New TSA Credential Authentication Technology ID Scanners - No Boarding Pass Required
Apologies if I missed a thread already devoted to this topic; I didn't see one.
Anyway, on Sunday at IAD, at the Pre checkpoint the TDC was scanning IDs on a much-larger device, and turning away actual BPs. Yes, I know that checking ID and BP match is meaningless and easily circumvented, but it was interesting to see the TSA apparently admit as much. The device appeared to be a small computer workstation of some sort. Interestingly enough, I recall seeing talk of integrating ID scanners into overall security at the checkpoint (including integration with SecureFlight, WTMDs, x-rays, and AITs), but it was proposal-phase, not deployment--so I thought. Anyone else noticed this? My guess is the ID check station is integrated into SecureFlight and checks if you're traveling that day (and at the Pre checkpoint, are eligible for Pre)? Not sure how much the airlines share to make this happen. |
Wonder how widespread this is. I went through PreCheck at IAD this morning and saw this in action. It was...disconcerting, but that may have been because shortly thereafter I read an article on how B6 and someone else was going to trial test facial recognition.
|
Has IAD create a security vulnerability for Precheck?
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.
Originally Posted by exerda
(Post 28375893)
At IAD on Sunday, I noticed the Pre line no longer actually checks / scans your BP at all (there is an airport employee at the head of the line who glances at your BP for TSAPre logo, but that's it). They now scan your ID and don't bother to confirm it matches BP at all (interesting, if logical in real-people thinking, just not logical in TSA thinking). But that is fodder for another thread--just have to find the right one...
|
Originally Posted by sunshinekid
(Post 28397871)
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.
If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is. |
I seem to recall hearing somewhere that DCA and IAD are TSA's 'prototype' airports where they will often test new procedures and equipment before deploying them nationally. Perhaps this new scanner is the latest money-wasting gizmo, foisted upon the American taxpayer by former DHS or TSA executives working for a tech company, under the guise of making us more secure.
The new device could be any number of things - an image scanner recording actual images of the IDs; an RFID reader checking the chips in various types of cards and passports; a terminal that checks IDs against the NFL or other database; or something else that I can't even imagine. No matter what, I'm sure that any security benefit it may theoretically provide will be neither effectively implemented nor worth the inflated price tag of the device. This is TSA we're talking about, after all. |
Would it be expected that this new scanner is connected to watch list databases? I don't agree with ID checking but not checking watch lists really makes ID checking a worthless exercise.
|
Originally Posted by Boggie Dog
(Post 28400670)
Would it be expected that this new scanner is connected to watch list databases? I don't agree with ID checking but not checking watch lists really makes ID checking a worthless exercise.
|
Originally Posted by exerda
(Post 28407730)
I understand it does connect with SecureFlight, and it's made by MorphoDetection (who got bought by Smiths recently). This would imply that it does hit at least the same lists that SecureFlight does.
|
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.
Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck. From the document I linked to above:
Originally Posted by DHS/TSA
In its efforts to address the security vulnerabilities in the authentication of passenger identity documents and/or boarding passes, TSA will send certain Secure Flight data to generate the boarding pass outside of the airport security area; then through TSA’s Security Technology.Integrated Program (STIP) to CAT/BPSS inside of the airport security area. This process allows the TDC to verify the content of the identity document and/or boarding pass presented by the passenger directly against the content of the Secure Flight database that generates the boarding pass instruction. TSA will transmit passengers’ full name, gender, date of birth, Secure Flight screening status, reservation control number, and flight itinerary from the Secure Flight
database to STIP. STIP will then send the Secure Flight data to the CAT/BPSS devices. The data will be securely transmitted in such a way that only the Secure Flight data for passengers scheduled to fly from a specific airport will be sent to CAT/BPSS devices at that airport. If name mismatches occur, CAT/BPSS will display a list of Secure Flight data on passengers with similar attributes (e.g., the same date of birth, gender, last name, and/or first name) that are scheduled to travel on the same day at their assigned airport in order to compare data and resolve name mismatches. TSA will delete the data from STIP and the CAT/BPSS devices within twenty-four (24) hours of the flight departure time. This process will apply to all locations where TSA will pilot and deploy Secure Flight connectivity |
There is no mystery here. The pilot for IAD & DCA was widely announced.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear. If you don't, then you are dealt with through a secondary check. |
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.
|
Originally Posted by phltraveler
(Post 28414265)
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.
Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck. From the document I linked to above: Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).
Originally Posted by Often1
(Post 28414333)
There is no mystery here. The pilot for IAD & DCA was widely announced.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear. If you don't, then you are dealt with through a secondary check.
Originally Posted by iamflyer
(Post 28414833)
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.
No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough. |
Originally Posted by Often1
(Post 28414333)
There is no mystery here. The pilot for IAD & DCA was widely announced.
The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear. If you don't, then you are dealt with through a secondary check. |
Originally Posted by WillCAD
(Post 28415374)
Yes, and all of this would eliminate the possibility of flying without ID. It would also place us at the mercy of government computer systems with ID information and PII stored on them, which are about as secure as a kitchen colander. How many data breaches has the federal government had in the last ten years or so? And how many innocent people are on the NFL by mistake with little to no legal recourse for getting off?
No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough. |
Originally Posted by iamflyer
(Post 28414833)
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.
Originally Posted by petaluma1
(Post 28415592)
No, all it says is that the ID is a valid ID and matches the BP. It does not say that you are who the ID says you are.
Originally Posted by phltraveler
(Post 28414265)
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.
[...] Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required). As I work for one of the companies potentially bidding on that BPA, I won't hazard to think what we'd do with it (nor is the TSA work in my domain), but I am genuinely curious what TSA wants to get out of such a system. |
All times are GMT -6. The time now is 11:43 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.