Tuesday, May 13 Track A

Identification Applications & Policy

Session: Federal Government ID Use Cases

Time: 3:30 PM – 5:00 PM

Room: W202 B&C Moderator: John Bys

VP Global Alliances CoreStreet

Speakers:

Reynold Schweickhardt CTO

Government Printing Office

Paul Hunter Customs and Border Protection, Office of Information Technology, WHTI Project,

Passenger Systems Program Office Department of Homeland Security

Carter Morris Sr.

VP American Association of Airport Executives

John Schwartz

Asst Director TWIC Transportation Security Administration

David Temoshok

Director, Identity Policy & Management GSA Office of Governmentwide Policy

1

CTST 2008Passcard and Enhanced Driver’s License

Panel Discussion

Track A14 Federal Government ID Use Cases

Paul Hunter

May 13, 2008

2CTST May 13, 2008

TopicsWhy do we need the Western Hemisphere Travel Initiative (WHTI)?

What are the current vulnerabilities?

What are the challenges at land borders?

Why vicinity and not proximity?

What is an Enhanced Driver’s License?

What will the US Passport Card look like?

What information does a WHTI tag contain?

What about privacy?

How will RFID work at the border?

Panel discussion

2

3CTST May 13, 2008

Implements Section 7209 of the Intelligence Implements Section 7209 of the Intelligence Reform and Terrorism Prevention Act of 2004 Reform and Terrorism Prevention Act of 2004

Identifies the security vulnerability posed by document exemption and the myriad of travel documents presented at U.S. ports of entry.

The 9/11 Commission Report States:“Americans should not be exempt from carrying biometric passports or otherwise enabling their identities to be securely verified when they enter the United States; nor should Canadians or Mexicans.”

Why Do We Need the Western Hemisphere Travel Initiative (WHTI)?

4CTST May 13, 2008

WHTI addresses the vulnerabilities of multiple documents, which result in the challenge of verifying identity and citizenship. Standardization will address that vulnerability and improve efficiencies.

What are the Current Vulnerabilities?

3

5CTST May 13, 2008

What are the Challenges at Land Borders?On a typical day CBP processes 900K people*Over 308K privately owned vehicles a day*Extreme weather; northern and southern bordersSecurity versus facilitation – U.S. Citizens deserve both

Border wait times are a significant and sensitive issue for border communities

* Land border FY07 data

Approximately 7.1 million U.S. citizens on southern border and 4.6 million U.S. citizens on northern border lack WHTI-acceptable travel documents.

6CTST May 13, 2008

Why Vicinity and Not Proximity?Vicinity RFID requires little or no action for the traveling public

Simply make the document available (on seat, dashboard, etc.)

Enables CBP Officers to view pre-queued information on individuals seeking to enter the US and automate primary processing queries in advance of the vehicle pulling up to the primary inspection booth

Vicinity RFID offers the opportunity to eliminate ‘physical steps’ of the inspection process

Document collection and reviewScan and/or manual input of dataReturn of documents to the vehicle driver

4

7CTST May 13, 2008

Why Vicinity and Not Proximity?

0

50

100

150

200

250

Ve

hic

leQ

ue

ue

0

10

20

30

40

50

60

Wa

it T

ime

(m

inu

tes)

Vehi

cle Q

ueue

Vehi

cle W

ait T

ime (

minu

tes)

1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 121 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12

050

100150200250

Hour

10

0

20

30

40

50

6041.0 seconds

39.9 seconds

41.0 seconds

39.9 seconds

60+ minute peak wait

250-car peak

170-car peak

45 minute peak wait

Small decreases in processing time can lead to large

traffic benefits

Impact from a 1 second decrease in processing time at one congested port

8CTST May 13, 2008

Why Vicinity and Not Proximity?Vicinity RFID time savings can cut wait times significantly

Average 6-8 seconds per inspection is eliminated, up to 14 seconds per vehicle in time savedAt peak traffic there would be a 40% reduction to wait time witha cumulative effect of eliminating wait times during the day

DHS plans to upgrade the port of entry (POE) infrastructure with RFID technology at 39 land border POEs (62 crossings) in 2008, starting with Blaine (WA) and Nogales (AZ)

39 POEs represent 95% of all land border crossings

Data derived from Time and Motion Studies conducted at 19 POEs, example provided is Bridge of the Americas in Laredo TX

5

9CTST May 13, 2008

What is an Enhanced Driver’s License?

EDL = Identity and CitizenshipMeet minimum security standardsFacilitative technology (OCR/MRZ & RFID)Uniform processing & method of validation for CBP Officers

MRZ/OCR(new to a drivers license)US Flag

“Enhanced” Designation

Min 23mm white space

NewNew

10CTST May 13, 2008

What will the US Passport Card look like?

Presentation purposes only –product may not appear as depicted

6

11CTST May 13, 2008

What information does a WHTI tag contain?

High-level filter option

3 bits

Filter Value

Determines Company

Prefix length

3 bits

Partition Value

Allows for over 2 trillion unique

values

Equates to four digits, allowing up to 10,000

document types

Equates to eight digits to uniquely identify an organization such as DHS/ CBP, DoS, WA

state, etc.

0010 1100[Static, Binary value]

41 bits14 bits27 bits8 bits

Serial Number Document Type Company PrefixHeader

EPCglobal/GS1 allocated and managed.

An organization could define and filter for up to 10,000 document types. Example: the number 1 = motorcycle , 2 = auto, etc. Defined by Card/Tag Issuer

Used for unique serial number Example: 00101101011011101 Defined by Card/Tag Issuer

DHS has requested ‘001’ be reserved to represent ‘travel document’

01010101010101010101010101010101010101010101010101010101010101

12CTST May 13, 2008

What About Privacy?Only a number on the chip, no personally identifiable information (PII) stored in the tag

PII stored in secure databases transmitted over secure networks

Attenuation sleeve issued with all RFID enabled travel documents

Presentation of photo reduces risk of cloned tags being used successfully at the border

Implementation of TID will virtually eliminate successful use ofcloned tags

7

13CTST May 13, 2008

How will RFID Work at the Border?

14CTST May 13, 2008

How will RFID Work at the Border?

8

15CTST May 13, 2008

Panel Discussion

Paul Hunter703-440-3176

paul.hunter@dhs.gov

Our MissionWe are the guardians of our Nation’s borders.

We are America’s frontline. We safeguard the American homeland at and beyond our borders.

We protect the American public against terrorists and the instruments of terror. We steadfastly enforce the laws of the United States while fostering our nation’s

economic security through lawful international trade and travel.We serve the American public with vigilance, integrity and professionalism.

Our MissionWe are the guardians of our Nation’s borders.

We are America’s frontline. We safeguard the American homeland at and beyond our borders.

We protect the American public against terrorists and the instruments of terror. We steadfastly enforce the laws of the United States while fostering our nation’s

economic security through lawful international trade and travel.We serve the American public with vigilance, integrity and professionalism.

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

Transportation Worker Identification Credential (TWIC)

CTST 2008May 13, 2008

John Schwartz May 13, 2008 2

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

Program OverviewPurpose:

Ensure that only workers who satisfactorily complete a security threat assessment (STA) gain unescorted access to Secure Areas of the maritime transportation system.

TSA responsible for: enrollment; completing the STA; issuing credentials; operating the TWIC systemCoast Guard responsible for: establishing and enforcing access requirementsAll U.S. merchant mariners are also required to obtain a TWIC

TWIC Fee:Workers pay for credential$132.50 for a five year card$27.25 discount for current, comparable security threat assessment

John Schwartz May 13, 2008 3

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

Two-Phase Program ImplementationPhase I

Rule now requires workers to obtain TWICRule will require facility and vessel operators to visually inspect TWIC once initial enrollment is complete in each port as determined and ordered by Coast Guard Sector Commander

Phase IISecond TWIC rule will require facility and vessel operators to biometrically verify identity and check that the card has not been revokedOperators will be responsible for the purchase and operation of readers and access control systemsTo implement, will require contactless card readers that function in the maritime environment

John Schwartz May 13, 2008 4

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

TWIC Enrollment Metrics

0

50,000

100,000

150,000

200,000

250,000

300,000

350,000

2/12/0

8

2/19/0

8

2/26/0

83/4

/08

3/11/0

8

3/18/0

8

3/25/0

84/1

/084/8

/08

4/15/0

8

4/22/0

8

Date

Volu

me

Total Pre-enrollments: 318,739Total Pre-enrollments: 318,739

Total Enrollments: 244,470Total Enrollments: 244,470

Total Activations: 72,056Total Activations: 72,056

• 100+ Enrollment Centers open nationwide

• Estimated population: 1.2 Million +

Data as of April 24, 2008Data as of April 24, 2008

John Schwartz May 13, 2008 5

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

Lessons LearnedModified Capture Process to Allow for Large Hands

Decreased FBI Reject Rates

Fingerprint Matching Algorithm Must be OptimizedMade significant improvements in quality; continuing to work with NIST and FBI

Need to Rapidly Adjust Resources to Handle Fluctuating DemandRegional demand differencesRequirements for flexible hours

Self-Service Options:Checking Card StatusGeneral InformationScheduling Appointments

John Schwartz May 13, 2008 6

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

Program SuccessesPre-enrollment Capability: Reduces Overall Enrollment TimeExtensive use of Metrics and Dashboard: Allows objective identification of trends to take corrective actionsUse of 1:1 Biometric Match and Quality Algorithm at Enrollment: Minimizes FBI RejectsBiometric Uniqueness Check for all Applicants: Ensures Each Holder has Only One TWIC

o Possible Hits Include…− Duplicate Applications, Lost/Stolen Cards, Renewals, False

Matches

John Schwartz May 13, 2008 7

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

SAFE Port Act Pilot Test

Pilot Test Requirements:Evaluate technical performance of TWIC card / biometric reader functionEvaluate operational and business process impact of conducting biometric verification of identity in various maritime facility and vessel operating scenarios

ParticipantsPorts of NY/NJ; Long Beach; Los Angeles; Brownsville; and, ChicagoVessel operations: inland river tug/towing operations Vicksburg, MS; and, small passenger vessel operation in Annapolis, MD

John Schwartz May 13, 2008 8

Copyright 2008 Lockheed Martin Corporation. All rights reserved.

TWIC Information / Resources• Website: www.tsa.gov/twic

o Link to Pre-enrollment website− English and Spanish

o Schedule, press releases, FAQs, rulemaking documentso Outreach/communication materials

− Flyers− Quick Reference Guides− English and Spanish

o Link to Coast Guard Homeport website

• TWIC Help Desk: 1-866-DHS-TWIC• (1-866-347-8942)

o 8:00 AM ET - 12:00 AM ETo English and Spanish

1

SID_Presentation2_G.001-001.jpg

SID_Presentation2_G.002-002.jpg

2

SID_Presentation2_G.003-002.jpg

SID_Presentation2_G.004-002.jpg

3

SID_Presentation2_G.005-002.jpg

SID_Presentation2_G.007-002.jpg

4

SID_Presentation2_G.008-002.jpg

SID_Presentation2_G.009-002.jpg

5

SID_Presentation2_G.010-001.jpg

SID_Presentation2_G.011-001.jpg

6

SID_Presentation2_G.012-001.jpg

SID_Presentation2_G.013-001.jpg

7

SID_Presentation2_G.014-001.jpg

SID_Presentation2_G.015-001.jpg

8

SID_Presentation2_G.016-001.jpg

SID_Presentation2_G.017-001.jpg

9

SID_Presentation2_G.033-001.jpg

SID_Presentation2_G.034-001.jpg

10

SID_Presentation2_G.035-001.jpg

SID_Presentation2_G.036-001.jpg

11

SID_Presentation2_G.037-001.jpg

SID_Presentation2_G.038-001.jpg

12

SID_Presentation2_G.041-001.jpg

SID_Presentation2_G.042-001.jpg

13

SID_Presentation2_G.043-001.jpg

SID_Presentation2_G.044-001.jpg

14

SID_Presentation2_G.045-001.jpg

SID_Presentation2_G.046-001.jpg

15

SID_Presentation2_G.047-001.jpg

SID_Presentation2_G.048-002.jpg

16

SID_Presentation2_G.049-001.jpg

SID_Presentation2_G.050-001.jpg

17

SID_Presentation2_G.050-002.jpg

SID_Presentation2_G.051-001.jpg

18

SID_Presentation2_G.051-002.jpg

SID_Presentation2_G.052-001.jpg

19

SID_Presentation2_G.052-002.jpg

SID_Presentation2_G.053-001.jpg

20

SID_Presentation2_G.054-001.jpg

SID_Presentation2_G.055-001.jpg

21

SID_Presentation2_G.056-001.jpg

SID_Presentation2_G.062-002.jpg

22

SID_Presentation2_G.063-003.jpg

SID_Presentation2_G.064-003.jpg

23

SID_Presentation2_G.064-004.jpg

SID_Presentation2_G.066-001.jpg

24

SID_Presentation2_G.067-001.jpg

SID_Presentation2_G.068-001.jpg

25

SID_Presentation2_G.069-001.jpg

SID_Presentation2_G.070-002.jpg

26

SID_Presentation2_G.071-002.jpg

SID_Presentation2_G.073-001.jpg

27

SID_Presentation2_G.074-001.jpg

SID_Presentation2_G.076-001.jpg

28

SID_Presentation2_G.078-002.jpg

SID_Presentation2_G.079-001.jpg

29

SID_Presentation2_G.080-001.jpg

SID_Presentation2_G.081-002.jpg

30

SID_Presentation2_G.082-001.jpg

SID_Presentation2_G.083-001.jpg

31

SID_Presentation2_G.084-001.jpg

SID_Presentation2_G.085-002.jpg

32

SID_Presentation2_G.086-001.jpg

SID_Presentation2_G.087-001.jpg

33

SID_Presentation2_G.088-001.jpg

SID_Presentation2_G.089-001.jpg

34

SID_Presentation2_G.090-001.jpg

SID_Presentation2_G.091-001.jpg

35

SID_Presentation2_G.092-002.jpg

SID_Presentation2_G.093-001.jpg

36

SID_Presentation2_G.094-001.jpg

SID_Presentation2_G.095-002.jpg

37

SID_Presentation2_G.095-003.jpg

SID_Presentation2_G.095-004.jpg

38

SID_Presentation2_G.095-005.jpg

SID_Presentation2_G.095-006.jpg

39

SID_Presentation2_G.096-002.jpg

SID_Presentation2_G.096-003.jpg

40

SID_Presentation2_G.097-001.jpg

SID_Presentation2_G.098-001.jpg

41

SID_Presentation2_G.099-001.jpg

SID_Presentation2_G.100-001.jpg

42

SID_Presentation2_G.106-002.jpg

SID_Presentation2_G.107-001.jpg

1

The Government-wide Interoperability of HSPD-12

David Temoshok Director, Identity Policy and Management

GSA Office of Governmentwide Policy

CTST/Smart Card Alliance ConferenceMay 12, 2008

2

The HSPD-12 Mandate

Home Security Presidential Directive 12 (HSPD-12):“Policy for a Common Identification Standard for Federal Employees and Contractors”

-- Signed by President: August 27, 2004

HSPD-12 has Four Control Objectives:

Issue Identification based on sound criteria to verify an individual’s identity.

Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation.

Personal Identity can be rapidly authenticated electronically.

Issued by providers who’s reliability has been established by an official accreditation process.

3

Timeline Agency/Department Requirement/Milestone

August 27, 2004 HSPD-12 signed and issued

Not later than 6 months(February 27, 2005)

NIST Issue standard (FIPS-201)

Not later than 8 months following issuance of standard(October 27, 2005)

Compliance with FIPS-201 Part One:Identity Proofing and Enrollment.PIV-I

Not later than 20 months following issuance of standard(October 27, 2006)

Commence deployment of FIPS-201 compliant Identity Credentials (FIPS-201 Part Two). PIV-II

Convert all employees to PIV standard (October 27, 2008)

Compliance with FIPS-201 Part Two for all employees and contractors.

Key Milestones

4

Government-wide Implementation Strategy

• OMB provides policy and implementation guidance.

• NIST provides HSPD-12 process and technical requirements (FIPS 201 and associated Special Publications).

• Government-wide interoperability is required. Implementation is controlled through acquisition process.

• GSA designated as “Executive Agent for Acquisition” for the implementation of HSPD-12.

• GSA designated as Government-wide Shared Service Provider to provide shared services and infrastructure for government-wide implementation (MSO).

• Extremely aggressive milestones are needed to maintain focus andmomentum.

5

The Quest for Interoperability

“…Diverse systems and organizations to work together (inter-operate).”Wikipedia

“…Two or more systems or components to exchange information and to use the information that has been exchanged.” IEEE

“…Any government facility or information system, regardless of PIV issuer, to verify a cardholder’s identity using the credentials on the PIV card.” FIPS 201-1

“…Two or more devices, components, or systems to exchange information in accordance with defined interface specifications and to use the information that has been exchanged in a meaningful way.” GSA

Interoperability is defined as the ability of:

6

The Starting Gate for Government-wide Interoperability

• PIV standard data model- FIPS 201

• PIV interoperability and security standards- FIPS 201 and associated Special Publications

• PIV data interface specifications- FIPS 201 and associated Special Publications

• Standard Testing Programs - Products- GSA FIPS 201 Evaluation Program- NIST - FBI- NVLAP

• Reference Implementations - data interface specifications

• Standard Testing Program - data interface specifications

7

GSA – Executive Agent for Acquisition

• Establish FIPS 201 Evaluation Program to ensure that commercial products comply with all normative requirements of FIPS 201.

• Establish Approved Products List to publicly post all approved products/services requiring FIPS 201 compliance.

• Establish Special Item Number (SIN) 132-62 on GSA MAS IT 70 for FIPS 201 compliant products and qualified services.

• Provide full-range of qualified products and services. • Test agency-specific implementations for product compliance. • Test agency-specific implementations for compliance to interface

specifications.• Certify labs for product testing• Provide for Configuration Management of Approved Products and agency

implementations.

8

GSA FIPS 201 Evaluation Program Status

• GSA administers the FIPS-201 Evaluation Program to determine conformance to FIPS-201 normative requirements.

- Certified laboratories perform all FIPS 201 compliance evaluations- Approved Product List posted at http://fips201ep.cio.gov/

• GSA/NIST identified 23 categories of products/services which must complywith specific normative requirements contained in FIPS 201

- e.g., PIV smart cards, smart card readers, fingerprint scanners, fingerprint capture stations, facial image capture stations, card printing stations, etc.

• Current product and services approvals:- 350+ products on FIPS 201 Approved Product List

• Current certified labs:- Require NVLAP accreditation, GSA FIPS 201 EP Certification- Atlan Laboratories, InfoGard Laboratories- Several more lab certifications in progress

9

APL Products for PIV Architecture Components

PIV Enrollment

PIV IDMS(SIP)

OPM/FBINational Criminal

History Check NACI

Card Production and Management

SystemCard Issuance/

Activation

Fingerprint Capture StationFacial Image Capture Camera/StationFacial Image Capture (middleware)FP Template GeneratorFP Template Matcher

FP Template GeneratorFP Template Matcher

PIV CardPIV MiddlewarePIV Card Printer StationPIV Card Electronic Personalization (product, service)PIV Card Graph. Personalization PIV Card Delivery

Single FP Capture DeviceFP Template GeneratorFP Template MatcherCryptographic modulesCard Sleeve

Authentication Use Cases

PIV Card Reader – TransparentPIV Card Reader – CHUIDPIV Card Reader – Auth KeyPIV Card Reader – BiometricPIV MiddlewareCryptographic modules

Fingerprint Capture Station

10

Authentication Use Cases

Authentication Use Cases

PIV IDMS(SIP)PIV IDMS

(SIP)

HSPD-12 Architecture Interface Specifications

PIV Enrollment

PIV IDMS(SIP)

OPM/FBINational Criminal

History Check NACI

Card Production and Management

SystemCard Issuance/

ActivationAuthentication

Use Cases

Agency HR/Sponsors

2

1

1

1

14

4

PKI SSPsPKI SSPsPKI SSPs

1

3

Interface Specifications posted at HSPD-12 AWG website: http://www.smart.gov/awg/

11

HSPD-12 Systems – Shared and Stand-Alone

Stand-Alone• DOL• DHS• ED• EOP• EPA• FAA• FHFB• FTC• HHS• HUD• IBB• NASA• NCUA• SBA• SSA• VA

Shared• GSA• Dept. State• DoD

Total = 19 HSPD-12 systems government-wide

12

Status of HSPD-12 Interface Specifications• Interface Specifications are needed for interoperability in order to

successfully exchange data between HSPD-12 systems and systems components

• OGP established the inter-agency HSPD-12 Architecture Working Group in FY 2006 to develop Interface Specifications for government-wide use.

• 10 Interface Specification Documents have been developed and issued in final

All Interface Specifications are posted at http://www.smart.gov/awg/

• MSO is developing and currently testing Reference Implementation for the Agency – SIP (Systems Infrastructure Provider) Interface Specification.

The MSO Reference Implementation will be the standard for all MSO agencies to interface to EDS.

• Two new Interface Specifications are currently under development for MSO and government-wide use

SIP – OPM (Office of Personnel Management) for all fingerprint data to OPM and FBI Back-end authentication for physical and logical access control (numerous use cases and Interface Specifications needed)

13

Where We are Today…

Extend PIV infrastructure to newCommunities (FRAC, Healthcare)

Stabilize issuance operations Across 19 HSPD-12 systems

Complete conversion to PIV Credentials for all employees

Implement and test standard interface Specifications across PIV systems

Complete conversion to PIV Credentials for all contractors

Build and test standard use case applications

Manage configurations across Govt for new technologies/requirements

We’re still climbing the first step…

14

For More Information

● Visit our Websites:http://www.idmanagement.govhttp://www.cio.gov/ficchttp://www.cio.gov/fpkipahttp://www.csrc.nist.gov/piv-project

● Or contact:

David TemoshokDirector, Identity Policy and Management 202-208-7655david.temoshok@gsa.gov

NOTES