1 / 13

Card and Reader Overview

Card and Reader Overview. Gerald Smith Sr. Consultant ID Technology Partners. Agenda. Characteristics of a TWIC™ Card Data Models Supported Identification / Authentication Methods Revocation Hot List Reader Specification Overview Biometric Interoperability. What a TWIC™ Looks Like.

cree
Download Presentation

Card and Reader Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners

  2. Agenda • Characteristics of a TWIC™ Card • Data Models Supported • Identification / Authentication Methods • Revocation Hot List • Reader Specification Overview • Biometric Interoperability

  3. What a TWIC™ Looks Like • Front and Back views of a TWIC™ <FACIAL IMAGE>

  4. TWIC™ is a Smart Card • 64K of non-volatile memory • Dual interfaces share memory • Contact interface (ISO/IEC 7816) • Contactless interface (ISO/IEC 14443) • Physical security features • Tamper resistant • Color shifting inks • Logical security features • Two encrypted fingerprint templates • Signed data • PKI certificates <FACIAL IMAGE>

  5. TWIC ™ Application Data Models Shading broadly indicates: TWIC Differences from PIV PIV Differences from TWIC

  6. What is a CHUID? What is a FASC-N within the CHUID? FASC-N Federal Agency Smart Credential Number

  7. Identification / Authentication Methods • Visual Check – Perform a visual inspection of the TWIC™ and verify the presence of security features, expiration date and a visual comparison of the photo on the card to the individual presenting the card • CHUID Check – Verify the CHUID is granted access in the PACS and / or verify the digital signature of the CHUID and verify the CHUID is not on the Hot list • Biometric Check – Authenticate the individual by performing a 1:1 fingerprint biometric match against the fingerprint template stored in the TWIC™ • PIN Verification – Require the cardholder to enter the correct PIN number that is stored in the TWIC™ • Digital Photo Check – Visually compare the photo stored in the TWIC™ with the individual presenting the card • Card Authentication – Verify the card is authenticate and not cloned by performing a private key operation

  8. Authentication types using a TWIC™

  9. Credential Revocation Hot List • Available now on the pre-Enrollment website • - Publicly available for reading • Simple format compatible with many PACS • - Small record contains the revoked credential number and date of revocation • - Reason for revocation not stated in the record • Each revoked credential stays on the list until the original credential expiration date has passed • The hot list is updated daily

  10. Reader Specification Overview • TSA published the TWIC™ reader “working” specification September 11, 2007 • Three reader types defined • - Fixed mount for outdoor use • - Fixed mount for indoor use • - Handheld for mobile use • May operate as standalone or network attached • - Network attached readers should support 2-way communications • * Allows for upload of TWIC™ Privacy Key from server • Outdoor reader specified to meet diverse environmental conditions • - Operating temperature range: -20ºC to +70ºC • - Operating condensing humidity range: 5% to 100% • Transaction time of 3 seconds (or less) • - As measured from presentation of contactless card to completion of biometric match • Biometric matching equal error rate of 1% or less • Biometric sensor should provide “liveness” detection

  11. Reader Specification and the TPK Concept • The TWIC™ Privacy Key (TPK) Concept • - Biometric data is encrypted on the card using this symmetrical key • - TPK enables confidentiality of biometric data over the contactless interface • - Contactless transfer of biometric data allowed without PIN verification • TPK and Contactless communications • - Inspired by the ICAO ePassport cryptographic solution for confidentiality • - TPK is a diversified key unique to each card • - TPK is a data object in the TWIC™ Data Model • - TPK is used as a “public” key that is obtained “out of band” from the data • - The TPK solution obviates the need for shared key management • TPK accessible from either the magnetic stripe or Contact interface • - May be stored in each local access control system server to eliminate the need for reading the magnetic swipe (or performing a contact read) on each use

  12. Biometric Interoperability “ It should be noted that biometric interoperability is defined as the ability of a biometric reader to perform a match from a presented biometric with the ANSI/INCITS 378 formatted enrolled templates provided on the TWIC card by the TSA. Such templates shall be in compliance with NIST Special Publication 800-76-1 INCITS 378 profile for PIV Card templates.” Source: Section 8 of the TWIC™ Reader Hardware and Card Application Specification (11 Sep 2007) NOTE: The reader specification requires compliance to SP 800-76-1. Section 7.3 of 800-76-1 requires NIST certification of template matchers. Source: SP 800-76-1 Section 7.3Test Overview

  13. Contact Details: Email: GSmith@idtp.com

More Related