SECURING THE FLOW OF U.S. TRANSPORTATION WORKERS FOR TSA ACROSS ALL 50 STATES

How MyID credential management system enables the US Transportation Security Administration (TSA) to issue and manage millions of digital identities for a workforce that includes air traffic controllers and US Coast Guard

The US Transportation Security Administration (TSA) is the federal agency responsible for security in all modes of transportation. A workforce spanning air traffic controllers, dock workers, US Coast Guard and millions of other transportation workers across the US.

SECURING THE FLOW OF US TRANSPORT WORKERS

>160

self-service kiosks operating MyID for end users to self-serve

>10k

smart cards issued per day

month time period from order to live production

THE CHALLENGE

TSA were looking to issue a tamper-resistant biometric credential to maritime workers requiring access to secure port facilities and vessels.A key driver for TSA was to meet US Government Homeland Security Presidential Directive 12 (HSPD-12) standards, to achieve interoperability with other federal identity access management and implement a best practice workforce digital identity process.Obtaining a Transport Worker Identification Credential (TWIC) smart card must provide biographic and biometric (fingerprint information), sit for a digital photograph and pass a TSA security threat assessment.

Key requirements:

►
Use of FIPS 201 (PIV) technology and processes
►

Combined centralized production with local card activation
►

Over 160 distributed enrolment and activation centers throughout the US
►

Integration with central card personalization bureau for secure printing
►

Fingerprint verification of applicant prior to card activation Integration with central identity management infrastructure
►

Multi-application card combining contact and contactless technology
►

Strong authentication of operators and non-repudiation of operator actions

THE SOLUTION

MyID® credential management system (CMS) integrates within TSA’s federal identity management solution to provide a single software platform for end-to-end identity registration and credential issuance to TSA workers’ smart cards.

Without a TWIC card transport workers are not able to gain access to secure facilities and networks, a system that means the US Transportation Security Administration can have total confidence that only approved personnel are able to access secure buildings, systems and networks.

The MyID software is passed registration data from the IDMS and formats it into a card personalisation request; this is forwarded to the personalisation bureau. Printed cards are locked and sent to activation locations. The receipt of a card batch is used to trigger a notification to the applicant that their card is ready for activation. The applicant visits an activation location, places their card into a MyID activation station and follows a simple self-service workflow that requires biometric verification before the card is unlocked, personalised with certificates and activated for use.

How MyID works for TSA

The port worker applying for the card visits one of over 160 distributed enrolment centres where their fingerprints, photographs and data are captured.
The registration system passes registration data to MyID via the lifecycle management API.
MyID takes the registration data and formats it for bureau production.
MyID batches up card requests and passes them to the card personalisation bureau for production.
During this process MyID can be used to enquire on the status of the production requests.
The bureau prints the cards and writes the applets and data to them. The cards are then locked for security purposes.
The card is shipped to an enrolment centre in a batch.
MyID is used to record the delivery of the batch of cards into the enrolment location. This process triggers a notification to the port worker that their card is ready for collection.
The port worker attends the enrolment centre and is handed their card for activation.
The port worker takes their card to a MyID self-service activation kiosk.
As the card is inserted into a reader MyID recognises the card as requiring activation and walks the user through a simple activation process.
During the activation process MyID validates the port worker’s identity via a fingerprint check.
Once validated the card is unlocked and the port worker sets their PIN.
MyID then generates keys and certificate requests on-card.
MyID passes the certificate requests to the certificate authority and retrieves the certificates.
MyID writes the certificates to the card
The process is complete – the card is available for immediate use

BENEFITS

Simple integration

Single product managing all identity registration, credential issuance and lifecycle management

Efficient

Load balanced deployment for high volume throughput

Compliant

Fully FIPS 201 accredited solution enabling production of PIV compatible credentials

Secure

Biometric authentication of TWIC applicants, combined with high security printing with on-card key generation for maximum security

Reliable

Multi-server deployment for high availability and load balanced deployment for high volume throughput

User-friendly

Simple web-based workflows require minimal operator training and enable end users to self-serve

access_to_secure_facilities_using_the_transportation_worker_identification_credential_twic-pdf

Download the case study

How millions of MyID helps US transport workers flow securely using biometric ID verification smart cards for secure, easy access to the buildings and facilities they need to get to.

DOWNLOAD

Trusted by Governments and Large Enterprises Worldwide

Where protecting systems and information really matters, you will find MyID. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.