When fully implemented, the Transportation Worker Identification Credential (TWIC) program may include six million credentials and provide a standard that could be used by companies/facilities that require employees to have access to secure areas.
According to BearingPoint, Transportation Security Administration’s (TSA) systems integrator for the $12 million prototype, key to the program is the development and deployment of the tamper-resistant identification credentials with biometric information about the credential holder. The TWIC is designed to secure the process of authenticating transportation employees who have unescorted access to secure locations within transportation facilities.
The TWIC program consists of five phases: the planning and technology evaluation are complete. Phase III, the prototype, is underway now to be followed in about seven months by Phase IV, implementation, and, later, Phase V, operations and maintenance.
With TWIC prototype programs in process and more scheduled to come online, a Transportation Security Representative cautioned that a TWIC card won’t necessarily “get anyone into anyplace.”
The Transportation Worker Identification Credential simply “enables one to request access from a site administrator,” explained Steve Parsons of the Transportation Security Administration at the recent Smart Card Alliance conference in San Francisco.
“TWIC is about identity assurance,” said Mr. Parsons. “(TWIC) is designed to be a tool to be used for authentication.”
In other words, possession of a TWIC card allows the holder access to areas in which the cardholder has been granted privileges. But Mr. Parsons stresses, “only facilities grant access.” They will have complete control over who can gain entry to secure areas and the level of access that person is entitled. Individual facilities would be able to specify additional access requirements. TWIC access can also be revoked if the cardholder no longer needs access to such a facility.
Prototype projects are already under way on both coasts–California and Florida as well as at several sites in the northeastern U.S. This Phase III stage of TWIC implementation is expected to last about seven months. Locations currently testing the prototype TWIC card, according to officials from BearingPoint, are:
- Port Canaveral (Florida)
- the Port of Pensacola (Florida)
- the Long Beach Container Terminal (California)
- the Maritime Exchange for the Delaware River and Bay (Pennsylvania), an organization that represents over 300 port and related businesses throughout Pennsylvania, New Jersey, and Delaware.
The goal of this seven-month prototype phase is to analyze the technologies, policies, and administrative and business processes involved in collecting transportation worker data, issuing credentials and analyzing the day-to-day use of the cards along with the user experience. But in the fully operational prototype, up to 200,000 workers from maritime, rail, aviation and ground modes of transportation are eventually expected to participate at 34 sites in six states.
Enrollment centers will continue to be added over the next few months at the remaining prototype operation locations on the East Coast, the Los Angeles Area, and 12 additional major port facilities in Florida from the panhandle to Key West. Participation is voluntary and will include transportation workers such as truckers, longshoremen, and container terminal and airport personnel.
BearingPoint’s sub-contractors on the project include Anteon International, Lockheed Martin, and Unisys. Additional members include Daon, Dell, Gemplus, LexisNexis, Microsoft, SAFLINK, and Senture.
How does it work?
According to Mr. Parsons, the workflow, i.e. obtaining a TWIC, works something like this: The person pre-enrolls via the web or at enrollment centers. The enrollment center collects the breeder documents (previously issued documents relied upon to verify the individual’s identity) via “an enhanced I-9 process” and the person’s biometrics. This information is sent to the Identity Management System (IDMS), where a one-to-many search is performed to ensure the person is not already enrolled in the system and is not on a known list of criminals or terrorists. The information is then forwarded to the card production facility.
If TWIC works as it’s supposed to, it will protect individual privacy because only the minimum data is being collected, security will be improved through the reduced risk of fraudulent or altered credentials, biometrics, and the ability to interface with other agencies, and it will enhance commerce by eventually increasing process speed, enabling improved management and utilization of resources and eliminating the need for duplicate credentials and background investigations.
According to the TSA, technologies included on the TWIC card include:
- 64K contact Integrated Circuit Chip
- 4K (DesFire v6contactless) Integrated Circuit Chip
- Dual-interface card Integrated Circuit Chip
- Magnetic stripe
- Two-dimensional bar code
- Linear (3 of 9) bar code
- Unique card serial number
- Digital photo that complies with International Civil Aviation Organization (ICAO) standard.