SAFLINK provides technology for “doorway to desktop” authentication
07 January, 2005
category: Biometrics, Corporate, Digital ID, Government, Library
Bolstered by its involvement in several U.S. projects, including the Department of Defense’s Common Access Card and the massive TWIC program, SAFLINK, a 14-year-old Bellevue, Washington company, is evolving from simple network authentication to technology covering both physical and logical access.
“We’ve gone thru an evolution over the last couple years,” said Tom Doggett, SAFLINK’s marketing director. “Up until two years ago we focused on network authentication.” It’s that and more now. “We wanted to be a middleware company by making sure it all ties together properly, allowing the end user to plug in an entire solution rather than cobble together various pieces.”
He added: “The value we supply is subject matter expertise. We do not use any proprietary solutions. Our middleware is open architecture.”
SAFLINK will evaluate a customer’s scenario and install what the company thinks is best for the client. “We can do RF cards, smart cards, a huge variety of biometrics–fingerprint, voice, iris, facial. If someone wanted handwriting recognition, we could do that pretty easily too.”
But its bread and butter has been with the U.S. government. SAFLINK has been involved in the US-VISIT program and the Department of Defense’s Common Access Card (CAC) through a company SAFLINK purchased last year, Litronic. “Our Merger with Litronic now allows us to provide secure access through a smart card form factor,” said Mr. Doggett. “for a number of security scenarios, including physical, network, and application integration.”
CAC was one of first projects shooting for a “single global smart card point of authentication,” said Mr. Doggett. “We are very much involved in the various testing scenarios. Another program is US-VISIT. We were on the team, led by Accenture, that pursued and won that contract. Even though it’s a passport, it will likely use a similar technology, a microchip just like in a smart card, that will verify a person’s identity.”
Public sector focus
The company’s focus on its public sector initiatives is evident in one recent hiring and one appointment to its board of directors. Jeffrey Affuso was recently named president of SAFLINK’s Public Sector Division. Mr. Affuso, who reports to the company’s president and CEO, Glenn Argenbright, served as a senior vice president at CACI, a $1 billion systems integrator. In October, Frank J. Cilluffo, former special assistant to the President for Homeland Security, was appointed to SAFLINK’s board. During his White House tenure, Mr. Cilluffo was a principal advisor to Homeland Security Secretary Tom Ridge and directed the President’s Homeland Security Advisory Council.
“Our board is participating pretty highly because it can make connections for us outside the company. We have people who know who the key players are. We rely on them to help broaden our visibility and ultimately secure additional revenue,” said Mr. Doggett. “Homeland security initiatives are complex, political projects–because of the level of public interest in keeping our country safe. It’s critical that SAFLINK has people who understand all these moving parts.”
Another way SAFLINK is staying competitive is acquiring companies that can help it meet its goals. Litronic, a wholly-owned subsidiary of SAFLINK, is one example. It is a provider of secure identity management and information assurance products for both the government and the commercial sectors, offering protection for applications such as e-mail, instant messaging, web transactions, and individual files.
A year earlier, SAFLINK bought Biometrics Solutions Group, Charleston, South Carolina, a physical access control company. “We wanted physical access capabilities because of our involvement with CAC,” said Mr. Doggett. That purchase allowed SAFLINK to add a suite of physical access biometric products and technologies to its existing logical access products and solutions for network access.
Working with the TWIC program
SAFLINK’s latest government job is part of another large project, the U.S. Transportation Worker Identification Credential (TWIC) run by the Transportation Security Administration (TSA).
“This is a very exciting time for us,” added Matt Shannon, director of public sector sales from SAFLINK’s Reston, Virginia office. “I led the team supporting BearingPoint in their efforts to secure that contract. We’re very proud of our role.”
Added Mr. Doggett: “Our involvement there (TWIC) is the best example of the multi-application use of our technology. We believe that we will provide a large percentage of the biometrics part of the project,” he added.
“On Nov. 17, you had the first prototype deployment in California. You can see truckers entering the facility using a smart card for physical access and a reader supplied by us. The long-term version is likely to use a smart card for physical and network access. Right now, it’s designed to primarily test perimeter access,” said Mr. Doggett.
With TWIC, SAFLINK is “architect of the middleware that allows the biometric security on the card to operate. Basically, it uses a fingerprint scanner to verify a person’s identity. You insert the card into the reader. The card has both contact and contactless capability and the fingerprint can be on both parts,” said Mr. Doggett.
“The applicant will go to a TWIC portal (online) and begin the pre-enrollment phase. He, or she, then goes to an issuance center, where he has to provide a couple of IDs. His info is checked to make sure he’s authorized to get a card. Fingerprints are taken which are converted to electronic templates for use by the card. The enrollment center then issues a smart card by transferring those fingerprint credentials and a photo to the card. It is not designed to gather personal information. The best part is that this type of system actually protects an individual’s identity – if someone were to steal the template, they couldn’t do anything with it; it’s useless outside that one scenario. Then he (the applicant) goes back to pick up the card. Again he must verify who he is. He then takes the card to the facility. TSA is not handling all the security; it is just providing the mechanism. It is up to the individual facility to see if that person can access the facility.”
What’s SAFLINK’s role? “Basically once the smart card is issued; every time a person accesses the facility, our software analyzes the live finger scan against the template that exists on the card or on the server, there has to be a match or no match.” Then, said Mr. Doggett, other software kicks in to govern access control. “We provide the access control to determine whether the person can enter.”
Validation of the company’s approach
“We take great pride in our involvement in Federal government programs such as this one,” said Mr. Affuso. “We believe that the TWIC program, when fully deployed, could substantially reduce the possibility of unauthorized individuals and groups gaining access to critical soft and hard targets. It feels good knowing that our technology could play a significant part in securing our nation’s transportation system.”
Added company CEO Mr. Argenbright: “This is a major initiative, ultimately designed to provide enhanced security to millions of transportation workers. We believe this program could have a strong positive impact on our business moving forward, and we will reinforce our vision and leadership in the security space. We believe the solution the federal market is asking for is an excellent match with SAFLINK’s strategy and direction. We see our role in this program as further validation of our approach to security and authentication.”
As Mr. Doggett says, federal projects “are a disproportionate amount” of SAFLINK’s business. But the company is also involved with the private sector too: hospitals seeking to comply with federal privacy regulations and financial services, which have to maintain a level of security for their customer’s financial data.
Two of SAFLINK’s products include SAFpassage, designed to provide secure, auditable, and scalable physical access control, and SAFcard, which allows enterprises to increase security by adding strong authentication technology to existing premises security systems and replacing PINs or pass code.
Visit SAFLINK on the web at www.SAFLINK.com.