Secure Credentialing in Concert with RFID

Secure personal identification combined with the tracking capabilities of RFID will soon transform secure shipping and cargo transport. Through the use of secure and speedy authentication, organizations can add extra layers of security that overcome the current holes in RFID implementations, and allow a greater acceptance from the public for implementation. Coupling cargo tracked with RFID and the capabilities of a credential with Secure ID capabilities will mean that all cargo and all personnel are accounted for and linked together in real time. Administrators will know the last authorized handler of each piece of cargo, where the cargo is in real time, detect deviations en route, and be assured that only those people who are authorized can access sensitive freight, tracking people’s actions and cargo location together.
Shared technologies will allow:
Data Privacy Protection:

• Users can have differentiated access to read the information on the RFID tag based on privileges held in their card. RFID tags created according to scramble number schemes can be used in concert with smart card capabilities; only those tags to which users have been given “rights” will be seen, added to cargo lists, or be shipped to certain geographic locations.  This allows individuals to control data collection and sharing while preventing covert tracking and profiling applications based on package content.  

Linking People to Cargo

• Cards used for access to vehicles or facilities can be matched against cargo RFID to automatically reconcile cargo itineraries against known cargo and personnel movements.  By linking people’s locations with RFID cargo locations, administrators can reduce fraud and determine the who, when and where if any package loss occurs.

 Local Authorization for Inventory Movements:

• Smart cards can act as secure, digital lists of instructions, inventory, and package recipients, allowing people who sign for packages to be verified through the use of PKI, biometrics and other digital means.  If RFID packages are moved by an unauthorized person, future privileges of that user can be locked, and flags can be raised to administration.

Package- and User-based Physical Access:

• Biometric IDs, RFID and GPS position transmitters will work together to allow secure access only to authorized persons with authorized cargo at only intended destinations.  Through biometric authentication to truck ignition systems, administrators will be assured that trucks stay within specified corridors on their way to the cargo’s intended destination, know who is driving, and even remotely disable and lock trucks that deviate, have wrong users or wrong cargo

Scenarios where this combination of technologies may soon be applied include HAZMAT drivers, weapons transport, banking records and even passports. Credentialing systems are already underway for the major ports of the world and will be used to link card to identity to ship to cargo, where cargo is monitored already with RFID.

In the future, the drivers can also be linked to the truck, and the truck to the cargo. All this can be tracked through GPS vehicle tracking. The future world of secure shipping will allow owners of cargo to track in real time the exact location of crate, each driver, each truck, and be sure that they are all supposed to be traveling together.

Haiti, Hurricane Katrina, and Identity Management

The tragedies of Haiti have me pulling up an article I wrote regarding identifying those affected by crisis. Originally published as part of the BearingPoint "IDM Insider" July, 2006

KATRINA AND IDENTITY MANAGEMENT

As documented by the Washington Post, over $1.4 Billion was provided in assistance to fraudulent Hurricane Katrina victims. While it is imperative to provide people with assistance as quickly as possible during a crisis, this must be balanced by assuring that support is properly disseminated among the true victims and proper oversight of taxpayer dollars are performed. Such control is needed because frequently the damage caused by malfeasance is far greater than the cost of implementation.

Through the use of common credentialing and identification techniques, much of the fraud that occurred during Hurricane Katrina could have been avoided. For example, debit cards issued to hurricane victims could have been activated only after individuals had passed an identity authentication and verification of ownership and occupancy process. The identity solutions should take care not to cause undo intrusion to the participants, but yet be complete enough to verify their identity and link with adjudication for assistance decisions. Such a solution would be upgraded from each deployment so that there would be consistent improvement between deployments.

Below is a list of common fraud scenarios identified by the GAO, and the corresponding IdM solutions that could be implemented to deter, identify and counteract such behavior.

• Fraud Committed: Use of different Social Security numbers for the same person - Identity Management Redress: Many social security validation programs exist and could be incorporated for validity of issuance and ownership as well as single use within the program. A more intricate program could compare biometric information for uniqueness of the registered individuals such as done through systems that incorporate 1:N matching.

• Fraud Committed: Identity theft of others, specifically those in prison - Identity Management Redress: Since the crisis was localized, each State could have provided a “qualification” list from their local DVMs as an initial method for address verification and acquiring a picture ID. Since state and federal prisoners’ data was stolen and used to apply for assistance, it is reasonable to check future crisis registrants against such data for exclusion.

• Fraud Committed: Addresses outside of assistance area, and bogus address used - Identity Management Redress: Combining a mapping software with location tabs to verify physical location of the damaged address would provide the needed geography and legitimacy assistance. Such software is easily found and integrated with, Google maps is an excellent example.

• Fraud Committed: Registrants not occupying provided address - Identity Management Redress: Address Verification System are commonly used for credit and finance applications that can be integrated as part of a verification system.

Happy Data Privacy Day

How fortuitous, my blog on identity management starts on an auspicious occasion.

 

Happy Data Privacy Day!

 

http://dataprivacyday2010.org/

Background Information

Everybody likes to know a little about the author. Below is a summary of my expertise and activities.

Experience Summary

An Associate with Booz Allen Hamilton, Mr. Sussman is an experienced information technology professional with over 15 years in the industry, to include extensive knowledge of identity management, biometric technologies, and project management. Mr. Sussman works on the Booz Allen Global IT team delivering information assurance and identity management solutions to clients, especially through biometric development strategies, privacy protection and associated policy development.

Mr Sussman has held leadership positions with the following Identity Management projects:

• Reviewing technically challenging biometric requirements of various programs at the Department of Homeland Security (DHS) to recommend where DHS Science and Technology should focus investment to meet national security needs.

• Supported the efforts of the Department of Veteran’s Affairs (VA) efforts to continually evolve their enterprise identity management capabilities. Mr. Sussman contributes thought leadership to the Virtual Lifetime Electronic Record (VLER) project which will implement overarching Identity Services across VA administrations and Lines of Business (LOB).

• Developed processes for the Department of Defense (DoD) to assure compliance to federal Homeland Security Presidential Directive – 12 (HSPD-12) and Federal Information Processing Standards 201 (FIPS 201) guidelines. This effort included managing an effort to investigate the background investigation completed on all military, civilian and contractor personnel.

• Served as a key architect for the General Services Administration (GSA) Shared Services identity card program which served to produce the Personal Identity Verification (PIV) cards for GSA’s HSPD-12 project management office.

• Develop the detailed functional design of the Transportation Worker Identity Credential (TWIC) solution. He assisted in the original design of the prototype system, specifically ensuring that best practices associated with privacy were built into the solution, provided ongoing operational support to system and users, developed user training; including specific modules biometric collection and supported the alignment of the solution with FIPS 201.

Mr. Sussman is an experienced leader in improving operations and increasing efficiencies through information technology solutions integration. Mr. Sussman has a technical background tempered with corporate and federal government environments. He is highly skilled in using information systems to innovate, improve and re-engineer government, military, and commercial business processes.


Education

• BS, Computer Science, State University of New York at Binghamton 1994

• Masters Business Administration, State University of New York at Albany 1996

• Executive Leadership, Yale, 2009