Secure Pre-Pass is a bolt-on addition to AIE and/or DBIDS specifically designed to implement an on-the-move express lane to improve vehicle throughput. Regular lanes use existing AIE or DBIDS with potential for additional automation.
- Pre-Pass reuses AIE or DBIDS enrollment information and needs, at minimum, only the ID number and face photo although it can use other existing information.
- Pre-Pass re-uses the thorough, sophisticated, and effective vetting mechanisms from AIE or DBIDS
- Pre-Pass offers the potential of augmenting and coordinating access for compounds, buildings, rooms, and meetings so that one pass might work for all of those.
Yes. The Pre-Pass app supports multiple passes. You can get passes for multiple locations and delete any pass you don’t need.
Passes are valid for a limited time window which is set by the installation’s policy. It might be minutes, hours, days, weeks, or months and can be changed in response to evolving threat conditions. If the valid time window is small, you can specify an ETA when requesting pass. The installation can also set time-of-day or type-of-person restrictions to adapt for specific security needs. With the Pre-Pass app, users can manage their passes and receive security alerts.
That’s not a good idea. RFID that can be read at a distance is not secure for identity verification because anyone with the right equipment can copy your RFID and impersonate you. In Pre-Pass, the RFID is used as a claim of identity that is then verified by checking for a corresponding pass. In Pre-Pass, RFID is not an authentication factor used for identity verification. For AIE Next, the RFID is not an authentication factor and will not, by itself, permit entry.
Unlike vehicle RFID, the low-frequency RFID tags and cards used for building access can’t be read beyond an inch or, and so, those are a bit harder to covertly read, but they are also easy to copy. One way for an attacker to copy lots of tags is to install their own reader near a valid reader, but there are other methods too, so RFID is not that secure even for buildings.
For pedestrians, Pre-Pass uses a QR code on your phone. Since you are the only one who has your phone, if you don’t show the QR code to anyone else, it’s not possible for anyone else to make a copy and impersonate you.
You can use Pre-Pass with any device that has a web browser, so a tablet or laptop computer would also work. A phone is very convenient because you have it with you nearly all the time, and it has connectivity wherever you go.
No. The phone itself should require access control to use, but if not, another person who finds or steals it does not have all the authentication factors used in Pre-Pass. If a user loses control of their phone or other Pre-Pass device, they should report that and all of their passes will be deleted. If the user later finds their phone, they can get new passes. Otherwise, whenever a user gets a new phone, they re-enroll, making the previous enrollment worthless.
No, we don’t think so. NIST Special Publication 800-63B identifies requirements for digital identity verification, and some kind of authenticator is required. AIE Next aims for Authenticator Assurance Level 3 which is a high bar. A phone can be a good authenticator and is likely to be the only affordable solution. We are currently re-engineering Pre-Pass to achieve AAL3—it is currently AAL2.
At minimum, Pre-Pass needs ID card numbers (or other database key to the person) and a face photo of the person. If other metadata is desired, perhaps for display on the guard’s workstation, then Pre-Pass also needs that data, for example name, rank, personnel type, etc.
For vehicle access, Pre-Pass uses RFID as a claim of the driver’s identity, basically linking the RFID code to the driver’s ID card number, so a computer is required at each lane that is connected to an RFID reader and antenna. The lane computer must be connected to a network because it also receives passes from the server. The lane computer also issues control signals to access control equipment such as traffic lights and boom gates. Some infrastructure may already be available like electrical power, a network, and access control equipment, but most new express lanes will need a lane computer and RFID.
Key aspects of Secure Pre-Pass are covered by issued patents and other aspects are covered in patents pending. That does not mean that Pre-Pass is an expensive solution, only that it cannot be implemented or used by other parties without paying a royalty fee—we are happy to license the technology for those who prefer their own implementation. We also want to make sure the Government requires an open architecture without which innovation is difficult. Protecting our ideas means that we can provide useful components that abide by interfaces the Government establishes.
Having protected our ideas, we’re happy to share all technical details with the Government and industry partners, something we could easily do if we only depended on trade secrets.