ALEXANDRIA, Va. – January 23, 2006-- In comments filed Friday with TSA, the airport-driven Registered Traveler Interoperability Consortium (RTIC) and its Service Provider Council agreed on the financial standards, technical interoperability standards and common business processes for the Registered Traveler (RT) Program.  The six month effort that culminated in Friday’s recommendations provides a consensus framework for rapid, secure, and seamless deployment of a registered traveler program at the nation’s airports that brings both enhanced security and quicker security processing. The RTIC and its Service Provider Council is a group of over 70 airports and 30 service providers that are working to define and establish the mutual and common business practices and technical standards that will complement federal standards and help push forward a national Registered Traveler program.

“The agreement between airports and industry on fundamental RT standards is critical to the long-term success of the Registered Traveler Program,” AAAE President Chip Barclay said.  “Undoubtedly, the best path forward is one in which federal resources and standards are combined with the knowledge, expertise and creativity of airports, technology and aviation businesses,” he continued. 

The group recommends:

Financial Standards

The RTIC proposes a dual-fee business model supporting: (1) enrollment and enablement/activation of a RT participant into the system, and (2) verification fee recovery based on RT participant usage.

This model offers a simplistic and straight-forward approach to enabling the maximum flexibility and competition for solutions for both enrollment and verification service providers.  It creates the most effective market for cost-effective and innovative solutions and enables the broadest access to participant markets, thereby maximizing potential participation.  The proposed business model also minimizes underlying cost of infrastructure and interoperability through the provision of a single, regulated, high volume common services component, known as the Registered Traveler Management System.  Finally, it provides for a competitive business environment to encourage financially viable verification solutions in airport markets.

Technical Operability

Technical operability is the key to deploying a national interoperable Registered Traveler Program across multiple airports, airlines and a large, diverse traveler population. The RTIC makes specific technical recommendations on:

• System Messaging.   Specifications must be developed to ensure that all message formats and delivery mechanisms are defined and understood by all parties. Messages that cross domain boundaries are ones that affect the inter operability of the program.
• Ensuring a Chain of Trust   It is imperative that a chain of trust be established across the entire lifecycle of RT. This chain of trust ensures the integrity of identity data from collection right though to use in a verification kiosk (which could be fixed, moveable or even a mobile terminal). Trust must be established in all phases of the credentialing workflow as security systems are only as strong as their weakest link.
• Optimizing the Use of Biometrics.   The use of biometrics as a form of person-authentication is critical to deploying a successful registered traveler program. However, biometric technologies have unique characteristics to be considered in areas such as interoperability and it is important to implement effective acquisition quality measures and utilize industry standards to the greatest extent possible.
• Leveraging Appropriate Token Technologies.   In an interoperable RT, every service provider must be able to work with every other service provider’s tokens. This includes not only being able to read the card, but to establish a level of trust in the card and contents of the card (i.e., the biometric data and claim of identity).
• Ensuring System Security.   A key requirement for any RT program is to protect the integrity of the program overall and each of the components within it. Messages must be secured (private information encrypted, end points authenticated, etc.).
• Protecting Privacy.   Protecting the privacy of the individual at all times is key to the successful adoption of an RT program by the travelling public.
• Ensuring Cross-Provider Interoperability.   It is important that a mechanism be developed to ensure all service providers can interoperate. As new service providers join the program, a fair mechanism must exist that allows them to ensure that they interoperate with all others prior to them issuing RT tokens.

Common Business Processes

Airports plan to contract with RT service providers through competitive selection processes at each individual airport.  Airports may choose fully-functional service providers, which provide a complete solution with all the functionality associated with a RT service provider, including enrollment, issuance and verification.  Or, airports may choose separate service providers for each essential function.  Airports will have the discretion to select the model most appropriate for their particular operation.

The key players in a national, interoperable RT program and their roles and responsibilities are detailed in the Common Business Processes response.  The following is a brief overview:

1) Enrollment service provider: RT service provider that collects the biographical and biometric information from RT applicants, collects the enrollment fee from RT applicants, and issues RT cards to RT participants;

2) Verification service provider: RT service provider that verifies the identity of the RT participant at the verification station in the airport, may be the same as the enrollment service provider;

3) Registered Traveler Management System (RTMS): Performs duplicate checks, acts as the vetting interface to TSA, maintains and distributes the Credential Revocation list, and generates the biometric payload for RT cards

4) Transportation Security Administration (TSA): Responsible for security threat assessments of RT applicants, certification of RT service providers and overall oversight of the RT program;

5) Applicant and participant: Applicant refers to individuals who have voluntarily supplied biographical and biometric data to a RT service provider.  Participant refers to individuals who have voluntarily supplied biographical and biometric data to a RT service provider and have received an acceptable security threat assessment from TSA and are recognized as Registered Travelers at airports.

The RTIC is committed to working closely with TSA to meet the agency’s self imposed timeline through the agency’s pledge to: use a public-private partnership model, build off of existing security networks through utilization of the Transportation Security Clearinghouse, establish a sustainable, biometrically enabled and interoperable system, and establish a program where travelers will receive screening benefits through in-depth background checks.

The RTIC represents a significant attempt by a large group in the airport community to partner with TSA in making the promise of RT a reality as quickly as possible.  More information on the RTIC is available online at http://www.rtconsortium.com/.

RTIC Members