Mar 2, 2022, 5:22 pm
Last edit by: TWA884
From the TSA website:
CAT is an effective tool for TSA officers, providing enhanced fraudulent ID detection capabilities while confirming the identity and flight information of travelers.
When a CAT unit is in use, a TSA officer will ask travelers to provide their photo IDs. The officer will insert each photo ID into the CAT unit where the ID is scanned and analyzed.
CAT is linked electronically to the Secure Flight database, which confirms travelers’ flight details, ensuring they are ticketed for travel that day. CAT also displays the pre-screening status (such as TSA PreCheck®) the traveler is eligible for, all without a boarding pass. However, CAT does not eliminate the requirement for passengers to check-in with their airline. Passengers still need their boarding pass to show the airline representative at their gate before boarding their flight.
Credential Authentication Technology
What is CAT?
Credential Authentication Technology (CAT) is a security game changer, ensuring ID authentication, reservation verification and Secure Flight pre-screening status are known in “near” real-time at the airport security checkpoint.CAT is an effective tool for TSA officers, providing enhanced fraudulent ID detection capabilities while confirming the identity and flight information of travelers.
When a CAT unit is in use, a TSA officer will ask travelers to provide their photo IDs. The officer will insert each photo ID into the CAT unit where the ID is scanned and analyzed.
CAT is linked electronically to the Secure Flight database, which confirms travelers’ flight details, ensuring they are ticketed for travel that day. CAT also displays the pre-screening status (such as TSA PreCheck®) the traveler is eligible for, all without a boarding pass. However, CAT does not eliminate the requirement for passengers to check-in with their airline. Passengers still need their boarding pass to show the airline representative at their gate before boarding their flight.
Advantages of CAT
CAT improves the travel document checker’s ability to accurately authenticate passenger identification and pre-screening status, addressing the vulnerabilities associated with ID and boarding pass fraud.Acceptable Forms of ID
Passengers 18 years old and over must show valid identification at the airport checkpoint in order to travel. CAT can scan the following types of identification:- U.S. passport
- U.S. passport card
- U.S. Department of Defense (DOD) ID. This includes IDs for active duty and retired military, their dependents, and DOD civilians. Also, the DOD Common Access Card (CAC).
- U.S. Merchant Mariner ID
- Trusted Traveler card:
- Global Entry
- Secure Electronic Network for Traveler Rapid Inspection (SENTRI)
- Free and Secure Trade (FAST) ID
- NEXUS card
- Permanent Resident Card/Resident Alien Card (I-551)
- Border Crossing Card/nonimmigrant visa (DSP-150)
- DHS refugee travel document (I-571)
- U.S. Citizenship and Immigration Services (USCIS) Employment Authorization Document (I-766)
- Driver’s or enhanced driver’s license
- Identification card issued by or under authority of a state Department of Motor Vehicles or equivalent state office that is intended or commonly accepted for the purpose of identifying individuals
- Passports
- United Nations laissez-passer
- Canadian driver’s license
- Indian and Northern Affairs Canada (INAC) card
Airport Locations
TSA has CAT units at the following airports:
- Albuquerque International Sunport (ABQ)
- Atlantic City International Airport (ACY)
- Albany International Airport (ALB)
- Ted Stevens Anchorage International Airport (ANC)
- Hartsfield-Jackson Atlanta International Airport (ATL)
- Appleton International Airport (ATW)
- Austin-Bergstrom International Airport (AUS)
- Asheville Regional Airport (AVL)
- Bradley International Airport (BDL)
- Bangor International Airport (BGR)
- Birmingham–Shuttlesworth International Airport (BHM)
- Billings Logan International Airport (BIL)
- Bismarck Municipal Airport (BIS)
- Nashville International Airport (BNA)
- Boise Airport (Boise Air Terminal) (Gowen Field) (BOI)
- Boston Logan International Airport (BOS)
- Baton Rouge Metropolitan Airport (Ryan Field) (BTR)
- Burlington International Airport (BTV)
- Buffalo Niagara International Airport (BUF)
- Hollywood Burbank Airport (was Bob Hope Airport) (BUR)
- Baltimore/Washington International Thurgood Marshall Airport (BWI)
- Akron–Canton Airport (CAK)
- Charleston International Airport / Charleston AFB (CHS)
- The Eastern Iowa Airport (CID)
- Cleveland Hopkins International Airport (CLE)
- Charlotte Douglas International Airport (CLT)
- John Glenn Columbus International Airport (CMH)
- Yeager Airport (CRW)
- Cincinnati/Northern Kentucky International Airport (CVG)
- James M. Cox Dayton International Airport (DAY)
- Ronald Reagan Washington National Airport (DCA)
- Denver International Airport (DEN)
- Dallas/Fort Worth International Airport (DFW)
- Des Moines International Airport (DSM)
- Detroit Metropolitan Wayne County Airport (DTW)
- El Paso International Airport (ELP)
- Fort Lauderdale-Hollywood International Airport (FLL)
- Sioux Falls Regional Airport (Joe Foss Field) (FSD)
- Spokane International Airport (Geiger Field) (GEG)
- Gulfport–Biloxi International Airport (GPT)
- Green Bay–Austin Straubel International Airport (GRB)
- Gerald R. Ford International Airport (GRR)
- Piedmont Triad International Airport (GSO)
- Greenville–Spartanburg International Airport (Roger Milliken Field) (GSP)
- Daniel K. Inouye International Airport (HNL)
- Houston William P. Hobby International Airport (HOU)
- Westchester County Airport (HPN)
- Washington-Dulles International Airport (IAD)
- Houston George Bush Intercontinental Airport (IAH)
- Wichita Dwight D. Eisenhower National Airport (formerly Wichita Mid-Continent Airport) (ICT)
- Indianapolis International Airport (IND)
- Long Island MacArthur Airport (ISP)
- Jackson Hole Airport (JAC)
- Jackson–Medgar Wiley Evers International Airport (JAN)
- Jacksonville International Airport (JAX)
- John F. Kennedy International Airport (JFK)
- McCarran International Airport (LAS)
- Los Angeles International Airport (LAX)
- Lubbock Preston Smith International Airport (LBB)
- LaGuardia Airport (LGA)
- Clinton National Airport (Adams Field) (was Little Rock National) (LIT)
- Kansas City International Airport (MCI)
- Orlando International Airport (MCO)
- Chicago Midway International Airport (MDW)
- Manchester–Boston Regional Airport (MHT)
- Miami International Airport (MIA)
- Milwaukee Mitchell International Airport (MKE)
- Minot International Airport (MOT)
- Dane County Regional Airport (Truax Field) (MSN)
- Minneapolis-St. Paul International Airport (MSP)
- Louis Armstrong New Orleans International Airport (MSY)
- Myrtle Beach International Airport (MYR)
- Oakland International Airport (OAK)
- Eppley Airfield (OMA)
- Ontario International Airport (ONT)
- Chicago O’Hare International Airport (ORD)
- Norfolk International Airport (ORF)
- Paine Field Airport (PAE)
- Palm Beach International Airport (PBI)
- Portland International Airport (PDX)
- Punta Gorda Airport (PGD)
- Philadelphia International Airport (PHL)
- Phoenix Sky Harbor International Airport (PHX)
- Pittsburgh International Airport (PIT)
- Pensacola International Airport (PNS)
- Tri-Cities Airport (PSC)
- Palm Springs International Airport (PSP)
- Theodore Francis Green State Airport (PVD)
- Portland International Jetport (PWM)
- Raleigh-Durham International Airport (RDU)
- Richmond International Airport (RIC)
- Reno/Tahoe International Airport (RNO)
- Roanoke–Blacksburg Regional Airport (Woodrum Field) (ROA)
- Greater Rochester International Airport (ROC)
- Southwest Florida International Airport (RSW)
- San Diego International Airport (SAN)
- San Antonio International Airport (SAT)
- Savannah/Hilton Head International Airport (SAV)
- South Bend International Airport (was South Bend Regional) (SBN)
- Louisville International Airport (Standiford Field) (SDF)
- Seattle-Tacoma International Airport (SEA)
- San Francisco International Airport (SFO)
- Springfield–Branson National Airport (SGF)
- Shreveport Regional Airport (SHV)
- San Jose International Airport (SJC)
- Luis Muńoz Marín International Airport (San Juan Airport) (SJU)
- Salt Lake City International Airport (SLC)
- Sacramento International Airport (SMF)
- John Wayne Airport (SNA)
- Sarasota–Bradenton International Airport (SRQ)
- St. Louis Lambert International Airport (STL)
- Cyril E. King Airport (STT)
- Syracuse Hancock International Airport (SYR)
- Tallahassee International Airport (TLH)
- Tampa International Airport (TPA)
- Tulsa International Airport (TUL
- Tucson International Airport (TUS)
- McGhee Tyson Airport (TYS)
- Northwest Arkansas National Airport (XNA)
New TSA Credential Authentication Technology ID Scanners - No Boarding Pass Required
May 29, 2017, 5:41 pm
#1
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
Original Poster
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 67,108
New TSA Credential Authentication Technology ID Scanners - No Boarding Pass Required
Apologies if I missed a thread already devoted to this topic; I didn't see one.
Anyway, on Sunday at IAD, at the Pre checkpoint the TDC was scanning IDs on a much-larger device, and turning away actual BPs. Yes, I know that checking ID and BP match is meaningless and easily circumvented, but it was interesting to see the TSA apparently admit as much.
The device appeared to be a small computer workstation of some sort. Interestingly enough, I recall seeing talk of integrating ID scanners into overall security at the checkpoint (including integration with SecureFlight, WTMDs, x-rays, and AITs), but it was proposal-phase, not deployment--so I thought.
Anyone else noticed this? My guess is the ID check station is integrated into SecureFlight and checks if you're traveling that day (and at the Pre checkpoint, are eligible for Pre)? Not sure how much the airlines share to make this happen.
Anyway, on Sunday at IAD, at the Pre checkpoint the TDC was scanning IDs on a much-larger device, and turning away actual BPs. Yes, I know that checking ID and BP match is meaningless and easily circumvented, but it was interesting to see the TSA apparently admit as much.
The device appeared to be a small computer workstation of some sort. Interestingly enough, I recall seeing talk of integrating ID scanners into overall security at the checkpoint (including integration with SecureFlight, WTMDs, x-rays, and AITs), but it was proposal-phase, not deployment--so I thought.
Anyone else noticed this? My guess is the ID check station is integrated into SecureFlight and checks if you're traveling that day (and at the Pre checkpoint, are eligible for Pre)? Not sure how much the airlines share to make this happen.
Jun 1, 2017, 10:32 am
#2
Join Date: Nov 2015
Location: At the moment? ...
Programs: DL DM, Marriott Titanium
Posts: 377
Wonder how widespread this is. I went through PreCheck at IAD this morning and saw this in action. It was...disconcerting, but that may have been because shortly thereafter I read an article on how B6 and someone else was going to trial test facial recognition.
Jun 3, 2017, 11:53 am
#3
Join Date: Apr 2017
Posts: 41
Has IAD create a security vulnerability for Precheck?
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.
If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.
At IAD on Sunday, I noticed the Pre line no longer actually checks / scans your BP at all (there is an airport employee at the head of the line who glances at your BP for TSAPre logo, but that's it). They now scan your ID and don't bother to confirm it matches BP at all (interesting, if logical in real-people thinking, just not logical in TSA thinking). But that is fodder for another thread--just have to find the right one...
Jun 3, 2017, 12:35 pm
#4
Join Date: Jan 2016
Location: SFO
Programs: Marriott Ti/LTP
Posts: 1,329
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.
If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.
If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.
Jun 4, 2017, 4:03 am
#5
Join Date: Nov 2010
Location: Baltimore, MD USA
Programs: Southwest Rapid Rewards. Tha... that's about it.
Posts: 4,331
I seem to recall hearing somewhere that DCA and IAD are TSA's 'prototype' airports where they will often test new procedures and equipment before deploying them nationally. Perhaps this new scanner is the latest money-wasting gizmo, foisted upon the American taxpayer by former DHS or TSA executives working for a tech company, under the guise of making us more secure.
The new device could be any number of things - an image scanner recording actual images of the IDs; an RFID reader checking the chips in various types of cards and passports; a terminal that checks IDs against the NFL or other database; or something else that I can't even imagine. No matter what, I'm sure that any security benefit it may theoretically provide will be neither effectively implemented nor worth the inflated price tag of the device. This is TSA we're talking about, after all.
The new device could be any number of things - an image scanner recording actual images of the IDs; an RFID reader checking the chips in various types of cards and passports; a terminal that checks IDs against the NFL or other database; or something else that I can't even imagine. No matter what, I'm sure that any security benefit it may theoretically provide will be neither effectively implemented nor worth the inflated price tag of the device. This is TSA we're talking about, after all.
Jun 5, 2017, 7:02 pm
#7
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
Original Poster
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 67,108
I understand it does connect with SecureFlight, and it's made by MorphoDetection (who got bought by Smiths recently). This would imply that it does hit at least the same lists that SecureFlight does.
Jun 5, 2017, 9:35 pm
#8
FlyerTalk Evangelist
Join Date: Mar 2008
Location: DFW
Posts: 28,083
Unless an ID is checked against some watch list(s) I see no reason to waste time checking them. Even checking against the lists serve little purpose. Screen the person for WEI and move on.
Jun 7, 2017, 9:03 am
#9
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,078
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.
Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.
From the document I linked to above:
Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.
From the document I linked to above:
Originally Posted by DHS/TSA
In its efforts to address the security vulnerabilities in the authentication of passenger identity documents and/or boarding passes, TSA will send certain Secure Flight data to generate the boarding pass outside of the airport security area; then through TSA’s Security Technology.Integrated Program (STIP) to CAT/BPSS inside of the airport security area. This process allows the TDC to verify the content of the identity document and/or boarding pass presented by the passenger directly against the content of the Secure Flight database that generates the boarding pass instruction. TSA will transmit passengers’ full name, gender, date of birth, Secure Flight screening status, reservation control number, and flight itinerary from the Secure Flight
database to STIP. STIP will then send the Secure Flight data to the CAT/BPSS devices. The data will be securely transmitted in such a way that only the Secure Flight data for passengers scheduled to fly from a specific airport will be sent to CAT/BPSS devices at that airport. If name mismatches occur, CAT/BPSS will display a list of Secure Flight data on passengers with similar attributes (e.g., the same date of birth, gender, last name, and/or first name) that are scheduled to travel on the same day at their assigned airport in order to compare data and resolve name mismatches. TSA will delete the data from STIP and the CAT/BPSS devices within twenty-four (24) hours of the flight departure time. This process will apply to all locations where TSA will pilot and deploy Secure Flight connectivity
database to STIP. STIP will then send the Secure Flight data to the CAT/BPSS devices. The data will be securely transmitted in such a way that only the Secure Flight data for passengers scheduled to fly from a specific airport will be sent to CAT/BPSS devices at that airport. If name mismatches occur, CAT/BPSS will display a list of Secure Flight data on passengers with similar attributes (e.g., the same date of birth, gender, last name, and/or first name) that are scheduled to travel on the same day at their assigned airport in order to compare data and resolve name mismatches. TSA will delete the data from STIP and the CAT/BPSS devices within twenty-four (24) hours of the flight departure time. This process will apply to all locations where TSA will pilot and deploy Secure Flight connectivity
Jun 7, 2017, 9:17 am
#10
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
There is no mystery here. The pilot for IAD & DCA was widely announced.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.
If you don't, then you are dealt with through a secondary check.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.
If you don't, then you are dealt with through a secondary check.
Jun 7, 2017, 1:07 pm
#12
Join Date: Nov 2010
Location: Baltimore, MD USA
Programs: Southwest Rapid Rewards. Tha... that's about it.
Posts: 4,331
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.
Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.
From the document I linked to above:
Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.
From the document I linked to above:
Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
There is no mystery here. The pilot for IAD & DCA was widely announced.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.
If you don't, then you are dealt with through a secondary check.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.
If you don't, then you are dealt with through a secondary check.
No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.
Jun 7, 2017, 1:52 pm
#13
Join Date: Aug 2012
Posts: 3,526
There is no mystery here. The pilot for IAD & DCA was widely announced.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.
If you don't, then you are dealt with through a secondary check.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.
If you don't, then you are dealt with through a secondary check.
Jun 7, 2017, 8:29 pm
#14
Join Date: May 2012
Posts: 264
Yes, and all of this would eliminate the possibility of flying without ID. It would also place us at the mercy of government computer systems with ID information and PII stored on them, which are about as secure as a kitchen colander. How many data breaches has the federal government had in the last ten years or so? And how many innocent people are on the NFL by mistake with little to no legal recourse for getting off?
No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.
No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.
Jun 9, 2017, 6:58 pm
#15
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
Original Poster
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 67,108
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.
[...]
Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
[...]
Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
As I work for one of the companies potentially bidding on that BPA, I won't hazard to think what we'd do with it (nor is the TSA work in my domain), but I am genuinely curious what TSA wants to get out of such a system.