The DLR Standard

When mobile phones threaten security, it’s time to 'decellerate’

The most inefficient method of identification document authentication is the use of the DLR standard. This requires the police officer, physical security officer, security guard and/ or facility entry screener to have “Calibrated Eyeballs” (CAL-EYEs). CAL-EYE screeners are required to have, in some cases, the requisite knowledge of more than 9,000 identity documents typically used as proof of a person’s claimed identity. The screener must adhere to the DLR standard and determine document authenticity. Security postures in most organizations rely on the screener’s ability to apply the DLR standard, also known as the “Don’t-Look-Right” evaluation.

Many security professionals have used the DLR standard to conduct security operations. Personal recognition is the most accurate form of identification; use of the DLR standard is at the other end of the identification spectrum. CAL-EYE screeners must detect with consistency fraudulent identification documents, but as identification counterfeiting becomes more sophisticated, this will become an increasingly difficult task.

In 2004, Breeder Document Authentication (BDA) was chosen by the National Institute of Standards and Technology (NIST) as the recommended technology for the Federal Information Processing Standard 201 (FIPS-201) Enrollment Workstation, created in response to the Homeland Security Presidential Directive 12 (HSPD-12). BDA technology powers the credentialing of workers and employees in airports, seaports and the Coast Guard as part of the Transportation Workers Identification and Credentialing (TWIC) program. BDA technology is used for visitor management at sensitive facilities such as the departments of State, Homeland Security and the National Institutes of Health headquarters.

Most official IDs have productivity and security devices built into them. A magstripe or bar code is an example of a productivity device, which typically encodes biographic details printed on the document. Using a magstripe, bar code or combination reader, the biographic data can be quickly populated into an accompanying application. On passports and visas, the machinereadable zone (MRZ) serves a similar purpose. Comparison of the biographic data on the productivity devices with the printed information provides a minimal level of security that may be acceptable for some applications. Some additional security can be built into two-dimensional bar codes by encrypting the information on them. Fluorescent ink that glows in UV light is an example of a security device that requires a considerable amount of sophistication to reproduce correctly. A digital watermark is another example.

Today, the vast majority of people charged with inspecting identity documents—such as TSA agents, border and customs inspectors or bank officials—use manual forensic techniques to check security features that are incorporated in the document. For the examination, screeners might use specialty optical equipment or computer-attached document readers to identify the expected ultraviolet and near-infrared (NIR) properties, guilloche, optically variable device (OVD) presence, embossing, perforation, retro-reflective laminate background patterns and overlay patterns (visible, UV, NIR). However, CAL-EYEs cannot evaluate every UV property and associate the issuer’s UV to the presented credential.

Universal ID authentication. Depending on the customer’s needs, the authentication method should be able to recognize and validate all possible IDs that could be used by ID holders. For example, a border control station might need to validate passports, visas, transit cards, driver licenses, green cards, and so on from various countries, whereas a liquor store located in the heartland may only need to validate driver’s licenses for a few states.

A good automated ID authentication system should meet the following criteria:

  • It must be able to detect any type of fake ID using all possible integrity checks for the document type to ensure highest levels of confidence.
  • It must be able to accommodate minute variations in legitimate IDs, to keep false rejects to a minimum.
  • It must be fast, to enable speedy processing.
  • It must strive to eliminate false accepts.
  • It must be easy to use so that even untrained operators cannot compromise the integrity of the system.
  • It must be easily and quickly update-able so that as new IDs come into play, the system will continue to function without work stoppage or an overhaul.

The notion of universality, such as the ability to perform a variety of tests on sundry document types, is especially important. Different jurisdictions produce IDs with different security and productivity devices. A system that can read only smart cards, for example, will serve a singular purpose of validating IDs with those devices quite well; however, considering that smart cards are not universally used, there would be a need

Another example is a system for checking digital watermarks, which are sophisticated and hard-to-reproduce security devices. If you have a system that can validate the integrity of digital watermarks, it is clearly a secure system; however, it may not serve the purpose of universal ID authentication too well, because there are only a limited number of jurisdictions that use digital watermarks.

The government’s Office of Government-wide product evaluation criteria document states the FIPS 201-1 requirement for identity proofing of applicants:

1.1-15 During identity proofing, the applicant shall be required to provide two forms of identity source documents in original form. The identity source documents must come from the list of acceptable documents included in Form I-9, OMB No. 1115-0136, Employment Eligibility Verification. At least one document shall be a valid State or Federal government-issued picture ID. Reference: FIPS 201, Section 2.2 PIV Identity Proofing and Registration Requirements.

To authenticate an ID, you first need to determine precisely what type of document you are examining. For example, just knowing that you’re looking at a U.S. passport is not sufficient. You need to know what series, what year and place of issue, possibly even the issue date and more, depending on the document. This is not only because the format of the document itself may differ from series to series, but also because there could be minute variations in the document, depending on a variety of human factors such as place issued, place and time printed and wearand- tear. For example, with U.S. driver licenses, there are many centers that issue IDs and, depending on when and where the license was issued, there could be minor and sometimes not-sominor variations in document quality.

In fact, in one state, all licenses issued over a three-month period from a particular office were printed using an ink that did not have the appropriate near-infrared response. A good ID authentication system should be able to detect all variations and account for them appropriately so that the percentage of false rejects is kept to a minimum while also not increasing the possibility of false accepts.

The government has expended enormous resources designing strong visual topographical attributes of the PIV card to comply with the DLR Standard. Agencies and organizations require the use of the DLR standard instead of a technological solution. The convergence imperative requires that we use IT to support our physical security officers and screeners. Therefore, the use of the DLR standard must be rescinded. Senior security officers must migrate to BDA technology.

This article originally appeared in the February 2012 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.