Overview of BASIC Concept of Operations/Common Framework for Airport Biometric Credentialing
System Roles and Responsibilities:
Airport and Aircraft Operators:
Final Eligibility Determination (including CHRC Adjudication and any local vetting
Access Control Privileges
Central Status Service Provider(s)
Government vetting interface and results distribution
1:n biometric duplicate check
uthentication payload issuance
PKI Certificate management including root Certificate Authority
Credential Revocation List management and distribution
Federal Government/Transportation Security Administration
nt enrolls at airport badging office, providing biographic and biometric information
as required. The enrollment record containing the biometric and biographic information will
provide the standard data set necessary for vetting by various federal agencie
Use of a standard data set for vetting against multiple federal agencies (CBP, USPS,
Initial processes for applicant identity assurance and eligibility determination
Airport and aircraft operators securely transmit the enrollment record to the Cen
The Central Status Service Provider performs a biometric duplicate check to determine if the
applicant is already badged at another facility or is trying to apply under a false identity.
The Central Status Service Provider,
acting as a “one
shop,” forwards the enrollment
record to various federal government agencies as appropriate, including the FBI and TSA.
The Central Status Service Provider provides airport and aircraft operators with government
vetting results, as a
ppropriate, for local adjudication. Airport and aircraft operators provide
an automated message to the Central Status Service Provider indicating whether the airport
wishes to proceed with badge issuance based on federal and local eligibility standards.
Aircraft operators continue to certify to airport operators when CHRC vetting is
Once required government vetting and airport approval messages are received, the Central
Status Service Provider builds an authentication payload (including the bio
information to be used for verification), which is digitally signed and returned to the airport
operator. This is an important step that creates a chain of trust between the biometric
template on the card and the actual vetting of the individual.
he airport operator creates the airport credential containing the authentication payload
and any other airport specific information and issues the credential to the individual. Local
issuance ensures that airport operators control the physical appearance
of their credentials.
With the issuance of a credential with a biometric authentication payload, airport operators
can tie the identity of the individual to the credential through verification of the biometric
contained on the credential. This identity
verification can be done at issuance or at transfer
from another facility, as part of a challenge program and as part of random screening.
At an airport operator’s sole discretion, the credential can also be programmed for use in
the airport operator’s phy
sical access control system. However, the biometric identifier
used for identity verification does not need to be the same biometric identifier used for
Airport operators can accept a credential with a biometric authentication payload issu
another facility to verify identity and to verify eligibility based on federal standards and
requirements. This is the extent of interoperability
it is the technical ability to read and
authenticate credentials issued by other aviation entities.
he Central Status Service Provider(s) will distribute the Credential Revocation List (CRL) for
all credentials revoked locally by the credential issuers and globally by the TSA.
Services and Local
Identity Adjudication System
Credential Issuance System Elements
Credential Use and Access Control
Central Status Serv