Monday, March 30, 2009

TWIC Reader ANPRM – Identification Techniques

As I noted last Friday the Coast Guard published an advance notice of proposed rule making (ANPRM) about the use of electronic TWIC Readers. This blog will be the first in a series of blogs that will look at some of the details of the program that they are thinking about implementing. Along the way we will look at potential applications at high-risk chemical facilities not associated with MTSA covered facilities. In this first blog we will look at the various identification techniques that can be associated with the Transportation Workers Identification Credential and the TWI Reader. Identity Verification There are three different techniques that facilities can use the TWIC to verify a worker’s identity. The first, most basic and least secure is to use the picture on the card and to compare it to person’s face. Of course, any picture ID card could be used in the same way. The next most secure way to use the TWIC would be to place the card into a smart card reader and enter the worker’s 6-digit PIN into the reader. This provides about the same level of security as a standard bank card. What the TWIC was designed for was biometric identification verification. The worker’s identification is verified during the application process and an electronic copy of a fingerprint is encoded on the chip embedded in the TWIC. At the point of identification the TWIC would be placed into the TWIC Reader and the worker’s fingerprint read. The two would then be compared to verify the worker’s identity. For high-risk chemical facilities that are not covered by the MTSA rules, the security manager must determine what level of identification is necessary at that facility. Initial identification of the individual is certainly going to require verification of identity based on finger prints. For most facilities, once the initial identification verification is completed, photo ID is going to be adequate since the employee will be familiar to his co-workers. For larger facilities with multiple levels of access to areas without security guard coverage some sort of automated identification verification will be necessary. Card Authentication Since the TWIC Reader identification verification system relies on information provided by the TWIC there needs to be some form identification verification for the card itself. There are two levels of TWIC authentication available on every legitimate TWIC. First there are visible security features embedded into the front and back surfaces of the card. The absence of one or more of these visible features indicates that the card is a poor forgery. The second, more secure level of TWIC authentication requires the use of a TWIC Reader. First the Reader finds the Card Authentication Certificate programmed into the TWIC chip. The TWIC Reader then initiates a challenge and response protocol based on data included in the certificate. An improper response indicates a forged card. Any facility that designs their security identification procedures around a card system that relies on personnel identification information contained only in the card must come up with a similar type procedure. If the biometric identification information is contained in the on-site system rather than the card, methods of authenticating the identification card are not as critical. Card Validation A TWIC will spend most of its life in un-secure areas. They will be subject to theft and other forms of diversion. Workers will loose their clearance for unescorted access to MTSA security areas, but will physically retain their TWIC. There are a variety of reasons that an authentic TWIC should not be able to authorize unaccompanied access to a secure area. This means that the current status of that TWIC must be validated. When a TWIC Reader authenticates a TWIC it immediately reads the identification for that card, the Federal Agency Smart Card—Number (FASC-N). The TWIC reader then compares that FASC-N to a list of ‘bad’ numbers provided by TSA. If the FASC-N is not found on that list then the TWIC is validated. At this point the identity and security status of the holder is verified. Again, this level of sophistication would not be required for a privately developed security identification card system if the data used to verify the identity of the user was maintained on an isolated system within the security perimeter. Any identification system that allows the verification data to reside outside that perimeter must use a similar level of sophistication.

No comments:

/* Use this with templates/template-twocol.html */