As the travel restrictions imposed to control the coronavirus pandemic are beginning to be relaxed in some parts of the world, it is time to start rethinking airport security in the age of COVID-19. Even if an effective vaccine is found for COVID-19, it will be out of the question to go back to long lines at security checkpoints and boarding gates, and the manual checking of identity documents and boarding passes.
In a provisional patent application that I coauthored with Karen Lewison before the pandemic and have now published, we proposed an automated method of verifying the identity of travelers that could be used in the post-pandemic world to speed up the security check and the boarding process, and to eliminate the face-to-face interaction with a security officer at the checkpoint and a flight attendant at the boarding gate. The method takes advantage of the high accuracy achieved by today’s deep neural networks for face recognition, while overcoming the privacy concerns raised by the collection and storage of facial images.
Here is a summary of the method.
The traveler would carry a Digital Travel Credential (DTC) and one or more Digital Boarding Passes (DBPs) in his or her smart phone. The DTC would be issued by an agency of the traveler’s government and would consist of a private key, a certificate for the associated public key, and a facial image certified by inclusion of a cryptographic hash of the image in the public key certificate. The facial image would not be stored in any database. It would only exist in the traveler’s phone where it would be stored as part of the DTC and optionally in backup storage controlled by the traveler.
The DBP for each leg of the trip would be issued online by the airline providing the flight, upon authentication of the traveler by presentation of the certificate and proof of possession of the private key. It would be digitally signed by the airline and would bind data that uniquely identifies the flight to data that uniquely identifies the DTC. It would be stored together with the DTC in a Digital Travel Wallet (DTW) implemented as a native app running on the traveler’s smart phone.
At the security checkpoint the DTW would present the DTC and the DBP for the first leg of the trip to a security console over a secure Bluetooth connection implemented as described in the patent application. The console would cryptographically verify the DTC and the DBP as well as a proof of possession of the private key component of the DTC also presented by the DTW over the secure connection. The console would be equipped with a security camera and would use face recognition software to compare the facial image in the DTC to a facial image taken by the camera. If deemed necessary, additional visual comparison could be performed by a security officer seeing both images next to each other on a screen located in a control room. Upon successful completion of the cryptographic verifications, and verification that the image in the DTC matches the image taken by the camera, a gate would open and allow the traveler to proceed through the checkpoint.
At the boarding gate, another console also equipped with a security camera would automatically authenticate the traveler by repeating the cryptographic verifications performed at the checkpoint and using the same face recognition software to compare the image in the DTC to an image taken by the camera. It would also verify that the flight identified by the DBP is the flight currently being boarded at the gate.
In the United States, face recognition is already being used at some airports to identify passengers at boarding gates, but only for international flights. Facial images taken by a gate camera are compared against facial images stored in a database, which, because they are stored in a database, are vulnerable to misuse, insider attacks, and security breaches. The restriction to international flights is supposed to protect the privacy of US citizens. US passengers of international flights are allowed to opt out of being identified by the security camera, but opting out is a cumbersome procedure that is rarely used.
The method for identifying passengers at the boarding gate described in the patent application would not raise the same privacy concerns as the method of identification by face recognition currently being used at US airports, and could therefore be used for all fligts, not just for international flights. It would also be more secure, since is uses two authentication factors. Even if an impostor had a resemblance to a passenger entitled to board the flight, or succeeded in fooling the face recognition algorithm by wearing a disguise or performing a physical adversarial perturbation attack, the impostor would not be able to board the fight without also capturing DTC and DBP carried in the passenger’s phone and proving possession of the private key associated with the DTC.