A CGN Whitepaper

Biometric Credentialing for Non-Federal Emergency Responders Creating an Interoperable Network

www.cgn.net

Biometric Credentialing for Non -Federal Emergency Responders

We live in a dangerous world. Every minute of every day, a number of services protect our citizens from potential natural and human-created threats; but no shield is ever perfect and events do occur. Catastrophic storms, hazardous material spills, and large-scale terrorist attacks are examples that must be effectively contained and managed in order to prevent additional risk to persons and infrastructure. Emergency responders from municipal jurisdictions are often the first on scene and play a key role in establishing order in the initial chaos following an incident. We also live in an increasingly interconnected and interdependent world. The attacks of September 11, 2001, drove home that point, as responders from across the United States arrived to assist the City of New York in the difficult, dangerous, and tragic aftermath of the worst terrorist attack in US history. Four years later, in August of 2005, Hurricane Katrina struck. The resulting devastation required the assistance of emergency responders from all over the country deployed to New Orleans to cope with the effects. Both of these events highlighted the logistical and tactical difficulties of large scale coordination of effort across jurisdictions. In response to these challenges, a vision for a fully interoperable electronic credential was created by the Department of Homeland Security. This vision merged into FIPS 201, which served as the template for the technical specifications for an identity card that could be issued and used by multiple Federal agencies. Before long, this vision was expanded to allow for cross-certification of non-federal jurisdictions into the network and allow for independent issue of fully interoperable credentials. The following document describes the benefits for a non-Federal governmental authority in sponsoring and issuing federally interoperable credentials, as well as a high-level blueprint of components required to construct such a system. Overview The foremost question of a jurisdiction considering Federal interoperability is usually: What makes a credential federally interoperable? A federally interoperable smartcard is an identity card with a contact chip on it that holds identity data for both the user and the issuer. This data consists of: 1. A cross-certified PKI certificate identifying the issuing authority 2. A PIN code assigned to the user 3. A digital photograph of the user 4. A copy of two of the users fingerprints In addition to the users identity on the card, the issuing authority will also publish an Identity and Privilege List (IPL). This file contains identity, organizational affiliation, and qualification data on all of the users credentialed under the authority in a compressed format available for download to a Personal Identity Verification (PIV) reader.
2

Biometric Credentialing for Non -Federal Emergency Responders

Process

When the responder reports to an incident, he or she delivers the cards to a gatekeeper, who places the card into PIV reader. The responder then enters the requested authentication method (by keying in the PIN code or placing his/her finger on a print reader). The reader will verify that the authentication method matches that written to the card. If a match is obtained, the handheld will confirm an authentication match and produce the identity and privilege data for the user. The privilege data will consist of the users emergency response team affiliations and emergency response qualifications that the user has obtained. Benefits The issuance and maintenance of a federally interoperable credentialing system by a municipality delivers numerous benefits. The primary and originally intended function of such a system is the smooth integration of the jurisdictions emergency response personnel into a federally controlled disaster scenario. In the event of a natural (such as Hurricane Katrina) or man-made (such as September 11th) event, the users deployed by a state or municipality to the site will be immediately recognized and validated by the incident authorities. This can save time and lives by eliminating the confusion created by unfamiliar credentials presented to a gatekeeper, who must then go through an external process to ensure validity of the responders identity and qualifications Interoperable credentials are also useful for deployment in mutual aid scenarios, whether between states or between jurisdictions within a given state. Jurisdictions that meet Federal interoperability requirements can, by definition, read and validate the credentials of each others emergency responders. The same level of authentication provided for a state-to-Federal response can be provided in a state-to-state, or municipality-to-municipality response. For incident commanders, the ability to read and validate interoperable credentials can be of tremendous tactical value. Due to the requirement that a cross-certified authority vouch for the identity of the credentialed responder and the additional requirement for a PIN or biometric validation, the commander can be absolutely sure that unauthorized personnel with forged or revoked documents are denied access to secured areas. Use of federally accepted qualification designations gives an incident commander access to a catalog of capabilities for every responder on site. This allows for efficient management of emergency response teams by need as the operational environment matures. Finally, the issuance of a smartcard allows the issuing authority to control access to IT systems as well as physical structures. To control system access, an organization would grant permissions through the smartcard profile. The user would place his/her Smartcard into a reader that is either built into the workstation or attached at a USB port. The user would authenticate using the PIN number or biometric signature. When identity is verified, access to the workstation and approved portions of the enterprise network are granted. Physical security is handled in the same manner. Instead of a proximity badge, the user will use the smartcard and will be required to authenticate using one of the approved methods.

Biometric Credentialing for Non -Federal Emergency Responders

System Components

Baseline Architecture

While each instance of a smartcard production system is unique to the business requirements of the issuing authority, all federally interoperable systems share the same core applications. They are: Certificate Authority (CA) The certificate authority serves as the crux of the credentialing system. This application will control the encrypted user keys that will be used to validate identity. Card Management System This application serves as the main user interface and is the method by which demographic and qualification data are collected. In addition, it is this system that writes data to the smartcard for downstream usage. Identity and Privilege List (IPL) This application compresses the data from the CA and Card Management System and makes it available for recognition by systems capable of using smartcard data. Conclusion Given the increased community interconnectivity in our world, emergency responders from every echelon and every discipline are likely to respond to a mutual aid call of some type. Whether an event is across the state or across the country, a responder in possession of a Federally Interoperable Smartcard will be more efficient than one who lacks such a credential. He or she will be able to provide highly secure proof of not only identity, but also organizational affiliation and skills sets. Access to this data, in turn, gives Incident Commanders much greater comfort in the quality and reliability of responders reporting from unfamiliar jurisdictions. Coupled with internal security gains for an organization able to secure both facilities and systems with a single system, These reasons alone make Federally Interoperable smartcards tremendously valuable and an asset for all emergency response agencies.