference Biometric and Payload Data Construct


A reference biometric is created at the CSSP from information vetted throug
h the CSSP from the
airport. This method guarantees chain of trust and enables interoperability. The data construct
will deliver a biometric payload which will be used for identity verification interoperability. The
reference biometric template will be ret
urned to the airport within the BASIC message. The
reference biometric will be digitally signed for security custody purposes. In this phase, the
BASIC airport can place the reference biometric in any form of card/badge. This will result in
some airports

not having the appropriate readers and encryption keys such that they could read a
badge from a different airport. Phase 3 will address this limitation.


In this phase additional components will need to be added to the CSSP and the early adopter
airports

will be a part of the process to determine associated fee structures. This includes items
such as the template generation for reference biometrics and certificates for digital signatures.
For this purpose as well as others, BASIC early adopter airports
will sign a commercial services
agreement with the TSC.



Phase 3
-

Smartcard Configuration and Technical (Identification Verification)
Interoperability


A standard data configuration for all BASIC cards/badges will be established, based on the
current PIV

model, to allow for technical interoperability and maintain local control for visual
identification and for use with the airport’s individual PACS. BASIC
evaluated other smartcard
options
and has selected the PIV model for several reasons. A PIV
-
based car
d
is well understood
in the U.S. government and vendor community.

The hardware, cards and readers are currently
available off
-
the
-
shelf; using other standards may lead the industry into costly proprietary
systems. A PIV
-
based card
allows contactless physic
al access control based on the
Federal
Agency Smartcard Credential Number (
FASCN
)
.

The PIV model also addresses all current
privacy issues surrounding the reading of biometrics from a smartcard. PIV standards are still
advancing and will allow airports mor
e flexibility in the future. The PIV standard will allow
each airport to have a range of vendor choices for verifying the identity of a BASIC card,
regardless of the issuing airport. Without this standard, each airport would require various card
reader o
ptions in order to identify individuals from any other airport.


In order to support the existing access control points at the airport, the PIV card would include
other PACS related technologies. This could include a magstripe or a contactless inlay such
as a
125 KHz proximity.


5
-
11
-
09


4


This phase will provide another layer of security as the PIV smartcard contains the means for
supporting a PKI across the airport community; this would include the use of a CRL for revoking
a credential. Phase 3 messaging leverage
s the messages from the previous phases; for the PIV
cards, the airport will simply request a PIV payload in the web service message instead of the
reference biometric that was used in Phase 2. This phase ensures identification verification
interoperabili
ty in that each early adopter airport will have PIV readers such that they can read a
card created at any other Phase 3 or greater early adopter airport.


Phase 4
-

PACS Integration


The use of information within the CSSP messages, possibly including the r
eference biometric
and other biometric or biographical information gathered at the airport, will be processed within
the PACS system. The PACS system will be configured to use biometrics to allow entry into
specific areas of the airport, or verification th
rough the use of hand
-
held mobile readers.
Individual airports will determine the percentage and location of biometrically
-
enabled access
points
.


In order to support the existing access control points at the airport, the PIV card would include
other PACS
related technologies. This could include a magstripe or a contactless inlay such as a
125 KHz proximity.


A vendor community supported method for PIV contactless access control is to have the
biometric “enrolled” into the PACS system along with the FASCN.

Airports would use the
contact PIV interface in the badging office to verify identity. For the privilege of contactless
access control (passing through a door), airports would use the FASCN and the key into the
reference biometric that is stored either
in the door reader or in a repository connected to the
door reader. The individual would then pass the contactless PIV card over the reader and it
would read the FASCN and key. The individual would put their finger on the reader and it would
be compared t
o the “enrolled” biometric and access would be granted/denied.


EARLY ADOPTER

OPTIONS


Airports have the ability to choose what phases the airport will test. Each phase of the BASIC
program provides an opportunity for the airport to explore the impact of t
he phases on their
specific environment.


For example several airports are using the BASIC message to submit STA data to the TSC. This
will replace their initial submissions and daily updates while giving them the ability to
participate as a BASIC Early Ad
opter. A benefit of the return messages will include
automatically updating the airport’s internal systems.


Other airports have gone further and have requested that TSC return a specific set of reference
biometric templates so they can test internal inte
roperability and integration of the biometric on a
smartcard.



5
-
11
-
09


5


How Does an Airport Participate in the BASIC Program?


An airport that is interested in participating in the BASIC program development should express
that interest to AAAE. The airport will th
en be included on the distribution for telecons and other
information. There are several levels
on which

an airport may participate. The more general level
is mostly airport security staff and the focus is on the BASIC concept in general and the
formation
of policy. The second level is technical and mostly involves the technical staff from
airports who are crafting the technical specifications that are used in the BASIC program.

Participation events include:



Review and comment on the BASIC Concept of Operat
ions



Participate on the bi
-
weekly BASIC group telecons



Participate on the Technical Advisory Committee bi
-
weekly telecons


How Does an Airport Participate in the BASIC
Early Adopter

Program?


Airports that are interested in participating on a
testing

leve
l start at the BASIC participation
level listed above as well as develop a
project management

plan with AAAE staff and other
early
adopter

airports. Each
program
is tailored to the existing and anticipated resources of the airport.
The following are specif
ic steps for participation:




Telecon with AAAE staff to determine existing airport resources and path forward for
each individual airport



Frequent communication with the working group assigned to the individual airport to
coordinate and exchange data as we
ll as to provide feedback



Technical coordination as necessary



Documentation by the Early Adopter Coordinator as to status and lessons learned



Regular reporting and communication among the entire early adopter group and the
BASIC group


Recordkeeping and

Reporting


The early adopter airports are testing under a common framework and data will be collected on
operational and other issues to develop a lessons learned document and foster implementation of
biometric credentials and biometric access controls fo
r airports of all size.



Final Program Expectations


The intent of the program is to develop and test policy that will allow airports to enter into a
biometric program building on existing resources and following a path to achieve biometric
program succes
s. Policy will be developed and tested to address airports of all sizes and to
continually be looking forward to new advances in technology and how it may be continuously
applied to the program.