Smart Card Use Is Priority In FAA Security Plan

WASHINGTON--The Federal Aviation Administration has created two teams, called Go Team 31 and Go Team 51, to develop standards and mandates for airport security using smart-card, public key infrastructure, and biometric technologies. First on the FAA's list is the creation of a smart card that will be issued to all airline, airport, and FAA employees for access control in airports. Cargo shippers and food-service personnel will also receive smart cards.

Next month, the FAA will define a layout for a baseline smart card, as well as the technologies for inclusion on the smart card. The agency already has settled on Java as the programming language to be used to create the card. The FAA is examining several other technologies, such as two-dimensional bar codes, biometrics, magnetic strips, encryption and authentication, and radio-frequency transmitters.

The cards will contain an integrated circuit chip, says Phillip Loranger, chief of the FAA Access Enabling Technology Team Information Systems Security. The FAA is evaluating a 32-Mbyte chip but would prefer a 64-Mbyte chip. To make the blank card into an identification tool, an individual's photo and personal demographic data would be added to the cards in addition to some sort of biometric data, such as facial recognition, hand geometry, or fingerprint identification. Loranger doubts the FAA will recommend retinal scanning, "That technology can be good for some things, but I'm not sure it's necessary for ID verification," he said Tuesday at the Aviation Security Summit in Washington. Retinal scanning requires a huge amount of data points and takes up a lot of bandwidth and server capacity.

The FAA has yet to determine the types and locations of databases that would contain access information. For example, a local database may store access-control information for all employees at that airport. But a centralized database, which would be tougher to maintain and likely more costly, could store all information for all the airports--beneficial for cargo shippers that frequently deliver items to multiple airports.

Eventually, the technology may be rolled out to the general public. Those cards would have to be integrated with government databases that store information on known terrorists and other dangerous criminals, as well as with Interpol. One of the FAA's goals is to create an architecture that can scale to accommodate all travelers. But that won't be for quite some time: The FAA doesn't expect to fully deploy its biometric architecture until fiscal 2004.