San Francisco International Airport

Access Control and Biometrics Case Study

San Francisco International Airport

Access Control and Biometrics Case Study

Kim Dickie, Asst Deputy Airport Director, - Aviation Security Kim Dickie, Asst Deputy Airport Director, - Aviation Security

2

• Access Control System (ACS) MDI and Ingersoll Rand Hand Geometry installed 1991

• Serve 20,000 airport ID badged employees

• Terminal 2 Renovation Project• New domestic terminal w/ 14 gates • Select a new ACS and Biometric system• Identify need for migration plan for all terminal facilities• Smart Card Technology• Comply with new industry standards

Background

3

• Approximately 1500 airfield access portals

• ACS Card Reader transactions• —over 200,000 / day

• 200+ access portals equipped with Card/ Hand Geometry Readers

• Hand Geometry Reader transactions• —can exceed 35,000 / day

• Deployed at all Airport controlled access portals leading directly to the Secured Area

ACS and Biometric System - CurrentACS and Biometric System - Current

4

Turnstile Vestibule, Card Reader/Hand Geometry, Access Portal

Access Control System - Current Access Control System - Current Access Control System - Current Access Control System - Current

5

How it works……………• Over 90 distinct hand measurements taken

including:• Length • Width • Thickness• Surface area

• 3-D image acquired• 9 byte template is generated

Biometric Technology – Current

6

Hand Geometry Facts• Easy to use• Low failure to enroll rate

• 2 out of 70,000• Fast verification

• 2 – 3 second average• Low false rejection rate—.1% • probability an authorized user is rejected• Hand Geometry Reader reliability• — greater than 99.9%

Biometric Technology - Current Biometric Technology - Current

7

• Lumidigm™ fingerprint readers to replace infrared hand geometry readers

• Multispectral imaging technology used to collect fingerprint information from below the surface of the skin

Biometric Technology - Future

Avoids conventional fingerprint reader pitfalls:

•Worn fingertips

•Overly moist or dry skin

•Soft press against reader

•Susceptibility to fraudulent, artificial fingertips

8

Access Control System - Future

• ACS system – Lenel OnGuard• HID iClass Elite “contactless” Card

• Fingerprint, Hand Geometry, Mag stripe, proximity card

• Space for a contact chip

Presentation Title and date (update in slide master)9

Airport Badging/Credentialing Process – Current

Presentation Title and date (update in slide master)10

Forms & Pre-Checks

Pre-Enroll

Manual Setup

Airport Security Training

Conduct

Enroll Fingerprinting

CHRC

“No-Fly” List Manual Verification – inconsistent return rate – 3 places to check for approval

Manual Setup

Badging & Card Issuance

Manual Results

End Enroll

Document Archiving

Manual Filing

Manual Physical AccessPrivileges

Physical Access

Manual Data Reconciliation

Provision

Manual Provision

Audit

Manual AuditReports

Time for completion Not Controlled by Airport -

Time for completion Not Controlled by Airport -

CA

DOJ

CA

DOJ

Presentation Title and date (update in slide master)11

Airport Badging/Credentialing Process – Future

12

Web Paper Forms

Pre-Enroll

Badging, Card, Key, Issuance

End Enroll

Automate Result Upload

Audit

Automate Data

Reconciliation

Automate Audit

Reports

Physical Access

Privileges Provision

AutomateProvisioning & Role-based Access

Privileges

Airport Security Training

Document ArchivingConduct

Automate Doc Mgmt

Automate Training Registration

AutomateData Input

Capture Fingerprints

“No-Fly” & “Selectee” list

CHRC

Background Check

Automate Upload &Verification

CA

DOJ

CA

DOJ

13

Identity Management System (IDMS)

Vehicle/Parking

Access Control

Biometric, Smart Cards

Document Mgmt

Physical

Security

Documents

PACS

Biometrics

Smartcard

ThirdParties

Background Check/ No-fly List

Vetting

Credential Check

External

Processes

AAAE/TSC

(BASIC, CATSA)

No-Fly

IDMS solution connects siloed systemsinto a common framework

14

IDMS – Automated Workflow

• E-Form Credential Application– Eliminates duplicate data entry– Streamlines manual enrollment of biographic data

• Badge creation is only allowed when: – STA & CA DOJ is approved– Role-based badge template selection

• Twice Daily – SAFE is looking for STA– Setup alert for company-authorized designee, – Deactivate Card within 48 hours

• Automatic Notification Process – Creates Authorized Signatory or Employer

correspondence

• Automated Compliance of TSA regulations– Audit process– Authorized designee training mandatory

SAFE AppliesPre-Defined Rules

15

BASIC Pilot Program

• SFO to BASIC : XML Web Services - HTTP, SOAP 1.1• Phase 1 – Biographic information completed

– 5-15 Day Exercise (Design, Test, Deploy)– Initial round of integration testing complete– Testing conducted remotely

• Phase 2 – Biometric and Biographic in work• Integrate SAFE to Identix LiveScan – Fall 2009

– Allow SFO to connect to BASIC

SAFE BASIC Agent(Airport)

WS Client (PersonService.wsdl)

WS Host/Listener (PersonServiceNotification.wsdl)

BASIC(CSSP)

WS Host/Listener (PersonService.wsdl)

WS Client (PersonServiceNotification.wsdl)

Response

Request

Response

Request

16

Lessons learned so far……..

Identify IDMS requirements and opportunities

Phased approach - operational pilot

Perform ROI - Metrics

Evaluate Network system to identify requirements