� Smart card -- A smart card can combine several ID technologies on an embedded integrated circuit chip, including visual security markings, magnetic strip, barcode and/or optical stripe. Smart cards can be used for physical access, logic access and digital signature such as signing out materials or equipment. Smart cards can store large amounts of updatable data, carry out oncard functions such as encryption and mutual authentication, and support traditional legacy systems. This eliminates the need for separate ID cards. � Multi-technology readers -- Comprising firmware and hardware, handheld and stationary systems identify individuals using common credentials, smart cards, biometrics or any combination thereof. The units may include photo display, cameras, iris recognition, data capture, and other input and display options. These systems offer detailed levels of cross-referenced ID and target information for mission-critical situations. The systems are linked (wired or wireless) to one or more databases of target information. � Mobile biometric/card readers -- Mobile biometric devices for reading TWIC can now load data from the TWIC into existing PACS and carry out recurring credential validation testing again the certificate authority. The solution ties existing components together, enabling the legacy infrastructure to be tied to the security-rich TWIC component. Port security officials should source mobile readers that are FIPS 201 approved, have at least 14-hour battery life (for multiple shift use without recharging), and are field-proven to hold up in all environmental conditions that are indigenous to ports (salt water, high humidity, etc.). Compliance with TWIC legislation need not be an all-or-nothing proposition. Operators and government entities can integrate TWIC with existing PACS to create a working infrastructure that will be fully compliant. Many integrators -- those who customize systems software and hardware for customers -- agree that journaling to legacy systems would allow ports to get compliant in a relatively quick and comparatively costeffective way. Operators and agencies would be well-prepared to meet future rule changes should they occur. Creating transitional strategies using handheld biometric card readers and the newest software allows these agencies to get in compliance without gutting their current security infrastructure. By leveraging their existing PACS investments, ports can establish a compliant, layered security strategy that will allow
May 2009
them to build toward higher benchmarks while budgeting for change. At some point, implementation and requirements of TWIC will gradually stretch beyond the ports and U.S. borders. There may be some movement by organizations to extend TWIC as an approved credential for admitting transportation workers into other secure facilities such as petro-chemical and
nuclear power plants. Before that can happen, however, the real value of TWIC must be realized and demonstrated. That will take time. The real issue will be establishing standards that are complementary to TWIC. For now, the future will rest in how the TWIC implementation is rolled out beyond being a card and utilized to verify the identity of those who possess it.
About the Author Joe Delaney is the vice president of sales and marketing for Datastrip (Wayne, Pa.). He can be reached at jdelaney@datastripinc.com
www.marinelink.com
15
�