Difference between revisions of "Power of Passengers"

From MgmtWiki
Jump to: navigation, search
(Reporting)
(Visa Waiver Program)
 
Line 46: Line 46:
 
===Visa Waiver Program===
 
===Visa Waiver Program===
 
* [https://www.dhs.gov/publication/dhsallpia-089-dhs-international-biometric-interoperability-initiative-visa-waiver DHS/ALL/PIA-089 DHS International Biometric Interoperability Initiative for the Visa Waiver Program] DHS has determined that all countries in the VWP and those aspiring to join must allow DHS and State to compare the fingerprints of passenger.
 
* [https://www.dhs.gov/publication/dhsallpia-089-dhs-international-biometric-interoperability-initiative-visa-waiver DHS/ALL/PIA-089 DHS International Biometric Interoperability Initiative for the Visa Waiver Program] DHS has determined that all countries in the VWP and those aspiring to join must allow DHS and State to compare the fingerprints of passenger.
* It is suggested that this program move away from fingerprints towards facial recognition which can be accommodated with a smart phone app. This would definitely be a longer term objective of this program.
+
* It is suggested that this program move away from fingerprints towards [[Facial Recognition]] which can be accommodated with a smart phone app. This would definitely be a longer term objective of this program.
  
 
===Single International Outbound===
 
===Single International Outbound===

Latest revision as of 12:26, 27 May 2021

Full Title

Created as a response to TSA’s Power of Passengers Challenge but was not ready in time for that submission.

Author

Tom Jones. thomasclinganjones@gmail.com

Abstract

This document is written as a series of use cases followed by description of the solution. That solution will be based on giving more control to passengers in addressing the requirements for speedy checkin, initially for just security issues, but eventually for all aspects of the trip. While this is written as though the process occurs at airports, where the greatest volume occurs, it is intended to be equally useful for all modes of transportation: air, ground and water and for both ends of the flow so that immigration can be facilitated with the same data set. This is especially germane for the COVID-19 eligibility. For example, a business woman wants to take a day trip on the Black Ball Ferry from Port Angeles WA to Victoria BC. Getting back on the homeward leg would be as important as getting on the outbound leg.

Goals

To satisfy all three of these areas of interest:

  1. Security Effectiveness – Improved security outcomes, improved false alarm rate, increased detection of prohibited items, improved identification of malefactors, better situational awareness of security performance and effectiveness.
  2. More Efficient Options for Screening Passengers – More efficient use of screening personnel, decreased number of procedural steps, decreased cost per passenger screened, increased passenger screening speed, increased number of passengers screened, improved use of airport infrastructure (physical constraints).
  3. Improved Passenger Experience – Decreased passenger queue wait times, improved passenger divestiture of items, increased predictability of experience, improved ease of experience, greater levels and options for autonomy and self-service.

Use Cases

  • In all cases the health experience of the DHS personnel and other passengers is improved if COVID-19 eligibility is validated before any physical encounter is even initiated.
  • All these use cases depend on letting all participants have the same information so each can take the appropriate actions to their own benefit.
  • In these cases "The System" refers to the entire transportation ecosystem which, as an aspirational goal, includes the roads to the terminal, the lines in the terminal, the current schedules and the passenger details.

Definitions

  • COVID-19 eligibility = a policy decision based on current scientific knowledge and institutional policy about the level of risk that a jurisdiction is willing to accept.
  • Trip = a collection of processes that starts when a passenger presents themselves at the embarkation point for check-in and ends when they pass through any governmental check point at the final debarkation point. It could include stops at an intermediate transfer point so there could be 3 or more jurisdiction during a single trip. For these use cases it does not include a return trip.
  • Conditions of Travel are all fixed at least 24 hours before departure so that check-in at home can be enabled for the entire trip.

Passenger Arrivals

The key to all preparation is access to timely information. That applies to both the DHS components as well as the passenger. If they share what they each know early enough, the fastest path to fruition should be just some AI. The following use case is designed to allow the user to progress as far as they want in the process and will show real benefit to the Passenger as each step in completed.

  • The Passenger loads an app that has the capability of securely interchanging data with a travel gateway. The gateway could be run by the TSA or by an airline.
  • The Passenger has access to current travel status, including testing and immunization requirements along with information about on-line pre-check criteria.
  • If the Passenger choses, they can register the app to a gateway which has the effect of binding that instance of the app to a identifier that is uniquely theirs, typically this will be a self-issued did.
  • The Passenger creates a trip record based on one or more tickets to ride. If the gateway is the airline, this is already loaded.
  • If the Passenger choses, they can register for pre-check. This step informs them of the current requirements of the credentials that they will need to complete pre-check for this trip.
  • If the Passenger choses, they can collect all of the credentials needed to complete pre-check. This will always include a source of Real-ID, such as a green card. Trip travel or destination dependent credentials may include COVID-19 certs.
  • Where COVID-19 eligibility is required, there are a variety of options, such as testing, proof of a recovered infection or Immunization certs.
  • When the entered certs as sufficient the Passenger is given a tentative "OK" to ride.
  • 24 hours before departure the Passenger can ask for a pre-check cred.
  • If the passenger has a pre-check cred, they can go to the pre-check line for faster on-boarding.

International Transfers

  • The easiest way to automatically transfer to domestic flights the itinerary record of the incoming passenger could be created from internal immigration records.
  • One way to do this is to allow incoming passengers to load the app to their phone on the plane coming into the country using the wifi services available in most airplanes today.
  • This would require support from airlines, but would give then a selling point for those traveling to the US. This would also replace the immigration form and be accepted by the immigration agent, possibly in an expedited lane.
  • The airline would be able to pre-load the itinerary record to the app including any COVID certs that were used to board the plane at the departure gate.
  • Once past immigration, the pre-check status gained by providing data to the phone app would qualify the Passenger to access to departure gates.

Visa Waiver Program

Single International Outbound

  • Additional goal, the passenger is not allowed through security until all conditions for the travel at both ends of the trip are met.
  • The final destination would be used to check the COVID-19 eligibility and other health requirements for the passenger to acquire and be check by the TSA.
  • And if we back up the verification to the passenger's home that means they wouldn't even need to come to the airport until they have an approved itinerary record from their phone.
  • In the future we would hope that any required visa could also be applied for from the passenger's phone in their own home.
  • It is expected that the digital travel credentials would be accepted at the destination immigration desk.

Family of 5 Domestic Outbound

  • Additional goal - all certificates can be checked with a single credential presentation bundle.
  • Generally parents can make privacy decision for their children. Older children would need to decide for themselves to travel as a family unit.
  • One parent would have all of the necessary credentials transferred to one phone, either by email or direct BLE transfer.
  • Once the parent had all of the credentials, they would invoke a future feature of the app to combine all these credentials into a single Verifiable Presentation to send to the TSA.
  • As with other passengers this record can be checked with discrepancies noted and fixed at any time.
  • As with other itinerary records, the parent could apply for final acceptance 24 hours prior to departure for the entire family unit.
  • In the short term, each family member would have their own QR or other access code.
  • It would be possible for the onboarding terminal at the TSA check point to be upgraded eventually to accept the family itinerary as a single scan of the parent's phone.

Actions from the US Executive Branch

Solution

Validation of the phone app

  • In the interest of better security and Passenger privacy only certified apps can be used for this program.
  • See the website for the Trust Registry for Wallets that can contain the COVID eligibility credentials.
  • This requirement began with health care apps to be sure that health credentials can be security on the user's smartphone so it is already well underway.
  • For this purpose the user can be biometricaly authenticated at home, or at the airport. Both options are planned from day one.
  • Registration of the primary user of the smartphone occurs when the app is first loaded. The registration ID is initially known only to the user, for example as a DID. That allows validation of other credentials as they are loaded into the smartphone.

Entry of Health Credentials

  • Two types of health credential are to be accommodated:
  1. COVID-19 test results which could be expanded to issues like ebola as public health issues demanded.
  2. Immunization for typical yellow card diseases with particular attention to COVID-19 vaccination.
  • Next step is to design a health credential that can take the place of a yellow card (vaccination passport) as well as the dynamic nature of COVID regulations. See the current draft at Digital Travel Credentials.

Entry of Real-ID

  • All applications with camera access will be able to read data from ISO 18013 credentials with particular attention to North American driver's licenses.
  • As ISO 18013-5 Mobile driver's licenses are deployed an attempt will be made with all states to get them to pass data directly to the app.
  • It is planned to add other credentials like green cards especially when those become available as downloaded Verifiable Credentials.
  • Parents and spouses will be able to enter identity Credentials for any immediate family member. (Parents and others could be included at a later time as required.)

Reporting

  • At any time, a passenger can get a report on their status with respect to then current TSA requirements.
  • 24 hours before flight time the passenger can get a machine readable travel itinerary report for all passengers in the smartphone with a GUID. It will be available on all these sites:
  1. In the smartphone itself which can be NFC transmitted to the agent at the check-point.
  2. In the Cloud accessible by a QR code which the user can display on the smartphone screen.
  3. In the TSA computers when they can accept an internet transmission from the user to the TSA.
  • While the smartphone could verify all of the information meeting TSA and immigration specifications, the goal would be for the TSA to respond with an "OK" or pre-check message for the itinerary in the future.
  • The itinerary report from the passenger could include the round trip as it might impact the necessary COVID-19 reporting requirements, or the user could just report a single leg.

Related Industry Efforts

These are all being tracked and there is involvement of many of them on the part of this proposal.

What's Working Now

  1. An implementer's draft of the Kantara Mobile Authentication Assurance Statement (MAAS) that reports the certification status of mobile apps.
  2. Trustregistry.org is a static demo of the MAAS data that will be available for any registered app. This same site could also maintain a list of trusted sites.
  3. Smartphone app for both Apple and Android that shows the way for a user to create a registered app on their phone with a demonstration of one way to acquire and use credentials.
  4. A working draft of the Digital Travel Credentials is waiting for feedback from the community.

References

  • TSA challenge description
  • Security of the app that holds the travel credentials is important. The wiki on Wallets has a good description of the threats that must be considered for such an app.
  • V-Safe from CDC is a smartphone-based tool that uses text messaging and web surveys to provide personalized health check-ins after you receive a COVID-19 vaccine.
  • Could domestic flights soon require a coronavirus test? Here’s what officials say. The CDC said Tuesday that the agency is holding “ongoing conversations” about testing for domestic travel.
  • COVID Action Platform The spread of COVID-19 demands global cooperation among governments, international organizations and the business community. This multi-stakeholder cooperation is at the center of the World Economic Forum’s mission as the International Organization for Public-Private Cooperation.
  • The National Law Review on travel restrictions. Negative COVID-19 Test or Proof of Recovery from COVID-19 Required for All Air Passengers Arriving in the United States Effective January 26, 2021, by order of the U.S. Centers for Disease Control and Prevention (CDC), all air passengers age two (2) and older arriving in the United States from a foreign country must have test cert.
  • A more detailed analysis from NY Times on how travel industry rises to the challenge. Smart phone images of credentials are accepted. (This creates a market for fraudulent certs.)