DHS Science and Technology Directorate developing app for first responder verification
Uses external reader now but NFC in the plans
08 April, 2013
category: Government, NFC, Smart Cards
The U.S Department of Homeland Security is developing a standards-based application that will be able to validate first responders arriving to a scene using smart phones.
Homeland Security’s Science and Technology Directorate has been working on a smart phone app so that officials can verify and track first responders arriving at a scene as well as exchange attributes to make sure they have the necessary training, says Karyn Higa-Smith, program manager for Identity Management and Data Privacy Research in the Cyber Security Division of Homeland Security’s Science and Technology Directorate.
The application is being developed to enhance physical security for state and local officials so they can easily and cheaply verify first responders arriving at a scene. The Security’s Science and Technology Identity Management Testbed hosted at Johns Hopkins Applied Physics Lab has developed an app for the Android handset and currently uses a commercial off-the-shelf Bluetooth smart card reader for smart phones, such as the one from BAI mobile, Higa-Smith says.
The app can read PIV and PIV-I credentials as well as Defense Department Common Access Cards. There have also been some discussions with seaports security to use the solution for reading Transportation Worker Identification Credentials.
Homeland Security is also looking to take advantage of handsets that have near field communication built in. It’s possible the handsets will provide an inclusive access control tool for the officials to be able to read, authenticate, and verify authorization of the individuals without any additional reader, says Higa-Smith.
As smart cards and smart phone usages increased, first responders are seeking solutions leveraging existing tools and there are a number of companies selling readers to verify the credentials. Theses readers are expensive but using existing smart phones with this solution brings the price down considerably.
The standards-based solution has been tested with Chester County, Pa. and West Virginia, says Higa-Smith. FEMA is also using the Android app. Some of the jurisdictions have been using handhelds from a company that has since gone out of business, which is why the Science and Technology Directorate is seeking to provide the standards for multiple smart phone platforms.
Higa-Smith is also meeting with Apple seeking to work with S&T and develop a solution for iOS mobile products based on the standards.
The solution was presented at the 2013 RSA conference in February, more information available here.
What’s next?
The app for Android is still under development but will be available as an open-source/freeware on the app store by this summer.
Others interested in the solution:
* State and locals: Virginia, Southwest Texas, Colorado, Rhode Island
* Federal: parking lot security at the Social Security Administration, physical location security at the FAA, and Law Enforcement Flying Armed security (TSA)
Standards details:
The Science and Technology Directorate developed a standard based attribute exchange mechanism which was transitioned to the Federal Identity, Credential and Access Management Subcommittee called the BAE SAML 2.0 profile. The SPML 2.0 read-only profile was developed for mobile devices and this solution was developed for the FEMA requirement in a comms out environment. The protocol is subject to transition to FICAM for government-wide adoption, similar to the BAE.
