FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Practical Travel Safety and Security Issues (https://www.flyertalk.com/forum/practical-travel-safety-security-issues-686/)
-   -   New TSA Credential Authentication Technology ID Scanners - No Boarding Pass Required (https://www.flyertalk.com/forum/practical-travel-safety-security-issues/1845206-new-tsa-credential-authentication-technology-id-scanners-no-boarding-pass-required.html)

exerda May 29, 2017 5:41 pm

New TSA Credential Authentication Technology ID Scanners - No Boarding Pass Required
 
Apologies if I missed a thread already devoted to this topic; I didn't see one.

Anyway, on Sunday at IAD, at the Pre checkpoint the TDC was scanning IDs on a much-larger device, and turning away actual BPs. Yes, I know that checking ID and BP match is meaningless and easily circumvented, but it was interesting to see the TSA apparently admit as much.

The device appeared to be a small computer workstation of some sort. Interestingly enough, I recall seeing talk of integrating ID scanners into overall security at the checkpoint (including integration with SecureFlight, WTMDs, x-rays, and AITs), but it was proposal-phase, not deployment--so I thought.

Anyone else noticed this? My guess is the ID check station is integrated into SecureFlight and checks if you're traveling that day (and at the Pre checkpoint, are eligible for Pre)? Not sure how much the airlines share to make this happen.

tvtd Jun 1, 2017 10:32 am

Wonder how widespread this is. I went through PreCheck at IAD this morning and saw this in action. It was...disconcerting, but that may have been because shortly thereafter I read an article on how B6 and someone else was going to trial test facial recognition.

sunshinekid Jun 3, 2017 11:53 am

Has IAD create a security vulnerability for Precheck?
 
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.


Originally Posted by exerda (Post 28375893)
At IAD on Sunday, I noticed the Pre line no longer actually checks / scans your BP at all (there is an airport employee at the head of the line who glances at your BP for TSAPre logo, but that's it). They now scan your ID and don't bother to confirm it matches BP at all (interesting, if logical in real-people thinking, just not logical in TSA thinking). But that is fodder for another thread--just have to find the right one...

If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.

GoSh4rks Jun 3, 2017 12:35 pm


Originally Posted by sunshinekid (Post 28397871)
This from another thread, and as if true, relates directly to security. It is rumored that IAD is not conducting electronic verification of BPs for Precheck.



If TSA has instituted this practice, then Precheck is a confirmed useless smoke and mirrors program. If the ONLY confirmation for Precheck at IAD is visual and TSA is not matching names to BPs, then what a crock TSA is and what a crock Precheck is.

The ID is verified against an internal precheck list.

WillCAD Jun 4, 2017 4:03 am

I seem to recall hearing somewhere that DCA and IAD are TSA's 'prototype' airports where they will often test new procedures and equipment before deploying them nationally. Perhaps this new scanner is the latest money-wasting gizmo, foisted upon the American taxpayer by former DHS or TSA executives working for a tech company, under the guise of making us more secure.

The new device could be any number of things - an image scanner recording actual images of the IDs; an RFID reader checking the chips in various types of cards and passports; a terminal that checks IDs against the NFL or other database; or something else that I can't even imagine. No matter what, I'm sure that any security benefit it may theoretically provide will be neither effectively implemented nor worth the inflated price tag of the device. This is TSA we're talking about, after all.

Boggie Dog Jun 4, 2017 8:08 am

Would it be expected that this new scanner is connected to watch list databases? I don't agree with ID checking but not checking watch lists really makes ID checking a worthless exercise.

exerda Jun 5, 2017 7:02 pm


Originally Posted by Boggie Dog (Post 28400670)
Would it be expected that this new scanner is connected to watch list databases? I don't agree with ID checking but not checking watch lists really makes ID checking a worthless exercise.

I understand it does connect with SecureFlight, and it's made by MorphoDetection (who got bought by Smiths recently). This would imply that it does hit at least the same lists that SecureFlight does.

Boggie Dog Jun 5, 2017 9:35 pm


Originally Posted by exerda (Post 28407730)
I understand it does connect with SecureFlight, and it's made by MorphoDetection (who got bought by Smiths recently). This would imply that it does hit at least the same lists that SecureFlight does.

Unless an ID is checked against some watch list(s) I see no reason to waste time checking them. Even checking against the lists serve little purpose. Screen the person for WEI and move on.

phltraveler Jun 7, 2017 9:03 am

The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.

Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.

From the document I linked to above:


Originally Posted by DHS/TSA
In its efforts to address the security vulnerabilities in the authentication of passenger identity documents and/or boarding passes, TSA will send certain Secure Flight data to generate the boarding pass outside of the airport security area; then through TSA’s Security Technology.Integrated Program (STIP) to CAT/BPSS inside of the airport security area. This process allows the TDC to verify the content of the identity document and/or boarding pass presented by the passenger directly against the content of the Secure Flight database that generates the boarding pass instruction. TSA will transmit passengers’ full name, gender, date of birth, Secure Flight screening status, reservation control number, and flight itinerary from the Secure Flight
database to STIP. STIP will then send the Secure Flight data to the CAT/BPSS devices. The data will be securely transmitted in such a way that only the Secure Flight data for passengers scheduled to fly from a specific airport will be sent to CAT/BPSS devices at that airport. If name mismatches occur, CAT/BPSS will display a list of Secure Flight data on passengers with similar attributes (e.g., the same date of birth, gender, last name, and/or first name) that are scheduled to travel on the same day at their assigned airport in order to compare data and resolve name mismatches. TSA will delete the data from STIP and the CAT/BPSS devices within twenty-four (24) hours of the flight departure time. This process will apply to all locations where TSA will pilot and deploy Secure Flight connectivity

Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).

Often1 Jun 7, 2017 9:17 am

There is no mystery here. The pilot for IAD & DCA was widely announced.

The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.

If you don't, then you are dealt with through a secondary check.

iamflyer Jun 7, 2017 11:06 am

I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.

WillCAD Jun 7, 2017 1:07 pm


Originally Posted by phltraveler (Post 28414265)
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.

Online CAT against the credential would allow TSA to reconcile the person's name/D.O.B. and other info against Secure Flight. In theory, this would allow them to not only validate a person's identity and the matching reservations, but whether or not the person was selected for Secondary or given Precheck.

From the document I linked to above:



Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).


Originally Posted by Often1 (Post 28414333)
There is no mystery here. The pilot for IAD & DCA was widely announced.

The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.

If you don't, then you are dealt with through a secondary check.


Originally Posted by iamflyer (Post 28414833)
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.

Yes, and all of this would eliminate the possibility of flying without ID. It would also place us at the mercy of government computer systems with ID information and PII stored on them, which are about as secure as a kitchen colander. How many data breaches has the federal government had in the last ten years or so? And how many innocent people are on the NFL by mistake with little to no legal recourse for getting off?

No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.

petaluma1 Jun 7, 2017 1:52 pm


Originally Posted by Often1 (Post 28414333)
There is no mystery here. The pilot for IAD & DCA was widely announced.

The BP itself serves no purpose as the ID data match does the trick. The ID with the data means that: you are who you say you are AND you hold a valid ticket to depart IAD on the day you appear.

If you don't, then you are dealt with through a secondary check.

No, all it says is that the ID is a valid ID and matches the BP. It does not say that you are who the ID says you are.

iamflyer Jun 7, 2017 8:29 pm


Originally Posted by WillCAD (Post 28415374)
Yes, and all of this would eliminate the possibility of flying without ID. It would also place us at the mercy of government computer systems with ID information and PII stored on them, which are about as secure as a kitchen colander. How many data breaches has the federal government had in the last ten years or so? And how many innocent people are on the NFL by mistake with little to no legal recourse for getting off?

No thanks. Physically screen for WEI and forget the ID crap. It doesn't work, it isn't effective, it provides no value but does provide increased risk in other areas, and it's a tremendous, gigantic money-sucking quantum singularity. Just check people for explosives and guns. Secure enough.

I absolutely agree with you, was just thinking about other possible implications and ways the TSA will sell it as a great thing

exerda Jun 9, 2017 6:58 pm


Originally Posted by iamflyer (Post 28414833)
I wonder if this would eventually allow non-participating airline passengers to get pre-check as in theory the airlines no longer need to have the right set-up to sign boarding passes, just need to submit secure flight data.

That's an interesting point. You'd think it would.



Originally Posted by petaluma1 (Post 28415592)
No, all it says is that the ID is a valid ID and matches the BP. It does not say that you are who the ID says you are.

Yes, and one worry is that the screener will rely too much on the machine and not really pay close attention to whether the ID matches the pax or is not tampered with in any way (or that the TSO can judge that accurately, which is another matter altogether). "But the machine said they're good!" I worry about such false sense of security through relying too much on technology...



Originally Posted by phltraveler (Post 28414265)
The TSA has been looking for Credential Authentication Technology (CAT) and Boarding Pass Scanning Systems (BPSS) for years The Desko Penta scanners they have used for years for scanning paper/boarding passes check the digital signature on the boarding pass barcode (at least for those airlines offering precheck boarding passes are digitally signed regardless of whether or not the person gets Pre) but they aren't networked.

[...]


Guess we will see how it works in practice, but the documentation describes would stage the reservation data from Secure Flight to the reader. So verification of the boarding pass itself at the checkpoint would be unnecessary as long as the system works normally. (In case of inability to match name or find record, the boarding pass would probably be required).

There's a RFQ for a BPA out there right now regarding the follow-on to STIP which would bring back online most of the checkpoint screening devices. I'd be interested to see what they (the TSA) intend to do with linking the CAT, SecureFlight, WTMD, checked baggage x-rays, etc., in any kind of fashion which makes a remote degree of sense.

As I work for one of the companies potentially bidding on that BPA, I won't hazard to think what we'd do with it (nor is the TSA work in my domain), but I am genuinely curious what TSA wants to get out of such a system.


All times are GMT -6. The time now is 11:43 am.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.