FOR OFFICIAL USE ONLY (FOUO) FOR OFFICIAL USE ONLY (FOUO) Defense Biometric Identification System (DBIDS) Overview September 2018 Scott Ulrich Defense Manpower Data Center (DMDC)
What is DBIDS? Physical Access Control System developed by the Department of Defense s DMDC agency in the late 1990 s Fully integrated Identity Management and Force Protection capability Electronic verification of personnel via interoperable operations Largest physical access system in DoD; installed at over 350 sites worldwide with 6 million registered personnel.
DBIDS Benefits Real-time authentication against verified databases via IMESA that increases available data used for intelligent access decisions Real-time recording of 800K+ daily base accesses (CONUS) Electronically flags and tracks personnel with adverse status across system already 55,000+ people with adverse status known in system Uses all existing DoD-issued credentials, digital photos, and digital fingerprints and issues badges for individuals not authorized DoD credentials Rules-driven configurable by local authorities Supports individual or joint base constructs
DBIDS Interactions With IMESA DBIDS is a Physical Access Control System (PACS) o Sites directly interact with DBIDS by: Creating person records and issuing visitor passes and DBIDS cards Performing Access Transactions Inputting data into the DBIDS database by: o Scanning a DoD-affiliated credential at an access control point o Manually creating a record (that is stored in the Local Population) o DBIDS broadcasts data from the database into IMESA Identity Matching Engine for Security and Analysis (IMESA) is an identity matching system o o o It is a service, consisting of servers and software It is intangible; there is no direct utilization by sites or personnel (you cannot see IMESA) Takes data broadcasted from PACS for DoD-affiliated and Local Population persons, matches it against derogatory information, and, if there is a match, sends back to PACS Permits information sharing between connected PACS
IMESA Process Coming Soon
Serving Those Who Serve Our Country
NCIC: Total Number of Matches Type of Offense Count Obstruction of Justice 17,897 Assault 3,508 Larceny 3,082 Fraudulent Activity 2,650 Dangerous Drugs 2,647 Burglary 1,584 Military Desertion 1,282 Family Offenses 1,096 Sexual Assault 1,105 Traffic Offenses 971 Sex Offenses 870 Forgery-Counterfeiting 750 Weapon Offense 676 Stolen Vehicle 635 Robbery 583 Stolen Property 445 Flight-Escape 473 Damage Property 414 Kidnapping 330 Homicide 343 Other 1,173 Total 42,514 Damage Property Homicide Stolen Property Flight- Kidnapping Escape Stolen Vehicle Robbery Other Weapon Offense Forgery-Counterfeiting Traffic Offenses Sexual Assault Family Offenses Sex Offenses Military Desertion Burglary Dangerous Drugs Faudulent Activity Larceny Assault Obstruction of Justice *Data as of 4 September 2018 This report shows total counts of persons with an NCIC sourced alert consumed by IoLS since August 2014. Serving Those Who Serve Our Country
All Time DBIDS Alerts - Credential Categories This report shows counts of persons with a DBIDS sourced alert consumed by IoLS. If the person has multiple credentials, they are grouped under the 'Multiple Credential' category. If the person does not have ANY credential defined in DBIDS, they are grouped into the 'NO CREDENTIAL' category. Retiree, 2452 PIV Credential, 15 Visitor Pass, 10529 Active Duty, 10755 CIV CAC, 1376 Persons with a DBIDS sourced alert and no credential can occur when Base Security Officers or Law Enforcement Operators pre-emptively create a profile with a local base status. Category Count MULTIPLE CREDENTIALS 19,613 NO CREDENTIAL 16,565 Other DoD Category 11,211 Active Duty 10,755 Visitor Pass 10,529 DBIDS Card 7,805 Retiree 2,452 CIV CAC 1,376 DoD Contractor CAC 474 PIV Credential 15 Grand Total 80,795 Other DoD Category, 11211 NO CREDENTIAL, 16565 DBIDS Card, 7805 MULTIPLE CREDENTIALS, 19613 *Data as of 1 March 2018 DoD Contractor CAC, 474 Serving Those Who Serve Our Country
DBIDS Footprint The DBIDS Configuration consists of: Enrollment Workstations Access Control Workstations Handheld devices Wireless Access Points (if necessary) Handheld Enrollment WKS (ENR) Located at Visitor Centers Access Control WKS (ACW) Located at 24-7 Gate
Persons: DBIDS Capabilities Register person information: o Biographic o Biometric: Fingerprint, Face, Iris o Contact information o Designation of emergency essential personnel (if applicable) Immediate vetting against IMESA/IolS during initial registration Continuous vetting against IMESA while of interest Interaction with other participating installations using DBIDS or IMESA to assist in determining suitability (fitness) for access Sharing of all adverse statuses from other PACS, military branches, FBI, and other LE databases Pre-enrollment: Web application to allow an applicant to pre-enroll their biographic data into the system before going to the installation in order to speed up the enrollment process (new feature)
DBIDS Capabilities Organizations*: Register Organizations who can sponsor individuals or own assets on your base Assets*: Register a Vehicle, Bicycle, Weapon, or Pet to a person or organization. Can search for Asset by Asset Identification or Owner Permissions*: Ability to assign individuals, categories, and organizations explicit or affiliation-based implicit permissions to an installation by day or time of day. Can also assign permissions based on FPCON level, Emergency Essential, and POTUS situations. Base Pass: Create temporary paper visitor pass or long-term local base pass on card stock. * BSO enabled (recommend tailored setup during initial installation)
DBIDS Capabilities Cont. Access Control: Use of a mobile device and/or stand-alone computer to scan any credential known to DBIDS for access (manned ECP) Automatic reach-back to search for any DoD-affiliated scanned credential unknown to DBIDS and register with DBIDS (infrastructure dependant) Use of a stand-alone computer to search for an individual who does not have a credential to determine access suitability Ability to verify a person s identity by biometric; automatically prompts for biometric in situations of suspected identity fraud (rule based) Ability to use access control reliably during network outages and other communication difficulties from the stand-alone computer and the mobile device (Note: The mobile device must have reliable connectivity to the stand-alone computer for this feature to function. Reach back off-site is truncated) Roles: Ability to refine operator functionality to the DBIDS application based on the following operator roles Base Security Officer, Law Enforcement Officer, Registrar, and Access Control Operator
DBIDS Capabilities Cont. Access Areas: Ability to define access areas as Installation/Joint Access, Perimeter, and Access Control Points and set access permissions at any access area type. Unmanned Gates: Ability to make separate access decisions based on unmanned scenarios (i.e., pedestrian gates allow driving suspended people through and vehicle gates deny access for driving suspended) (standardized interface) Credential: Automatic Enrollment of DoD credentials at the gate Enrollment of PIV credential into system Associate 3 rd party credential token to a person: o Transportation Worker Identification Card (TWIC) o Real ID compliant driver s license (as required) o Passport (US or other compliant country passports) Reports: Data available on a variety of activity within the installation including Access Transactions, Adverse Statuses, Denies, and Operator Logons
Enrollment Workstation Interface
DBIDS Web Portal
Access Control Workstation Interface
Handhelds
DBIDS Card Categories & Colors Green Conveyance Facilities Service Maintenance U.S. Government Contractor (non-cac) U.S. Government Civilian (non- CAC) Yellow Facility Use Long Term Visitor Other Personal Delivery Personal Services Privatized Housing Volunteer Blue Foreign Civilian Visitor Facilities Service Foreign Government Civilian Foreign Government Contractor Foreign Military Dependent Foreign Military Retiree Foreign Military Red Emergency Essential Civilian (non-cac)
Visitor Pass
DBIDS Operation (typical) 1 John Doe approaches gate and ID credential is scanned with handheld device 2 3 If not registered on base, DoD Credential can be automatically Registered (no trip to visitor center=manpower savings) Identity sent to DMDC from handheld Over the network (450-500K/day) DMDC: 1. Validates credential 2. Sends back picture/identity 3. Checks IMESA (FBI files, Revocation, others) 4. Sends RED/GREEN status (in less than 1 second) 4 5 Approved=Entry Issues=Message SAMPLE ACTIONS 1. If credential lost/stolen/invalid= confiscated 2. If FBI warrant=sent to secondary screening and message sent to base law enforcement 3. If US Military BOLO (Be on the Lookout) for base traffic infraction or barred = local handling 1. GUARD sees person + credential + remote database validation 2. DMDC FBI interface is transmitted to all connected locations 3. All base alerts are transmitted in the region or across enterprise 4. Provides common interoperable status to all DoD installations 5. Proven security benefit to help gate personnel 6. Proven that reduces required manpower at gates 7. Maintains info/status on vehicles, visitors, local workers
DMDC DBIDS Contacts Scott Ulrich DBIDS Program Manager scott.g.ulrich.civ@mail.mil Visit the DBIDS Website: https://dbids.dmdc.mil/ (CAC ENABLED)
Questions?
DBIDS Complies With DoD policies, including but not limited to: o DoD 5200.08-R, Physical Security Program o o o DoD Instructive 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling DTM 09-012, Interim Policy Guidance for DoD Physical Access Control Directive-type Memorandum (DTM) 14-005, DoD Identity Management Capability Enterprise Services Application (IMESA) Access to FBI National Crime Information Center (NCIC) Files Federal policies, including but not limited to: o FIPS 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors o o Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors *Full list of standards for DBIDS compliance is available on DBIDS website*