Professional Documents
Culture Documents
Allen Dreibelbis
HungTack Kwan
Redpaper John LaLone
Paul McKeown
Rashmi Kaushik
Robert Spory
Marilza Maia
Vinod Chavan
Partner Ecosystem
This paper discusses scenarios in the safety and security domain to illustrate
leading practices and how to adopt the IBM Government Industry Framework
components.
In many nations, control operations are now executed beyond the physical border
and before arrival at a nation's official points of entry. The result is a much
broader and more complicated scope of operation for border management, and a
greater need for collaboration between nations.
The need for international and inter-agency collaboration to achieve the twin
objective of security and facilitation means that government leaders responsible
for border integrity face rising complexity in accomplishing their missions.
Governments realize that the increase in international air travel and imposition of
rigorous security checks mean more queues and more inconvenience for
passengers. This can result in further disruption to airline schedules and
increased safety and security risks because crowded airports can become
terrorist targets.
Screening Alerting
• Assess Risk Profile • Manage Cases
• Passenger Data Load • Generate Alert
and Score • Notification
• Name Recognition
• Record Results
• Alerts against Watch
Lists Auditing
• Passenger Profile
• Ticket
Watch Lists • Case & Alert History
• Manage Lists
• Passenger Records
Reprocessed Biometrics
• Stored in eDocuments
• Local verification of ID
Secondary Analysis • Identifying unknown
people
• Workflow for Manual • Uses face, fingerprints
Expertise iris scans for
• Intelligence Resolution identification
These tools will be referred to in more detail in the rest of the paper.
Enhanced Advanced Passenger Analysis (APA) New Registered Traveler (RT) Program
Initiatives
Business
Figure 3 Capability model for a new and improved border management process
The result of this enhanced border management process are two offerings:
Enhanced Advanced Passenger Analysis
A new Registered Traveler program
These two offerings are the subject of the remainder of this paper.
Some countries believe that the use and storage of API/PNR Data intrudes on
passenger privacy and are seeking compromises on the amount of data that is
processed and stored.
1. Based on the ePassport number taken from the reservation, the passport
validity is checked.
2. That person’s name is checked against watch lists for immigration, crime, and
other possible interested stakeholders.
3. If there is a match the operators decide what action to take.
Next, we take a closer look at the two activities that make up this part of the
process.
SOMA provides an approach to building a SOA that aligns to business goals and
ties the business processes directly to underlying applications through services.
The process of SOMA consists of three general steps:
Identification
Specification
Realization of services, components, and flows
The service identification step of SOMA consists of three techniques that can
help identify services for the Advanced Passenger Analysis business process:
Domain decomposition
This is a top-down view of the business process. It consists of process
decomposition where processes are broken up into sub-processes and
high-level business use cases. In this top-down decomposition, business
processes are represented hierarchically.
For example, the Government Registered Traveler Program process can be
decomposed into sub-processes such as:
– Advanced Passenger Analysis
– Registered Travel Program
IBM provides service offerings for working with SOMA. The IBM SOA Integration
Framework service offering is shown in Figure 11 on page 19.
The system context diagram for the Advanced Passenger Analysis process is
shown in Figure 12.
SOA
SOAGovernance,
Governance, Security andManagement
Security and Management
Triton
Several components of the solution design can use a framework component
called Triton. This is a SOA Foundation Accelerator that helps realize the
business value of SOA faster and with less risk than typical custom
implementations. Triton addresses the following business and IT pain points:
Business pain points:
– “We bought all of this software months ago and I still have not seen any
benefit.”
– “All I wanted to do was to integrate these existing information systems, and
now I have more software and still no integration.”
IT pain-points:
– “We are having a difficult time putting all these software products together.”
– “We are having a hard time locating all of the skill sets necessary to
integrate all of these products.”
– “We need a common platform across our enterprise to lower total cost of
ownership, to improve interoperability, and to share more information.”
Pre-enrollment
Collect biographic data that is used to initiate the enrollment process.
Enrollment
The enrollment process drives the identity proofing and results in the approval
or rejection of an application.
Proofing
Validate all of the identity information that is provided by an applicant.
Enrollment approval
If there are no issues during enrollment and proofing, then approve the
enrollment application.
Credential provisioning
Create the credential that will be used when issuing an identity token (such as
a national ID card).
Credential issuance
Issue the credential using the required physical token (such as a smart card).
Credential activation
Activate the issued credential so that it can be used to validate an individual’s
identity.
Identity usage
Use the credential in a high assurance transaction where it is required to
validate a person’s identity.
Identity monitoring
Monitor identity usage for fraud or abuse to ensure the trustworthiness of the
identity.
Next, we take a closer look at the two activities that make up this part of the
process.
The Review Other Travel and Government Agency Checks process shown in
Figure 17 on page 30 is implemented as a sub-process (Figure 18). In this
sub-process the identity checks are performed against e-Identity tracking
systems, border clearance systems, e-Passport/e-Visa systems, and e-Identity
management systems to ensure the applicant is a low risk applicant.
Up to 10 fingerprints are captured, iris patterns of both eyes are recorded for
recognition, and a digital photograph is taken.
During the manual interview stage, the interviewer decides whether or not to
grant the Registered Traveler privilege.
A physical identification card or logical credentials based on biometrics
matches (where the biometrics is stored in a government repository) might be
provided to approved applicants.
Technical solution
This section describes the technical solution that was designed and built for the
Registered Traveler process. It includes a description of the IBM product
offerings that were used in the implementation.
SOA
SOAGovernance,
Governance, Security andManagement
Security and Management
1
Single View is a middleware solution that supports identity and relationship analytics in addition to
managing the authoritative source of registered traveler master data.
Table 1 on page 41 shows the business and infrastructures patterns used, and
whether they apply to Advanced Passenger Analysis and Registered Traveler.
Business patterns
Infrastructure patterns
Personal identity information from the booking records are used to check against
watch lists, crime databases, and publicly available information to make sure
traveler does not pose any risk. In addition, the non-obvious relationships of
travelers with any criminals can also be resolved using identities and passenger
information.
Systems troubleshooting
When solution systems are not functioning to the expected levels, information
should be available on where the problem is occurring. This is often a daunting
task with many participants involved.
Allen Dreibelbis, Executive Solutions Architect for Single View of a Citizen, IBM
SWG IM Advanced Engagement Team
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area.
Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such
provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer
of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s) described in this publication at
any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on
the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the
sample programs are written. These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to IBM for the purposes of
developing, using, marketing, or distributing application programs conforming to IBM's application
programming interfaces.
© Copyright International Business Machines Corporation 2009. All rights reserved.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM Corp. 55
This document REDP-4586-00 was created or updated on November 11, 2009.
Send us your comments in one of the following ways: ®
Use the online Contact us review Redbooks form found at:
ibm.com/redbooks
Send your comments in an email to:
redbook@us.ibm.com
Mail your comments to:
IBM Corporation, International Technical Support Organization
Dept. HYTD Mail Station P099, 2455 South Road
Poughkeepsie, NY 12601-5400 U.S.A.
Redpaper ™
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corporation in the United States, other countries, or both. These and other IBM trademarked
terms are marked on their first occurrence in this information with the appropriate symbol (® or ™),
indicating US registered or common law trademarks owned by IBM at the time this information was
published. Such trademarks may also be registered or common law trademarks in other countries. A current
list of IBM trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml
The following terms are trademarks of the International Business Machines Corporation in the United States,
other countries, or both: