AirportICE®, licensed exclusively by Intellisoft, meets all of the Identity and Credential Management System requirements for a modern airport operation in a commercially available, off-the-shelf (COTS) product. ICEWARE can be configured to meet the specific needs of your organization. Intellisoft can also perform the required professional services to make your project go smoothly from inception to production.
- AirportICE® software suite:
- Provides Credentialing management that simplifies secure identity management and Access Control across an entire organization,
- Integrates disparate new and legacy physical access control and logical access control systems,
- Easily defines and manages complex business rules creating secure identity environments,
- Simplifies, streamlines, and automates Card Issuance,
- Governs and reports Regulatory Compliance,
- Establishes policy-based Internal Controls,
- Manages multi-modal Biometrics,
- Automates critical processes.
Not only is AirportICE a commercial-off-the-shelf (COTS) credentialing management system, but it is designed for the specific needs of Airports. The software is not a part of the physical access control system; however, it performs many tasks typically associated with the access control system. These tasks include: Management of the privileges of cardholder accounts (status, clearances, expiration, etc.). These privileges are set in the AirportICE database then transferred to the physical access control system(s). In addition to these functions, both legacy and new physical access control systems (PACS) are enhanced with other features not typically included in a PACS. These include mass badge status changes and strike deactivation / reactivation across multiple disparate PACS.
There are several features of the AirportICE solution that improve operational efficiencies within a modern airport environment. For example, the system streamlines the data entry process by allowing applicants to pre-register. This allows users to retrieve all data for an applicant without having to enter data. Many administrative functions such as No-Fly / Selectee comparisons and STA generation and submission are also automated. AirportICE is designed to work in a shared user environment. Privileges are not set on a workstation level. Privileges are assigned to users who when logged in are granted only the privileges granted to them by system administrators. All activities of users are tracked.
AirportICE credential management software was developed for the airport community so that it meets or exceeds all relevant TSA Security Directives including compliance with 1542-04-08G and 1542-01-10F (e.g. CHRC Adjudication, Security Threat Assessments, No-Fly / Selectee Comparisons, TSC Integration, Authorized Signers / Training, 5% Lost, 25% Concessionaire, SIDA Access, etc.). The proposed software solution enables compliance with both of the above mentioned security directives as well as many other TSA 1542 security directives related to identity and credentialing. In addition to automating the comparison of No-Fly / Selectee lists and the submission of Security Threat Assessment data, the system requires that these processes occur prior to and in order to issue a credential to an applicant.
AirportICE utilizes current messaging protocols to communicate with the MKE provided TSA-approved Aviation Service Channeling Provider (DAC) at all times. AirportICE automatically retrieves results from the TSA-approved DAC and update/ populate matched results to the existing cardholder database. AirportICE automates the method of reconciling IDMS records with the current DAC.
AirportICE utilizes Microsoft SQL Server for data storage. SQL Server is an extremely reliable and secure database management system. Even so, all sensitive information like passwords, social security numbers, etc. is stored using 3DES encryption in the database. All windows services are created on the Microsoft .NET platform and utilize best practices for data security and encryption.
Intellisoft software has been successfully DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) and Federal Information Security Management Act (FISMA) tested and received Certification and Accreditation (C&A) resulting in an Authority to Operate (ATO). The DOD information assurance C&A process for authorizing the operation of DOD information systems is consistent with the FISMA.
AirportICE® future proofs your security system to allow for compliance with new security directives and enable new technology to be bolted onto existing infrastructure. The software solution offered by Intellisoft is the best quality possible in the marketplace.
Click on icons below.
Web Portal
- Pre-enrollment of data through the web increases efficiency and improves security.
- Self-service enrollment via web portal or kiosk for visitors, contractors, and personnel.
- Authorized Signer Dashboard allows automated renewals, regular audits, background status checks and more.
- User / Signer can print application form online. Renewal forms are automatically populated with existing data.
Background Investigations
- In order to make a criminal history records check easier, all personal data for a cardholder applicant is sent from AirportICE® to the AFIS fingerprint capture device.
- Users cannot print a badge until the results of the CHRC / STA are returned and updated in the AirportICE® database.
- Other types of background investigations or badge prerequisites can be defined in the software in order to accommodate future security policies.
- AirportICE® enables an adjudication process which allows a trusted agent to allow access to applicants whose criminal history does not disqualify them from receiving a credential.
ID Scanning / Verification
- Authenticates identity documents.
- Verifies document security features (UV / Infrared / Visible).
- Compatible with I-9 documents from jurisdictions worldwide.
- Images of the documents are stored in the AirportICE® database.
- AirportICE® can harvest data from FIPS-201 PIV, PIV-I, CAC, TWIC Cards.
Biometrics Enrollment
- AirportICE® captures biometrics through the use of an open source API. AirportICE® currently supports: CrossMatch, LG / Iris-ID, Sagem Morpho, Hoyos, AOptix, Lumidigm, Bioscrypt, Identix (segregated enrollment), Fingerprint, Iris, Vascular Pattern, Hand Geometry
- Multiple biometrics per person are supported.
- ANSI 378 / ANSI 379 standards supported.
- New biometrics types can be configured for use with AirportICE® by Intellisoft or by the Airport.
- Biometric uniqueness check during enrollment.
- Biometric authentication check prior to issuance.
No-Fly / Selectee Comparisons
When the TSA issues a new list, that list is imported into the AirportICE® application. A comparison can be executed between the cardholder database and the imported list to determine if new name matches are found.
- Utilizes phonetic algorithms
- Reverse name search
- Quickly generates reports (exports to Excel, PDF, etc.)
- Allows for adjudication
- Performs data scrubbing required in 1542 (10G)
- Records all changes to records by user and date
DACS Integration
- Compatible with the Transportation Security Clearinghouse and Telos*.
- Enables all Background data to be submitted automatically.
- Allows results of Security Threat Assessments to be retrieved automatically.
Training
AirportICE® supports the entry (or automated import) and tracking of training requirements, including:
- Available Classes (SIDA, Movement, Non-Movement, Authorized Signatory, etc.)
- Prerequisites for those classes
- Airport approved trainers of the classes
Trainer Types
- Master Trainer
- Standard Trainer
Business Rules
- Can require reauthorization of Signers
- Can automatically print badge logos based on type of vehicle training.
Multiple Employers
- Cardholders can be associated with multiple employers.
- If desired a credential can be issued for each employer.
- Otherwise, a single credential can be utilized to gain access associated with all employer areas.
- Privileges associated with each employer are tracked.
- When an employee is terminated, privileges for only that employer are revoked automatically.
Role Based Access
AirportICE® allows airports to apply advanced business rules and standards used for decades in financial applications. New government standards require the same level of control (TWIC / FIPS 201 / ICAM).
AirportICE® RBAC (Internal) - Segregation of Duties
- Sponsors
- Registrars
- Adjudicators
- Issuers
- Custom Roles
Physical RBAC - Job Title Role Definition
- Access Privileges
- Threat level
- Emergency / First Responder
- Driver (Movement / Non-Movement)
- Law Enforcement
- Command Post, etc.
Financial Transactions
Tracks fees and charges associated with:
- Credentials
- Background Investigations
- Ramp Insurance
- Infractions
- Accessories (lanyards, cards holders, etc.)
Allows configuration of company / contract structures for:
- Pricing (Different levels per company)
- Acceptable payment methods
- Can be associated with a specific contract / division within a company
Additional Features:
- Receipt Printing
- Financial Reporting (cash reconciliation, monthly revenue reports, etc.)
- Open data for integration with accounting systems.
PACS Interface
AirportICE®:
- Enables privilege provisioning to multiple disparate Physical Access Control Systems (PACS) simultaneously.
- Polls PACS for new available physical access control codes (door groups, clearances, etc.)
- Provides a comprehensive, consolidated list of available privileges to system administrators for assignment to:
–Authorized Signers
–Companies
–Cardholders - Allows Company, Signer, and Job Title roles to be defined in order to provide new cardholders with the exact privileges necessary for their role.
- Prevents physical access control codes to be assigned to a cardholder if their employer and signer do not have privileges to those codes.
On-Boarding
- Based on the cardholder’s role, ICEWARE® will automatically provision privilege data to the appropriate physical access control system with the appropriate privileges.
Off-Boarding
- Off-Boarding can occur for the entire credential or only certain privileges associated with that credential. This can all be done from one screen.
Vehicle / Parking Management
Vehicle Permits:
- Electronic cards (with garage access)
- Hang Tags
- Ramp / AOA vehicle permit (Decals)
Vehicle permits are associated with the cardholder’s badge. The expiration dates for vehicle permits cannot exceed the badge expiration date.
When a badge is returned, the operators is prompted to collect the vehicle permit.
AirportICE® can be integrated with parking management system.
Infractions / Violations
AirportICE® enables the issuance and tracking of infractions and violations including:
- Driving Violation
- Failure to Display ID
- Failure to Challenge
- Forcing a Door
- Improper Vehicle Signage
- Improper use of Aircrew PIN
- Leaving an Access Point Unattended
- Piggybacking
- Improper Escort Procedures
- Five Foot Clearance Zone
- Any other violation…
AirportICE® supports an unlimited number of violation types.
AirportICE® facilitates deactivation of a badge based on certain penalties. In addition, AirportICE® can require that fees associated with violations be collected prior to the reactivation of a badge or the creation of a new badge for the cardholder.
Reporting
All reports required by the TSA for an Airport ID office can be generated through the AirportICE® database. There are also several other reports that can help you more effectively manage your Pass & ID operation.
Sample Reports
- Badges issued in a timeframe
- Stop List
- Returned Badges
- Non-Returned Expired Badges
- Company Listing
- Badges per Company
- Access Reports
- Financial Reports (Invoices, Receipts, Cash reconciliation)
- Badges pending expiration
- Badges currently locked out (Strike deactivation)
- Background Investigation Results
Airline, Contractor, Tenant Management
AirportICE® is the central data repository for company information. An unlimited number of companies can be added to the AirportICE® database. Each company can have an unlimited number of divisions with an unlimited number of contacts and job titles. Below is an example of the type of data tracked for each company:
Company Information
- Business Type / Status
- Ramp Access Insurance / Date
- Credit Card Information
Contact Information (Unlimited)
- Phone Numbers
- Addresses
- Email Addresses
Billing Information / Plan
- Divisions (Unlimited)
- Fee Type
- Contract Information
Job Titles / Associated Privileges
- Default Access Areas
- Fingerprint / STA Exemptions
- Gate Agent Type
- Threat Level
- Emergency Personnel Security Personnel
- Driver Type / Area
- Customs Clearance
- Default Access Levels
Regulatory Compliance
Transportation Security Regulation (TSR) Part 1542
AirportICE® enables airports to comply with 1542-04-08G and 1542-04-10G:
- CHRC Adjudication
- Security Threat Assessments
- No-Fly / Selectee Comparisons
- TSC Integration
- Authorized Signers / Training
- 5% Lost
- 25% Concessionaire SIDA Access
- I-9 Document Requirements
- Employee Audit Requirements
- Escort Requirements
Integration Modules*
Intellisoft has successfully developed several integration modules to be used to exchange data with external systems. These modules utilize best practices in error handling and reporting. This is not a comprehensive list. New modules are added regularly to the library of available modules.
PACS Systems
Software House C-Cure
Hirsch Velocity
Casi-Rusco Picture Perfect
Lenel OnGuard
AMAG Symmetry
Receptors
Johnson Controls Pegasys
GE Diamond II
Andover Continuum
RS2Tech
Others…
Biometric Enrollment
CrossMatch
IRIS-ID / LG
AOptix
Sagem / MorphoTrak
Cogent
Lumidigm
Bioscrypt
Identix (Segregated)
Data Exchange
Access
dBase
Excel
Paradox
Visual FoxPro
Oracle
SQL Server
Text
Email
XML
OLAP
LDAP
Active Directory
OCSP
Others…
Biometric Engines
Hoyos/GRI BioServer
AMAG Symetry
Innometriks BioServer
Card Technologies
MIFARE
DESFire
iClass
Dual-Technology Smart Cards
(PIV, CAC, TWIC, PIV-i)
Proximity
Magnetic Stripe
Other
ActiveIdentity
T2 Flex Parking
AAAE IET Training
SSI ILS Training
Bestlock
Enterprise Air
* Each module is sold separately
