transportation worker identification credential (twic)...twic = “secure and reliable form of...
TRANSCRIPT
Transportation Worker Identification Credential (TWIC)
Steve ParsonsDeputy Program Manager, TWIC
July 27, 2005
2Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Who Am I? How do you know?
3Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
TWIC Program
VisionA high-assurance identity credential that is trusted and used across all transportation modes for unescorted physical access to secure areas and logical (cyber) access to systems.
Goals
• Improve security
• Enhance commerce
• Protect personal privacy
4Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Strong focus on identity assertion• Establish and maintain the integrity of the chain of trust for identity
management• Bind: cardholder-credential-biometric-threat assessment-valid issuer• If it’s printed on the card, it’s on the chip(s)
Drive excellence in use of biometrics for physical access solutions• ICAO/ANSI/ISO standard photograph• ANSI standard fingerprint minutia• ANSI standard fingerprint pattern• ANSI standard IRIS
TWIC Priorities
5Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
• An original type, form, or instance serving as a basis or standard for later stages.
• An original, full-scale, and usually working model of a new product or new version of an existing product.
• An early, typical example.
Source: Dictionary.com (Copyright © 2005, Lexico Publishing Group, LLC. All rights reserved).
Prototype
6Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
TWIC Phase III: Issuance Locations
7Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Prototype Phase Workflow
8Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Lessons Learned
• Functional• Technical• Programmatic
9Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Functional
- Trusted Agents- Enhance identity vetting- Standard Operating Procedures essential- Adjudication requirements- Sponsorship- User Acceptance / Functional Qualification Testing
10Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Technical• Technical standards / specifications / guidelines• Maximize Commercial Off The Shelf (COTS) components • Biometrics
– Standards– Conforming products– Alternatives
• Common topology– Document Security Alliance
• Physical Access Control System (PACS)– Integration
• Readers• Infrastructure readiness• Legacy Cardholder Conversion
11Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Programmatic- Personnel transition/turnover- MOAs- GFE/P must be ready- Independent Verification / Validation (IV&V)- Privacy (independent assessment)- Volunteer participants- Physical presence / frequent communication- Plan for system demos and presentations- Conformance to HSPD-12—glad we did
12Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
TWIC Process
Employee1:n biometric search
Name-BasedTerrorist-Focused Risk Assessment
1:n biometric search
Name-BasedTerrorist-Focused Risk Assessment
Database QueriesDatabase Queries
EnrollmentCenters
Identity Management
System (IDMS)
Card Production Facility
Local Facilities
1
23
4
56
7
8
Numbers Indicate Workflow Order
Employee
Employers
* Future CHRC
13Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Summary• TWIC is a high-assurance identity credential (“above the
line”)• TWIC was used as reference model during development of
FIPS 201 (implements HSPD-12)• Scalable - able to serve multiple communities of interest• Local facilities grant/deny access (i.e., “below the line”)• Biometrics can help protect personal privacy / improve
security• Reliance on open, standards-based technologies improve
opportunities for interoperability
14Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
For additional information…
Look at the TWIC Website at:
http://www.tsa.gov/public(click on “Industry Partners”)
AND
E-mail the TWIC Program at
16Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Magnetic stripe with FASC-N**Federal Agency Smart Credential Number
PDF-417 with Name, GUID**Global Unique IDIntegrated Circuit Chip (ICC)
Prototype CredentialTWIC = “secure and reliable form of identification”
Linear 1D Barcode
Contactless Chip
17Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Overt Security Features
18Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
Covert Security Feature
UltravioletImage
19Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
GUID
FASC-N
Digital Photograph
Additional post issuance information...
Operational biometric 2 ...
Operational biometric 1
PKI Encryption
PKI Signature
Operational biometric directory
Security object
Reference biometric
Cardholder Unique ID (CHUID) - PACS
General information
Card information
IssuerIdentityAssertion
Mandatory issuer controlled data Post issuance optional
Last name
Middle name
First name
ANSI standard right index fingerprint template
ANSI standard left index fingerprint template
CBEFF headers
Issuer asymmetric signature
Issuer public key information
Hash table
“Killer apps” (e.g., First Responders, Armed LEOs)
Training/Qualifications
Issuance Counter
Issuer ID
Card Type
Expiration Date
Issue Date
Contact Chip Data Model
20Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
GUID
FASC-N
Security object
Reference biometric
Cardholder Unique ID (CHUID) -PACS
General information
Card information
IssuerIdentityAssertion
Mandatory issuer controlled data Post issuance optional
Last name
Middle name
First name
Card type
Expiration Date
Issue Date
Issuance Counter
Issuer ID
Digital photograph - ANSI/ICAO standard
Both index fingerprints - ANSI standard pattern
Both index fingerprints - ANSI standard minutia
All containers use CBEFF
Issuer asymmetric signature
Issuer public key information
Hash table
“Killer apps”
Training/QualificationsCurrent solution = DESfire
Contactless Chip Data Model
21Steve Parsons July 2005Transportation Worker Identification Credential (TWIC)
HSPD-12: Secure and Reliable Forms of Identification
• Issued based on sound criteria for verifying an individual employee's identity
• Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation
• Can be rapidly authenticated electronically• Issued only by providers whose reliability has been
established by an official accreditation process.
TWIC KioskProvides:
- Pre-enrollment and printing locator/appt. card- Any other web-based functionality (e.g. card status, lost
card reporting, etc.)
Mobile Enrollment Workstation