Airport Entry Management Systems and Security


Published on

IP UtiliNET ©Fusitronics solves the identity management problem that causes TSA to be so heavy handed at airports. Read this document to find out why you as a traveler are treated differently from airport and airline employees.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Airport Entry Management Systems and Security

  1. 1. IP UtiliNET Airport Solution Brief 6825 Shiloh Rd E, STE-B-7 Alpharetta, GA 30005 404.513.3283 A US Veteran Owned Business Secure Concourse By David Quinn, Managing Director You are not an airport employee, you do not work for the airport, and you are not a foodservice vendor or other vendor equipped with a badge that provides identity to the TSA. You may be Henry Kissinger, who like you or any other American Citizen is a suspect until proven otherwise. You are ever vigilant, a veteran, a law enforcement official, sworn to protect, yet to the TSA you might as well be holding a loaded rifle. Plainly put, what the average citizen endures in the name of security is simply an inexcusable lapse in identity management. 5/23/2012 ©2010 IP UtiliNET LLC
  2. 2. Contents There are individuals in the world that willIntroduction 3 violate life, liberty, and the pursuit of theThe AS-IS Process 3 next precious breath …for an ideal.Suspects, Until Otherwise Proven 4Concourses – Real and Present Threats 5Risk Assessment - High 7Define the Problem, Act to Resolve It 7Getting Started 10Continuous Improvement 11About the Author 12 Airport and Security officers are forced into action reactively while terrorists are proactive, always planning, always trying new and innovative ways to kill and maim innocent civilian targets – this is proven by planes used as missiles, planes with cargo bombs (Pan-Am), liquid explosives, shoe and underwear bombs, toner cartridge bombs and a host of other past and future attempts, each one seeking holes in the system, each one creating maximum press exposure. The US Government reacts defensively and implements policies to counter these threats. This is a result of; A. Management of Public Perception B. Defensive Posture & Tools C. Standards based Defensive Approach D. Lack of Information Continuity E. Lack of Passenger Presence Awareness F. No Process Optimization 5/23/2012 2 ©2012 All Rights Reserved, IP UtiliNET LLC
  3. 3. Introduction This brief provides a solution that leads to increased security and higher levels of systemic benefit for the Traveling Public, the TSA, and Airport Operators. This discussion is an American discussion about security that is acceptable to the traveling public versus an overly expensive and vast police action that uses strong-arm tactics to intimidate the average person. IP UtiliNET seeks to support Department of Homeland Security, TSA, and US Government in all efforts to protect the nations critical airports infrastructure and offers a path that reduces the current defensive posture. This briefing document is intended for public consumption as it contemplates just one of many potential scenarios that can occur at any one of the thousands of global airports.. This document points to a potential scenario or combination of events that if applied could disrupt passenger travel for days or months and undermine the trust and confidence of the flying public, it is not intended to be a threat or anything close to that. There is no ability to plan for terrorist innovation, there is only heightened traveler awareness, counter- offensive reaction to these events, and further removal of personal liberties for the purpose of assurance. This paper offers a solution that, by design is intended to converge current disparate parts and lack of identity capability into an intelligent framework. The Airport Entry Management System (AEMS) improves airport security while delivering increased operational efficiency at reduced cost. TSA will improve intelligence and be more prepared to react quickly in the event of the type of attack described in this document, and other attacks at any one of the 3300 NPIAS “watchlist” or foreign airports. The AS-IS Process TSA has interjected a classic defensive perimeter at a significant number of US and foreign airports. The perimeter takes a typical 3 tier approach and consists of; Tier 1 in which a live TSA agent obtains a mobile or paper boarding pass from an individual traveler and compares it to another form of identification. With Tier 1 approval, the passenger is then allowed to proceed to Tier 2 where baggage and certain personal items are separated and human and baggage are scanned. If an anomaly occurs at the scanner, the person or bag is detained and further searches and questioning occurs – Tier 3. Employees and Contractors are “known” entities and current requirements allow for badge and pin-code entry at the airport. This process separates the landside and terminal from the airside concourse and creates a defensive barrier to the unknown landside environments.11/22/2010 3 ©2010 IP UtiliNET LLC
  4. 4. Suspects, Until Otherwise ProvenAirport Security is a tough business. Threats can come from any direction and there is noway to guarantee absolute safety for the traveling public. Measures to counter proventhreats must be taken, but to what end? Bombers that exit on a layover, trained pilotsflying airplanes into buildings, liquid bombs in shampoo bottles, underwear bombers,shoe bombers, PETN in toner cartridges … what next? A skullcap bomber, a prostheticbomber, liquid explosives in a colostomy bag, can bombs in the food service trolley, ….there is no end to the possibilities. With physical security, especially the type that isimplemented today, all passengers and law enforcement travelers are subjected toincreasing levels of scrutiny. All passengers and even law enforcement personnel thattransport prisoners are assumed to be guilty and treated as suspects until otherwiseproven. Airport, Airline, and Vendor services personnel are “known”. As employees theyare deemed to be “not guilty” at least until one of them becomes part of an attack onairport infrastructure.The airports security methods that are employed today are defensive in nature to includethe scanners that remove clothing. When something is detected or a passenger opts out itleads to a more intrusive physical “pat-down” which the public is now objecting to.Because there is a lack of presence awareness and a lack of concern for wait times as aresult of the security processes, the flying public is subjected to a “search and seizure”approach thatdiscriminates fromtreatments afforded toTSA and other membersof airport, airline, andcontractor staff. USCitizens and travelersentering US Airportsystems en masse areprofiled as suspects until TSA owned airport security approves concourse access.For those with intent to harm, the opportunity to do so at any one of the top 30 airports isonly a paper ticket or a commuter flight away – where security is not as intensive. Atsome point, those with intent will realize this gap, make an attempt, and cause areactionary expenditure that dwarfs the existing equipment and manpower expense. Thedilemma is that security at primary, secondary, and reliever airports must continue toincrease because the “bad” people in our world are continuing to test and attack thesystem externally as well as internally. They will and are targeting employees andencouraging their supporters to gain employment in the airport systems. They areseeking a trusted relationship that will lead to further attacks. When that happens, will theanswer be to shut down the entire system?5/23/2012 4 ©2012 All Rights Reserved, IP UtiliNET LLC
  5. 5. Concourses – Real and Present ThreatsThe following simple scenario is but one of the many potential risks that airports facetoday. It is submitted as an observation only and is intended to establish dialogue that canlead to systemic improvements in data continuity, improved intelligence, and security.It is no secret that paper boarding passes can be captured, modified, and reprinted. Withenough time and effort, any paper boarding pass can be modified to match the date ofentry while maintaining or modifying the identity of the person carrying the boardingpass. In the scenario below, the paper boarding passes are modified and used to gainentry to the landside environment, and are complemented by mobile and paper boardingpasses that link to actual flights.As terrorists learn more about airport operations, and gain access to the airsideenvironment through employees there will come a time when a large airport will beattacked. It will come from the inside and it will happen using multiple resources.The scenario unfolds simply. Boarding passes are obtained and copies are sent to aforger or each of the attackers are providedinstructions to make modifications to a paperboarding pass. Modifications can includename, date and other information on the paperboarding pass. The terror organization hasplaced 2-3 employees at airline, airport, orcontracted service positions. They do notknow each other and 1 will be selected for thismission. Boarding passes, strike date, and time are coordinated via hardcopy (not e-mail).Planning occurs months in advance.Once dates are set, two orders are placed: rechargeable spray canand timer for spray can.Atlanta has 6 concourses and 3 security entry points, therefore, if Atlanta is the target 6recruits that do not know each other and 1 employee are what will be needed. This is aprimary and a backup strategy with a timeline that supports fill-ins if needed. 3 of the 6will enter the concourse through the TSA perimeter. The other 3 will arrive at the airporton redeye flights.3 forged paper boarding passes are for the landside attackers and each of the other 3 willpurchase redeye flights a month or so in advance.5/23/2012 5 ©2012 All Rights Reserved, IP UtiliNET LLC
  6. 6. The spray cans are obtained and filled with a liquid organophosphate such as Sarin. Oncefilled, the cans are charged. The airport employee, who has been known to bring ashoulder bag to work daily takes receipt of the cans early in the morning of the attack.Placed into the bag, the employee goes through the normal routine and accesses theairside environment via the standard employee process. Once inside the fenced, secure, airside environment, the employee enters the concourse through any number of available doors. The 3 landside entrants have passed through security and the other 3 have landed and had breakfast. Beginning at 0900, the six meet the airport employee in pairs every 15 minutes – A, C, and E concourses. The meetings occur in the bathrooms that are south of the concourse entry point. Exchanges are made at the baby changing stations where it is normal to see people with open bags. All are recognized by a Bluetooth headset with a custom mark worn on the right ear. The pairs break off and at 10AM set their cans to operate from bathroom stalls beginning at 1015. Timers are set to release 1-3 second blasts every minute. The cans and timers are wiped down to remove fingerprints. The doors to the stalls are locked by each terrorist who crawls out from under the door. The terrorists exit the airport using the normal exit process. The airport employee has a hectic day as people begin to get sick in all airport terminals. It takes 45 minutes from the originating time to begin a full airport evacuation. The airport is shut down as panicked people evacuate the airport from all available exits. The attackers exited the airport as the first blasts begin and same day, three of the group drive in one direction, the other three in another direction, or flights that leave at 10:15 are in place for three or four of the attackers. These attackers are headed to the next airport where the process will be repeated at another airport, later in the week, later in the month, or in time for second shift. The papers would later report that a coordinated attack occurred at airport/s inwhich several people were severely affected. This was due to a lack of disaster planningfor concourse environments and a lack of data continuity that led to a breech inintelligence, ineffective and unproven local evacuation methods and controls, and lack ofcoordinated agency responses. Airport services would be disrupted for weeks if notmonths.This is a scary scenario and is not intended to be a threat. It is an observation that is basedon several years of working in and around airports. While an attack from within is themost difficult to thwart, the security problem can be reduced with good informationmanagement.5/23/2012 6 ©2012 All Rights Reserved, IP UtiliNET LLC
  7. 7. Risk Assessment - HighAirline, Airport, and Service Contractor employee with a RAMP badge and pin can enterthe concourse using only an employee id. Airline, Airport, and Contractor employeesentering from off-site parking or through entry gates can gain access to the concourse,fuel depots, aircraft and other airport elements – typically without passing through thescanning process. Several of the employees carry shoulder bags, lunch boxes, etc. on adaily basis and these items do not normally go through scanners of any type. Airlineequipment such as trucks and buses routinely leave the fenced airside area of the airportthereby providing ample opportunities for the introduction of any types of harmfultechnologies. All packages that enter the airfield and concourse environment should bescanned or inspected prior to entry. Airside employees and contractors that enter theconcourse with personal baggage should be required to submit to a secondary searchprior to entry. The secondary search should be conducted in full view of a surveillancesystem.Define the Problem, Act to Resolve ItTSA has implemented a set of physical controls that supplant the ability to identify theindividual passengers as they are passing through the security perimeters. Passengers, toinclude law enforcement transporting prisoners, are unknowns to TSA and this occurs asa direct result of a lack of integrated process and airline/airport business systems. Thisleads to inadequate and ineffective intelligence. The model below illustrates the securityprocesses in alignment with the business processes. It illustrates the intelligence gapsthat create the need to implement increased physical security measures. Until these gapsare resolved and data continuity contributes to intelligence efforts, the physical securitymeasures and related manpower expenses will only increase.5/23/2012 7 ©2012 All Rights Reserved, IP UtiliNET LLC
  8. 8. Securing the concourse requires alignment between business process and the underlyingsystems architecture. IP UtiliNET offers the Airport Entry Management System or AEMS. There are three subset elements; 1. Passenger Identity Management System (PIMS) 2. Aviation Worker Identity System (AWIS) 3. Accompanied Transport Identity System (ATIS)AEMS is intended to scale beyond the existing 3 tier perimeter and is designed toincorporate domestic positive passenger bag match. Each one of the subset elements hasdifferent connectivity, integration, security, and registration requirements. Theapplication and underlying systems are common and the software can use certaindeployed video cameras. Extending the first perimeter to entry doors, kiosks, andticketing counters - even public transportation – is a matter of gaining agreement with theairport authority to extend the capabilities of the Operational Services Network.For entry points, IP UtiliNET offers a smart electronic device that ispackaged for single entry points, multiple entry points, tabletop,tablestand, and pedestal. This “platforming” approach reducesmanagement cost and deployment headaches while allowing for multipleuse cases. The software that drives the camera and facial biometricdecode is the same whether it is used in this fixed form factor, a mobileform factor, or deployed and operating in passive mode as a componentof the surveillance system.The Passenger Identity Management system is the recommended starting point. With thistechnology, pedestals can be deployed in place of the first perimeter TSA agent.Passengers who desire to be treated in a similar manner to airport employees could enrollin the system prior to entering the security line. At the first perimeter, the passengerwould scan their electronic or paper boarding pass and could enter a pin that is unique tothem. The boarding pass validation would coincide with a facial biometric scan in whichthe customer name is matched to the ticket and pin and the face is validated. If the systemcould not find the individual, it would prompt for a secondary form of identification suchas a license or passport. If the passport or license data match the paper or electronicboarding pass and the person is not enrolled, they would be involuntarily enrolled in thesecurity management system for the next 12 hours. The system ties back to the airlinereservation system ( identified ), and to the Baggage Reconciliation System (identified)which provides the positive passenger bag match.5/23/2012 8 ©2012 All Rights Reserved, IP UtiliNET LLC
  9. 9. Various discussions as they relate to multi-modal biometrics have been undertaken overthe years with the most recent being iris scans. Of the three modalities; fingerprint, facial,and iris, iris is now getting the most press.Fingerprint is typically rejected by the traveling public as they are associated withcriminal work and a question exists as to who and how the database is managed. What isneeded is fingerprint as a validating factor – deployed at Tier 3 – when a persons identityis questionable. Using mobile or fixed devices, after establishing probable cause, thefingerprint could be scanned and sent to the AFIS system in the state, the terrorist watchlist, the 16 databases that make up NCIC and Interpol. IP UtiliNET Engineered AccessControl Systems are based on a platform approach and includes fixed and mobiletechnologies.IRIS can be associated with health. Take the example of a former CIA employee,Angelique, that could not pass the IRIS scanners on the way into work one day. At theentry point, the scanners did not allow her to pass because something health-wise hadchanged and it was reflected in the backs of her eyeballs. The IRIS scanners could notidentify the reason for the change, only that a change had occurred. Later that day, shediscovered that she was pregnant. The last thing anyone or any business will want is non-specified health related information being passed to insurance companies for risk basedadjustments.Everyone has a face and facial biometrics is the only technology that is effective at entrychoke points, airplane gates, and as a passive system operating unobtrusively behindexisting surveillance systems. Facial biometrics that are 2D or 3D have proven to be allbut useless as they attempt to use computational capabilities to replicate the way that theeye and the “fusiform” part of the brain work. Computers “think” in numbers which isnot the way the human brain processes images. What is needed, and what is available and proven with existing installations at the VA and other state/local customers for many years is Fusitronic Facial Biometrics. Fusitronic facial biometricsystems that are coupled with integrated airline passenger management offer increasedlevels of passenger intelligence, process automation and airport security. Offered as anAirport Entry Management System (AEMS) it will provide TSA with improvedoperational intelligence, less invasive security, reduced cost of operations, and betterresponse capabilities.5/23/2012 9 ©2012 All Rights Reserved, IP UtiliNET LLC
  10. 10. A properly integrated facial biometric system will unify ticketing with identitymanagement and assist TSA and local law enforcement with criminal identification. Itwill also unify employee access while offering the capability to constantly cross checkcurrent law enforcement status. When a passenger ticket can not be matched to a facialidentity the suspect identity can be confirmed using tertiary tools such as license,passport, fingerprint, and direct questioning.The facial biometric software is passive and capable of complementing existingsurveillance systems. Using this function the database is constantly updated with lastknown location for individuals. When law enforcement is seeking an individual, thesystem goes into trakker mode where it originates from the last known location andintelligently searches from that location outwardly to the furthest points on the network.Once trakker locates, it alerts and hands off to the surveillance system for recordingpurposes. It is critical to note that this is not a surveillance toolset, it is a PresenceAwareness toolset. Presence Awareness is concerned about the “who” not the “what” thatis currently occurring in front of a camera system.Getting StartedIP UtiliNET has the available technology and relevant experience with company ownedcredentialing and facial biometric systems. The company has created a framework andrecommended integration capability for business processes that affect and unify theinformation services for passengers, law enforcement, and aviation workers. Thecompany has significant experience in airport passenger management and baggagesystems. The solution and recommended approach include a capability to integrate adomestic positive passenger bag match solution that will add benefit to the industry and the traveling public. A service bureau approach is required and IP UtiliNET is in a position to undergo security clearance approval, led by the founder, a US NAVY Submarine Service Veteran. Additionally, the company has a relationship with a break/fix services provider that supports airports in 130 countries today. In order to move forward, funding will be required.5/23/2012 10 ©2012 All Rights Reserved, IP UtiliNET LLC
  11. 11. Continuous Improvement IP UtiliNET offers LANvisn™ connectivity solutions for airport environments. It is based on industry recognized standards and deliversthe industries first, truly non-fragmented network architecture. This unifies the securityand surveillance environment. HUBvisn, based on the AXS1800 platform is a 25 terabitplatform with entirely passive distribution capabilities over a 20 KM radius (12.4 Miles).A single chassis supports more than 7,000 active end point devices and can scale in anon-fragmented, grid fashion to 50 chassis using a single control and managementplatform. It is the optimal solution for Command and Control Centers and for airportsecurity environments. It is more secure and cost effective than existing structuredcabling systems. With this technology, all manner of connected security elements –throughout the airport campus - become possible – at reduced up front and long-termcosts reductions that increase as the number of end-point connections increase.The network is a transport method for data that is collected at the edge and managed atthe core. The biometric software operates on the device, on distributed appliances, or on acentralized appliance. The application that manages the core is an intelligent, multi-tenantsoftware framework that connects to other systems via it’s intelligent connectors. It isspecific to the task at hand, airport security, and can be configured to support clientspecific edge functionality and supports zoning. As a client specific technology, TSA canuse it to improve relationships with passengers and airports that are served, and airportscan use it to implement loyalty programs that do not yet exist. From a TSA perspective,the first perimeter can be pushed to the entry doors and ticketing stations. If TSAchooses, the system can be pushed to public vehicles that frequent the airport. Thisfunctionality will allow the TSA and first responder team to incorporate inboundintelligent traffic management and outbound coordination of evacuation resources on anas needed basis. It is scalable, inherently configurable, and capable of migrating physicalsecurity to environmental intelligence and well coordinated first responder capability. IP UtiliNET launched “IP UtiliSAFE” in January 2011. Thisunique offering is available uniquely with a LANvisn™ network.UtiliSAFE grants the ability of licensed first responders toimmediately access selected elements such as video cameras via aprivate, dedicated, licensed path. An “IP UtiliSAFE” airportcampus network is a significant strategic benefit to first responders.It includes any number of optional triggers - an analytic system,shot detectors, a concourse or desktop 911 call … If any of thesetriggers occur, the licensed path is automatically opened and immediate priority access tovideo resources, controlled doorways, etc, is granted – even when the power is out. Thisfeature is embedded in the daily operating system for the security network.5/23/2012 11 ©2012 All Rights Reserved, IP UtiliNET LLC
  12. 12. About the AuthorMr. Quinn is the founder of IP UtiliNET and is a US NAVY Veteran. He has coupled hismilitary systems training, to include battle planning and systemics with advanced degreesin business and computer technology /robotics. In industry, he has consistently appliedhis education and work experience to technology integration and business processautomation. He has spent most of the last six years assisting Delta Airlines in its efforts togain better control of the baggage management check-in, baggage handling and tracking,and baggage security processes at airports. His work and support for Delta Airlines, asreported publicly by its CEO in 2009, Richard Anderson, contributed to a 28%performance improvement in year/year results. Mr. Quinn acted as a Sales Consultant forDelta Airlines and participated in time studies, business process engineering, andbusiness process improvement specific to passenger process management, and baggagemanagement systems. Mr. Quinn and the Delta team were instrumental in driving“incremental improvements” throughout the baggage management process and his visionhelped to shape a longer term strategy that will lead to automation. These innovations ledto improved passenger baggage services, induction efficiency, ramp efficiency, andincreased levels of security at baggage carousels. Mr. Quinn helped the Delta teaminitiate the mobile barcode project with TSA. For a number of years at Motorola, Mr.Quinn was responsible for the Air and Sea Ports Vertical Markets business. He is theauthor of the Motorola solution brief entitled “21st Century Transportation Hubs(see; Mr. Quinn left Motorola in April 2010 and acquired thefacial biometrics technology and key resources that have led to the recent launch of themost advanced and accurate facial biometrics solution available. Mr. Quinn continues toserve the airports business while working to grow his Veteran-owned small businessenterprise.For More Information, please contact:David Quinndquinn@iputilinet.com404.513.32835/23/2012 12 ©2012 All Rights Reserved, IP UtiliNET LLC