Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners.

Slides:



Advertisements
Similar presentations
For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Advertisements

Cerner Presentation to S&I esMD Workgroup – Industry Scan
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
RFID Access Control System March, 2003 Softrónica.
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Current Technology and the TWIC Program Walter Hamilton Chairman, International Biometric Industry Association Sr. Consultant, Identification Technology.
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Mobile Devices in the DoD
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Labcal. © 2004 Labcal. Presented by: Mr. Gregory McConnell Partner & Director of Business Dev. Labcal. Todays Biometric Projects Need Mobile.
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
E- passports Erik Poll Digital Security Group Radboud University Nijmegen.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
USCG Enforcement for the Implementation of TWIC
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12
Cryptography Usage in TWIC (Draft v4 8Dec06)
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.
Increased Security, while protecting Privacy ? True or False ? Christer Bergman, President and CEO, Precise Biometrics.
1/13/05NCASSR PNNL Visit1 Security Tools Area Overview, Credential Management Services, and the PKI Testbed Jim Basney Senior Research Scientist
Biometrics in New Zealand Passport issuing Border crossing System and information access Building access.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
PIV Data Model Testing Ketan Mehta March 3, 2006.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 8 Web Security.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.
Chapter 10: Authentication Guide to Computer Network Security.
Biometric Access Control in TWIC Read Hardware and Card Application Specification Roger Roehr.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure Electronic Transaction (SET)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Section 2.3 – Authentication Technologies 1. Authentication The determination of identity, usually based on a combination of – something the person has.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.
11/18/2003 Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.
Information Systems Design and Development Security Precautions Computing Science.
TAG Presentation 18th May 2004 Paul Butler
Ketan Mehta March 3, 2006 PIV Data Model Testing Ketan Mehta March 3, 2006.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
TAG Presentation 18th May 2004 Paul Butler
Transportation Worker Identification Credential (TWIC) Next Generation (NEXGEN) Card Update for National Maritime Security Advisory Committee (NMSAC)
Merging Security and Convenience with Seos® Credential Technology
TWIC Update to Sector Delaware Bay AMSC
Fun gym Cambridge Nationals R001.
Fun gym Cambridge Nationals R001.
Welcome To Money pad November 23, 2018 Sample footer.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Biometric technology.
NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop December 14, 2006.
Presentation transcript:

Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners

November 19, Agenda Characteristics of a TWIC Card Data Models Supported Identification / Authentication Methods Revocation Hot List Reader Specification Overview Biometric Interoperability

November 19, What a TWIC Looks Like Front and Back views of a TWIC <FACIAL IMAGE>

November 19, TWIC is a Smart Card 64K of non-volatile memory Dual interfaces share memory o Contact interface (ISO/IEC 7816) o Contactless interface (ISO/IEC 14443) Physical security features o Tamper resistant o Color shifting inks Logical security features o Two encrypted fingerprint templates o Signed data o PKI certificates <FACIAL IMAGE>

November 19, TWIC Application Data Models PIV Application Data Model (SP ) Buffer DescriptionAccess RuleContact / Contactless Card Capability ContainerRead AlwaysContact CHUID BufferRead AlwaysContact & Contactless PIV Authentication Certificate Buffer Read AlwaysContact Fingerprint BufferPINContact Printed Information BufferPINContact Facial Image BufferPINContact Digital Signature Certificate BufferRead AlwaysContact Key Management Certificate Buffer Read AlwaysContact Card Authentication Certificate Buffer Read AlwaysContact Security Object BufferRead AlwaysContact TWIC Application Data Model Buffer DescriptionAccess RuleContact / Contactless Unsigned CHUID BufferRead AlwaysContact & Contactless (Signed) CHUID BufferRead AlwaysContact & Contactless TWIC Privacy Key BufferRead AlwaysContact (+Out of Band) Fingerprint BufferRead AlwaysContact & Contactless Security Object BufferRead AlwaysContact & Contactless TWIC Differences from PIV PIV Differences from TWIC Shading broadly indicates :

November 19, What is a CHUID? Card Holder Unique Identifier 0x3000Always Read Data Element (TLV)TypeMax. Bytes FASC-N (Compact Form)Fixed25 Agency Code ( if with Alpha characters)Fixed4 Organization Identifier (if with Alpha characters)Fixed4 GUID (IPv6 format or 0)Fixed Numeric16 Expiration DateDate (YYYYMMDD)8 Authentication Key Map (Optional)Variable512 Issuer Asymmetric SignatureVariable2816 Error Detection CodeLRC0 Field name Length (BCD digits)Field description AGENCY CODE4 Identifies the government agency issuing the credential SYSTEM CODE4 Identifies the system the card is enrolled in and is unique for each site CREDENTIAL NUMBER6 Encoded by the issuing agency. For a given system no duplicate numbers are active CS1CREDENTIAL SERIES ICI1INDIVIDUAL CREDENTIAL ISSUE PI10PERSON IDENTIFIER OC1ORGANIZATIONAL CATEGORY OI4ORGANIZATIONAL IDENTIFIER POA1 PERSON/ORGANIZATION ASSOCIATION CATEGORY SS1 Start Sentinel. Leading character which is read first when card is swiped FS1Field Separator ES1End Sentinel LRC1Longitudinal Redundancy Character What is a FASC-N within the CHUID? FASC-N Federal Agency Smart Credential Number

November 19, Identification / Authentication Methods Visual Check – Perform a visual inspection of the TWIC and verify the presence of security features, expiration date and a visual comparison of the photo on the card to the individual presenting the card CHUID Check – Verify the CHUID is granted access in the PACS and / or verify the digital signature of the CHUID and verify the CHUID is not on the Hot list Biometric Check – Authenticate the individual by performing a 1:1 fingerprint biometric match against the fingerprint template stored in the TWIC PIN Verification – Require the cardholder to enter the correct PIN number that is stored in the TWIC Digital Photo Check – Visually compare the photo stored in the TWIC with the individual presenting the card Card Authentication – Verify the card is authenticate and not cloned by performing a private key operation

November 19, Authentication types using a TWIC Authentication TypeContact / Contactless Biometric and PIN Authentication PIN + BiometricContact Only Biometric Authentication CHUID + Card Authentication + Biometric / CardBoth CHUID + Biometric / CardBoth CHUID + Biometric / SystemBoth Dual Factor Authentication CHUID + Card Authentication + PIN + Digital PhotoContact Only CHUID + Card Authentication + PINContact Only Flash Pass + CHUID + Digital SignatureBoth Flash Pass + CHUID + Card AuthenticationBoth Single Factor Authentication CHUID + Digital SignatureBoth CHUID + Card AuthenticationBoth Flash Pass w/ HumanN/A CHUIDBoth

November 19, Credential Revocation Hot List Available now on the pre-Enrollment website o - Publicly available for reading Simple format compatible with many PACS o - Small record contains the revoked credential number and date of revocation o - Reason for revocation not stated in the record Each revoked credential stays on the list until the original credential expiration date has passed The hot list is updated daily

November 19, Reader Specification Overview TSA published the TWIC reader working specification September 11, 2007 Three reader types defined o - Fixed mount for outdoor use o - Fixed mount for indoor use o - Handheld for mobile use May operate as standalone or network attached o - Network attached readers should support 2-way communications * Allows for upload of TWIC Privacy Key from server Outdoor reader specified to meet diverse environmental conditions o - Operating temperature range: -20ºC to +70ºC o - Operating condensing humidity range:5% to 100% Transaction time of 3 seconds (or less) o - As measured from presentation of contactless card to completion of biometric match Biometric matching equal error rate of 1% or less Biometric sensor should provide liveness detection

November 19, Reader Specification and the TPK Concept The TWIC Privacy Key (TPK) Concept o - Biometric data is encrypted on the card using this symmetrical key o - TPK enables confidentiality of biometric data over the contactless interface o - Contactless transfer of biometric data allowed without PIN verification TPK and Contactless communications o - Inspired by the ICAO ePassport cryptographic solution for confidentiality o - TPK is a diversified key unique to each card o - TPK is a data object in the TWIC Data Model o - TPK is used as a public key that is obtained out of band from the data o - The TPK solution obviates the need for shared key management TPK accessible from either the magnetic stripe or Contact interface o - May be stored in each local access control system server to eliminate the need for reading the magnetic swipe (or performing a contact read) on each use

November 19, Biometric Interoperability It should be noted that biometric interoperability is defined as the ability of a biometric reader to perform a match from a presented biometric with the ANSI/INCITS 378 formatted enrolled templates provided on the TWIC card by the TSA. Such templates shall be in compliance with NIST Special Publication INCITS 378 profile for PIV Card templates. Source: Section 8 of the TWIC Reader Hardware and Card Application Specification (11 Sep 2007) NOTE: The reader specification requires compliance to SP Section 7.3 of requires NIST certification of template matchers. Source: SP Section 7.3Test Overview

November 19, Contact Details:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.