Combining PIV Cards and Biometrics Enhances Airport Security

Combining PIV Cards and Biometrics Enhances Airport Security
Municipal airports can be a security challenge.  There are requirements both inside the terminal and out on the tarmac, spanning thousands of employees.    One highly effective option is to give all airport staff the commercial equivalent of the ID cards carried by federal Transportation Security Administration (TSA) workers, and manage both with a single access control system that also ensures higher security through strong authentication.  Security can be further improved using biometrics authentication, especially at sensitive entry points including where there is unsupervised access to high-risk areas. 

Today’s latest credential management systems support both the federal Personal Identity Verification (PIV) and PIV-Interoperable (PIV-I) cards for agency workers and government contractors, respectively, as well as the simplified Commercial Identity Verification (CIV) card.  PIV cards take advantage of Public/Private Key Infrastructure (PKI)-based validation, in which a digital certificate is placed on the PIV card that includes the user’s key information and access levels.  This information is sent through an electronic bridge to a federal certificate authority to confirm that the certificate has not been revoked, and that there has been no tampering.  A pair of public and private keys is used which are linked in such a way that information processed with one key can only be decoded or validated using the other key.  In other words, the system does not rely on a shared, secret key. 
PKI strong authentication is a highly efficient and interoperable strong authentication method for both logical and physical access control, the latter referred to as “PKI at the door.”  This capability can be implemented at lower cost throughout the airport with CIV cards -- unlike Federal agencies, CIV card users don’t have to purchase certificates from a trust anchor or pay annual maintenance fees, but can instead generate their own certificates.  While the cards are a little more expensive to accommodate the extra memory for certificate storage, this modest incremental cost will deliver the valuable additional benefits of stronger authentication at the door. 

For a municipal airport, the CIV cards can be used alongside their PIV siblings that are already being carried by TSA employees there.  Once issued, CIV cards work with a large number of systems and applications that are interoperable with the PIV standard.  With the latest credential management solutions, airport management can issue PIV, PIV-I and CIV cards with a single system and automatically push credential information to their physical access control system (PACS), enabling cards to be used for authentication at the door without the need to re-enroll their card again.  PACS access is also deactivated when the card is reported lost or stolen or terminated in the system.  Today’s systems also provide enhanced Certificate Authority (CA) support, across an extended range of CAs for issuing PKI certificates on smart cards.  The systems provide the flexibility to work with mobile devices, as well, and enable organizations to comply with their security policies. 
For additional security, biometrics authentication can be used to simultaneously improve user convenience in the airport setting.  One example is the use of HID Global’s Lumidigm sensors at Baltimore/Washington International (BWI) Airport.  Deployed in 2013, the V-Series multispectral fingerprint sensors are used to control access to the tarmac, with multiple units installed directly outdoors.  The system handles tens of thousands of transactions per day, using a combination of embedded fingerprint biometrics with a smart card reader, PKI and digital signature technologies. 
The combination of high-performance biometrics sensors with an airport’s access control system simplifies identity verification while ensuring that authenticated users are the same people that were issued the cards.  A key factor for biometrics deployment in the airport environment is the ability to overcome the fingerprint capture problems that conventional imaging systems face in less-than-ideal conditions.  This can be done by capturing unique fingerprint characteristics from both the surface and subsurface of the skin, ensuring that fingerprints can be read in all types of conditions, from snow to rain to heat, and with a wide demographic ranging from pilots to ticketing agents, drivers, mechanics and the entire range of airport workers. 
Also important is the concept of liveness detection to eliminate the problem of fake fingerprints and concerns about fraud or biometric identity theft.   Today’s field-updatable liveness detection capabilities ensure proof of presence by identifying real human tissue as authentic and detecting fraudulent materials within a fraction of a second.  The most effective liveness detection solutions are built from advanced machine learning algorithms that can be updated as new threats and spoofs are identified, enabling multispectral imaging sensors to very quickly respond and adapt to new vulnerabilities. The combination of a smart card, PIN and biometric with liveness detection brings the possibility of fraud and identity theft close to zero.
PIV cards are already in the airport, and the additional of CIV cards enables administrators to extend strong authentication at the door throughout the facility, taking advantage of the infrastructure created by the Federal government’s PIV program.   The addition of biometrics further improves security while enhancing convenience, and ideally includes a combination of liveness-detection and spoof-prevention techniques to improve performance and prevent the use of fake fingerprints.
Share to:
Comments ( 0 )

Please key in code
In your opinion, what is the hottest trend for 2018 in security?
Please Specify: