Delaware Port Links TWIC to PACS with Middleware Integration

| 0 Comments | 0 TrackBacks

Page:   1   2  Next  »

Case Study: Port of Wilmington, Delaware, Keeps Timely Tabs on TWIC Validity with PIVCheck Plus by Codebench and Honeywell Pro-Watch Integration

Updated July 1, 2010

The Port of Wilmington, Delaware, leads the nation's ports in several categories: it's the number one port in North America for imports of fresh fruit, bananas, and orange juice concentrate. With approximately 800,000 square feet of chilled and freezer storage space available, plus 16,000 square feet of controlled atmosphere capability, it ranks as the nation's largest dockside cold storage facility. It's also the first and busiest port on the Delaware River, handling more than 4 million tons of cargo annually, including cattle, petroleum, autos and more, in addition to fruit.

The Port of Wilmington claims another first: In October 2007, it became the first port to introduce the Transportation Worker Identification Credential (TWIC). That's the smart credential mandated by the Maritime Transportation Security Act. And now, Wilmington has introduced another innovation: collecting data from TWIC credentials to be stored and used by its Honeywell Pro-Watch security management system, via middleware software, called PIVCheck Plus, from Codebench. Advantech, based in Dover, Del., was the integrator.
 

Seasons and Size

Managing identities is a major task at a busy port like Wilmington, which has a normal complement of about 1500 workers from a variety of employers, including Dole Fresh Fruit Company and Chiquita Fresh North America. From December to early spring, that number grows by 600 to 700 workers on site processing shipments of grapes, plums, peaches, nectarines, apples, pears and other fruit from Chile and New Zealand.

Further, the workers are spread over 308 acres and a variety of indoor and outdoor facilities, such as 50 acres of open space for automobile storage, 250,000 feet of dry warehouse space, the cold storage facilities, seven deepwater general cargo berths, a tanker berth, a floating berth for Roll On/Roll Off (RoRo) vessels and an auto & RoRo berth. Railcar loading docks are next to terminal warehouses, and the port is easily accessible by Interstate 95, adding rail employees and truckers to the mix.

"On any given day, we'll have about 2500 people coming through the Port using TWIC cards," said Jerry Custis (pictured, below), Security Manager and Facility Security Officer (FSO) for the JCustis.jpgPort, which is owned and operated by the Diamond State Port Corporation (DSPC), a corporate entity of the state of Delaware.

As a TWIC pilot port, Wilmington has worked with the TWIC card since the program began, said Patrick Hemphill, the former security manager and FSO for the Port, who recently retired after thirty years there. Before deploying the PIVCheck software, the Port had been using the card with proximity readers, he said.

However, the Port wanted better and timely verification that TWIC cardholders were valid, to streamline registration and access management, and to regularly check TWIC credentials against the Transportation Security Administration's (TSA) hot list, said Custis.

"That's the real value of the system," he said, "being able to re-verify people's credentials at any time throughout the Port."

The PIVCheck integration with Honeywell's Pro-Watch security management system accomplishes the Port's objectives in several ways, explained John Gampp, director of system support and training for Advantech.
 
First is the enrollment and ongoing validation function. A truck driver or other individual who needs access to the port inserts his TWIC card into a reader and enters his PIN.  That unlocks the card; then, Codebench's PIVCheck Plus verifies the card's authenticity by confirming its identification number and biometric signature. Then it checks the status of the card's X.509 certificate against the TSA's Certificate Revocation List (CRL). hot list.

"The TWIC certificates are what prove the validity of the card itself," said Gampp. "In the old days, you could duplicate cards pretty easily, but these certificates make a card unique."

Page:   1   2  Next  »

Case Study: Port of Wilmington, Delaware, Keeps Timely Tabs on TWIC Validity with PIVCheck Plus by Codebench and Honeywell Pro-Watch Integration

Updated July 1, 2010

The Port of Wilmington, Delaware, leads the nation's ports in several categories: it's the number one port in North America for imports of fresh fruit, bananas, and orange juice concentrate. With approximately 800,000 square feet of chilled and freezer storage space available, plus 16,000 square feet of controlled atmosphere capability, it ranks as the nation's largest dockside cold storage facility. It's also the first and busiest port on the Delaware River, handling more than 4 million tons of cargo annually, including cattle, petroleum, autos and more, in addition to fruit.

The Port of Wilmington claims another first: In October 2007, it became the first port to introduce the Transportation Worker Identification Credential (TWIC). That's the smart credential mandated by the Maritime Transportation Security Act. And now, Wilmington has introduced another innovation: collecting data from TWIC credentials to be stored and used by its Honeywell Pro-Watch security management system, via middleware software, called PIVCheck Plus, from Codebench. Advantech, based in Dover, Del., was the integrator.
 

Seasons and Size

Managing identities is a major task at a busy port like Wilmington, which has a normal complement of about 1500 workers from a variety of employers, including Dole Fresh Fruit Company and Chiquita Fresh North America. From December to early spring, that number grows by 600 to 700 workers on site processing shipments of grapes, plums, peaches, nectarines, apples, pears and other fruit from Chile and New Zealand.

Further, the workers are spread over 308 acres and a variety of indoor and outdoor facilities, such as 50 acres of open space for automobile storage, 250,000 feet of dry warehouse space, the cold storage facilities, seven deepwater general cargo berths, a tanker berth, a floating berth for Roll On/Roll Off (RoRo) vessels and an auto & RoRo berth. Railcar loading docks are next to terminal warehouses, and the port is easily accessible by Interstate 95, adding rail employees and truckers to the mix.

"On any given day, we'll have about 2500 people coming through the Port using TWIC cards," said Jerry Custis (pictured, below), Security Manager and Facility Security Officer (FSO) for the JCustis.jpgPort, which is owned and operated by the Diamond State Port Corporation (DSPC), a corporate entity of the state of Delaware.

As a TWIC pilot port, Wilmington has worked with the TWIC card since the program began, said Patrick Hemphill, the former security manager and FSO for the Port, who recently retired after thirty years there. Before deploying the PIVCheck software, the Port had been using the card with proximity readers, he said.

However, the Port wanted better and timely verification that TWIC cardholders were valid, to streamline registration and access management, and to regularly check TWIC credentials against the Transportation Security Administration's (TSA) hot list, said Custis.

"That's the real value of the system," he said, "being able to re-verify people's credentials at any time throughout the Port."

The PIVCheck integration with Honeywell's Pro-Watch security management system accomplishes the Port's objectives in several ways, explained John Gampp, director of system support and training for Advantech.
 
First is the enrollment and ongoing validation function. A truck driver or other individual who needs access to the port inserts his TWIC card into a reader and enters his PIN.  That unlocks the card; then, Codebench's PIVCheck Plus verifies the card's authenticity by confirming its identification number and biometric signature. Then it checks the status of the card's X.509 certificate against the TSA's Certificate Revocation List (CRL). hot list.

"The TWIC certificates are what prove the validity of the card itself," said Gampp. "In the old days, you could duplicate cards pretty easily, but these certificates make a card unique."

<!--nextpage-->

From TWIC to PACS

Once the identity verification is complete, PIVCheck Plus hands off the card data it harvested to the Port's Pro-Watch access control system. The data, including cardholder name, card expiration date, photo, access level, is loaded directly via the interface, without additional keystrokes. If a cardholder is already in the Pro-Watch database, PIVCheck Plus will update the record as necessary.

Then, Pro-Watch pushes the information to all the fixed card readers across the port. Handheld mobile Datastrip DSV2+ TWIC readers running PIVCheck Mobile communicate directly with PIVCheck Plus to check a TWIC card's status.

"It takes about two or three seconds for each card to be processed," said Hemphill (pictured, below right).
PHemphill.jpg 
Collecting and storing the digital certificates from the TWIC cards in PIVCheck's database then enables the Port to schedule regular certificate status checks through PIVCheck Certificate Manager. This "caching status proxy" function now runs once daily at the Port, comparing stored certificates against the TSA CRL hotlist and revalidating and updating its data.

"In times of heightened security awareness, that could be executed several times a day," said Gampp.

If PIVCheck Certificate Manager learns a TWIC credential is on the CRL, has become hot-listed, it can suspend a card and send email alerts it has done so. Further, said Gampp, the fact that PIVCheck and Pro-Watch are integrated means Pro-Watch can push that message to all the fixed readers, while mobile devices running PIVCheck Mobile get the data direct from PIVCheck Plus. So when the holder of the revoked card tries to enter the port, or move from one area to another within the port, access is denied.

Streamlined and Seamless

"
The TWIC card is the official identification card for the Port's 300 employees," said Custis. Right now, it is a physical access credential, though the digital certificates could conceivably be used for such applications as digital signatures and encrypted email.  "As we progress, we'll start to see other ways we can utilize the card," he said.

An immediate benefit Custis noted is that having the ability to check TWIC certificate validity in real time means fixed card readers may now cover certain limited access areas very effectively, while guards may still do spot checks with mobile readers.

"It's been a seamless transition," said Hemphill, in part because of the Port's long experience testing the TWIC credential. He also praises Advantech's performance: "John [Gampp] spent hours and hours to ensure this transition was smooth for us."

Gampp's advice to other ports implementing real-time TWIC credential validation is to "do as much as you can in a test environment before you go live." He said because Advantech worked out any issues that arose in a test system, users weren't asked to enroll multiple times or face other inconveniences.

Also, even before Codebench had a contract for the job, the company worked with the Port and Advantech "to allow us to witness for ourselves that the software does work and it would suit our applications," said Gampp.

###

(Photos courtesy of the Port of Wilmington, Delware)



No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/227

Leave a comment