Transcription of Defense Biometric Identification System (DBIDS) Overview
1 UNCLASSIFIED FOR OFFICIAL USE ONLY (FOUO). Defense Biometric Identification System (DBIDS). Overview September 2018. Scott Ulrich Defense Manpower Data Center (DMDC). UNCLASSIFIED FOR OFFICIAL USE ONLY (FOUO). UNCLASSIFIED. What is DBIDS? Physical Access Control System developed by the Department of Defense 's DMDC agency in the late 1990's Fully integrated identity Management and Force Protection capability Electronic verification of personnel via interoperable operations Largest physical access System in DoD; installed at over 350 sites worldwide with 6 million registered personnel. UNCLASSIFIED. UNCLASSIFIED. DBIDS Benefits Real-time authentication against verified databases via IMESA that increases available data used for intelligent access decisions Real-time recording of 800K+ daily base accesses (CONUS). Electronically flags and tracks personnel with adverse status across System already 55,000+ people with adverse status known in System Uses all existing DoD-issued credentials, digital photos, and digital fingerprints and issues badges for individuals not authorized DoD.
2 Credentials Rules-driven configurable by local authorities Supports individual or joint base constructs UNCLASSIFIED. UNCLASSIFIED. DBIDS Interactions With IMESA. DBIDS is a Physical Access Control System (PACS). o Sites directly interact with DBIDS by: Creating person records and issuing visitor passes and DBIDS cards Performing Access Transactions Inputting data into the DBIDS database by: o Scanning a DoD-affiliated credential at an access control point o Manually creating a record (that is stored in the Local Population). o DBIDS broadcasts data from the database into IMESA. identity Matching Engine for Security and Analysis (IMESA) is an identity matching System o It is a service, consisting of servers and software It is intangible; there is no direct utilization by sites or personnel (you cannot see . IMESA). o Takes data broadcasted from PACS for DoD-affiliated and Local Population persons, matches it against derogatory information, and, if there is a match, sends back to PACS.
3 O Permits information sharing between connected PACS. UNCLASSIFIED. UNCLASSIFIED. IMESA Process Coming Soon Serving Those Who Serve Our Country NCIC: Total Number of Matches Type of Offense Count Damage Property Homicide Stolen Property Obstruction of Justice 17,897 Flight- Kidnapping Escape Assault 3,508 Other Stolen Vehicle Robbery Larceny 3,082. Weapon Offense Fraudulent Activity 2,650 Forgery-Counterfeiting Dangerous Drugs 2,647 Sex Offenses Burglary 1,584 Traffic Offenses Military Desertion 1,282. 1,096 Sexual Assault Family Offenses Sexual Assault 1,105 Family Offenses Traffic Offenses 971 Obstruction of Justice Sex Offenses 870 Military Desertion Forgery-Counterfeiting 750. 676 Burglary Weapon Offense Stolen Vehicle 635. Dangerous Drugs Robbery 583. Stolen Property 445. Flight-Escape 473. Faudulent Damage Property 414 Activity Kidnapping 330. Homicide 343 Larceny Assault Other 1,173. Total 42,514. This report shows total counts of persons with an NCIC. *Data as of 4 September 2018 sourced alert consumed by IoLS since August 2014.
4 Serving Those Who Serve Our Country All Time DBIDS Alerts - Credential Categories This report shows counts of persons with a DBIDS sourced alert consumed by IoLS. If the person has multiple credentials, they are grouped under the 'Multiple Credential' Visitor Pass, 10529. category. If the person does Active Duty, 10755. Retiree, 2452 CIV CAC, 1376. not have ANY credential PIV Credential, 15. defined in DBIDS, they are grouped into the 'NO. CREDENTIAL' category. Persons with a DBIDS sourced DBIDS Card, 7805. alert and no credential can Other DoD Category, DoD Contractor CAC, occur when Base Security 11211 474. Officers or Law Enforcement Operators pre-emptively create a profile with a local base MULTIPLE. status. CREDENTIALS, 19613. Category Count MULTIPLE CREDENTIALS 19,613. NO CREDENTIAL, NO CREDENTIAL 16,565. 16565. Other DoD Category 11,211. Active Duty 10,755. Visitor Pass 10,529. DBIDS Card 7,805. Retiree 2,452. CIV CAC 1,376. DoD Contractor CAC 474. *Data as of 1 March 2018. PIV Credential 15.
5 Grand Total 80,795. Serving Those Who Serve Our Country UNCLASSIFIED. DBIDS Footprint The DBIDS Configuration consists of: Enrollment Workstations Access Control Workstations Handheld devices Wireless Access Points (if necessary). Handheld Enrollment WKS (ENR) Access Control WKS. Located at Visitor Centers (ACW). Located at 24-7 Gate UNCLASSIFIED. UNCLASSIFIED. DBIDS Capabilities Persons: Register person information: o Biographic o Biometric : Fingerprint, Face, Iris o Contact information o Designation of emergency essential personnel (if applicable). Immediate vetting against IMESA/IolS during initial registration Continuous vetting against IMESA while of interest Interaction with other participating installations using DBIDS or IMESA to assist in determining suitability (fitness) for access Sharing of all adverse statuses from other PACS, military branches, FBI, and other LE databases Pre-enrollment: Web application to allow an applicant to pre-enroll their biographic data into the System before going to the installation in order to speed up the enrollment process (new feature).
6 UNCLASSIFIED. UNCLASSIFIED. DBIDS Capabilities Organizations*: Register Organizations who can sponsor individuals or own assets on your base Assets*: Register a Vehicle, Bicycle, Weapon, or Pet to a person or organization. Can search for Asset by Asset Identification or Owner Permissions*: Ability to assign individuals, categories, and organizations explicit or affiliation-based implicit permissions to an installation by day or time of day. Can also assign permissions based on FPCON level, Emergency Essential, and POTUS. situations. Base Pass: Create temporary paper visitor pass or long-term local base pass on card stock. * BSO enabled (recommend tailored setup during initial installation). UNCLASSIFIED. UNCLASSIFIED. DBIDS Capabilities Cont. Access Control: Use of a mobile device and/or stand-alone computer to scan any credential known to DBIDS for access (manned ECP). Automatic reach-back to search for any DoD-affiliated scanned credential unknown to DBIDS and register with DBIDS (infrastructure dependant).
7 Use of a stand-alone computer to search for an individual who does not have a credential to determine access suitability Ability to verify a person's identity by Biometric ; automatically prompts for Biometric in situations of suspected identity fraud (rule based). Ability to use access control reliably during network outages and other communication difficulties from the stand-alone computer and the mobile device (Note: The mobile device must have reliable connectivity to the stand-alone computer for this feature to function. Reach back off-site is truncated). Roles: Ability to refine operator functionality to the DBIDS application based on the following operator roles Base Security Officer, Law Enforcement Officer, Registrar, and Access Control Operator UNCLASSIFIED. UNCLASSIFIED. DBIDS Capabilities Cont. Access Areas: Ability to define access areas as Installation/Joint Access, Perimeter, and Access Control Points and set access permissions at any access area type. Unmanned Gates: Ability to make separate access decisions based on unmanned scenarios ( , pedestrian gates allow driving suspended people through and vehicle gates deny access for driving suspended) (standardized interface).
8 Credential: Automatic Enrollment of DoD credentials at the gate Enrollment of PIV credential into System Associate 3rd party credential token to a person: o Transportation Worker Identification Card (TWIC). o Real ID compliant driver's license (as required). o Passport (US or other compliant country passports). Reports: Data available on a variety of activity within the installation including Access Transactions, Adverse Statuses, Denies, and Operator Logons UNCLASSIFIED. UNCLASSIFIED. Enrollment Workstation Interface UNCLASSIFIED. UNCLASSIFIED. DBIDS Web Portal UNCLASSIFIED. UNCLASSIFIED. Access Control Workstation Interface UNCLASSIFIED. UNCLASSIFIED. Handhelds UNCLASSIFIED. UNCLASSIFIED. DBIDS Card Categories & Colors Green Yellow Blue Conveyance Facility Use Foreign Civilian Facilities Long Term Visitor Service Visitor Facilities Service Maintenance Other Foreign Government personal Civilian Government Delivery Foreign Government Contractor personal Contractor (non-CAC) Services Foreign Military Privatized Dependent Government Housing Foreign Military Civilian (non- Retiree Volunteer CAC).
9 Foreign Military Red Emergency Essential Civilian (non-CAC). UNCLASSIFIED. UNCLASSIFIED. Visitor Pass UNCLASSIFIED. DBIDS Operation UNCLASSIFIED. (typical). 1 2 3. If not registered on base, identity sent to DMDC from handheld DoD Credential can be automatically Over the network (450-500K/day). John Doe approaches Registered gate and ID credential is (no trip to visitor center=manpower savings). scanned with handheld device SAMPLE ACTIONS. DMDC: 1. Validates credential Approved=Entry 1. If credential lost/stolen/invalid= confiscated 4 5 2. If FBI warrant=sent to secondary screening 2. Sends back picture/ identity Issues=Message and message sent to base law enforcement 3. Checks IMESA (FBI files, 3. If US Military BOLO (Be on the Lookout) for Revocation, others). base traffic infraction or barred = local 4. Sends RED/GREEN status handling (in less than 1 second). 1. GUARD sees person + credential + remote database validation 5. Proven security benefit to help gate personnel 2. DMDC FBI interface is transmitted to all connected locations 6.
10 Proven that reduces required manpower at gates 3. All base alerts are transmitted in the region or across 7. Maintains info/status on vehicles, visitors, local workers enterprise 4. Provides common interoperable status to all DoD installations UNCLASSIFIED. UNCLASSIFIED. DMDC DBIDS Contacts Scott Ulrich DBIDS Program Manager Visit the DBIDS Website: (CAC ENABLED). UNCLASSIFIED. UNCLASSIFIED. Questions? UNCLASSIFIED. UNCLASSIFIED. DBIDS Complies With . DoD policies, including but not limited to: o DoD , Physical Security Program o DoD Instructive , Public Key Infrastructure (PKI) and Public Key (PK) Enabling o DTM 09-012, Interim Policy Guidance for DoD Physical Access Control o Directive-type Memorandum (DTM) 14-005, DoD identity Management Capability Enterprise Services Application (IMESA) Access to FBI National Crime Information Center (NCIC) Files federal policies, including but not limited to: o FIPS 201-2, personal identity verification (PIV) of federal Employees and Contractors o Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for federal Employees and Contractors o M-11-11, Continued Implementation of Homeland Security Presidential Directive (HSPD).
