TSA deploys new credential authentication tech for checkpoint screening
A Credential Authentication Technology (CAT) system first piloted at Boston Logan Airport during the past year is now being rolled out at airports across the nation by the Transportation Security Administration (TSA). though the agency is a bit behind the schedule announced in January. CAT has now been deployed at some of the security checkpoints at Sacramento International Airport (SMF).
The new portable CAT system is used by TSA officers to confirm the validity of a traveler’s photo identification and to confirm their flight information. The system verifies driver’s licenses, passports, and other forms of identification and verifies a traveler’s flight status in real-time.
TSA currently has six CAT units at SMF because the units are “portable and can be moved among checkpoints as needed” and “ travelers can expect to see them in use at either of the airport’s security checkpoints.”
Using a CAT unit, a TSA officer asks a traveler to provide their photo ID, which the officer then inserts into the CAT unit where it is scanned and analyzed. The CAT units are programmed to verify whether the traveler’s ID is authentic, fraudulent, or is expired. “In addition, CAT is linked electronically to the Secure Flight database, which confirms the traveler’s flight details, ensuring they are ticketed for travel that day,” TSA said. “CAT also notes the type of screening (such as TSA PreCheck) the traveler is eligible for, all without a boarding pass.”
Currently, TSA PreCheck enrollment is conducted by IdentoGO by Idemia Identity & Security USA, LLC. Starting later this year, Alclear, LLC, and Telos Identity Management Solutions, LLC, will also begin conducting TSA PreCheck enrollments, which TSA announced in January.
“The TSA Modernization Act, part of H.R. 302, the FAA Reauthorization Act of 2018, required the TSA to enter into an agreement with at least two private sector entities to increase the methods and capabilities available for the public to enroll in the popular TSA PreCheck program,” TSA said, adding, “Today’s contract awards meet this requirement.”
“We are pleased that travelers will have additional TSA PreCheck enrollment options with this latest contract award,” TSA Administrator David Pekoske said. “We expect to see the newly added TSA PreCheck vendors to begin operations by late 2020.”
TSA said, “now that TSA has awarded contracts to these new enrollment providers, they will identify enrollment locations and develop their TSA PreCheck enrollment systems. TSA must review the systems to ensure they meet the latest cybersecurity requirements before the providers can enroll customers.”
TSA announced Monday TSA PreCheck has reached a milestone of 10 million members since its first enrollment center in December 2013. There are more than 400 enrollment centers nationwide. From March 2019 to February 2020, there was an 18 percent increase in new membership compared to the same period the year prior, TSA said.
“Today’s milestone is important to aviation security,” Pekoske said. “The more individuals who are enrolled in TSA PreCheck, the more we can focus resources on individuals who more likely pose a risk to aviation security. It’s better security and a better experience for travelers.”
TSA said it “achieved this milestone more than six months in advance of the October 1, 2020, deadline set in the TSA Modernization Act, part of H.R. 302, the FAA Reauthorization Act of 2018.
“Credential Authentication Technology is an effective tool for our TSA officers, providing real-time fraudulent ID detection capabilities while confirming the identity and flight information of the traveler,” said TSA Federal Security Director at Sacramento International Airport Sid Hanna, where new CAT units have been deployed. “We are pleased to be using this additional layer of security during the travel document checking process.”
TSA began using the CAT technology at the airport in early February and said it had planned to have more than 500 CAT units deployed at more than 40 airports nationwide by the end of February.
“This truly enhances the ability to verify not only the license or the passport,” TSA Spokesperson Lisa Farbstein said, “but it also ensures that the individual has a valid boarding pass and is taking it to fly this day from this airport.”
Despite having had their identifications verified through the CAT system, travelers still have to check-in with their airline and show their boarding pass to a gate agent before boarding their flight. Each unit costs approximately $27,000 and is programmed to scan more than 2,500 different types of IDs.
Typically, the process takes about 8-12 seconds, according to TSA, and validates ID documents against a library of more than 25,000 forms of identification and is capable of detecting even the smallest discrepancies TSA officers can’t see, TSA has said.
“I can’t tell that there’s a problem with that bar code by looking at it,” Farbstein said. “But this can, and that’s the point.”
During the initial proof of concept performed by TSA at Los Angeles International Airport (LAX), TSA employed biometric-enabled automated electronic security gates with a camera that captured and compared a real-time facial image with the image from a passenger’s e-Passport. During the proof of concept conducted at Las Vegas McCarran International Airport (LAS), however, TSA did not use automated gates but instead deployed a CAT device equipped with a camera at the checkpoint.
This CAT with Camera (CAT-C) technology validates that the identity document presented by individual passengers is authentic by collecting the photo image and biographic information of passengers from their ID, then capturing the passenger’s live facial image. The CAT-C then compares the live facial image of the individual to the image from the passenger’s identity document using a proprietary facial matching algorithm to verify that the document belongs to the person presenting it.
The results of the CAT-C evaluation were “used to help inform future TSA plans and biometrics requirements development and identify and mitigate any performance issues and operational concerns,” TSA said.
“Once the facial matching result is recorded,” TSA said, “personnel staffing the CAT-C will direct the passenger to the standard TDC. All passengers must complete the standard TDC process for manual identity and travel document verification, regardless of the CAT-C biometric matching results. The passenger’s facial image, along with certain biographic information from the passenger’s identity document, will be collected by TSA and retained for subsequent qualitative and quantitative analysis” by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) for this proof of concept.
TSA said this “data would be obfuscated to the greatest extent possible,” and that the agency “will store this data on a removable TSA-owned encrypted hard drive attached to the CAT-C.” The agency also explained that personnel remove the encrypted hard drive each day and transfer it to S&T personnel each week. The transfer from TSA to S&T personnel will be in-person locally at LAS or in the “Washington, DC metropolitan area or by certified mail or courier.”
S&T will extract biometric images provided by TSA to generate biometric templates from biometric images. Original biometric images cannot be recovered from the templates. S&T will use the data and information it receives during this pilot solely for the purpose stated in a Memoranda of Agreement (MOA) between it and TSA, and according to the test plan developed for the effort.
DHS said S&T would consult with the National Institutes for Standards and Technology (NIST) during the assessment of the facial-matching algorithm to assure the analysis methodologies are per industry standards.
To participate in this second proof-of-concept test, TSA said, “passengers will voluntarily choose to enter a lane dedicated to the proof of concept. Signs will be posted, and hand-outs will be available so that individuals may make an informed decision about whether or not to participate.”
During the procedure, CAT authenticates the security features on an individual’s ID to validate legitimacy and collects the document’s biographic data and transmits it over TSA’s wireless computer network to its Secure Flight database to confirm the passenger’s ticketing and vetting status via TSA’s Security Technology Integrated Program (STIP) interface.
Currently, a TSA employee performing TDC functions verifies a person’s identity at the checkpoint by manually validating the identity document and boarding pass presented by the passenger, comparing the photograph on a passenger’s identity document to the passenger’s face, then comparing the document’s biographic information to the biographic information on the passenger’s boarding pass.
TSA recently performed a short-term proof of concept evaluation of the automation of the identity verification portion of the Travel Document Checker (TDC) system using biometric technology at LAS.
The test was intended to assess the technology’s ability to compare passengers’ live facial images at security checkpoints against an image taken from passengers’ identity document(s) for passengers who opt to participate in the test.
TSA has been exploring the use of biometric matching technologies with a focus on facial recognition “as the primary means of identity verification for aviation security screening,” as well as to improve the speed, efficiency, and security of TSA’s identity verification process.
The agency said it not only “expects … facial recognition” to eventually “permit TSA personnel to focus on other critical tasks” and to expedite security processes,” but that “biometric matching” will “increase TSA’s security effectiveness by improving the ability to detect impostors.”
“We want to make sure that the person who’s presenting themselves at the travel document podium is indeed the person that they’re claiming to be,” Farbstein said.