ACI PS&S Spring Conference 2015

(1)

ACI PS&S Spring Conference 2015

SAFE for Aviation

Airport Identity Management System v4.8

Kristi Crase, Director of Vertical

Market Development

(2)

Agenda

•

Security Challenges Facing Airports Today

•

Identity Management Defined

•

SAFE for Aviation Overview

•

Value Proposition

(3)

Security and Operational Challenges at Airports Today

Compliance/Audit Anomalies; Paper-based, error

prone operations

Balancing Business Friendly / Insider Threat

Customer Service levels are difficult to maintain;

Difficult to scale

(4)

Security and Operational Challenges at Airports Today

Limited Security Intelligence – primarily reactive

Little integration across authoritative systems in

use

Difficult to adapt to changing regulations and the

latest crisis; Limited improvements

(5)

Identity Management Defined

Identity Management (IDMS)

•

Modern, Enterprise Software platform designed to manage the

lifecycle of an airport worker

•

Web based, automated solution allowing for a paperless

environment

•

Cross airport solution encompassing many user groups, systems,

rules and policies

•

Locally hosted system that integrates with existing systems of truth

•

Management overlay that allows for increased efficiencies, reduced

costs and better customer service

•

Process automation tool that provides risk mitigation of insider

(6)

SOC / Comms Aviation Security/Ops

Authorized Signatories Ticketing / Violations

Cross Airport Departments -Role-based Users

Finance

Physical Identity Management Concept

Employer Manager

(Authorized Signatories, Badge Types, Fees, Exemptions, Insurances, Privileges)

Training (CBT Integration – IET, SSI, Etc.) Electronic Audit & Attestation

(10% / 100% Employer)

Biographic Information

Asset Manager - Metal Keys

(Issuance / Audit / Tracking)

DACS Integration – TSC, TelosID, Morpho (TSA STA, FBI CHRC, DOJ, CBP etc…)

Optional: Watchlist Mgr.– No Fly /Selectee

Physical Access Control System (Card #, Access Privileges)

Breeder /Airport Document Manager (Paperless Process - ID Auth. / E-Signature)

Appointment Scheduler

(Trainings / Fingerprinting / Badging / Etc.)

Financial Manager

(Billing / Invoicing)

Optional: POS Integration

Infraction Manager

(Violations / Penalties)

Optional: Mobile Devices

Vehicle Manager

(Parking / Permits / Audits)

AV Reporting & Dashboards

Optional: Analytics / Trending

Livescan Integration / Biometric Enrollment (Identix / Crossmatch / Morpho)

Physical Identity

Credential Production

(7)

SAFE for Aviation Suite

Workflows Orchestration Policy/Rules

SAFE Policy Server

Database SAFE Livescan Agents SAFE DACS Agents SAFE PACS Agents SAFE CBT Agents Training System Biometric Capture and Repository Federal / State

Security Checks Multiple PACS

SAFE Integration Framework

• Employer Manager

• Authorized Sig Portal

• Regulatory Compliance

• Document Manager

• Paperless Badging

• Attestation & Audit

• Security Reporter • PACS/CBT Integration • Infraction Manager • Financial Manager • Asset Manager • Vehicles Manager • Visitor Manager

• Watch list Manager

• Appointment Scheduler • Event Correlation • Aviation Analytics • iOs/Android • DL / Passport Auth. • Touchscreen Forms • Electronic Signature • Document Scanners • Biometric Enrollers • Modern Cameras

• In line Print/ Encode

Comprehensive Offering for Aviation – SAFE for Aviation

(8)

Proposed Security Solution-Value Proposition

100% Real-Time Compliance; Automated,

Paperless Environment

Cross-Airport Solution

Immediate Operating Cost Reduction

Improved Levels of Customer Service

(9)

Return on Investment Calculator

Immediate Cost Savings for the Airport and its Customers

•

Typical payback period for SAFE solution - <3 years

•

Percentage of staff time recovered by eliminating manual tasks –

up

to 25%

•

Percentage of staff time recovered by reducing errors & corrections

–

up to 80%

•

Cost per new badge reduced through efficient process –

up to 50%

•

Ability to efficiently track and bill for material and operational costs

–

recoup up to 100% of credentialing costs

•

Risk mitigation of insider security events and breaches –

potentially

(10)

Quantum Secure – The Leading Identity Management

Solution Provider

Quantum Secure offers SAFE -

an enterprise software suite

that streamlines the

physical identity and

access management lifecycle

• Founded in 2004

• 6 Years of 100% Consecutive Growth • 200+ Employees

• Headquarters in Silicon Valley, California

Background

• Patented technology

• Over 5 Million Identities Managed by SAFE

• Off the shelf support for 55+ access control systems – all major vendors

• First Airport solution live in 2008 – Greater Toronto Airport Authority • Dedicated Aviation Vertical Team with deep aviation experience –

Sales through Support

• Sell direct and through major systems integrators

Product

• Over 90 Customers: Fortune 500, Government, Airports, Financial Services, Energy, Telecom

• Business Partner: AAAE/TSC/IET, Crossmatch, Telos ID, Morpho Trust USA, SSI, Everbridge

(11)

SAFE Deployments in Aviation Today

• San Francisco International Airport-SFO (2010) • Phoenix Sky Harbor-PHX (2013)

• Port of Seattle-SEA (2014) • Massport-Boston/Logan-BOS (2015)

CAT X

• Portland International-PDX (2015)

CAT 1

• Columbia Metropolitan-CAE (2013)

• Atlantic City International Airport-ACY (2014) • Richmond International Airport-RIC (2014) • Wichita Kansas-ICT (2015)

• Westchester County-HPN (2014)

CAT 2

• Aspen Pitkin County Airport-ASE (2010) • Friedman Memorial Airport-SUN (2013) • Elmira-Corning Regional Airport-ELM (2013)

CAT 3

• Sao Paulo-Guarulhos International Airport-GRU (2014) • Toronto Pearson International Airport-GTAA (2008)

(12)

(13)

(14)

IT Considerations

•

Infrastructure

•

Failover, UAT, Retention/Backups, Server Administration, Certificates (SSL)

•

Network

•

Firewalls, Access between SAFE and PACS, VPN(s)

•

Peripherals / Badging Workstations

•

Spares, Troubleshooting, Admin rights, Workstation Standards

•

Implementation, Administration & Upgrades

•

Integrations, Testing, Promotion to Production, New Integrations,

(15)

PACS 1-n _{Local Training}

SSI / manual Livescan Identix / Morpho CrossMatch Term 1 Term 2 International Identix / Morpho Crossmatch DACS STA / CHRC CBP FIREWALL SOC Aviation Security Comm. Airfield Operations Parking

SAFE Authorized Signatory Portal Paperless Applicants, Renewals, Audits

Public Internet SSL 30 day badge expiration, Background check clearance complete, Violations, etc. Email notifications VPN Authenticate Paper Forms Review Financials Encode & Print Smartcards Verify Fingerprint Manage Visitors Photo Capture Print Badge Input Fingerprint

SAFE Credentialing Stations Web Based – All common browsers

supported

PeripheralSupport - printers, biometrics, cameras, document

scanners, DL readers

(16)

SAFE for Aviation – Procurement Options

Capital Expenditure Options:

•

Standard Software Perpetual License Purchase

. Quantum Secure offers catalog pricing for the

out-right purchase of software licenses, professional services and annual maintenance. This option

provides ownership rights of the software to the airport.

•

GSA Schedule

. Quantum Secure SAFE for Aviation can be purchased off GSA Schedule 70 and 84

allowing airports a cleaner path for procurement.

•

State Contracts (ex. TEXMASS)

•

AIP/Federal Grants and Funds

. Quantum Secure SAFE for Aviation can be purchased using federal

grants and funds.

Operating Expenditure Options:

•

Subscription Model.

This option wraps software licenses, professional services and maintenance in

the monthly subscription price (could include additional services per month for tuning/changes).

•

NEW: Pay As You Go Model

. Pricing based on size of customer and projected transaction amounts;

cost per transaction and length of contract are determined by airport id count and transaction

count.

(17)

Comprehensive management of fees and billing rules for companies and all interactions and transactions SAFE for Aviation is part of; can be integrated with Airport Financials Systems/Dept. and Point of Sale CC payment processing

Manages permit issuance, parking, audits, and vehicle details for land side and airside vehicles associated with companies and their workers

Issue, track, audit metal keys and other access/security assigned assets

Allows flagging of any persons of interest across your environment by allowing your teams to indicate people at risk as well as incorporation of TSA No Fly / Selectee lists for comparisons

Permits authorized personnel to issue

citations and manage them compliant to your airport Rules and Regulations; utilizes

Authorized Signatory Portal

Robust business information, trend analysis and dash boarding tools

Configurable appointment scheduling for use by Authorized Signatories and

Applicants/Badge holders

Supporting user interactions using all common type mobile devices – iPhone/Android for convenience - notifications, infraction issuance, etc.

Physical Security Information Management (PSIM) integration that allows data exchange between SAFE and PSIM systems like NICE, Proximex and VidSys through web services

Web-based solution for visitor

pre-registration, visitor check-in/check-out and badge printing functions; integrates with different peripherals for streamlining and automation

Optional SAFE for Aviation Modules

SAFE Financial Manager SAFE Asset Manager SAFE Infractions Manager SAFE Appointment Scheduler SAFE Vehicle Manager SAFE Watchlist Manager SAFE Analytics for Aviation SAFE Mobile Applications SAFE Visitor Manager SAFE Identity & Event

(18)

SAFE for Aviation Peripherals

Modern, inexpensive cameras; utilize “Face Finder” technology to ensure ease of

getting the photo right

High-speed, multi-page and single-page scanners enable rapid capture of breeder and

other documents into the SAFE for Aviation document management repository

Used for receipt of badge, acknowledgement of terms and conditions, etc.; allows

storage of signature within badge holder record for future comparisons

Supports use at biometric access points (ANSI 378) as well as authentication of

individuals at touch points in your airport including citations, training, badging office,

etc.

Eliminate paper by displaying and retrieving acknowledgement for forms like

Disqualifying Crimes, Privacy Act, Terms & Conditions, etc.

Verify authenticity of scanned document (US & Intl.) and provide risk score on

authenticity while capturing data and image of standard document for direct use in

SAFE for Aviation

Photo Capture Document Scanning Electronic Signature Fingerprint Biometric Touch Screen Tablet ID Verification

(19)

SAFE Integration Framework

•

Provides the foundation for bi-directional data exchange with integrated systems

•

Out-of-the-box agents for more than 50 PACS and other systems like HR, IDM, ERP,

LDAP, Background Check, Training, Mass Notification, Biometrics etc.

About SAFE Agent

• Built-in publish/subscribe functionality

• Real-time and event-based processing

• Guaranteed message delivery

• Conflict and acknowledgment processes

• Message translator and normalizer

• Schema and Security Configuration Download Manager

• Pre-built system specific data model, i.e. PACS, IDM

(20)

SAFE Policy Editor

•

Provides the ability to centrally define security policy rules and workflows

•

Patented graphical tool allows easy flowcharting of a security policy rule

•

Includes pre-defined policies for TSA compliance, badging and other operations

Policy Automation in SAFE

•

Microsoft Visio based interface

•

Drag-and-drop and link “live

objects” to create schematic

representation of a policy

•

System automatically converts

the drawing into rule set for

the underlying systems

•

Includes out-of-the-box rules

based on proven best practices

(21)

SAFE Deployment – GTAA

•Canada’s biggest & busiest airport •Handling 30 million+ passengers/year •80,000 identities under management

•Pass/Permit Control Office (PPCO) administers 33,000 active personnel •Serves 175 clients/day (over 43,000

per year)

Background:

•Reduce long processing times •Improve customer service

•Eliminate loss of newly hired workers (tenant employees) due to lengthy badging process

•Increase security compliance

•Improve ability and reduce costs of enforcing consistent security controls •Automate manual processes

•Reduce time to obtain a PPCO appointment

Requirements:

•Time for on-boarding IDs went from 577 min down to 72 min •Price per ID processing went from $49/card to $35/card

•Average wait times reduced from 560 minutes to 20 minutes, a 96% reduction •Faster processing = better client service

•Single-source data = high physical security controls •Reliable reporting = effective business operations

(22)

SAFE Deployment – San Francisco International

•Category X airport that handles over 40-million passengers each year •Tenth largest in the United States and one of the world’s 30-busiest airports

•Multiple departments within the airport – Aviation Security, Airfield Operations, Security Operations Center etc.

Background:

•Management of entire badging process

•A system that could work across multiple departments and systems within the airport •Automating manual processes related to background checks, access credential issuance

and access privilege assignment

•Issuance of multi-technology, highly secure badges for use with multiple PACS and biometric access devices

•Provisioning of biographic and biometric information onto the badge contact-less chip •Dynamically driven enrollment processes appropriate to each applicant

•Electronic, workflow-driven processes for assignment of metal keys and other access devices to identities

•Integration with computer-based training systems for real-time validation of training credentials

Requirements:

•Streamlined security operations •Improved level of customer services •Simplification of compliance needs

•Real-time compliance with current TSA security directives •Reduction in data entry errors

•Optimization of the management of TSA-regulated badging processes SAFE Benefits:

(23)

SAFE Deployment – Aspen Airport

• County-owned public-use airport

• 44,000 square foot single-floor terminal facility, including six rental car operations, a year-round guest services operation, a restaurant and gift shop concessions.

• Largely seasonal employee base and a small airport badging staff Background:

• Simplified provisioning of all personnel into their airport identity management system

• Seamless integration of disparate biometric devices into one user interface • Incorporation of Biometric Airport Security Identification Consortium

(BASIC) practices

• Manage the issuance of pre-encoded proximity cards for different types of badge layouts

• Integration with centralized billing system

• Provide central repository for capturing, storing and managing documents Requirements:

• Streamlined security operations • Huge reductions in operating costs

• Future-proofing of the physical security infrastructure • Simplification of badging operations through automation • Reliable and accurate reporting on pass office operations • Real-time compliance with the TSA security directives SAFE Benefits: