Identity assurance through biometrics at Heathrow

Through their SmartS Initiative, the International Air Transport Association (IATA) and Airports Council International (ACI) have proposed a vision of an improved experience for a passenger’s journey through the airport that doesn’t compromise security. The checkpoint of the future, they say, offers risk-based assessment of passengers with less visible interference in the security process.

Many articles on this topic focus on ‘seamless travel’, where all checkpoints are linked so that passengers can move freely though the airport based on a single security check captured either when they first arrive at the airport or when they pass through immigration.

Passengers, airlines and airports alike are embracing self-service. This is evidenced by the growth of online services with the airlines and the substantial investment on self-service gates, or e-gates, for both arrivals and departures. Much is expected of the upcoming experiment in Aruba for the so called ‘Happy Flow’¹, whereby when a passenger checks in, their e-passport will be validated and either a photo of their face, an iris scan or their fingerprints will be collected and used as the identifier at all other checkpoints, meaning the passenger will not have to show their boarding pass or passport at multiple stages of the journey. There is hope that this will form the basis of future implementations that enable full self-service channels through the airport.

In all cases, biometrics are seen as a key enabler to the delivery of this future vision. In this article we will review the current state of implementations using this technology and look at key issues that remain to be resolved, few of which are actually waiting on the technology to advance. 

Can the technology work?

Ten years ago biometric technology promised significant improvements in the way in which security can be managed in airports. Perhaps the original marketing was ahead of the true capability, but it is fair to say that current biometric recognition can now claim to be ready to enable a full self-service passage through departures and arrivals.

Significant implementations of the core components of the required solution have been operational for some time. These include:

• Self-service immigration gates are now common in parts of Europe, the Middle and Far East, some using multiple levels of biometric recognition
• Biometric recognition has been successfully implemented at both London Heathrow and Gatwick Airports for the past two years and has processed millions of passengers. These systems act to prevent passengers swapping boarding cards while airside, ensuring that only passengers given authority to fly on a domestic departure can do so. Facial recognition is used at Heathrow with iris recognition used at Gatwick, demonstrating that two different approaches can be used to solve the same problem. It is important to note that these systems show that single use biometric systems (i.e. no data is retained after the aircraft has landed safely) can be used with mass transit populations and that registration prior to arrival at the airport is not required
• The airports have extended this capability to demonstrate that self-boarding works, capturing an enrolment during the check-in process and then validating the passenger through a self-service e-gate at the boarding gate. Trials with South African Airways using facial recognition have demonstrated that the system would be operationally effective.

These implementations confirm that a passenger’s identity can be captured or ‘enrolled’ and then linked to a token such as a bar-coded boarding pass; enabling validation of ownership of the token in later check-points.

Work has gone further in trials working with IATA which showed that identity can be established based on a comparison of the digital image encoded on new e-passports with a live image of the person presenting the passport. This completes a key requirement in the chain for a fully ‘unsupervised’ channel through the departure process as it meets the need to check photographic identity which is currently managed via an agent.

Information management service provider, ARINC, also announced earlier this year, a development of enhancements that enable biometric devices to operate on the common use platform by many airlines. This means that the objective of seamless behaviour between airport and airline system is already a reality.

It is worth noting that document checks remain to be fully covered in this self-service process, particularly where a visa check is required to be performed by the airline. Some opportunities exist for governments that issue electronic visas that are often registered with a fingerprint biometric. The inclusion of a fingerprint check, which is the most widely deployed biometric recognition approach if one considers all industries, increases the potential population of passengers that could be managed via a fully self-service channel.

It is the question of supervision that remains to be fully resolved in the departure process. We mentioned self-service immigration checks earlier as an example of real world systems that are already deployed and processing millions of passengers. It is important to note that these systems are all monitored and/or supervised and are not making fully autonomous decisions. An immigration officer is always on hand to step in if there is any cause for concern. Whether we can move the management of departures to a fully unsupervised and automated approach is one of the key areas that remains to be determined.

Issues with unsupervised ID checks

The introduction of a machine as the principle means to establish the identity of a passenger has been met with a good deal of concern. The current approach taken at immigration where any machine validating passengers’ identities must be overseen suggests that there is a level of distrust.

This perhaps arises from the assessment approach applied to the measurement of the performance of biometric systems in general. This approach revolves around the concept of mathematical curves which describe false acceptance (incorrectly validating a passenger’s identity) and false rejection (failing to successfully identify a passenger) rates against standardised databases. The primary concern is the prospect of the machine making a mistake especially in the case of false acceptance i.e. allowing someone to proceed when they should not be allowed. Simplistically put, there is a view that the machine cannot be allowed to get it wrong, ever.

It is for this reason, perhaps, that the connection of data captured at immigration for re-use on subsequent departure has been suggested in certain quarters. This would allow a supervised identity check to be used for biometric recognition during departure without actually having to perform this as part of the departure process.

There are issues with this approach, however, as it revolves around the retention of personal data which will either require an opt-in request or a change to the terms of travel. In addition, whilst biometric capability has demonstrated its ability as outlined above, if a search across all enrolled people is envisaged then the levels of certainty that can be achieved may fall below the required thresholds. Search will always, mathematically speaking, be a less certain method than one-to-one assessments made from enrolments linked to a bar-coded boarding pass or other token.

Improving the security model

It is not clear how these issues will be overcome but this shouldn’t be seen as an impediment to the implementation of a working system. However, to achieve this, a different paradigm to assess performance will be needed. Indeed we believe that this will provide a more capable system than the one that operates today. In order for this to be achieved a change to the success criteria applied to the technology needs to occur – we need to move to a regime that compares performance to the current approach.

The current approach requires an agent to perform a visual inspection of photographic identity. Humans are very good at assessing behaviour irregularity but quickly become bored when faced with a repetitive task, such as comparing faces. Indeed we have seen that these checks are not without error, with recent reports indicating that people have managed to travel using other people’s documents or indeed false passports.

The performance of biometric recognition has key advantages. The system is always consistent in its ability to validate the identities of passengers and can be tuned by each airport to deliver the required security level. This leads to a red/amber/green type approach that can improve the current security levels as follows. Biometric recognition is used and:

1. A high level of certainty of match is obtained: a green result. The passenger proceeds to self-service
2. An uncertain result is obtained: an amber result. This can arise because of a change of appearance of a person during the lifetime of the passport. The passenger is directed to an agent to make a judgement on the identity
3. A result is obtained which indicates that the passenger is definitely not the same person: a red result. The passenger is directed to an agent who can be alerted to a potential fraud.

These checks can also be supported by automated assessment of the passport document to check the security features and highlight fraudulent documents.

Rather than having an agent checking every passenger and passport, why not have the machine process the majority and use its failure to validate a passenger against an identity document as the trigger for a human officer to become involved?

Such failures can often be indicators of potential fraud or error and by having the machine perform the repetitive action at a consistent degree of accuracy, and only involving a human check by exception, the agent will perform more effectively as they will be fresh and alert. Given the right assessment regime I believe this would offer an improved security model. 

Conclusion

The future passenger experience is a central part of innovation roadmaps for both airports and airlines. Biometrics will form a key part of this future vision and the technology is ready to support it, so long as we assess the approach realistically. A fully self-service passenger experience is possible, but would require an industry wide change in the terms of travel or an opt-in service to adhere to data protection laws. In the meantime, the combination of correctly fine-tuned biometrics and human agents operating on an exception process should deliver an improved security model for today’s airports.

Reference

1. http://www.vision-box.com/company-news/news/2014/05/16/vision-box-reveals-the-ultimate-passenger-experience-today-at-the-aruba-airport/