Presentation is loading. Please wait.

Presentation is loading. Please wait.

Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners.

Published byMaliyah Hawse Modified over 10 years ago

Similar presentations

Presentation on theme: "Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners."— Presentation transcript:

1 Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners

2 November 19, 20072 Agenda Characteristics of a TWIC Card Data Models Supported Identification / Authentication Methods Revocation Hot List Reader Specification Overview Biometric Interoperability

3 November 19, 20073 What a TWIC Looks Like Front and Back views of a TWIC <FACIAL IMAGE>

4 November 19, 20074 TWIC is a Smart Card 64K of non-volatile memory Dual interfaces share memory o Contact interface (ISO/IEC 7816) o Contactless interface (ISO/IEC 14443) Physical security features o Tamper resistant o Color shifting inks Logical security features o Two encrypted fingerprint templates o Signed data o PKI certificates <FACIAL IMAGE>

5 November 19, 20075 TWIC Application Data Models PIV Application Data Model (SP 800-73.1) Buffer DescriptionAccess RuleContact / Contactless Card Capability ContainerRead AlwaysContact CHUID BufferRead AlwaysContact & Contactless PIV Authentication Certificate Buffer Read AlwaysContact Fingerprint BufferPINContact Printed Information BufferPINContact Facial Image BufferPINContact Digital Signature Certificate BufferRead AlwaysContact Key Management Certificate Buffer Read AlwaysContact Card Authentication Certificate Buffer Read AlwaysContact Security Object BufferRead AlwaysContact TWIC Application Data Model Buffer DescriptionAccess RuleContact / Contactless Unsigned CHUID BufferRead AlwaysContact & Contactless (Signed) CHUID BufferRead AlwaysContact & Contactless TWIC Privacy Key BufferRead AlwaysContact (+Out of Band) Fingerprint BufferRead AlwaysContact & Contactless Security Object BufferRead AlwaysContact & Contactless TWIC Differences from PIV PIV Differences from TWIC Shading broadly indicates :

6 November 19, 20076 What is a CHUID? Card Holder Unique Identifier 0x3000Always Read Data Element (TLV)TypeMax. Bytes FASC-N (Compact Form)Fixed25 Agency Code ( if with Alpha characters)Fixed4 Organization Identifier (if with Alpha characters)Fixed4 GUID (IPv6 format or 0)Fixed Numeric16 Expiration DateDate (YYYYMMDD)8 Authentication Key Map (Optional)Variable512 Issuer Asymmetric SignatureVariable2816 Error Detection CodeLRC0 Field name Length (BCD digits)Field description AGENCY CODE4 Identifies the government agency issuing the credential SYSTEM CODE4 Identifies the system the card is enrolled in and is unique for each site CREDENTIAL NUMBER6 Encoded by the issuing agency. For a given system no duplicate numbers are active CS1CREDENTIAL SERIES ICI1INDIVIDUAL CREDENTIAL ISSUE PI10PERSON IDENTIFIER OC1ORGANIZATIONAL CATEGORY OI4ORGANIZATIONAL IDENTIFIER POA1 PERSON/ORGANIZATION ASSOCIATION CATEGORY SS1 Start Sentinel. Leading character which is read first when card is swiped FS1Field Separator ES1End Sentinel LRC1Longitudinal Redundancy Character What is a FASC-N within the CHUID? FASC-N Federal Agency Smart Credential Number

7 November 19, 20077 Identification / Authentication Methods Visual Check – Perform a visual inspection of the TWIC and verify the presence of security features, expiration date and a visual comparison of the photo on the card to the individual presenting the card CHUID Check – Verify the CHUID is granted access in the PACS and / or verify the digital signature of the CHUID and verify the CHUID is not on the Hot list Biometric Check – Authenticate the individual by performing a 1:1 fingerprint biometric match against the fingerprint template stored in the TWIC PIN Verification – Require the cardholder to enter the correct PIN number that is stored in the TWIC Digital Photo Check – Visually compare the photo stored in the TWIC with the individual presenting the card Card Authentication – Verify the card is authenticate and not cloned by performing a private key operation

8 November 19, 20078 Authentication types using a TWIC Authentication TypeContact / Contactless Biometric and PIN Authentication PIN + BiometricContact Only Biometric Authentication CHUID + Card Authentication + Biometric / CardBoth CHUID + Biometric / CardBoth CHUID + Biometric / SystemBoth Dual Factor Authentication CHUID + Card Authentication + PIN + Digital PhotoContact Only CHUID + Card Authentication + PINContact Only Flash Pass + CHUID + Digital SignatureBoth Flash Pass + CHUID + Card AuthenticationBoth Single Factor Authentication CHUID + Digital SignatureBoth CHUID + Card AuthenticationBoth Flash Pass w/ HumanN/A CHUIDBoth

9 November 19, 20079 Credential Revocation Hot List Available now on the pre-Enrollment website o - Publicly available for reading Simple format compatible with many PACS o - Small record contains the revoked credential number and date of revocation o - Reason for revocation not stated in the record Each revoked credential stays on the list until the original credential expiration date has passed The hot list is updated daily

10 November 19, 200710 Reader Specification Overview TSA published the TWIC reader working specification September 11, 2007 Three reader types defined o - Fixed mount for outdoor use o - Fixed mount for indoor use o - Handheld for mobile use May operate as standalone or network attached o - Network attached readers should support 2-way communications * Allows for upload of TWIC Privacy Key from server Outdoor reader specified to meet diverse environmental conditions o - Operating temperature range: -20ºC to +70ºC o - Operating condensing humidity range:5% to 100% Transaction time of 3 seconds (or less) o - As measured from presentation of contactless card to completion of biometric match Biometric matching equal error rate of 1% or less Biometric sensor should provide liveness detection

11 November 19, 200711 Reader Specification and the TPK Concept The TWIC Privacy Key (TPK) Concept o - Biometric data is encrypted on the card using this symmetrical key o - TPK enables confidentiality of biometric data over the contactless interface o - Contactless transfer of biometric data allowed without PIN verification TPK and Contactless communications o - Inspired by the ICAO ePassport cryptographic solution for confidentiality o - TPK is a diversified key unique to each card o - TPK is a data object in the TWIC Data Model o - TPK is used as a public key that is obtained out of band from the data o - The TPK solution obviates the need for shared key management TPK accessible from either the magnetic stripe or Contact interface o - May be stored in each local access control system server to eliminate the need for reading the magnetic swipe (or performing a contact read) on each use

12 November 19, 200712 Biometric Interoperability It should be noted that biometric interoperability is defined as the ability of a biometric reader to perform a match from a presented biometric with the ANSI/INCITS 378 formatted enrolled templates provided on the TWIC card by the TSA. Such templates shall be in compliance with NIST Special Publication 800-76-1 INCITS 378 profile for PIV Card templates. Source: Section 8 of the TWIC Reader Hardware and Card Application Specification (11 Sep 2007) NOTE: The reader specification requires compliance to SP 800-76-1. Section 7.3 of 800-76-1 requires NIST certification of template matchers. Source: SP 800-76-1 Section 7.3Test Overview

13 November 19, 200713 Contact Details: Email: GSmith@idtp.comGSmith@idtp.com

Download ppt "Card and Reader Overview Gerald Smith Sr. Consultant ID Technology Partners."

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Cerner Presentation to S&I esMD Workgroup – Industry Scan

Cerner Presentation to S&I esMD Workgroup – Industry Scan
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
RFID Access Control System March, 2003 Softrónica.

RFID Access Control System March, 2003 Softrónica.
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Current Technology and the TWIC Program Walter Hamilton Chairman, International Biometric Industry Association Sr. Consultant, Identification Technology.

Current Technology and the TWIC Program Walter Hamilton Chairman, International Biometric Industry Association Sr. Consultant, Identification Technology.
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Mobile Devices in the DoD

Mobile Devices in the DoD
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Labcal. © 2004 Labcal. www.labcal.com Presented by: Mr. Gregory McConnell Partner & Director of Business Dev. Labcal. Todays Biometric Projects Need Mobile.

Labcal. © 2004 Labcal. Presented by: Mr. Gregory McConnell Partner & Director of Business Dev. Labcal. Todays Biometric Projects Need Mobile.
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone: 077 8683 6764.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

E- passports Erik Poll Digital Security Group Radboud University Nijmegen.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
USCG Enforcement for the Implementation of TWIC

USCG Enforcement for the Implementation of TWIC
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Department of Labor HSPD-12

Department of Labor HSPD-12

Similar presentations

Ads by Google