by Carroll McCormick (Airports International, Volume 40 No 2, March 2007)

As of January 31, 2007, a powerful new security system called Restricted Area Identification Card (RAIC) became fully operational at 29 Canadian airports. Biometric security cards issued to 100,000 employees are said to be the first in the world to contain two biometrics references ? fingerprint and iris ? and also deployed on a national scale.

The Winnipeg Airport Authority, with about 5,000 card holders, was one of the first to be RAIC-compliant. The new cards, says Mike O’Gorman, the airport’s Vice President of Operations, “proves that the person who has the card is the person who should have the card. And from the airport’s point of view, it offers better customer service. We want the ability for the staff to move back and forth between restricted areas easily and with a high level of security.”

With the Restricted Access Pass (RAP), which RAIC replaced, employees occasionally found themselves in line-ups up at doors, with guards checking cards against written lists of authorized persons. Moreover, RAP has two cards, on that employees presented to the guards, and the second, which they swiped; the two were on different access systems. With RAIC, and its single access system, says Mr. O’Gorman: “The same way you can grant access, you can deny access just as fast.”

With RAIC, an employee approaches a reader, waves the card, offers up their finger or iris for a read, computers do their business and in about three seconds the door opens. With some exceptions, guards are still necessary to prevent ‘piggybacking’. Winnipeg has been able to remove guards by installing what it calls Anti-tailgating Access Portals, that ensure on one person per authorization goes through a door. The Vancouver Airport Authority is considering similar devices, which it calls ‘man traps’, that capitalize on RAIC’s enhanced security and reduce guard staffing costs.

RAIC does an one-to-one match of the biometric information stored on the card with the employee’s fingerprint or iris scan at the reader, rather than searching a database of biometric references. This virtually eliminates matching errors, and means matches can be made very quickly ? in under a second – according to Matthew Bogart, spokesman for Markam, Ontario-based Bioscrypt Inc, which manufactured the RAIC fingerprint readers.

Although the name suggests that RAIC is all about cards, it is much more than that. It is a secure system that links 29 airports required by an amendment to the Canadian Transportation Act to deploy it. This has several advantages over RAP ? for example, the common RAIC database means employees, regardless of the number of airports for which they might need access clearance, require only one card; with RAP, multiple cards held by single employees were, by comparison, hard to track.

Transport Canada does the employee background checks and the airports run RAIC day-to-day; eg, issuing employee access clearances and keying into RAIC exactly which doors employees’ cards will open and when. Airports can make changes as often as required.

The use of ID cards and fingerprint plus iris biometrics recognition gives RAIC a level of redundancy referred to as ‘token + biometric’ (token being the card) or ‘dual-factor’. (The redundancy is achieved not with the two biometrics, but rather with the card and the biometric.)

Tom DeWinter, Manager of Business Development, LG Electronics USA, Inc, Iris Technology Division, headquartered in Cranbury, New Jersey comments: “Dual factor identification in very high risk locations is very desirable and very prudent.” LG Iris supplied the iris readers and software to the airports.

With RAP, guards studied each cardholder’s card and face, and decided whether they matched. “Guards no longer have to be responsible for making subjective decision based on incomplete information. The smart cards are non-transferable, since pass holders have to identify themselves with their fingerprint or their iris. If the card doesn’t work, the person cannot enter,” according to a description of the system from the Canadian Information Productivity Awards (CIPA), and confirmed by CATSA, which won the 2006 CIPA Exceptional Innovation Award.

“Lost or stolen RAIC cards are absolutely useless to anyone other than the person to whom the card was issued. And without a living sample, entry is not granted,” says Peter Burden, RAIC programming manager with the Canadian Air Transport Security Authority (CATSA).

Some doors have been equipped with fingerprint readers, other with the iris readers, for several reasons. First, says DeWinter: “Both iris and finger technologies have their strengths. It was a good way for airports to get a good overview of the technology in operation, and to find out which technologies were best suited for the users, the environment and for the particular applications.”

Burden notes: “The fingerprint or iris readers were not installed arbitrarily. They were provided in consultation with the airports as per their needs.” So, for example, in areas where employees often have dirty hands, which negatively affects fingerprint readers, or where they wear gloves a lot, airports have requested iris readers, according to Burden. At the Vancouver International Airport, for example, which has enrolled 20,000 in RAIC, the iris and fingerprint readers are represented about equally.

The biometrics part of the RAIC deployment has an element of field trial about it, partly to learn more about which biometric systems airports prefer ? preferences that go beyond purely practical needs such as Burden describes, and which CATSA was prepared to grant, according to Vancouver and Winnipeg’s wishes. For example, notes one source, some people do not like the physical contact of the fingerprint reader, and for certain fingerprints the reject rate is said to be higher than average. Other feel more comfortable (justified or not) with traditional fingerprint ID-ing. Other, says the source, suffer from the misapprehension that iris readers can burn the eye.

HID Global, headquartered in Irvine, California, supplied CATSA with 200,000 smart cards, with an embedded Radio Frequency Identification (RFID) smart module that allows the readers to recognize cards waved within a distance of up to 4 inches (10.2cm). “The reader has the ability to read and write information back to the RFID chip,” says HID Global director of sales Richard Coombs.

Each employee has a biometric reference for a fingerprint and iris written to his or her access card, as well as other unique identifiers, encrypted to prevent hackers from emulating the card. The card also include a custom hologram and a thermal read/write strip that allows CATSA to add and delete printing on the card without having to re-issue it, saving time and money. “The cards are also backward-compatible to the airports’ existing access control systems,” says Coombs. “It was a huge undertaking for CATSA to co-ordinate interoperability of the legacy systems while maintaining the integrity of the new cards.”

The RAIC concept was developed in a three-way partnership between Transport Canada, as regulator, CATSA, which developed and deployed the program and the airports.

“Transport Canada had to amend the regulations which lay out the rule of conduct, how this equipment is deployed and how it must be used. Developing biometric regulations was ground-breaking work for them. All these three partners had to work together to design it, how it should work and what improvements should be made. Based on this concept the Request for Proposal was issued.” Says Burden.

In 2004 CATSA deployed RAIC to two high-traffic airports: Vancouver and Trudeau, and two much lower-traffic airports: Charlottetown and Kelowna. The trial, which included 40,000 employees, confirmed that one card and one reader could both verify and provide access control, with connectivity between airports and the CATSA database. It also demonstrated that RAIC could talk to the 19 different access control systems in use at the airports and identify lost, stolen, revoked, unreturned and suspended cards.

“This is the world’s first dual biometric smart card to be deployed and implemented in an airport environment,” Burden explains. “Working in a high-security environment we had to make sure we captured adequate examples and volumes, and be extremely thorough in finding out if the technical solution was functional and stable enough to meet airports’ needs.

“When different technologies are packaged like this, you run it for a couple of months and watch the behavior of the system. We learned a lot of lessons and updated the architecture.” Burden notes that CATSA is prepared to share what it has learned with other security authorities and airports, and has already received calls from other countries.

“We have installations of biometric access control technology at several airports around the world, which have typically been rolled out as one-off programs. This national roll-out hasn’t been done by anyone anywhere else in the world” says Bogart.

Next up for CATSA are hand-held biometric readers, which will be supplied by Labcal Technologies Inc in Quebec City, using the Biocrypt fingerprint matching algorithm.