140 likes | 741 Views
Card and Reader Overview. Gerald Smith Sr. Consultant ID Technology Partners. Agenda. Characteristics of a TWIC™ Card Data Models Supported Identification / Authentication Methods Revocation Hot List Reader Specification Overview Biometric Interoperability. What a TWIC™ Looks Like.
E N D
Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners
Agenda • Characteristics of a TWIC™ Card • Data Models Supported • Identification / Authentication Methods • Revocation Hot List • Reader Specification Overview • Biometric Interoperability
What a TWIC™ Looks Like • Front and Back views of a TWIC™ <FACIAL IMAGE>
TWIC™ is a Smart Card • 64K of non-volatile memory • Dual interfaces share memory • Contact interface (ISO/IEC 7816) • Contactless interface (ISO/IEC 14443) • Physical security features • Tamper resistant • Color shifting inks • Logical security features • Two encrypted fingerprint templates • Signed data • PKI certificates <FACIAL IMAGE>
TWIC ™ Application Data Models Shading broadly indicates: TWIC Differences from PIV PIV Differences from TWIC
What is a CHUID? What is a FASC-N within the CHUID? FASC-N Federal Agency Smart Credential Number
Identification / Authentication Methods • Visual Check – Perform a visual inspection of the TWIC™ and verify the presence of security features, expiration date and a visual comparison of the photo on the card to the individual presenting the card • CHUID Check – Verify the CHUID is granted access in the PACS and / or verify the digital signature of the CHUID and verify the CHUID is not on the Hot list • Biometric Check – Authenticate the individual by performing a 1:1 fingerprint biometric match against the fingerprint template stored in the TWIC™ • PIN Verification – Require the cardholder to enter the correct PIN number that is stored in the TWIC™ • Digital Photo Check – Visually compare the photo stored in the TWIC™ with the individual presenting the card • Card Authentication – Verify the card is authenticate and not cloned by performing a private key operation
Credential Revocation Hot List • Available now on the pre-Enrollment website • - Publicly available for reading • Simple format compatible with many PACS • - Small record contains the revoked credential number and date of revocation • - Reason for revocation not stated in the record • Each revoked credential stays on the list until the original credential expiration date has passed • The hot list is updated daily
Reader Specification Overview • TSA published the TWIC™ reader “working” specification September 11, 2007 • Three reader types defined • - Fixed mount for outdoor use • - Fixed mount for indoor use • - Handheld for mobile use • May operate as standalone or network attached • - Network attached readers should support 2-way communications • * Allows for upload of TWIC™ Privacy Key from server • Outdoor reader specified to meet diverse environmental conditions • - Operating temperature range: -20ºC to +70ºC • - Operating condensing humidity range: 5% to 100% • Transaction time of 3 seconds (or less) • - As measured from presentation of contactless card to completion of biometric match • Biometric matching equal error rate of 1% or less • Biometric sensor should provide “liveness” detection
Reader Specification and the TPK Concept • The TWIC™ Privacy Key (TPK) Concept • - Biometric data is encrypted on the card using this symmetrical key • - TPK enables confidentiality of biometric data over the contactless interface • - Contactless transfer of biometric data allowed without PIN verification • TPK and Contactless communications • - Inspired by the ICAO ePassport cryptographic solution for confidentiality • - TPK is a diversified key unique to each card • - TPK is a data object in the TWIC™ Data Model • - TPK is used as a “public” key that is obtained “out of band” from the data • - The TPK solution obviates the need for shared key management • TPK accessible from either the magnetic stripe or Contact interface • - May be stored in each local access control system server to eliminate the need for reading the magnetic swipe (or performing a contact read) on each use
Biometric Interoperability “ It should be noted that biometric interoperability is defined as the ability of a biometric reader to perform a match from a presented biometric with the ANSI/INCITS 378 formatted enrolled templates provided on the TWIC card by the TSA. Such templates shall be in compliance with NIST Special Publication 800-76-1 INCITS 378 profile for PIV Card templates.” Source: Section 8 of the TWIC™ Reader Hardware and Card Application Specification (11 Sep 2007) NOTE: The reader specification requires compliance to SP 800-76-1. Section 7.3 of 800-76-1 requires NIST certification of template matchers. Source: SP 800-76-1 Section 7.3Test Overview
Contact Details: Email: GSmith@idtp.com