- Posted in News
- August 11, 2011
At Access Automation & Controls, we can provide you with the card readers and access control hardware needed to satisfy your potential client’s security needs by utilizing the TWIC cards that their employees already have and to meet the security requirements required by the US Coast Guard. We also provide training and project coordination with project managers to insure the successful communication of all required data and specifications. So, what is TWIC you may ask?
TWIC, of course, is an acronym. It stands for: Transportation Worker Identification Credential. But, what is it? What does TWIC have to do with perimeter security? Well, if your potential client maintains a facility with a Maritime Security (MARSEC) level from the US Coast Guard, TWIC has everything to do with the perimeter security of their facility. MARSEC levels apply to any US Coast Guard regulated facility inside the US, and are consistent with the Department of Homeland Security’s HSAS (Homeland Security Advisory System).
Don’t be alarmed, after all the acronyms we only need be concerned with the facility’s MARSEC level. There are 3 levels of security based on the current maritime vessel threat level with Level 1 being the level of least security. TSA identifies four modes of authentication configuration. TSA does not require that a TWIC card reader system be capable of all four modes at once, only that the system be capable of being configured for all four modes based on the facility’s security needs. Basically, the TWIC card reading system must be able to meet the facility’s security concerns during the design phase based on one of the four authentication modes described in the TWIC Reader Hardware And Card Application Specification.
For the purposes of this article – mode 2, Active Card Authentication, will be the model used to design an access control system. TSA’s application specification defines mode 2 as :
Provides single factor authentication at the same level of security as for a PIV Card Authentication operation. The FASC-N and expiration date are present in the Card Authentication certificate which obviates the need to read the CHUID.
To clarify, FASC-N is the Federal Agency Smart Credential Number, and CHUID is the Card Holder Unique Identifier. You need not concern yourself with learning these acronyms, but knowing their definitions will definitely put you ahead of the curve with your competitors. The FASC-N is basically the card number of a TWIC contact-less proximity card and we will just refer to it as the credential number. PIV is simply an acronym for Personal Identity Verification. Basically, a card reader system.
We utilize the proximity portion of the TWIC card with a FIPS 201 Compliant card reader. When a user presents his/her TWIC card to the reader, the reader initiates a two way authentication process with the card. If the TWIC card recognizes the reader as FIPS compliant it will begin to send its stored proximity data. To add perspective; a standard – run of the mill proximity card has 26 bits of weigand data stored within it, and it will send its data whenever it is activated by a card reader without any authentication. A TWIC card has 75 bits of weigand stored data and will only transmit its data after a successful authentication session with a compliant reader.
Unfortunately, 75 bits of weigand data exceeds the capacity that most of the current access control panels can effectively process. But, all is not lost. Many manufacturers are able to process the 75 bit data very well and we at AA&C Group have mastered the ability to decipher the bit stream and pull the unique credential number from TWIC cards. Contact any one of us here at (800) 972-8866 and we will be more than happy to answer all of your questions regarding this seemingly confusing segment of our industry.
Faron Michael Ard