[Federal Register Volume 72, Number 51 (Friday, March 16, 2007)]
[Notices]
[Pages 12626-12627]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 07-1305]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Coast Guard

[USCG-2007-27415]


Transportation Worker Identity Credential (TWIC) Biometric Reader 
Specification and TWIC Contactless Smart Card Application

AGENCY: Coast Guard, DHS.

ACTION: Notice of availability and request for comments.

-----------------------------------------------------------------------

SUMMARY: The Coast Guard announces the availability of a draft 
Transportation Worker Identification Credential (TWIC) biometric reader 
specification and a draft TWIC contactless smart card application. 
These draft documents have been recommended to the Coast Guard by the 
National Maritime Security Advisory Committee. We request your comments 
on these draft recommended specifications, and on specific questions 
found at the end of this notice.

DATES: Comments and related material must reach the Docket Management 
Facility on or before March 30, 2007.

ADDRESSES: You may submit comments identified by Coast Guard docket 
number USCG-2007-27415 to the Docket Management Facility at the U.S. 
Department of Transportation. To avoid duplication, please use only one 
of the following methods:
    (1) Web site: http://dms.dot.gov.
    (2) Mail: Docket Management Facility, U.S. Department of 
Transportation, 400 Seventh Street SW., Washington, DC 20590-0001.
    (3) Fax: 202-493-2251.
    (4) Delivery: Room PL-401 on the Plaza level of the Nassif 
Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 
p.m., Monday through Friday, except Federal holidays. The telephone 
number is 202-366-9329.

FOR FURTHER INFORMATION CONTACT: If you have questions on this notice, 
or the recommendations referenced in it, please contact Lieutenant 
Danielle Fennelly, U.S. Coast Guard, at 202-372-1136. If you have 
questions on viewing or submitting material to the docket, call Renee 
V. Wright, Program Manager, Docket Operations, telephone 202-493-0402.

SUPPLEMENTARY INFORMATION:

Public Participation and Request for Comments

    We encourage you to submit comments and related material on the 
recommended specification and application. All comments received will 
be posted, without change, to http://dms.dot.gov and will include any 
personal information you have provided. We have an agreement with the 
Department of Transportation (DOT) to use the Docket Management 
Facility. Please see DOT's ``Privacy Act'' paragraph below.
    Submitting comments: If you submit a comment, please include your 
name and address, identify the docket number for this notice (USCG-
2007-27415), and give the reason for each comment. You may submit your 
comments and material by electronic means, mail, fax, or delivery to 
the Docket Management Facility at the address under ADDRESSES; but 
please submit your comments and material by only one means. If you 
submit them by mail or delivery, submit them in an unbound format, no 
larger than 8\1/2\ by 11 inches, suitable for copying and electronic 
filing. If you submit them by mail and would like to know that they 
reached the Facility, please enclose a stamped, self-addressed postcard 
or envelope. We will consider all comments and material received during 
the comment period.
    Viewing the comments and specifications: To view the comments and 
recommended specification and application, go to http://dms.dot.gov at 
any time, click on ``Simple Search,'' enter the last five digits of the 
docket number for this notice, and click on ``Search.'' You may also 
visit the Docket Management Facility in room PL-401 on the Plaza level 
of the Nassif Building, 400 Seventh Street SW., Washington,

[[Page 12627]]

DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal 
holidays.
    Privacy Act: Anyone can search the electronic form of all comments 
received into any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review the 
Department of Transportation's Privacy Act Statement in the Federal 
Register published on April 11, 2000 (65 FR 19477), or you may visit 
http://dms.dot.gov.

Background and Questions for Comment

    The National Maritime Security Advisory Council (NMSAC) was created 
pursuant to the Federal Advisory Committee Act, 5 U.S.C., App. 2 (FACA) 
in 2003. The membership of NMSAC, which includes 21 voting members, was 
selected to represent all viewpoints regarding maritime security 
challenges and to inform the Coast Guard of relevant maritime security 
issues. At the regular NMSAC meeting of November 14, 2006, the Coast 
Guard and the Transportation Security Administration (TSA) asked NMSAC 
to develop a contactless biometric specification for TWIC by February 
28, 2007, applying expertise from the biometric credentialing industry 
and maritime industry TWIC stakeholders. The specification was required 
to:
    a. Be non-proprietary;
    b. Incorporate appropriate security and privacy controls;
    c. Be consistent with FIPS 201-1 credential specifications;
    d. Be capable of serving as a platform for future capabilities;
    e. Be capable of supporting maritime operations; and
    f. Be easily manufactured.
    TSA and Coast Guard recommended that the task be addressed by 
dividing responsibilities to construct operational maritime 
requirements and technology specifications. We recommended that 
operational maritime requirements be developed by members of maritime 
industry and that they address credential authentication (e.g. 
authentication time and process, and alternate authentication 
procedures); durability requirements; and credential management 
procedures, including key management. We recommended that the 
technology specifications be developed with the technical expertise of 
biometric credentialing experts and address smart card, reader, and 
keying specification. The formal request from the TWIC program to NMSAC 
is available at the following URL: http://homeport.uscg.mil under 
Missions > Maritime Security > Maritime Transportation Security Act 
(MTSA) > National Maritime Security Advisory Committee (NMSAC) > TWIC 
Contactless Specification Development Working Group, and in the docket 
for this notice.
    On March 1, 2007, the Coast Guard received NMSAC's report, entitled 
``Recommendations on Developing a Contactless Biometric Specification 
for the TWIC.'' The report includes two recommended specifications. 
NMSAC expressed a strong preference for the first recommended 
specification, which does not require encryption of the cardholder's 
fingerprint template; this would permit the template to be read by a 
reader when the card is energized by a contactless reader. The second 
recommended specification provides for encryption of the fingerprint 
template, which protects the template from being read contactlessly 
unless information on the card's magnetic stripe is read by the reader 
and authorizes the release of the template. Encryption protects the 
template from being read covertly. However, if a TWIC is stolen or is 
in the hands of an unauthorized holder, encryption does not prevent the 
transfer of the template to a TWIC reader.
    Both sets of recommended specifications are available at the 
following URL: http://homeport.uscg.mil under Missions > Maritime 
Security > Maritime Transportation Security Act (MTSA) > National 
Maritime Security Advisory Committee (NMSAC) > TWIC Contactless 
Specification Development Working Group. They are also available in the 
docket for this notice.
    We invite comment on all aspects of the NMSAC recommended 
specifications, and in particular those that address the following 
questions:
    1. Should additional security measures be included in the 
specifications, such as the use of a PIN, to further minimize the 
chance that a fingerprint template from a lost or stolen credential 
could be obtained by an unauthorized individual? If so, would the 
addition of a PIN or other security measure adversely impact 
operations? Does the length of the PIN affect adverse impacts in any 
measurable way?
    2. What, if any, privacy concerns exist if the fingerprint template 
is obtained by an unauthorized individual?
    3. How would the recommended specifications impact facility and 
vessel security and operations?
    4. How would the recommended specifications impact existing 
physical access control systems?
    5. Are there alternative designs we should consider, and if so, 
what are the advantages and disadvantages of the alternative designs?
    6. How would the recommended specifications impact product, system, 
and operational costs?
    7. How quickly could the recommended specifications be incorporated 
into the design and manufacture of access control equipment?
    8. Should there be a process for identifying a Qualified Products 
List (QPL) or other equivalent regime? If so, what is the most 
efficient and effective way of creating a QPL?
    The Coast Guard and TSA will examine all comments received 
concerning NMSAC's recommended specifications and the questions above. 
We will issue a Notice in the Federal Register to explain and announce 
the selected technology specification as we proceed with the TWIC 
program, in particular, the upcoming pilot programs in which we will 
field test the use of TWIC in biometric readers in the maritime 
environment.

    Dated: March 13, 2007.
J.G. Lantz,
Director of National and International Standards, Assistant Commandant 
for Prevention.
[FR Doc. 07-1305 Filed 3-13-07; 3:40 pm]
BILLING CODE 4910-15-P