UNCLASSIFIED – FOR OFFICIAL USE ONLY (FOUO)

UNCLASSIFIED – FOR OFFICIAL USE ONLY (FOUO)

Defense Biometric

Identification System

(DBIDS)

Overview

September 2018

Scott UlrichDefense Manpower Data Center (DMDC)

What is DBIDS?

UNCLASSIFIED

UNCLASSIFIED

• Physical Access Control System developed by the Department of Defense’s

DMDC agency in the late 1990’s

• Fully integrated Identity Management and Force Protection capability

• Electronic verification of personnel via interoperable operations

• Largest physical access system in DoD; installed at over 350 sites worldwide

with 6 million registered personnel.

DBIDS Benefits

UNCLASSIFIED

UNCLASSIFIED

• Real-time authentication against verified databases via IMESA that

increases available data used for intelligent access decisions

• Real-time recording of 800K+ daily base accesses (CONUS)

• Electronically flags and tracks personnel with adverse status across

system—already 55,000+ people with adverse status known in system

• Uses all existing DoD-issued credentials, digital photos, and digital

fingerprints and issues badges for individuals not authorized DoD

credentials

• Rules-driven—configurable by local authorities

• Supports individual or joint base constructs

DBIDS Interactions With IMESA

UNCLASSIFIED

UNCLASSIFIED

• DBIDS is a Physical Access Control System (PACS)

o Sites directly interact with DBIDS by:

• Creating person records and issuing visitor passes and DBIDS cards

• Performing Access Transactions

• Inputting data into the DBIDS database by:

o Scanning a DoD-affiliated credential at an access control point

o Manually creating a record (that is stored in the Local Population)

o DBIDS broadcasts data from the database into IMESA

• Identity Matching Engine for Security and Analysis (IMESA) is an identity

matching system

o It is a service, consisting of servers and software

• It is intangible; there is no direct utilization by sites or personnel (you cannot “see”

IMESA)

o Takes data broadcasted from PACS for DoD-affiliated and Local Population persons,

matches it against derogatory information, and, if there is a match, sends back to PACS

o Permits information sharing between connected PACS

IMESA Process

UNCLASSIFIED

Coming Soon

Serving Those Who Serve Our Country

Serving Those Who Serve Our Country

NCIC: Total Number of Matches

This report shows total counts of persons with an NCIC sourced alert consumed by IoLS since August 2014. *Data as of 4 September 2018

Type of Offense Count

Obstruction of Justice 17,897

Assault 3,508

Larceny 3,082

Fraudulent Activity 2,650

Dangerous Drugs 2,647

Burglary 1,584

Military Desertion 1,282

Family Offenses 1,096

Sexual Assault 1,105

Traffic Offenses 971

Sex Offenses 870

Forgery-Counterfeiting 750

Weapon Offense 676

Stolen Vehicle 635

Robbery 583

Stolen Property 445

Flight-Escape 473

Damage Property 414

Kidnapping 330

Homicide 343

Other 1,173

Total 42,514

Obstruction of Justice

AssaultLarceny

Faudulent Activity

Dangerous Drugs

Burglary

Military Desertion

Family Offenses

Sexual Assault

Traffic Offenses

Sex Offenses

Forgery-Counterfeiting

Weapon Offense

Stolen Vehicle Robbery

Stolen PropertyFlight-Escape

Damage Property

Kidnapping

Homicide

Other

Serving Those Who Serve Our Country

All Time DBIDS Alerts - Credential

Categories

*Data as of 1 March 2018

This report shows counts of persons with a DBIDS sourced alert consumed by IoLS. If the person has multiple credentials, they are grouped under the 'Multiple Credential' category. If the person does not have ANY credential defined in DBIDS, they are grouped into the 'NO CREDENTIAL' category.

Persons with a DBIDS sourced alert and no credential can occur when Base Security Officers or Law Enforcement Operators pre-emptively create a profile with a local base status.

Category Count

MULTIPLE CREDENTIALS 19,613

NO CREDENTIAL 16,565

Other DoD Category 11,211

Active Duty 10,755

Visitor Pass 10,529

DBIDS Card 7,805

Retiree 2,452

CIV CAC 1,376

DoD Contractor CAC 474

PIV Credential 15

Grand Total 80,795

Active Duty, 10755CIV CAC, 1376

DBIDS Card, 7805

DoD Contractor CAC,

474

MULTIPLE

CREDENTIALS, 19613

NO CREDENTIAL,

16565

Other DoD Category,

11211

PIV Credential, 15

Retiree, 2452Visitor Pass, 10529

• The DBIDS Configuration consists of:

• Enrollment Workstations

• Access Control Workstations

• Handheld devices

• Wireless Access Points (if necessary)

DBIDS Footprint

UNCLASSIFIED

UNCLASSIFIED

Enrollment WKS (ENR)

Located at Visitor Centers

Access Control WKS

(ACW)

Located at 24-7 Gate

Handheld

DBIDS Capabilities

UNCLASSIFIED

UNCLASSIFIED

Persons:• Register person information:

o Biographic

o Biometric: Fingerprint, Face, Iris

o Contact information

o Designation of emergency essential personnel (if applicable)

• Immediate vetting against IMESA/IolS during initial registration

• Continuous vetting against IMESA while of interest

• Interaction with other participating installations using DBIDS or IMESA to assist in

determining suitability (fitness) for access

• Sharing of all adverse statuses from other PACS, military branches, FBI, and

other LE databases

• Pre-enrollment: Web application to allow an applicant to pre-enroll their

biographic data into the system before going to the installation in order to speed

up the enrollment process (new feature)

DBIDS Capabilities

UNCLASSIFIED

UNCLASSIFIED

Organizations*: Register Organizations who can sponsor individuals or own

assets on your base

Assets*: Register a Vehicle, Bicycle, Weapon, or Pet to a person or organization.

Can search for Asset by Asset Identification or Owner

Permissions*: Ability to assign individuals, categories, and organizations explicit

or affiliation-based implicit permissions to an installation by day or time of day. Can also

assign permissions based on FPCON level, Emergency Essential, and POTUS

situations.

Base Pass: Create temporary paper visitor pass or long-term local base pass on

card stock.

* BSO enabled (recommend tailored setup during initial installation)

DBIDS Capabilities Cont.

UNCLASSIFIED

UNCLASSIFIED

Access Control:• Use of a mobile device and/or stand-alone computer to scan any credential

known to DBIDS for access (manned ECP)

• Automatic reach-back to search for any DoD-affiliated scanned credential

unknown to DBIDS and register with DBIDS (infrastructure dependant)

• Use of a stand-alone computer to search for an individual who does not have a

credential to determine access suitability

• Ability to verify a person’s identity by biometric; automatically prompts for

biometric in situations of suspected identity fraud (rule based)

• Ability to use access control reliably during network outages and other

communication difficulties from the stand-alone computer and the mobile device (Note: The mobile device must have reliable connectivity to the stand-alone computer for

this feature to function. Reach back off-site is truncated)

Roles: Ability to refine operator functionality to the DBIDS application based on the

following operator roles—Base Security Officer, Law Enforcement Officer, Registrar,

and Access Control Operator

DBIDS Capabilities Cont.

UNCLASSIFIED

UNCLASSIFIED

Access Areas: Ability to define access areas as Installation/Joint Access, Perimeter,

and Access Control Points and set access permissions at any access area type.

Unmanned Gates: Ability to make separate access decisions based on unmanned

scenarios (i.e., pedestrian gates allow driving suspended people through and vehicle

gates deny access for driving suspended) (standardized interface)

Credential:• Automatic Enrollment of DoD credentials at the gate

• Enrollment of PIV credential into system

• Associate 3rd party credential token to a person:

oTransportation Worker Identification Card (TWIC)

oReal ID compliant driver’s license (as required)

oPassport (US or other compliant country passports)

Reports: Data available on a variety of activity within the installation including Access

Transactions, Adverse Statuses, Denies, and Operator Logons

Enrollment Workstation Interface

UNCLASSIFIED

UNCLASSIFIED

DBIDS Web Portal

UNCLASSIFIED

UNCLASSIFIED

Access Control Workstation Interface

UNCLASSIFIED

UNCLASSIFIED

Handhelds

UNCLASSIFIED

UNCLASSIFIED

DBIDS Card—Categories & Colors

UNCLASSIFIED

UNCLASSIFIED

Green

Conveyance

Facilities Service

Maintenance

U.S. Government Contractor (non-CAC)

U.S. Government Civilian (non-CAC)

Blue

Foreign Civilian Visitor

Facilities Service

Foreign Government Civilian

Foreign Government Contractor

Foreign Military Dependent

Foreign Military Retiree

Foreign Military

Yellow

Facility Use

Long Term Visitor

Other

Personal Delivery

Personal Services

Privatized Housing

Volunteer

Red

Emergency Essential Civilian (non-CAC)

Visitor Pass

UNCLASSIFIED

UNCLASSIFIED

DBIDS Operation(typical)

UNCLASSIFIED

UNCLASSIFIED

1

John Doe approaches gate and ID credential is scanned with handheld

device

2 3

4 5

If not registered on base,DoD Credential can be automatically

Registered(no trip to visitor center=manpower savings)

Identity sent to DMDC from handheldOver the network (450-500K/day)

DMDC:1. Validates credential2. Sends back picture/identity3. Checks IMESA (FBI files,

Revocation, others)4. Sends RED/GREEN status

(in less than 1 second)

1. GUARD sees person + credential + remote database validation2. DMDC FBI interface is transmitted to all connected locations3. All base alerts are transmitted in the region or across

enterprise4. Provides common interoperable status to all DoD installations

SAMPLE ACTIONS1. If credential lost/stolen/invalid= confiscated2. If FBI warrant=sent to secondary screening

and message sent to base law enforcement3. If US Military BOLO (Be on the Lookout) for

base traffic infraction or barred = local handling

Approved=Entry

Issues=Message

5. Proven security benefit to help gate personnel6. Proven that reduces required manpower at gates7. Maintains info/status on vehicles, visitors, local workers

DMDC DBIDS Contacts

UNCLASSIFIED

UNCLASSIFIED

Scott UlrichDBIDS Program Manager

scott.g.ulrich.civ@mail.mil

Visit the DBIDS Website:

https://dbids.dmdc.mil/(CAC ENABLED)

UNCLASSIFIED

UNCLASSIFIED

Questions?

DBIDS Complies With…

UNCLASSIFIED

UNCLASSIFIED

• DoD policies, including but not limited to:o DoD 5200.08-R, Physical Security Program

o DoD Instructive 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling

o DTM 09-012, Interim Policy Guidance for DoD Physical Access Control

o Directive-type Memorandum (DTM) 14-005, DoD Identity Management Capability

Enterprise Services Application (IMESA) Access to FBI National Crime Information Center

(NCIC) Files

• Federal policies, including but not limited to:o FIPS 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors

o Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common

Identification Standard for Federal Employees and Contractors

o M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD)

12 Policy for a Common Identification Standard for Federal Employees and Contractors

*Full list of standards for DBIDS compliance is available on DBIDS website*