The Challenge
The Canadian Air Transport Security Authority (CATSA) was created in 2002 with the mandate of making Canada’s skies safer. CATSA needed to develop a plan to secure access to restricted areas for some 100,000 workers in 29 Canadian airports. CATSA developed a biometric system that would authenticate the identities of airport personnel before they could gain access to restricted areas such as hanger bays, baggage areas and ramps. CATSA began looking for a dual-factor authentication solution that included fingerprint
and iris biometrics to verify that employees were who they said they were. The requirement included finding a versatile and highly accurate fingerprint algorithm that was also embedded in a reliable physical access control reader. Specifically, the algorithm had to be able to work on a variety of devices that used different processors while at the same time achieving high accuracy for sensor interoperable environments at both the stationary and mobile authentication areas.
The Solution
In 2004, CATSA began forming the requirements for its Restricted Area Identification Card (RAIC), which was to replace its Restricted Area Pass. The award-winning RAIC program was designed to enhance security by using fingerprint biometrics. CATSA chose fingerprint readers from the enterprise access division of L-1 Identity Solutions because they offered a solution that could both scale well and integrate easily.
“We needed an application that could work with the existing infrastructure and security platforms of each of the 29 airports. L-1’s readers are robust and its fingerprint algorithm allowed us to tie together the various elements of our access control solution,” said Rob Durward, Director of Technical Programs at CATSA.
Once workers obtain security clearance, they enroll two fingerprint templates on a PC-based enrollment station, which are stored on HID iClass Smart Cards. Workers then authenticate themselves at fixed locations using L-1 Bioscrypt V-Smart fingerprint readers or Labcal’s Be.U mobile fingerprint reader fitted with the Bioscrypt fingerprint algorithm. CATSA needed a robust algorithm that would work with different platforms. The Bioscrypt Core fingerprint pattern algorithm works with different types of platforms despite differences in architecture, processing speed and fixed point versus floating point arithmetic. While the enrollment station and Bioscrypt V-Smart reader use floating point arithmetic, the Be.U mobile reader uses fixed point arithmetic.
In addition, the hardware units also use different types of sensors. The PC-based enrollment station uses an optical reader, the 4 V-Smart uses an RF-based silicon sensor and the Labcal unit uses a capacitive silicon sensor. Different sensor technologies result in fingerprint images that are notably different — for example, with respect to DPI (dots per inch) resolution, scanning area, distortions, contrast and brightness. However, since the Bioscrypt algorithm is sensor agnostic, it is able to achieve high accuracy in sensor interoperable scenarios. The algorithm acts as the glue that ties the disparate systems together. The RAIC card is checked in real-time to ensure that a worker still has privileges to restricted areas.
Workers, such as airline crews who need access to more than one reader, are issued a Multi-Airport Pass, eliminating the need to issue multiple cards.
The Results
CATSA has already enrolled approximately 100,000 workers across Canada into the RAIC program and made Canadian airports significantly safer. “The additional layer of security provided by a biometric document of entitlement presents a formidable obstacle to people who would try to infiltrate an airport’s restricted area,” Durward said. Access privileges were maintained on paper with the RAP program and access cards were easy to forge and difficult to revoke, since the list of approved workers was only updated on a weekly basis. The RAIC cards, on the other hand, can’t be forged and can be instantly revoked if a worker is terminated or if their security clearance is rescinded.
Because fingerprint templates are stored on Smart Cards, CATSA did not have to invest in or maintain a centralized database. This also protects workers’ privacy. The templates stored on the cards aren’t actual fingerprint images and can’t be reverse engineered. L-1’s access control readers worked with existing security platforms at the 29 airports, allowing them to leverage their existing investments. L-1 Bioscrypt fingerprint algorithm is able to tie together disparate technologies into a unified
system. And sensor and processor interoperability enables CATSA to use the most appropriate sensor and platform for a task and to bind the technologies together into a cohesive access control solution. The RAIC program, which won the 2007 Microsoft Technology Innovation Award, is the world’s largest biometric access control system and ensures everyone entering restricted areas at Canadian airports — which are prime target for terrorism — are who they claim to be and have security clearance.
