Home » Dec/Jan Web Extra: Access Control Terminology & Vendor Questions
Dec/Jan Web Extra: Access Control Terminology & Vendor Questions
By Sean Broderick | January 11, 2008
Editor’s note: the following access control terminology and questions for possible vendors was provided by Jeff Price. Read Jeff’s feature on airport biometrics in the December/January issue (.pdf) starting on page 37. To contact Jeff and learn about his other projects in the aviation security arena, see his Web site at www.leadingedgestrategies.com.
Personal Identity Verification (PIV) requirements for federal employees and contractors. The Department of Commerce and National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. In response, NIST published Federal Information Processing Standard Publication 201. The program includes the technical requirements for improving the identification and authentication of federal employees and contractors. More details here.
HSPD-12: In an effort to reduce identity fraud, enhance security, increase government efficiency and protect personal privacy, Homeland Security Presidential Directive 12 was issued Aug. 27, 2004 (press release here), to establish a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors.
ISO 14443: An international standard for contactless smart cards operating at 13.56 MHz, 14443 sets communication standards and transmission protocols between cards and card readers to create interoperability for contactless smart card products. See iso.org for more information.
NIST: A division of the Department of Commerce, NIST is a non-regulatory federal agency. NIST laboratories conduct research in a wide variety of physical and engineering sciences, responding to industry needs for measurement methods, tools, data and technology. More details here.
Proximity card (or prox card): A contactless integrated circuit card with a range of about three inches. Unlike RFID systems, a prox card is activated when it comes close to a prox card reader. the reader that projects a field triggering the prox card’s integrated circuit to transmit the access information to the card reader.
RFID: Radio-Frequency Identification refers to small electronic devices that consist of a small chip and an antenna. The antenna is capable of longer distances than proximity card technology and can be tracked continuously regardless of whether the individual is next to a card reader.
TWIC: Transportation Worker Identification Credential. TWICs are tamper-resistant biometric credentials for workers who require unescorted access to secure areas of ports, vessels, outer continental shelf facilities and all credentialed merchant mariners. So far, TSA has to put TWIC on the back burner for aviation. More information here.
QPL: The Qualified Products List, published by TSA, includes biometric technology that can be used for airport access control. Being on the QPL ensures the product has passed testing conducted by NIST.
US-VISIT: Using digital finger scans and photographs, the federal government checks visitors to the U.S. against a database of known criminals and suspected terrorists. More information here.
Another important document to consider when drafting your RFP for biometric access control systems is the TSA Guidance Package: Biometrics for Access Control (.pdf).
If you do not have time to read the document, or don’t want to translate it for the RFP, one option is to state within the RFP that any proposed technology must meet TSA Biometrics for Access Control standards and point proposers to the TSA guidance document.
Some questions to ask your future biometric service provider before deciding what to buy are:
- What is the false alarm rate, or false rejection rate?
- How often does the system not read or allow access for an approved party?
- What is the failure to enroll rate?
- What is the failure to capture rate?
- Can the algorithms used by the system be integrated or talk to other systems in case you decide to upgrade or federal guidance changes and requires you to modify your system?
- What is the capacity of the system?
- How many individuals can it hold?
- What are the maintenance requirements?
- What is the downtime per unit?
- Has the unit been tested indoors and outdoors?
- Are there options for protecting readers outdoors? (Remember that biometric sensors are generally more sensitive to environmental changes, dirt, dust, rain and snow than non-biometric systems.)
- Is there any training required for airport and airline personnel and to what extent?
- And, most importantly, does it work?
Topics: web extras |
One Response to “Dec/Jan Web Extra: Access Control Terminology & Vendor Questions”
January 11th, 2008 at 3:33 pm
[…] Dec/Jan Web Extra: Access Control Terminology & Vendor Questions […]
Comments