The Credentialing Challenge

Aug. 13, 2014
Vetting individuals before giving them access to secure areas is a top challenge for today’s airports. Los Angeles International Airport’s new credentialing system meets this challenge in an efficient and safe way

Airports make it their mission to know who you are. Passengers show their identification and boarding passes at multiple points throughout an airport to verify identity. But confirming the identities of those working at the airport is equally important.

Few airports understand this better than Los Angeles International Airport (LAX), where more than 60,000 badges are issued to people working inside and on airport property. If the prospect of checking the backgrounds of the airports’ thousands of employees weren’t daunting enough, the matter is further complicated by the fact that its $4.11-billion capital improvement program generates more than 40,000 local jobs, bringing many new faces to the airport each and every day.

“This multi-billion dollar capital construction program requires hundreds and hundreds of construction workers, concessionaires and tradesmen of all types to be badged,” says Dom Nessi, deputy executive director and chief information officer, at Los Angeles World Airports (LAWA). “This fact has exponentially increased the workload in our badging office. They have done a pretty good job of keeping up, but the workload is enormous because of the number of people coming through here.”

The decade-old, legacy credentialing system, which had been patched together over the years, further muddied the process. Nessi describes this system as inefficient and inaccurate. “It required our credentialing staff to enter the same information on multiple screens, created a good chance for inducing errors into the system,” he says, explaining that the system lacked internal business rules and editing capabilities.

The airport set aside $8.3 million to replace its tired and dated badging and identification system to address the credentialing challenges the LAX modernization program, which consists of more than 20 individual projects, presented the airport’s badging office. And in August, this new system, four years in the making, went live.  

“We did a soft launch for a couple of weeks before using it at full capacity,” Nessi says, noting it is too soon to know exactly how much time it trims from the process. He predicts it will shave 5 to 10 percent of the time required to credential an employee. The second phase, which will automate workflow between the badge office and its customers, will likely speed the process even more.

Though airports cannot do much about the time it takes to credential an employee through the clearinghouse agencies that perform these background checks, Phillip Brodt, vice president of New Orleans-based GCR Inc., says airports can control the time it takes on their end through the use of multi-biometric credentialing technology and processing software.

“Newer technologies allow them to speed up the process and get information flowing back and forth more quickly,” he says. “Electronic background checks are much faster than mailing in a fingerprint card and getting the results back by mail.”

Multimodal Biometrics

ImageWare Systems Inc. (IWS), a California-based leader in multimodal biometric security solutions, and GCR Inc. partnered to create LAX’s new biometrically enabled identity management and credentialing system. The system utilizes ImageWare’s Quick Capture multibiometric capture application as well as multiple identity management and credential issuance modules that are part of the company’s SOA-based Identity Service Bus (ISB) suite.

“IWS was a subcontractor and partner in the project,” says Brodt. “We were the primary developer and they provided the biometrics.”

Brodt points out GCR selected IWS as a partner for the project because of the firm’s strong foundation in biometrics identity management and its work on the Canadian Air Transportation Safety Administration (CATSA) credentialing system.

The partners based LAX’s system on the CATSA system, Brodt explains. This system includes a Restricted Access Identity Card (RAIC) software application that validates airport worker identities through biometrics before permitting entry into restricted areas at all of Canada’s 29 major airports. The RAIC system uses smart cards containing fingerprints and biometrics to track secure access for airport workers. A smart chip on this card also stores a unique identifier used to confirm user credentials and privileges.

Though the systems are similar, there are some inherent differences, explains Brodt, noting these alterations are due to differences between CATSA and the U.S. TSA credentialing requirements. In the United States, each airport is required to vet and badge its own employees, and there is no standard for this process. “As a result, each airport has their own unique flavor for how they handle criminal history, deal with access privileges and things like that,” says Brodt. “In Canada, there is just one background check and vetting done for a person, and it’s applicable to all airports.”

The systems both rely on multimodal biometric capture, which is capturing multiple types of biometrics, whether face, fingerprint, hand geometry, finger vein, palm vein, voice or DNA. The LAX system grabs iris and fingerprints, but the IWS software is capable of capturing up to 10 different biometric types.

“The advantage of a multimodal biometric system is that there are a percentage of people who have difficulty capturing their fingerprints,” says Tom Hoyt, director of strategic alliances, at IWS. “Beyond that, depending on how the biometrics are being used, certain biometrics work better than others.”

He adds that using multimodal biometrics beefs up security at the point of entry. “Having a badge linked to a person’s identity through a biometric and requiring a match to occur between that person and the biometric on the card is a vastly more secure way of insuring that the person going through the door is the right person. If you don’t have a biometric on your card, the only thing between an authorized individual, and someone else, getting in the door is a pin, which can be easily compromised.”

At this point, the LAX system still relies solely on fingerprint captures, but the airport is storing the iris scans with each individual’s record for future use, says Nessi. The points out that with more than 1,000 access control doors to retrofit for biometrics and thousands of employees needing iris scans, it won’t happen for a few years.

 “We are just collecting this biometric information so that we have it in the future,” he says.

Streamlined Screening

“The age of the siloed badging system sitting in the security badge office by itself is going away in favor of a more robust credentialing system that serves the broader needs of an airport, offers regulatory compliance and performs identity management,” Brodt says. “Finding the insider threat is a major concern, and a system like this helps in that regard.”

A system like LAX’s streamlines the process by allowing authorized signers for each tenant or contractor operating at the airport to pre-enroll an applicant at an authorized signer portal, which is basically a web application where authorized users can enter applicant data. “Authorized signers could be just about anyone,” says Hoyt. “If an airline is operating at the airport and they have hundreds of employees, someone with that airline performs as an authorized signer who can sign documents on behalf of the employee and get them into the system.”

The data is then passed onto the IWS system and the security badging office. An applicant then makes an appointment to come in and have their biometrics captured with the system’s automated appointment scheduling feature.

“Authorized signers are not allowed to capture fingerprints and iris scans,” says Hoyt. “That has to be done on the premises at LAWA. Then all of that information is packaged up into a single EBTS (electronic biometric transmission specification) file and is sent off an approved third party for a background check.”

The clearinghouse vets the information to confirm they are who they say they are and that they do not have a criminal history. Those results are returned to the system, where an employee in the credentialing office is notified of the results.

“There are other factors that determine whether or not someone is eligible to get a badge printed,” adds Hoyt, pointing out that the GCR system looks at whether the individual has completed certain training, if the company they are working for has a valid contract, and so on.

“At the point where the person has fulfilled all of these requirements, the GCR system issues a request to IWS to print the card,” says Hoyt. Each employee receives a badge that correlates to the job they will be performing and the access privileges that come with that job. The system then activates and tests the badge by sending it to the access control system to link the correct badge number with the correct person.

The badging office then notifies the authorized signer that the badge is ready.

If the badge must be revoked at some point, GCR issues a badge renovation process and the software automatically sends information about the revocation to the access control system.

Future Focuses
GCR’s credentialing system can continuously vet employees, adds Brodt, though Nessi says the LAX is not utilizing that function to date.

“Most airports collect the information when someone comes in and sends it with biometric information to the TSA. They get back the criminal history results, give the employee a badge and it’s not revisited again,” says Brodt.

This new-generation credentialing system enables continuous vetting of employees, in that the system can be constantly searching for an insider threat. “Continuous vetting,” he explains, “does background checks periodically when things change rather than just when the badge expires and gets renewed.”

The GCR system performs this task automatically based on parameters the airport sets up. A typical guideline would be that whenever anything changes with a person, be it a name, address or access privilege, the system automatically performs another background check.

CATSA adds an additional level of vetting to its screening. Rather than just doing a background check, the system is linked to all the airports in the country. Thus, if an employee was fired for drinking on the job or had other disciplinary issues at one location, the information will be linked to his or her record. “They are not able to get fired from one location, and then go to another location and get hired,” he says. “In the CATSA system, if someone tries to do that, they’re going to get caught.”

Airport security officials face a fundamental balancing act as they attempt to strengthen security without hindering the flow of people and goods throughout the airport. Giving individuals access to secure or restricted areas of an airport is a constant challenge, one that LAX’s new credentialing system aims to address.