Trial and Error

Finding the right biometric solution for U.S. ports

  • By Terry Wheeler
  • Feb 01, 2009

With 1.3 million workers at 3,200 port facilities and on 10,000 U.S. flagged vessels, the initial TWIC roll-out seemed like a good place to start securing U.S. transportation locations. The Transportation Security Administration is requiring all port employees to use tamper-resistant smart cards, which include encrypted magnetic stripes, bar codes, and contact and contactless technologies.

However, the goal of getting all ports up to speed by April 15 is proving to be a Herculean task that TSA, its contractors, the Coast Guard and the individual port operators are all working extremely hard to meet. Some ports have achieved TWIC compliance on schedule, and this speaks volumes about the amount of work going on behind the scenes.

Adding to this stress is the fact that the TWIC mandate calls for the use of biometric technology to verify the identity of port workers at port entrances.

Testing Fingerprint Biometrics
The implementation of the TWIC initiative has proven troublesome as it was initially based only on one form of biometric security technology: fingerprinting. During an early pilot program, TSA learned that not all biometrics technologies are created equal. Because of its popularity, fingerprint reader technology was initially tested but ultimately failed, due to its fragility in the port environment and its lag time in enrollment and throughput.

In 2006, a one-year pilot program for fingerprint readers began at the Port of New York and New Jersey, one of the nation’s busiest ports. On Oct. 31, 2007, after the pilot program had concluded, a hearing on TWIC and homeland security was held in front of the U.S. House of Representatives Committee on Homeland Security.

In a statement that was read before the committee, Bethann Rooney, port security manager for the Port of New York and New Jersey, said, “In the outdoor environment, we experienced a false rejection rate of 9.5 percent as opposed to 1 percent that is called for in the TWIC specifications. We also experienced an average transaction time of six seconds, which is twice as long as the maximum transaction time that is required in the maritime industry.

“Our experience with this project clearly indicates that fingerprint biometric technology simply does not perform as well as advertised in an outdoor environment.”

Port of Halifax
The Port of Halifax is the world’s second largest ice-free port and a key transportation hub that serves as Canada’s east-coast connection to worldwide trade. With security issues being a top priority, in August 2007, the Port of Halifax deployed vascular biometrics technology, which uses patented recognition algorithms to capture and encrypt individuals’ unique vascular patterns on the back of the human hand.

The port found that VPR technology provided the highest degree in system security and speed. When compared with previous biometric technology (fingerprint, iris scanning or hand geometry), vascular biometrics is both accurate and foolproof, making it ideal for entry management and workforce time and attendance. It also is easily integrated into current, legacy and future TCP/IPbased systems.

The Results
The fingerprint reader pilot program uncovered the following key issues.

Port access. Key to the survival of a port is the amount of traffic that can enter and exit a port quickly and easily. Fingerprint readers can take up to 10 seconds to authenticate and verify the card holder. This, combined with the number of false rejections inherent to the technology, can create epic traffic holdups.

Port environments. Ports are not the cleanest places in the world. Their location near the water causes dirt and grime to collect on port workers’ hands, obscuring fingerprints and making a fingerprint scanner’s job a lot harder. Wash stations and hand sanitizers, installed near the readers, have been suggested as a solution. But this not only creates a bottleneck at the reader, there also would be an added cost to install and maintain.

Weather. Fingerprint reader technology is often affected by cold or dry skin and has a hard time surviving typical climatic conditions in a port environment. In her statement to the U.S. House of Representatives Committee on Homeland Security, Rooney said, “[D]espite manufacturers’ published environmental requirements, biometric [fingerprint] reader performance suffered greatly in both the rain and severe cold, and 71 percent of the readers needed to be replaced within a year due to hardware and display failures.”

At the same time, two other North American ports installed vascular readers, which excelled in security protocol and adaptability. The technology overcame many of the obstacles that thwarted fingerprint readers.

A New Method
Clearly, if the TWIC mandate states there has to be a biometric solution in place at the ports, fingerprint readers cannot be the only solution. This begs the question as to why fingerprint readers were initially tested.

The answer lies with the TWIC card enrollment process. To obtain a TWIC card, a port worker must go to a TWIC enrollment center and be fingerprinted for an FBI background check. After six to eight weeks, the worker is cleared and can pick up the TWIC card.

The initial idea was that since the worker needs to get fingerprinted for the background check, these prints could also be used for the biometric solution. However, the enrollment centers are not located at the ports. Once the worker obtains the TWIC card, he or she would have to go back to the port to be enrolled in the port access control system to be recognized when they arrive at a gate or turnstile.

This system is what is known as the “continuity of trust” or “chain of trust.” However, because the worker needs to be enrolled in the port’s access control system, there is an opportunity to employ biometric solutions outside of fingerprinting at the ports.

Biometric technologies are not cookie cutter. Depending on a number of factors, such as the environment, the amount of user traffic and enrollment, one solution will succeed where another won’t. In the case of the ports, vascular readers that scan the back of the user’s hand have proven very successful in circumventing the limitations of fingerprint scanners in the same environment, due to a number of factors.

• With a verification time of around 0.1 seconds, vascular readers allow for quicker traffic throughput. Vascular readers also allow for a speedy enrollment process. In recent test conducted by TSA, a vascular reader technology enrolled five people in the time allotted by the organization to enroll one person.

• Unlike fingerprint readers, vascular readers read the back of a workers hand, which does not get as dirty as the fingers. Also, as the reader scans millimeters below the skin, the hand does not have to be clean to verify the worker’s identity.

• Vascular readers can be contained in heated outdoor enclosures that support operation while withstanding all weather conditions.

Additional Concerns
During the recent Maritime Security Expo, a panel on TWIC, called “TWIC - Does it Help? Issues and Solutions,” was held. During the panel, participants discussed issues regarding the possibility of the TWIC initiative reverting to its original mandate that all transportation workers be enrolled in the program, not just port workers. Transportation workers in this instance would include all truck drivers, bus drivers, airport workers and contractors working at these locations.

This would balloon the enrollment numbers from 1.3 million workers to several million. Concerns were cited that, for instance, a non-TWIC enrolled driver could enlist an enrolled driver to go into a port, pick up a shipment, drive out and then hand it over to the unenrolled driver, legally circumventing the security solutions put into place by the program.

Though this is a legitimate concern, if TSA is to expand this program, the process needs to be much quicker than it has been with the ports. Applying the right biometric solution will be crucial in making this implementation work and getting the nation secured faster.

This article originally appeared in the issue of .

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”