Air watchdog mulls biometrics

A federal Crown corporation responsible for aviation security services is in the process of testing biometric technology as part of its new restricted area identification card (RAIC) program.

Last month the Ottawa-based Canadian Air Transport Security Authority announced that the first phase of this project will involve operational trials of identity verification technologies from a number of vendors, including Bioscrypt Inc., which makes fingerprint readers; Cross Match Technologies, a fingerprint imaging technology maker; HID, a manufacturer of contactless access control readers and cards; and electronics and communications firm LG Electronics. Ottawa-based security product and service provider Acme-Future Security Controls won the request for proposal (RFP) CATSA issued for the first half of the project.

The plan, said CATSA spokesperson Renee Fairweather, is to put unique biometric identifiers on the cards issued to employees who work in restricted areas in major Canadian airports, including airline personnel, airport employees, refuelers, flight crews, caterers, aircraft groomers, maintenance personnel and ground handlers.

“This is something that the minister (of Transport Canada) asked us to take on. It was mandated to us by the government,” Fairweather said, referring to a November 2002 announcement made by the transport minister at the time, David Collenette. “This is aimed at making restricted areas more secure and to ensure that there is no violation of cards and that only the people holding the card can access the area through their unique biometric features,” Fairweather said.

CATSA will test the biometric technologies at four as-yet undisclosed airports. “We will take the results from the field tests, and from there take the biometric that is most user-friendly,” she said. “We will be testing iris and fingerprint (biometrics) and then look at where and when to implement them across the country. Hopefully by the end of this year it will be rolled out.” Depending on what the tests reveal, CATSA may incorporate more than one biometric into the RAIC, she added. The operational trial will involve approximately 40,000 workers but the full-blown program will scale up to 150,000 personnel.

Each international airport’s respective airport authority will have two options: they can either retain the swipe cards employees currently use to access restricted areas, and add to that a secondary biometric card; or they can have both cards rolled into one. Fairweather emphasized that with the second option, CATSA will not have access to the central database used by airport authorities.

There will also be a national database system set up with the intention of preventing duplications and multiple uses, “but that database will not contain any personal information – it will be strictly the biometric identifier” that will be associated with the number the employee received when he or she was first hired, she said. The database RFP is not completed so the supplier is yet to be determined, Fairweather added.

Mississauga, Ont.-based Bioscrypt’s chief technology officer, Colin Soutar, said his company’s contribution to the project will be “purely for one-to-one verification.” An initial background check is necessary to make sure the person is not already enrolled in the RAIC system; then a template, or representation, of the left and right index fingerprints and both irises is created and stored on a smart card, which the user carries.

“At the point of access, a door to a restricted area, or down to runway, for example, the user will approach the Bioscrypt device, which is a combined smart card and fingerprint reader, and present their smart card to device, which reads and interprets the information. The user is then asked to place a live version of the fingerprint into a sensor, and a comparison takes place between the live version and information on the smart card. So we’re not doing any search and it’s not linked to database; we’re simply identifying that the employee is the true holder of the card,” Soutar said.

Fairweather said it would be up to individual airport authorities to deal with issues such as lost or stolen smart cards.

Soutar said CATSA has “considered this whole system long and hard.” Bioscrypt installed biometric readers for physical access into the CATSA head office about a year ago. “They have been looking at this very actively and deliberately for some time.”

Fairweather said CATSA’s own implementation is not tied to the RFP. “We just needed something to prevent access into our areas that would be secure and I don’t know how it came about that we were supplied with this, but we sort of tested it and it worked.”

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now