Biometrics: Hands Down
|Preventing future security threats is a top priority for the Port of Wilmington, which opened in 1923. Considered to be the busiest port on the Delaware River and a leading North American importation site for fresh fruit, bananas, and juice concentrate, the facility has also been designated as a secure and restricted area.|
Correctly identifying who is flying the friendly skies is only one aspect of airport security. The Transportation Security Administration (TSA) continues to evaluate the use of identity and access management (IAM) technology for employee access to secured areas.
While a variety of IAM options exist, biometrics is fast becoming the solution of choice. Biometrics comprises methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Physiological characteristics are more commonly used for controlling access to highly secure areas. These are traits elated to the shape of the body, including fingerprints, face recognition, DNA, hand geometry and iris recognition.
Five-second Finger Reading
“It has been the consensus since 9/11 that using biometrics as an access control validation is the way to go,” says Rick Atkinson, director of the Yeager Airport in Charleston, W.V. “In response to 9/11 and the increased concern for better security at the nation’s airports, we decided to try biometrics to secure access to our control tower. It is our feeling that the government will recommend that some form of biometrics be used instead of, or in addition to, other access control measures.”
Yeager is pilot testing biometric hand readers, or Automated Fingerprint Identification System (AFIS) technology, from Schlage, to secure access to its control tower. “We feel that hand geometry is the best and most reliable biometric technology available,” says Atkinson.
Hand geometry is a biometric that identifies users by the shape of their hands. Hand geometry readers measure a user’s hand along many dimensions and compare those measurements to measurements stored in a file.
The FAA Air Traffic Control Tower is located atop the Yeager terminal building, which can be accessed via a door leading from the public area of the terminal to a stairwell and elevator. The stairs and elevator also provide access to other non-public portions of the terminal, including access to the HVAC systems and controls. In less than five seconds, the hand readers authenticate that the person attempting to gain access is indeed permitted access to the control tower door and permitted access at that time.
A person simply places his hand in the reading device, which has pegs to separate the fingers. The person is asked to enter his individual PIN, and if the hand matches the PIN, the system allows the person to open the door.
The hand readers are integrated with the airport’s existing access control system backbone, which includes proximity cards for certain access points, a video surveillance system and airport alarms. The hand readers are also networked to the airport’s central security system computer. The proximity card readers are operated by the same system that controls the hand readers. “Each device is effectively a lock that can be opened with either a hand that has been entered into the system and a unique PIN or a proximity card that has a unique serial number issued to an individual. Both methods allow for the system administrator to deactivate any person’s access at any time,” explains Atkinson.
After September 11, 2001, the FAA required that a 24-hour guard be stationed in the airport’s stairwell to control access, which cost the airport $25 per hour. The hand readers have eliminated the need for guards. Each reader costs $1,200, and system installation was an additional $10,000. Total project cost was $17,200, and the return on investment was realized in less than one month, says Atkinson.
“While we can’t specifically tie the readers to the prevention of unlawful activity, the airport is more of a hardened target with the installation of the hand readers,” says Atkinson. “Secured access control into sensitive areas after September 11, 2001, is a fact of life, and biometrics offers a way to improve access control in a cost-effective manner.”
|This year will mark the 10th anniversary of 9/11, and for many high-risk areas, security remains a work in progress. A perfect example is all the hype that various airports are generating for using—or more to the point, how they are using—body scanning equipment.|
Biometrics in the Bunker
Biometrics is one feature that separates Montgomery, Tex.-based Montgomery Westland Bunker (MWB) from other datacenter facilities. MWB boasts of data protection such as reinforced concrete walls several feet thick, back-up diesel generators with underground fuel supply tanks, around-the-clock security personnel, fully-equipped temporary work spaces to accommodate hundreds of office workers displaced by disasters, a bulletproof glass reception area and cyber security for the dozens of tenants who use the site as a primary or backup IT facility. The bunker is part of a 52-acre data campus 350 ft. above sea level with another 100,000 sq. ft. of office space above ground.
This high-level security operation has more than 50 clients, including ExpressJet, Continental Airlines, Anadarko and NASA, which require datacenter redundancy outside their own headquarters. Should these clients face data downtime from a natural disaster or terror attack, MWB steps in to accommodate the displaced workers.
The facility recently upgraded its access control system. Previously, access control consisted of a proximity card system with limited user capabilities. An access control system from Matrix Systems offers access control to more than 35 bunker doors as well as perimeter vehicle and pedestrian fencing gates. Benefits include biometric identification, historical tracking of doors and users and alarm capabilities.
“We promote secure access control in our client service level agreements, so our system must be extremely reliable to surpass the security features that our clients are accustomed to at their home offices,” says Jymme Gomez, president, MWB.
Three biometric readers require card credentials as well as fingerprint identification to enter a bunker floor and a private suite area. MWB scans and adds fingerprint identification to the Frontier database within seconds to allow newly authorized employees to enter sensitive areas.
The first parts of the access control upgrade had just been installed when Texas experienced Hurricane Ike. Ike was a true test for MWB’s access control strategy. Learning from the setbacks many coastal businesses experienced from Hurricane Katrina, Continental Airlines moved 300 Houston employees to MWB before the hurricane. Over the course of six days, employees received access control IDs quickly, which were then seamlessly integrated into the software.
The recently completed upgrade also brought the facility’s total number of security cameras cameras up to 45, and several 1-terabyte DVRs hold up to 90 days of recorded footage.
While Matrix provided the system design, MWB’s facility group installed all of the access control components, saving the company nearly $20,000 in installation costs, says Russell Thompson, facility manager. “We not only saved money as a result of installing ourselves, we also can troubleshoot most future service issues in-house.”
Biometric Integration Is Inevitable
Preventing future security threats is a top priority for the Port of Wilmington, which opened in 1923. Considered to be the busiest port on the Delaware River and a leading North American importation site for fresh fruit, bananas and juice concentrate, the facility has also been designated as a secure and restricted area.
Holding the distinction as the first seaport to use the Transportation Worker Identification Credential (TWIC) card in October 2003, the port has relied on TWIC to add a layer of security at ports by ensuring that workers in secure areas have received a background check and do not pose a national security threat.
As the TWIC program expanded as part of the Maritime Security (MARSEC) criteria, so did the need for a software program that could read and record information from both the existing TWIC 125kHz Prototype cards used with the port’s physical access control system and the latest TWIC cards. In addition, it was important to find a solution that would allow the port to access the TSA “hot list,” a real-time database of unauthorized TWIC users, so port security personnel can quickly identify those with revoked rights, avoid double enrolling or spot a potential terrorist.
Recognizing this need, Port of Wilmington officials began exploring their options for software that could work with its existing Honeywell Pro-Watch security management platform and with mobile card readers that deploy the enrollment process throughout the facility.
Port officials chose PIVCheck Plus software from Codebench, which drives three Datastrip mobile readers and resides on a desktop enrollment workstation in the port’s main office. An additional license for certificate management allows the port to re-validate TWICs each day, once they are enrolled with the Honeywell system. Port officials can now register TWIC holders throughout the port and transmit that information to the Pro-Watch system. These cards can then be read at the 32 fixed-card readers located at various entrances and access points throughout the port, which spans 307 acres.
TWIC credentials are required for entry to the port by anyone requiring frequent, unescorted access to the facility. These include longshoremen, trucker drivers, surveyors, agents, chandlers, port chaplains and laborers who access secure areas. Tenants who have their offices at the port, such as produce companies Chiquita and Dole, are also required to be enrolled in TWIC.
“On any given day, we can have 2,500 people coming through the port with TWIC cards,” says Jerry Custis, security manager and facility security officer for the port. Approximately 4,700 people have been enrolled into the port’s system out of the 11,000 people who actually sought TWIC cards. This number swells in mid-winter when seasonal workers arrive at the port for the beginning of fruit season.
Patrick Hemphill, Custis’s predecessor, oversaw the port’s TWIC deployment and explains that the mobile readers were taken to local union halls to enroll longshoremen before they even arrived at the port. “The members were made aware of the need to know their PIN, and we were able to enroll the majority of union members during a two-day period without interrupting their work schedule,” says Hemphill.
The future of biometrics as a tactic for securing high-risk areas looks promising, but the systems are not flawless. According to the College of Technology & Innovation at Asia Pacific University, an ID management system must consistently recognize a person’s intrinsic components. By distinguishing individuals based on physiological characteristics that are innate to the person, biometrics proposes a natural and dependable solution to the difficulty of identity determination.