Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005
Who Am I? How do you know? 2
TWIC Program Vision A high-assurance identity credential that is trusted and used across all transportation modes for unescorted physical access to secure areas and logical (cyber) access to systems. Goals Improve security Enhance commerce Protect personal privacy 3
TWIC Priorities Strong focus on identity assertion Establish and maintain the integrity of the chain of trust for identity management Bind: cardholder-credential-biometric-threat assessment-valid issuer If it s printed on the card, it s on the chip(s) Drive excellence in use of biometrics for physical access solutions ICAO/ANSI/ISO standard photograph ANSI standard fingerprint minutia ANSI standard fingerprint pattern ANSI standard IRIS 4
Prototype An original type, form, or instance serving as a basis or standard for later stages. An original, full-scale, and usually working model of a new product or new version of an existing product. An early, typical example. Source: Dictionary.com (Copyright 2005, Lexico Publishing Group, LLC. All rights reserved). 5
TWIC Phase III: Issuance Locations 6
Prototype Phase Workflow 7
Lessons Learned Functional Technical Programmatic 8
Functional - Trusted Agents - Enhance identity vetting - Standard Operating Procedures essential - Adjudication requirements - Sponsorship - User Acceptance / Functional Qualification Testing 9
Technical Technical standards / specifications / guidelines Maximize Commercial Off The Shelf (COTS) components Biometrics Standards Conforming products Alternatives Common topology Document Security Alliance Physical Access Control System (PACS) Integration Readers Infrastructure readiness Legacy Cardholder Conversion 10
Programmatic - Personnel transition/turnover - MOAs - GFE/P must be ready - Independent Verification / Validation (IV&V) - Privacy (independent assessment) - Volunteer participants - Physical presence / frequent communication - Plan for system demos and presentations - Conformance to HSPD-12 glad we did 11
TWIC Process Employee 2 Enrollment Centers Employers 1 3 Identity Management System (IDMS) 6 4 Database Queries 1:n 1:n biometric biometric search search Name-Based Name-Based Terrorist-Focused Terrorist-Focused Risk Risk Assessment Assessment 5 * Future CHRC Card Production Facility 8 Employee 7 Local Facilities Numbers Indicate Workflow Order 12
Summary TWIC is a high-assurance identity credential ( above the line ) TWIC was used as reference model during development of FIPS 201 (implements HSPD-12) Scalable - able to serve multiple communities of interest Local facilities grant/deny access (i.e., below the line ) Biometrics can help protect personal privacy / improve security Reliance on open, standards-based technologies improve opportunities for interoperability 13
For additional information Look at the TWIC Website at: http://www.tsa.gov/public (click on Industry Partners ) AND E-mail the TWIC Program at Credentialing@dhs.gov 14
Prototype Credential TWIC = secure and reliable form of identification Contactless Chip Magnetic stripe with FASC-N* *Federal Agency Smart Credential Number Integrated Circuit Chip (ICC) Linear 1D Barcode PDF-417 with Name, GUID* *Global Unique ID 16
Overt Security Features 17
Covert Security Feature Ultraviolet Image 18
Contact Chip Data Model Card information General information Issuer ID Issuance Counter Issue Date Expiration Date Card Type Issuer Identity Assertion Cardholder Unique ID (CHUID) - PACS Reference biometric Security object FASC-N GUID First name Middle name Last name Digital Photograph Operational biometric directory PKI Signature PKI Encryption Operational biometric 1 Operational biometric 2... Hash table Issuer public key information Issuer asymmetric signature CBEFF headers ANSI standard left index fingerprint template ANSI standard right index fingerprint template Additional post issuance information... Training/Qualifications Killer apps (e.g., First Responders, Armed LEOs) Mandatory issuer controlled data Post issuance optional 19
Contactless Chip Data Model Issuer ID Issuance Counter Issue Date Expiration Date First name Middle name Last name FASC-N GUID All containers use CBEFF Card type Issuer Identity Assertion Card information General information Cardholder Unique ID (CHUID) - PACS Reference biometric Security object Digital photograph - ANSI/ICAO standard Both index fingerprints - ANSI standard minutia Both index fingerprints - ANSI standard pattern Hash table Current solution = DESfire Training/Qualifications Killer apps Issuer public key information Issuer asymmetric signature Mandatory issuer controlled data Post issuance optional 20
HSPD-12: Secure and Reliable Forms of Identification Issued based on sound criteria for verifying an individual employee's identity Strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation Can be rapidly authenticated electronically Issued only by providers whose reliability has been established by an official accreditation process. 21
TWIC Kiosk Provides: - Pre-enrollment and printing locator/appt. card - Any other web-based functionality (e.g. card status, lost card reporting, etc.)
Mobile Enrollment Workstation