Biometric enabled Smart ID card for Pakistan Army

Introduction

The Pakistan Army decided to upgrade its identity management system, with the introduction of the latest and most secure smart cards and link it to both the personnel and vehicle access control system. The system would be fully automated with biometrics as the second level of authentication. SecureTech consultancy was tasked to carry out a turnkey project and to provide an enterprise level end-to-end solution. The entire army including all retired and civilian personnel paid out of the defense budget would be enrolled with a three-tier authentication having the relevant data and their biometrics. The smart cards would be personalized at a central location and would have an extremely secure encryption protocol.

The access control system for every garrison would be subsequently linked with each other and would have the ability to be controlled from a central location. All vehicles including those owned by the army personnel would be enrolled and an RFID tag would be pasted on the inside of the windscreen. These passive tags would identify the vehicle and depending on the status given, the vehicle will be allowed /denied access to military establishments. All personnel entering an establishment would be allowed entry on authenticating his smart card by the central /local server and his live fingerprint match.

Challenges

The Army wanted the smart cards to have at least a 10 year life, using polycarbonate as the substrate for the card ensured the 10 year life requirement for the card, but it did not give the dual card the requisite life as the Chip presently (common international practice) is soldiered to the RFID antenna and this does not last for more than 4 to 5 years. SecureTech Consultancy found a company with a patient that carried out a magnetic coupling between the chip and the antenna, this technology did not have any soldiered connection and was guaranteed to last for at least 10 years. The logistics of having the card with the antenna and RFID chip made in Germany and sending it to France for installing the chip with the magnetic coupling and then bringing it back to the German company for quality control was a nightmare, especially in the strict time lines that had to be maintained.

The applets and the security protocol was itself a complicated issue, but was ably managed by the Army itself with minimal support from SecureTech Consultancy.

In order to have a secure RFID card we decided to use Desfire EV1, in this regard too C4I and MI Directorate guidance was of immense value. This was a new card and did not have choice of readers that were TCP/IP and POE enabled. SecureTech was thus forced to buy readers with a lower rating and also use separate power supply, these were good enough for indoor use, but the temperatures in our outdoor environment were high and many readers/power supplies could not withstand the heat especially inside the turnstiles used for personnel access control. We then had to make many modifications in the turnstiles by installing heat sinks and fans.etc. Eventually these readers were changed with expensive outdoor readers. MI Directorate internal repair and support team has done an admiral job of maintenance, as the system is fully functional at all times even after four years of it’s commissioning.

The entire access control software (SecureTech’s gatekeeper application) was initially Window’s based, however this was prone to virus attacks and anti-virus software’s slowed down the response. The movement of vehicles and personnel in peak hours was very high which required 1 to 2 second response for all blockers, gates or pedestrian/motorcycle turnstiles to operate to cater for the high volume movement. The anti-virus software was thus not the answer; the system was therefore converted to a Linux system, which meant that we had to write our own layer in Java including the drivers by decrypting the input/output protocols for the PLC.

Solution

Secure Tech Consultancy (Pvt.) Ltd, has successfully implemented and executed an enterprise level Smart Card based Personnel and Vehicle access control system for Pakistan Army as the Prime Contractor/System Integrator. The project involves the design, development and implementation of the complete software systems and its integration with the hardware. A Personnel Access Control System has been designed around the concept of authenticating dedicated personnel allowed to enter various in house facilities based on their levels of security. These personnel and facilities are defined through a Policy based Access Control List (ACL). A Vehicle Access Control System (VACS) has been designed and developed to automate the vehicle entry systems with a view to ensure that only the designated personnel, whose vehicles are properly registered and duly authorized, can move into the restricted premises.

This is an enterprise level project that SecureTech Consultancy has successfully completed and is now in its fourth year of operation. The biometric verification is performed on both entry and exit of premises, it only allows access through turnstile gates after cards and fingerprints are authenticated by the central database. The Enrolment application was designed to facilitate enrolment of personnel spread over hundreds of geographical locations all over the country. The application provided customized view of enrolment modules to each user depending on his location and access privileges. The smart cards are printed and personalized at the client site through a printing and digitalising facility designed and implemented by Secure Tech Consultancy.

The entire database has an In House developed Business Intelligence tool to cater for the customer’s data requirement in the format of his choice.

Features

  • Enrolment of all personnel and vehicles with the relevant data including biometrics with a three-tier authentication.
  • Access control for personnel with a two tier authentication including live fingerprint matching with authorisation to the facility.
  • Access control for vehicles based on RFID tag authentication and authorisation.
  • Visitor Management System.

Conclusion

 Alhamdulillah a challenging project that was completed with many trials, the support, guidance and encouragement by the Army’s top brass was instrumental in achieving success of a complicated project, which had no precedence due to its secure nature. The system is working to the entire satisfaction of the customer since the last 3 -4 years in more than one location.