PUBLISHED: OCTOBER, 2004 ISSUE
Some airports are not waiting for federal government guidelines on biometrics. Instead, they are upgrading security systems to include the flexibility to incorporate new biometric technologies as they emerge.
The first phase of Sea-Tac’s security upgrade employed Goddard Technology’s customized credentialing system to provide a badging system to serve nearly 79,000 people. The initial system tracked training, background investigations, among other items to ensure personnel met proper requirements to receive access to certain areas. The system allowed strict enforcement of local and federally mandated security policies, interfaced with access control systems, and prepared the
“When our team first began customizing Sea-Tac’s badging system we had several concepts we knew we had to include,” said Bill Donohue, president and CEO of Goddard Technology Corp. “We knew that after Sept. 11 and the creation of the Transportation Security Administration (TSA), there would be new access control, data management and personnel credentialing requirements coming down the pipeline. Our efforts are aimed at increasing protective measures around sterile and Secure Identification Display Areas (SIDAs).”
Donohue said that Goddard’s aviation solution is designed to be scalable and customizable so that it grows based on an end-user’s needs, incorporates existing data from legacy systems and manages enhanced background checks and access controls for personnel with clearance for work in restricted areas.
“When we first decided to initiate our proactive approach to credentialing, data management, and access controls, we chose to implement a system capable of meeting future TSA requirements everyone knew were only a matter of months away,” says Arif Ghouse, Sea-Tac’s director of airport security. “So, phase one of our system upgrade was a stepping stone.”
After completing the first upgrade, Sea-Tac decided to incorporate biometric components to its badging solution. Choosing which biometric elements to incorporate was a challenge.
“With advancing technologies, we had a broad range of choices and had to weigh our available options to find what fit best with our goals. That was our challenge,” Ghouse says. “Biometrics are still relatively new in terms of acceptable levels of matching performance. For each technology we examined, we compared false nonmatch rates, false match rates, and false rates of non-enrollment to test each product’s and technology’s accuracy.”
Donohue points to TSA’s program to test various biometric components at a number of airports nationwide — often referred to as “The Twenty Airport Program.”
“Airports are observing the program, considering changes, and realizing that biometric technologies are more commercially available, more accepted in the industry, and the trend is moving in that direction,” Donohue says. He adds that airports’ primary questions now deal with the types of biometrics and the points in time to implement them. “Right now the TSA is looking at the fingerprint and iris scanners as two technologies they’re after while also examining facial recognition.”
Sea-Tac’s original requirement was to have a smart card capable of containing up to two biometrics — something Keith Rhodes, chief technologist of applied research and methods for the U.S. General Accounting Office, recommended to the House Subcommittee on Aviation in May of this year — but the Port of Seattle was already installing it.
Ghouse says that Sea-Tac’s updated security initiative was designed to prevent unauthorized personnel from obtaining facility access as a result of incorrect matches.
After deciding upon fingerprint recognition, Johnson Controls provided the badge readers, Sagem Morpho’s front-end reader captured the biometric for identification verification, and Goddard brought a solution to capture and send the data to its repository.
The biometric enrollment process involves a computer analysis of a person’s fingerprint to collect unique data points within the print, and takes only a few minutes. After completing enrollment, credential-issuing personnel can compare a template and fingerprint to generate a match when the print and card are presented. However, the process cannot go backward from the template to the fingerprint. “We can’t generate a fingerprint off of a template,” Donohue says.
When designing the system, Goddard presented two data collection and management scenarios to Sea-Tac.
The first mode uses a smart card or 2-D bar code and offers a portable database that has the template securely contained within it at the local level, so that if the reader is disconnected from the network, the card could still be used. The second mode involves sending a card number and fingerprint information through the network to a central server to match with a template on file. Although the second option is less expensive, it is less secure and more prone to failure because templates move across the network, and if the wire to the central repository becomes disconnected, the encoded biometrics will not function.
Says Donohue: “Since Sept. 11, everyone seems to be going the portable route because they want the biometrics to always work.”
He adds that there are also badging liability concerns to consider. “If the card can be stolen and used, it not only becomes a liability to the air or sea port, it also becomes a liability to the person carrying it. Cardholders are at risk if terrorists think they can take that card and use it, but if terrorists know that the card will not work without the biometric, they realize that there’s no point to obtaining a card.”
One of Sea-Tac’s proprietary projects was an IT self-protection measure that involved creating a master database and then informing security system vendors that their systems had to connect to that master database. “If one IT vendor leaves or a better product comes along, then it would be somewhat analogous to unplugging our current TV and plugging in a new one,” Ghouse says. “It wouldn’t impact our other systems.”
Goddard’s aviation solution with its biometric inclusion has been online at Sea-Tac since early 2004. So far, Sea-Tac is implementing fingerprint recognition, but with the accompanying smart cards, other types of biometrics can be added later. “If they want to add iris scans to the cards, they can do that without too much difficulty,” Donohue says. “Because of the off-line database mode where the biometric is stored in the card, we will revise our software to add that iris image capture, produce the template and program it in the card.”
Now, more than halfway through its upgrade process, Sea-Tac’s fingerprint recognition system helps control personnel admittance and movement in SIDAs. The facility is replacing existing card readers with readers that recognize smart cards containing the embedded fingerprint templates.
