Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

Transcription

1 Office of Transportation Vetting and Credentialing Transportation Worker Identification Credential (TWIC) Program Briefing for the American Association of Port Authorities Chicago, IL 27 April 2005

2 TWIC Program Vision A high-assurance identity credential that is trusted and used across all transportation modes for unescorted physical access to secure areas and logical (cyber) access to systems. Goals Improve security Reduce risk of fraudulent or altered credentials Use biometrics to positively match individual to credential Enhance commerce Reduce need for multiple credentials / vettings Leverage current security investments Protect personal privacy Collect minimum personal data Use a secure system and network 2

3 TWIC Priorities Strong focus on identity assertion Establish and maintain the integrity of the chain of trust for identity management Chain of Trust Binds together: cardholder credential biometric - threat assessment - valid issuer What is printed on the card is embedded in the chip 3

4 Biometric Focus Drive towards excellence through the use of biometrics for physical access solutions ICAO/ANSI/ISO standard photograph ANSI standard fingerprint minutiae ANSI standard fingerprint pattern ANSI standard IRIS 4

5 Program Phases Today Planning Technology Evaluation Prototype East & West Coasts East, West, and FL As-Is Analysis To-Be Analysis Requirements Baseline Technology Evaluation Plan Site Survey Methodology & Performance Metrics Technology Demo Evaluate Range of Potential Technologies for Core Business Process and Requirements Multiple Facilities Five Technologies: Integrated Circuit Chip Optical Memory Stripe Magnetic Stripe Linear Bar Code 2-D Bar Code Cost-Benefit & Life-Cycle Cost Analysis Evaluate Access Technologies for Full Range of Business Processes, Policies and Requirements Biometrics Additional Facility Locations TWIC Technology Prototype (Multi-Tech Card) Policy & Processes Include: Trusted Agent Claimed ID Migration Across Region 5

6 Prototype Goals Planning To-Be Analysis Requirements Baseline Technology Evaluation Evaluate Range of Potential Technologies for Core Business Process and Requirements Prototype Evaluate Access Technologies for Full Range of Business Processes, Policies, and Requirements TWIC Prototype goals: 1. Assess performance of the TWIC identity management architecture and business processes 2. Assess performance of the TWIC credential as an access control tool 3. Assess the readiness of TWIC system to be implemented 6

7 Prototype Participants Participants include transportation workers from maritime, rail, aviation, and ground transportation facilities. Each circle represents a participating transportation facility. Oakland Pensacola Panama City St Joe McArthur Airport Philadelphia Camden Wilmington Fernandina beach Jacksonville Canaveral Long Beach/Los Angeles/LAX Tampa Manatee St Petersburg Ft Pierce Palm Beach Everglades Miami-Dade Key West 7

8 Prototype Credential Contactless Chip Magnetic stripe with FASC-N* *Federal Agency Smart Credential Number Linear 1D Barcode Integrated Circuit Chip (ICC) PDF-417 with Name, GUID* *Global Unique ID number 8

9 Overt Security Features 9

10 Chain of Trust: Prototype Components The chain of trust is a concept used in the TWIC Program that describes the nature of the relationship between the prototype system components. The chain of trust refers to the Program features that ensure personal privacy and security through people, technology, and process to obtain, transfer, and manage personal information. These include: The use of Trusted Agents, personnel who are trained and certified to handle personal information; Advanced information technology that includes such tools as encryption and biometrics to ensure the security and integrity of personal information; and Enrollment Vetting IDMS Card Production Strict standards for performance and business processes. These include system audits to evaluate and improve security. Access Control System Chain of Trust 10

11 Prototype Workflow Overview Transportation Workers 2 Sponsor 1 3 Identity Management System (IDMS) 4 Database Queries 1:n 1:n biometric biometric search search Name-Based Name-Based Terrorist-Focused Terrorist-Focused Risk Risk Assessment Assessment Office Office of of Transportation Transportation Vetting Vetting and and Credentialing Credentialing Enrollment Centers 6 5 Card Production Facility Transportation Workers 7 8 Local Facilities Numbers Indicate Workflow Order 11

12 TWIC Kiosk Allows user to: Pre-enroll for TWIC Enter initial personal data Obtain enrollment appointment Find nearest enrollment facility Be reminded of documents needed to enroll Determine status of any requested action Report lost card, address change, etc. 12

13 Prototype Regional Status The TWIC Program achieved Initial Operating Capability* (IOC) in November 2004 at four sites in PA, CA and FL, with dual interface biometrically enabled smart credentials. Twenty-six local facilities from all modes of transportation and up to 75,000 personnel will participate during Prototype phase. All 26 sites are enrollment capable Over 5,000 TWICs have been produced Over 17,000 enrollment records have been submitted *IOC included operational enrollment centers and card production facilities as well as the infrastructure in place to transmit/receive data and ship/receive cards. It also included an operational facility infrastructure capable of allowing the user to present the TWIC for proper access or denial. 13

14 TWIC Timeline Overview Dec Jan Mar May Jul Sep Nov Jan Mar May Jul Sep Nov Phase III: Prototype 11/04 - IOC 6/05 - FOC Rule Making 5/05 Preliminary (Vendor) Prototype Report 7/05 Final (TSA) Prototype Report TSA / Coast Guard Joint Rulemaking Team 4 th Quarter FY 05 Implementation Decision (KDP-3) 1 st Quarter FY 06 Implementation Phase RFP Phase IV: Implementation 1 st /2 nd Quarter FY 06 Contract 7/06 Award/Start-Up IOC 7/06 Completed Milestone Future Milestone Active Performance Period Approximate NPRM Comment Period Rule Effective Future Performance Period 14

15 Homeland Security Presidential Directive 11 and 12 HSPD 11* Sets policy for comprehensive terrorist-related screening procedures. HSPD 12** Sets policy for a common identification standard for federal employees and contractors (Secure and Reliable Forms of Identification). The TWIC Program served as a model for HSPD-12 as now stated in FIPS 201, SP and SP Requires credentials issued to be: Based on sound criteria for verifying an individual employee's identity; Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; Capable of rapid authentication electronically; and Issued only by providers whose reliability has been established by an official accreditation process. * For more information visit: ** For more information visit: 15

16 Current Focus Expand prototype IOC footprint to all participating facilities and workers. Continue emphasis on drafting rule to implement TWIC program for the maritime transportation mode Maintain close contact with stakeholders Prepare to analyze prototype performance data and make recommendations for implementation Continue to assure compliance with emerging credentialing standards and serve a model for an identity management and access control tool 16

17