Overview of BASIC Concept of Operations/Common Framework for Airport Biometric Credentialing

superfluitysmackoverSécurité

23 févr. 2014 (il y a 3 années et 3 mois)

62 vue(s)

Overview of BASIC Concept of Operations/Common Framework for Airport Biometric Credentialing

System Roles and Responsibilities:

Airport and Aircraft Operators:


Enrollment


Final Eligibility Determination (including CHRC Adjudication and any local vetting
requirements)


Credential Issuance


Credential Usage


Identity Verification


Credential Usage


Access Control Privileges

Central Status Service Provider(s)


Government vetting interface and results distribution


1:n biometric duplicate check


Biometric a
uthentication payload issuance


PKI Certificate management including root Certificate Authority


Credential Revocation List management and distribution

Federal Government/Transportation Security Administration


Vetting


Compliance


System Overview:

1.

Applica
nt enrolls at airport badging office, providing biographic and biometric information
as required. The enrollment record containing the biometric and biographic information will
provide the standard data set necessary for vetting by various federal agencie
s.

a.

Use of a standard data set for vetting against multiple federal agencies (CBP, USPS,
etc.)

b.

Initial processes for applicant identity assurance and eligibility determination

2.

Airport and aircraft operators securely transmit the enrollment record to the Cen
tral Status
Service Provider(s).

3.

The Central Status Service Provider performs a biometric duplicate check to determine if the
applicant is already badged at another facility or is trying to apply under a false identity.

4.

The Central Status Service Provider,

acting as a “one
-
stop
-
shop,” forwards the enrollment
record to various federal government agencies as appropriate, including the FBI and TSA.

5.

The Central Status Service Provider provides airport and aircraft operators with government
vetting results, as a
ppropriate, for local adjudication. Airport and aircraft operators provide
an automated message to the Central Status Service Provider indicating whether the airport
wishes to proceed with badge issuance based on federal and local eligibility standards.

a.

Aircraft operators continue to certify to airport operators when CHRC vetting is
complete.

6.

Once required government vetting and airport approval messages are received, the Central
Status Service Provider builds an authentication payload (including the bio
metric
information to be used for verification), which is digitally signed and returned to the airport
operator. This is an important step that creates a chain of trust between the biometric
template on the card and the actual vetting of the individual.

7.

T
he airport operator creates the airport credential containing the authentication payload
and any other airport specific information and issues the credential to the individual. Local
issuance ensures that airport operators control the physical appearance
of their credentials.

8.

With the issuance of a credential with a biometric authentication payload, airport operators
can tie the identity of the individual to the credential through verification of the biometric
contained on the credential. This identity
verification can be done at issuance or at transfer
from another facility, as part of a challenge program and as part of random screening.

9.

At an airport operator’s sole discretion, the credential can also be programmed for use in
the airport operator’s phy
sical access control system. However, the biometric identifier
used for identity verification does not need to be the same biometric identifier used for
access control.

10.

Airport operators can accept a credential with a biometric authentication payload issu
ed by
another facility to verify identity and to verify eligibility based on federal standards and
requirements. This is the extent of interoperability


it is the technical ability to read and
authenticate credentials issued by other aviation entities.

11.

T
he Central Status Service Provider(s) will distribute the Credential Revocation List (CRL) for
all credentials revoked locally by the credential issuers and globally by the TSA.



Extended Vetting
Services and Local
Vetting Requirements

Sponsor
/Direct
Employer

Applicant

Sponsor’s

Agent




Airport
Aut
horities


IDMS


Enrollment


Card

Management


Card

Production


Identity Adjudication System


Approval

Authority

Enrollment

Agent

Adjudication

Agent

Credential Issuance System Elements



Credential Use and Access Control

Identity

Verification


PACS

Registration


PACS Statu
s

Validation


Privilege

Verification


Airport

Security

Coordinator

PACS

Registration

Agent


Privilege

Revocation

Access
Granting

Privilege

Granting

Airport

Physical

Access

Control

System


Federal Government

Vetting Services

FBI

CHRC

TSA

STA

STA

Adjudicator

A

Credential

Aviation
Worker

(Cardholder)

Extended
Vetting Data

Employment
Status Change

Enrollment
Request

Applicant

Enrollment Data

Credential

Status

Validation



Credential

Issuance

Identity or

Privilege

Verifica
tion

PACS/Card

Mutual

Registration

Status

Notification

Vetting

and Certificate

Requests

Criminal History
and Threat
Assessment Status

ACIS

CSMS


ACIS

PKI


Shared

Services


Central Status Serv
ice
Provider(s)

Clearinghouse

Federal Entities

Non
-
Federal Entities

ACIS Components